covers Header

Wednesday, November 16, 2005

Rootkits and Bootkicks

Click to Send Postcard

Rootkits and Bootkicks

The fabulous thing about a culture that rewards those who shirk responsibility and accountability is that in engenders such arrogance that the self-absorbed perpetrators do a better job of digging their own graves than anyone else could ever wish to.

Cases in point. Let’s begin with Sony BMG, who arrogantly decided to secretly install a rootkit -- a hacking tool widely considered to be spyware -- in the computers of their consumers (without their permission) as a component of XPC, the digital rights management technology they used, developed by a small but arrogant upstart start-up in the UK, First 4 Internet.

All it took was one smart and enterprising expert by the name of Mark Russinovich to reveal the sneak attack by Sony – and make no mistake; this was nothing short of an outright attack on its own customer base. And under the U.S. Computer Fraud and Abuse Act, which can carry fines and prison terms for anyone who "knowingly causes the transmission of a program ... and as a result of such conduct, intentionally causes damage, without authorization, to a protected computer," Sony’s attack is not simply malicious, it’s criminal.

Thomas Hesse, Sony BMG's Global Digital Business President, dismissively downplayed the violation before an avalanche of negative publicity forced Sony to not simply apologize, but to withdraw the CD’s containing the XPC and offer compensation. (If not to ward of criminal and class action civil lawsuits). "Most people, I think, don't even know what a rootkit is, so why should they care about it?" he said in a November 4, 2005 interview on National Public Radio's Morning Edition. Where oh where is Courtney Love when one needs her?

While Sony BMG deserves every piece of shit flung their way, it should be remembered that their CEO since August 2004, Andy Lack, a virgin in the music industry, but a well-used whore elsewhere, previously served as President and Chief Operating Officer for NBC, overseeing among other things, entertainment, news and MSNBC. This is the asshole who claims to have redefined “news” by exploiting JonBenet Ramsey more in her death than she was in her short little life.

Sony’s reaction to being caught fucking consumers up the digital ass without protection or consent is best expressed by the pomposity of First 4 Internet's CEO, Mathew Gilliat-Smith, who told CNET: “I think this is slightly old news… Obviously there are a lot of people who don't like the technology, and we will take note if we need to.” Take note, fuckface – you do need to. As if criminal activity that might have occurred is lessened by the passage of time.

As a matter of fact, aside from gang raping your hard drives, the other technology First 4 Internet develops is called ICA (Image Composition Analysis) which they market as being the closest thing to artificial intelligence in terms of filtering “pornographic” and “inappropriate” content, by supposedly using text, image and context filters, but at the end of the day, will fall short of the hype. Yep, those exercising inappropriate conduct have designed technology to discern inappropriate content.

They believe, for instance, that they can differentiate between Dirty Daisy and Ann Coulter, even if Daisy is sitting demurely with her legs crossed in a men’s locker room, or Ann is sitting, typically, in a mini skirt with her legs open on the set of Hannity and Colmes. And yes, they know the difference between Michelangelo’s David and Chi Chi La Rue’s David because Michelangelo’s David is so inadequately endowed it would probably be tagged as kiddie porn. I haven’t studied their technology with the precison of a Mark Russinovich, but let’s just say I’m skeptical. If First 4 Internet or Mathew Gilliat-Smith doesn’t like what I have to say, I’ll take note if I need to.

When Washington Post’s Dana Priest reported the existence of a "covert prison system" or “black sites” set up by the CIA four years ago, her use of confidential sources sparked outrage – particularly as Washington is still reeling from the Valerie Plame CIA outing. Senate Majority Leader Bill Frist (R-Tenn.) fired off a strongly worded request that a bicameral investigation into the disclosure be convened immediately. Until fellow Republican, Trent Lott, suggested Republicans were most likely the source of the leak (again!). Sen. Pat Roberts (R-Kan.) followed, suggesting waiting until the Justice Department completes its own inquiry.

The “black sites” are nothing short of Stalin style gulags where the CIA has been hiding and interrogating some of its most important al Qaeda captives at a Soviet-era compound in Eastern Europe. Instead of worrying about the reports of illegal detention, cruel and inhumane torture and other horrors that further damage America’s frayed credibility, Frist revealed where his real concerns lie: “I am not concerned about what goes on and I'm not going to comment about the nature of that… My concern is with leaks of information that jeopardize your safety and security – period. That is a legitimate concern."

