November, 2005: Sony/BMG Digital Rights Management Rootkit

Sony helped create the home entertainment industry by successfully
defending the right of its customers to copy movies for personal use
(with the help of its Betamax technology, of course) all the way to the
U.S. Supreme Court. That made the debacle of the company’s decision, two
decades later, to embed a stealth software “rootkit” to prevent
customers from making unauthorized copies of its music CDs all the more
poignant.

Sony helped create the home entertainment industry by successfully
defending the right of its customers to copy movies for personal use
(with the help of its Betamax technology, of course) all the way to the
U.S. Supreme Court. That made the debacle of the company’s decision, two
decades later, to embed a stealth software “rootkit” to prevent
customers from making unauthorized copies of its music CDs all the more
poignant. The program, XCP, was discovered by Windows expert Mark
Russinovich, who posted an analysis of the software on his blog.
Russinovich’s analysis was withering and further investigation by firms
like F-Secure suggested that the XCP product, designed by a third
party, was both unstable and posed a grave security risk to systems that
it was installed on. Sony’s fumbling attempts to respond to the media
outrage over its copy protection only hardened feelings against the
company, which eventually faced inquiries from states’ attorneys general
and a class action lawsuit. The company eventually released tools for
removing the DRM rootkit and promised to replace any CDs that shipped
with it.

Suggested articles

2020 Cybersecurity Trends to Watch

Mobile becomes a prime phishing attack vector, hackers will increasingly employ machine learning in attacks and cloud will increasingly be seen as fertile ground for compromise.

Top Mobile Security Stories of 2019

Cybercrime increasingly went mobile in 2019, with everything from Apple iPhone jailbreaks and rogue Android apps to 5G and mobile-first phishing dominating the news coverage. Here are Threatpost’s Top 10 mobile security stories of 2019.