Sony has been hacked. It’s pretty severe. Company and personal secrets have been spilled. Some data has probably been lost. Media files from finished, but unreleased, movies are now online. It’s a very big problem.
Hacking like this has happened before. In 2005 Bruce Schneier wrote about sneaky code on music CDs which
modifies Windows so you can’t tell it’s there, a process called “cloaking” in the hacker world. It acts as spyware, surreptitiously sending information about you… And it can’t be removed; trying to get rid of it damages Windows.
Nasty stuff. Which leads me to my favorite German word, “schadenfreude.”
Schadenfreude (/ˈʃɑːdənfrɔɪdə/; German: [ˈʃaːdn̩ˌfʀɔɪ̯də] ) is pleasure derived from the misfortunes of others. This word is taken from German and literally means ‘harm-joy.’ It is the feeling of joy or pleasure when one sees another fail or suffer misfortune. It is also borrowed by some other languages. – Wikipedia
Why would I feel pleasure from Sony’s misfortune? It was Sony that installed malware on buyers of its CDs!
Back to Bruce Schneier:
It’s a tale of extreme hubris. Sony rolled out this incredibly invasive copy-protection scheme without ever publicly discussing its details, confident that its profits were worth modifying its customers’ computers. When its actions were first discovered, Sony offered a “fix” that didn’t remove the rootkit, just the cloaking.
Sony claimed the rootkit didn’t phone home when it did. On Nov. 4, Thomas Hesse, Sony BMG’s president of global digital business, demonstrated the company’s disdain for its customers when he said, “Most people don’t even know what a rootkit is, so why should they care about it?” in an NPR interview. Even Sony’s apology only admits that its rootkit “includes a feature that may make a user’s computer susceptible to a virus written specifically to target the software.”
However, imperious corporate behavior is not the real story either.
This drama is also about incompetence. Sony’s latest rootkit-removal tool actually leaves a gaping vulnerability. And Sony’s rootkit — designed to stop copyright infringement — itself may have infringed on copyright. As amazing as it might seem, the code seems to include an open-source MP3 encoder in violation of that library’s license agreement.
What goes around comes around!
I feel bad for the Sony employees affected. This can’t be fun for them. But for Sony itself, a company I once respected as the leader in consumer electronics I have little sympathy and lots of schadenfreude.