President Bush insists America does not torture. As he threatens his first ever veto if congress refuses to exempt the CIA from "cruel, inhuman or degrading treatment" of detainees. The senate voted 90 – 0 to include the CIA in America’s policy regarding the detention and interrogation of prisoners, both at home and abroad. We’re not sure if that includes the “black sites” but no matter. When Abu Ghraib II opens wide at the box office, we’ll simply trot out Karen Hughes to pretty up America’s image, along with Jerry Bruckheimer. Maybe the White House can hire Ann Coulter instead. Or perhaps we can just take a page from the Sony playbook/station...most people don't know what a covert CIA gulag is, so why should they care about it?


Last week when I was testing the latest version of RootkitRevealer (RKR) I ran a scan on one of my systems and was shocked to see evidence of a rootkit. Rootkits are cloaking technologies that hide files, Registry keys, and other system objects from diagnostic and security software, and they are usually employed by malware attempting to keep their implementation hidden [...]

The DRM reference made me recall having purchased a CD recently that can only be played using the media player that ships on the CD itself and that limits you to at most 3 copies. I scrounged through my CD’s and found it, Sony BMG’s Get Right with the Man (the name is ironic under the circumstances) CD by the Van Zant brothers. I hadn’t noticed when I purchased the CD from that it’s protected with DRM software, but if I had looked more closely at the text on the web page I would have known [...]

At that point I knew conclusively that the rootkit and its associated files were related to the First 4 Internet DRM software Sony ships on its CDs. Not happy having underhanded and sloppily written software on my system I looked for a way to uninstall it. However, I didn’t find any reference to it in the Control Panel’s Add or Remove Programs list, nor did I find any uninstall utility or directions on the CD or on First 4 Internet’s site. I checked the EULA and saw no mention of the fact that I was agreeing to have software put on my system that I couldn't uninstall. Now I was mad.

Mark Russinovich, Sony, Rootkits and Digital Rights Management Gone Too Far, Mark's Sysinternals Blog, October 31, 2005

Mathew Gilliat-Smith, F4i managing director, says: "The first few weeks following an album's release are extremely important in sales terms, and piracy at an early stage costs the label a great deal of money."

Safeguarding a CD is a complex process, as protection must not affect the disc's ability to be played on all music systems, nor must it interfere with the sound quality. We have developed an effective solution that has earned us credibility with the major labels.

Marjorie Delwarde and David Brooks, Welsh DRM technology is a hit in the US, Ping Wales, July 1, 2005

This story -- the hidden planting of potentially dangerous, and certainly improper, software by Sony on customers' computers -- continues to get more amazing. The behavior of the companies more outrageous.

The most incredible part of the story is not that Sony and its technology partner, a U.K. based outfit called First 4 Internet, have been hiding what they do and then pretending it's no big deal (CNET) or failing to tell the entire truth (Freedom to Tinker) about it. It's that any of this could be remotely legal; but in this society, where governments care far more about property rights than individual rights, this is what happens.

Dan Gillmor, Sleazy Sony, Bayosphere, November 3, 2005

If The Washington Post is circling the wagons in preparation for a confidential sourcing fight with federal investigators, it certainly isn't showing it. Both reporter Dana Priest and Executive Editor Leonard Downie Jr., tell E&P that no plans have been formulated to respond to a possible inquest by either Congress or the Justice Department about a Nov. 2 Priest story on secret overseas prisons.

"I don't have concerns at the moment because nothing has happened," Downie said Monday. "I don't want to speculate about this. I don't know if people are going to be seeking sources from us."

Priest, who declined comment on any potential investigation, said she had not met with any attorneys or Post officials about what may come next. "I'm trying not to pay attention to the discussion about investigations," she said. "I'm trying to focus on the next set of stories."

Priest's story, coming on the heels of the Judith Miller subpoena/jailing/resignation mess, drew both criticism and praise for reporting what she described as a "covert prison system" set up by the CIA four years ago. Priest's use of confidential sources prompted the House Intelligence Committee last week to launch an investigation into who leaked the information, while the CIA asked the Justice Department to review possible sources.

Joe Strupp, 'Wash Post' Not Worried About Fight Over 'Black Sites' Story, November 14, 2005


© Copyright 1997-2024 ApolloMedia Corporation. All Rights Reserved. Site Information