Network News

X My Profile
View More Activity

Sony Rootkit Sleuth to Join Class Action Suit

The security researcher whose examination of anti-piracy software included on many Sony BMG music CDs sparked a public firestorm has been hired as an expert witness in a nationwide class-action lawsuit against the company, Security Fix has learned.

Mark Russinovich of Sysinternals will be joining the legal team led by New York attorney Scott Kamber, who filed a lawsuit earlier this month against Sony BMG and First4Internet, the British company that produced the anti-piracy software. (This may be nothing, but First4Internet's Web site is looking rather Spartan at the moment.)

Russinovich said he opted to join the suit because he "wanted to make sure that a message was sent loud and clear to Sony and hopefully to the rest of the industry. And if a technical expert is required to back up the suit, then that's what I'm willing to do to make sure that message gets driven home."

Kamber declined to elaborate on what Russinovich's role would be, saying only that "Mark has no peer with respect to public credibility and expertise in the Windows operating system. We believe that having him by our side in the litigation gives us and the class confidence that we're going to represent them with the best possible information."

In related news, Sony BMG could find itself the target of yet another suit by a state attorney general. A little more than a week ago, the attorney general of Texas lobbed a lawsuit at Sony, saying the company violated the state's anti-spyware law. Now, according to Business Week, New York Attorney General Eliot L. Spitzer is sniffing around the controversy.

"Spitzer's office dispatched investigators who, disguised as customers, were able to purchase affected CDs in New York music retail outlets -- and to do so more than a week after Sony BMG recalled the disks," the story says."The investigators bought CDs at stores including Wal-Mart, BestBuy, Sam Goody, Circuit City, FYE and Virgin Megastore."

All this after Sony BMG execs said they were recalling the flawed CDs from retail shelves after revelations that the software could provide an avenue for hackers and viruses, as well as destabilize computers if users try to remove the program.

By Brian Krebs  |  November 30, 2005; 4:03 PM ET
Categories:  Piracy  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Phishers Promise IRS Refund
Next: Microsoft Issues Warning About Unpatched IE Flaw

Comments

There is a story posted on businessweek.com that says that a Finnish company told Sony about the rootkit problems on Oct. 4th. This was almost one month before Mark Russinovich discovered the problem on his own.
What took Sony so long to respond?
Zane Vandiver
Fort Worth, TX

Posted by: Zane Vandiver | November 30, 2005 4:53 PM | Report abuse

The Sony management did not know what a rootkit was and neither did they care.

Posted by: Timo | November 30, 2005 5:26 PM | Report abuse

If you think Sony gives a sh*t, ask yourself, "Why?" I'd be interested in your answers.

Posted by: rdrover | November 30, 2005 5:55 PM | Report abuse

It should be interesting how Eliot L. Spitzer interprets Sony actions. It is conceivable that he may find that Sony attempted to stifle competition with its DRM and press for an anti-trust complaint. This would have far reaching implications for the internet and software industry. Something that is long in coming given the outrageous license agreement that PC users are coerced into agreeing to. I hope Mr. Spitzer's investigation bears sufficient fruit to justify legal relief for every PC user.

Posted by: David Laurent | November 30, 2005 6:07 PM | Report abuse

Solution, Sue Sony and the criminal company First4Internet until they go bakrupt. There is no place anywhere for companies who openly break the laws on a planet wide scala and this daily.

Posted by: Mectron | November 30, 2005 6:36 PM | Report abuse

Is anyone else surprised it took Spitzer this long to try and get a piece of this?

Posted by: S. H. | November 30, 2005 7:06 PM | Report abuse

"If you think Sony gives a sh*t, ask yourself, "Why?" I'd be interested in your answers."

A company that doesn't care about losing money?

Yeah right.

Posted by: Daniel Mathis | November 30, 2005 7:15 PM | Report abuse

I've owned numerous Sony products throughout the years and actually sold their products in the '90s while in college. Always had a lot of respect for the company and the quality of their products. But after they added spyware to their CDs, I ABSOLUTELY refuse to buy another Sony product - no matter how much better their product may be compared to the competition.

In my mind, this fiasco was the ultimate betrayal of their paying customers, and there is absolutely nothing Sony will ever be able to do to win me back as a customer.

Moreover, it's essential that a major example be made of Sony, so no other consumer electronics manufacture ever dreams of doing something similar.

Finally, Sony's entire executive team should be fired immediately.

Posted by: Tom | November 30, 2005 8:17 PM | Report abuse

I agree. Sonys products were the products to aspire to - they were always lightyears ahead of the competition.

If this is how they are going to treat their customers, I will NEVER even consider buying another Sony product. I'd rather have a cheap second rate knock off than let Sony destroy my PC.

I was LITERALLY just about to buy the new Sony Walkman (how cool does the oled look?) for both me and others, as Christmas presents. Now, I'll look for another mp3 player, because who knows what their MP3 players software is going to install !

