Skip to Content

Three Arrested in Sony Rootkit Virus Case

Police in London have arrested three men suspected of writing a virus that infected computers containing the Sony BMG anti-piracy code.
June 27, 2006

Wall Street Journal columnist Jeremy Wagstaff, writing today in his personal blog, Loose Wire, calls attention to an interesting link between the arrest of three suspected hackers in the United Kingdom and Finland and the Sony BMG “rootkit” scandal, which I wrote about in the July/August Technology Review cover story.

The men – a 63-year-old from England, a 28-year-old from Scotland, and a 19-year-old from Finland, according to a June 27 story in the Times of London – are suspected by London’s Metropolitan Police Computer Crime Unit of writing a computer virus variously known as Ryknos, Breplibot, and Stinx, which allegedly turned infected machines into “zombies” that the men could use to generate thousands of spam e-mails. Wagstaff seems to be the first to note that Stinx is the same virus that gained entry to PC operating systems via a hidden rootkit directory created when computer owners played one of 52 copy-protected music CDs released by giant record label Sony BMG in 2005.

As our TR story explained, software engineers hired by Sony BMG employed a rootkit (a common tool of the hacker underground) only to cloak software code that prevented CD buyers from burning more than three copies of their discs or sharing them with others. But security experts who discovered the rootkit on Sony BMG CDs last fall warned that it could also be exploited by hackers to hide viruses, Trojan horses, and other malware.

And, sure enough, within weeks after a public furor erupted over Sony BMG’s action, anti-virus firms detected a virus spreading on the Internet – Stinx – that had obviously been written by hackers who were aware of the vulnerability. Anybody who neglected to download and run Sony BMG’s emergency uninstaller after playing a copy-protected CD was defenseless against Stinx. (The virus’s profile has now been incorporated into most anti-virus programs, meaning the threat has largely passed – but Sony BMG customers should still run the uninstaller.)

Now we may know who’s behind Stinx. Wagstaff comments: “If those detained were involved, it’ll be interesting to hear what they’ve got to say about the Sony rootkit.” Indeed. The arrests should be seen as confirmation that if a piece of commercial software contains a security hole, hackers will discover and exploit it – which puts a much greater responsibility on software distributors than Sony BMG was willing or able to bear.

[And a note of thanks to WSJ’s Wagstaff for plugging TR’s feature story.]

Keep Reading

Most Popular

This new data poisoning tool lets artists fight back against generative AI

The tool, called Nightshade, messes up training data in ways that could cause serious damage to image-generating AI models. 

Rogue superintelligence and merging with machines: Inside the mind of OpenAI’s chief scientist

An exclusive conversation with Ilya Sutskever on his fears for the future of AI and why they’ve made him change the focus of his life’s work.

The Biggest Questions: What is death?

New neuroscience is challenging our understanding of the dying process—bringing opportunities for the living.

How to fix the internet

If we want online discourse to improve, we need to move beyond the big platforms.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at with a list of newsletters you’d like to receive.