Skip to Content

Three Arrested in Sony Rootkit Virus Case

Police in London have arrested three men suspected of writing a virus that infected computers containing the Sony BMG anti-piracy code.
June 27, 2006

Wall Street Journal columnist Jeremy Wagstaff, writing today in his personal blog, Loose Wire, calls attention to an interesting link between the arrest of three suspected hackers in the United Kingdom and Finland and the Sony BMG “rootkit” scandal, which I wrote about in the July/August Technology Review cover story.

The men – a 63-year-old from England, a 28-year-old from Scotland, and a 19-year-old from Finland, according to a June 27 story in the Times of London – are suspected by London’s Metropolitan Police Computer Crime Unit of writing a computer virus variously known as Ryknos, Breplibot, and Stinx, which allegedly turned infected machines into “zombies” that the men could use to generate thousands of spam e-mails. Wagstaff seems to be the first to note that Stinx is the same virus that gained entry to PC operating systems via a hidden rootkit directory created when computer owners played one of 52 copy-protected music CDs released by giant record label Sony BMG in 2005.

As our TR story explained, software engineers hired by Sony BMG employed a rootkit (a common tool of the hacker underground) only to cloak software code that prevented CD buyers from burning more than three copies of their discs or sharing them with others. But security experts who discovered the rootkit on Sony BMG CDs last fall warned that it could also be exploited by hackers to hide viruses, Trojan horses, and other malware.

And, sure enough, within weeks after a public furor erupted over Sony BMG’s action, anti-virus firms detected a virus spreading on the Internet – Stinx – that had obviously been written by hackers who were aware of the vulnerability. Anybody who neglected to download and run Sony BMG’s emergency uninstaller after playing a copy-protected CD was defenseless against Stinx. (The virus’s profile has now been incorporated into most anti-virus programs, meaning the threat has largely passed – but Sony BMG customers should still run the uninstaller.)

Now we may know who’s behind Stinx. Wagstaff comments: “If those detained were involved, it’ll be interesting to hear what they’ve got to say about the Sony rootkit.” Indeed. The arrests should be seen as confirmation that if a piece of commercial software contains a security hole, hackers will discover and exploit it – which puts a much greater responsibility on software distributors than Sony BMG was willing or able to bear.

[And a note of thanks to WSJ’s Wagstaff for plugging TR’s feature story.]

Keep Reading

Most Popular

Conceptual illustration of a therapy session
Conceptual illustration of a therapy session

The therapists using AI to make therapy better

Researchers are learning more about how therapy works by examining the language therapists use with clients. It could lead to more people getting better, and staying better.

street in Kabul at night
street in Kabul at night

Can Afghanistan’s underground “sneakernet” survive the Taliban?

A once-thriving network of merchants selling digital content to people without internet connections is struggling under Taliban rule.

Conceptual illustration showing a file folder with the China flag and various papers flying out of it
Conceptual illustration showing a file folder with the China flag and various papers flying out of it

The US crackdown on Chinese economic espionage is a mess. We have the data to show it.

The US government’s China Initiative sought to protect national security. In the most comprehensive analysis of cases to date, MIT Technology Review reveals how far it has strayed from its goals.

IBM engineers at Ames Research Center
IBM engineers at Ames Research Center

Where computing might go next

The future of computing depends in part on how we reckon with its past.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at with a list of newsletters you’d like to receive.