Among tools used by the Internet bad guys, none is more treasured than a collection of programs and computer code known as the rootkit. If they can sneak a rootkit into your computer, as part of a virus, email attachment or piece of spyware, they can invisibly gain control over that machine, and use it to engage in an endless list of illegal activities. Hapless computer users unknowingly become accomplices in crime.
But, what if that rootkit was installed, not by creepy bad guys, but by your favorite music company? Such was the case when Sony BMG Music was recently caught red-handed targeting users of Microsoft’s Windows operating system, and secretly installing rootkits called XCP and Mediamax on the computers of up to 24 million unsuspecting music lovers.
Purchasers of “copy protected” CDs from popular artists such as Celine Dion, Neil Diamond and Dexter Gordon have been angered and outraged to learn that, when playing the CD in a Windows-based computer, the CD infects the computer with a rootkit that can cause numerous problems.
Masquerading as a media player and copy protection program, the rootkit acts as spyware, secretly reporting the users activities back to Sony BMG marketing headquarters. It can also slow down and crash computers, create conflicts with other programs and pieces of hardware such as Apple’s iPod, and open gaping security holes that expose a computer to additional attacks from malicious hackers.
Most mainstream-media accounts that I’ve read on the subject tend to gloss over the potentially criminal nature of Sony BMG’s actions. State and federal laws such as the Federal Trade Commission Act protect consumers from unfair and deceptive business practices, and many states have enacted laws banning the secret installation of spyware. Adding fuel to the fire is the statement by Sony BMG division president Thomas Hesse, who arrogantly declared in a recent National Public Radio interview, “Most people, I think, don’t even know what a rootkit is, so why should they care about it?”
However, these facts have not been lost on privacy advocacy groups such as the Electronic Frontier Foundation (www.eff.org), who have filed a class action lawsuit demanding that Sony BMG repair the damage done by the XCP and Mediamax rootkits. Six other class action lawsuits are said to be in the works nationwide.
Texas Attorney General Greg Abbott, who has sued Sony BMG under the state’s new anti-spyware law, states on his official website, “Sony has engaged in a technological version of cloak and dagger deceit against consumers by hiding secret files on their computers. Consumers who purchased a Sony CD thought they were buying music. Instead, they received spyware that can damage a computer, subject it to viruses and expose the consumer to possible identity crime.”
As one online pundit aptly stated, “This is like if Maytag hid the Maytag man inside the dishwasher so that he could rummage through your home in the middle of the night.”