Three Arrested in Sony Rootkit Virus Case
Wall Street Journal columnist Jeremy Wagstaff, writing today in his personal blog, Loose Wire, calls attention to an interesting link between the arrest of three suspected hackers in the United Kingdom and Finland and the Sony BMG “rootkit” scandal, which I wrote about in the July/August Technology Review cover story.
The men – a 63-year-old from England, a 28-year-old from Scotland, and a 19-year-old from Finland, according to a June 27 story in the Times of London – are suspected by London’s Metropolitan Police Computer Crime Unit of writing a computer virus variously known as Ryknos, Breplibot, and Stinx, which allegedly turned infected machines into “zombies” that the men could use to generate thousands of spam e-mails. Wagstaff seems to be the first to note that Stinx is the same virus that gained entry to PC operating systems via a hidden rootkit directory created when computer owners played one of 52 copy-protected music CDs released by giant record label Sony BMG in 2005.
As our TR story explained, software engineers hired by Sony BMG employed a rootkit (a common tool of the hacker underground) only to cloak software code that prevented CD buyers from burning more than three copies of their discs or sharing them with others. But security experts who discovered the rootkit on Sony BMG CDs last fall warned that it could also be exploited by hackers to hide viruses, Trojan horses, and other malware.
And, sure enough, within weeks after a public furor erupted over Sony BMG’s action, anti-virus firms detected a virus spreading on the Internet – Stinx – that had obviously been written by hackers who were aware of the vulnerability. Anybody who neglected to download and run Sony BMG’s emergency uninstaller after playing a copy-protected CD was defenseless against Stinx. (The virus’s profile has now been incorporated into most anti-virus programs, meaning the threat has largely passed – but Sony BMG customers should still run the uninstaller.)
Now we may know who’s behind Stinx. Wagstaff comments: “If those detained were involved, it’ll be interesting to hear what they’ve got to say about the Sony rootkit.” Indeed. The arrests should be seen as confirmation that if a piece of commercial software contains a security hole, hackers will discover and exploit it – which puts a much greater responsibility on software distributors than Sony BMG was willing or able to bear.
[And a note of thanks to WSJ’s Wagstaff for plugging TR’s feature story.]
Geoffrey Hinton tells us why he’s now scared of the tech he helped build
“I have suddenly switched my views on whether these things are going to be more intelligent than us.”
ChatGPT is going to change education, not destroy it
The narrative around cheating students doesn’t tell the whole story. Meet the teachers who think generative AI could actually make learning better.
Meet the people who use Notion to plan their whole lives
The workplace tool’s appeal extends far beyond organizing work projects. Many users find it’s just as useful for managing their free time.
Learning to code isn’t enough
Historically, learn-to-code efforts have provided opportunities for the few, but new efforts are aiming to be inclusive.
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.