Posted by: EX-Sony Fan | December 1, 2005 4:09 AM | Report abuse

I'd like to point out that Sony's despicable act could cost them FAR MORE in fines and settlements than the entire music industry CLAIMS to have lost to piracy since the invention of the cassette deck.

Sweet justice would be to see Sony tell their shareholders that in an effort to protect $1.00 in property, they paid $100.00 in fines.

Posted by: JoeA | December 1, 2005 10:28 AM | Report abuse

Good Bye Sony. You corrupted my computer and cost me money making down time. Never will I buy a Sony Product or BMG music or movie cd's.
I have to reload my entire OS and programs because of thier unwillingness to provide a un installer.
Where is a good old Made in the USA Company that can produce the entire Sony line with no spyware.Besides I hate customer service that dont speak English.

Posted by: Jess Pike | December 1, 2005 12:41 PM | Report abuse

Do you know how much it cost each day to run a company of the size of SONY? Believe me, this boycot is hurting management and the shareholders very very much, don't let anybody fool you that it is different. In my opinions they put the curse on theirselfs for disrespecting their paying clients.
So they get what they deserve, and I hope this will be a prime example towards all the other greedy basterds that try to buy our politicians and shove the public with weasel words.

Posted by: btb | December 1, 2005 2:00 PM | Report abuse


Sales of Sony 'rootkit' CDs Continue

In spite of a warning from the U.S. Department of Homeland Security (www.us-cert.gov), some national retailers continue to sell music CDs containing the Sony 'rootkit' software.

Since Thanksgiving day I have seen 'rootkit' CDs available for sale at KMart, Walmart, FYE, and Circuit City in southern Massachusetts. The Sony website (www.sonybmg.com) does not use the word 'recall'. Nor has Sony ordered retailers to return these CDs. What Sony offers is an 'exchange' whereby the customer can swap 'rootkit' CDs with CDs of the same title but without the XCP software. There is nothing to prevent Sony fom giving these customers CDs with the Sunncomm copy protection software.

Sales of these CDs will likely continue until retail stocks are exhauste. It seems that Sony is more interested in its profits than the well-being of its customers. There is more on my blog EatingTheApple.blogspot.com

Posted by: Chris Tover | December 1, 2005 4:59 PM | Report abuse


Sales of Sony 'rootkit' CDs Continue

In spite of a warning from the U.S. Department of Homeland Security (www.us-cert.gov), some national retailers continue to sell music CDs containing the Sony 'rootkit' software.

Since Thanksgiving day I have seen 'rootkit' CDs available for sale at KMart, Walmart, FYE, and Circuit City. The Sony website (www.sonybmg.com) does not use the word 'recall'. Nor has Sony ordered retailers to return these CDs. What Sony offers is an 'exchange' whereby the customer can swap 'rootkit' CDs with CDs of the same title but without the XCP software. There is nothing to prevent Sony fom giving these customers CDs with the Sunncomm copy protection software.

Sales of these CDs will likely continue until retail stocks are exhauste. It seems that Sony is more interested in its profits than the well-being of its customers. There is more on my blog EatingTheApple.blogspot.com

Posted by: Chris Tover | December 1, 2005 5:37 PM | Report abuse

I would like to have a class action lawsuit started here in WA state. It took me three full days to get my computer back to the way it was pre sony/bmg spyware/malware...calling microsoft and getting a key code for re-installing XP, the other programs, the loss of photos I had uploaded but not yet burned to a cd, I also lost the original songs I purchased from iTunes. Sony should be made to SUFFER for what they have put all of us through... financially of course because they will understand nothing else. My hard earned cash will not be going to these parasites any more. BOYCOTT SONY/BMG

Posted by: Caitlin | December 1, 2005 5:40 PM | Report abuse

Let's hope things get worse for Sony ...

XCP almost certainly contains a load of pirated code! If they haven't actively recalled the CDs they could now be done willful and knowing piracy!

Add into this the latest revelations over MediaMax - that even if you REFUSE permission, it installs ANYWAY! That is a criminal offence in many jurisdictions! Go to www.freedom-to-tinker.com for details.

Cheers,
Wol

Posted by: Anthony Youngman | December 1, 2005 7:36 PM | Report abuse

I've been following this story, and the calls for a boycott of Sony products, for a while. I had to buy a few pairs of headphones recently and avoided Sony (not easy, they make up about 90% of the headphone aisle) because of their behavior.

I take this very seriously. Sony, and other companies, need to realize that to a heavy computer user, a computer is like a 2nd brain. Any attempt to compromise it's capabilities or security, or to covertly collect information from it is absolutely unacceptable.

Posted by: john | December 2, 2005 8:09 PM | Report abuse

absolutely no Sony in my house any more!!!. beside this CD saga, have you ever tried to replace crashed HD on Sony laptop?
called support, and to make long story short, no, you are not allowed to replace HD yourself, only authorized Sony service can do that, did not matter that I have probably replaced/fixed/recovered 200-300 HDs in my life, NO, send it to Auth. service, which initially starts from $230.00.
I hope this will stop them for a moment to THINK.

Mike

Posted by: mike | December 5, 2005 12:57 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company