Attacks/Breaches
3/5/2012
01:29 PM
Connect Directly
RSS
E-Mail
50%
50%

Sony Suffers Michael Jackson Song Hack Attack

Attackers last year reportedly stole 50,000 files, including music from Jackson and numerous Sony recording artists.

Anonymous: 10 Facts About The Hacktivist Group
Anonymous: 10 Facts About The Hacktivist Group
(click image for larger view and for slideshow)
Hackers who targeted Sony servers in May 2011 made off with a reported 50,000 files, including Michael Jackson's entire back catalog, some of it unreleased. But the alleged theft of music came to light only recently, when two men--James Marks, 26, and James McCormick, 25--appeared in British court to deny new charges that were made against them.

According to BBC News, the two men have been charged with computer misuse and copyright violations. The latter charge doesn't mean that the men have been accused of releasing any of the songs. Rather, under British law, that charge is often leveled against people accused of having unlawfully accessed computer systems.

Marks and McCormick were arrested in May 2011 and are due to stand trial in January 2013. "Because they were brought before a court, and the charges are now public, people realized that they're not just being charged with hacking Sony, but with downloading 50,000 files--we don't know if they're songs," said Harry Sverdlove, CTO of Bit9, via phone. "We believe the thieves were hackers, so they were traced--allegedly--through social networking."

[ Today's increasingly mobile IT environment makes security more important than ever. Here's some advice from last week's RSA security conference on how you can beef up your company's security practices: 10 Lessons From RSA Security Conference. ]

Sony confirmed that a number of Michael Jackson tracks--including an unreleased duet with Black Eyed Peas singer Will.i.am--had been stolen in the attack, but didn't confirm the scale of the breach, or exactly what had been stolen beyond the songs from Michael Jackson, who died in June 2009 at the age of 50. In a deal worth $395 million, Sony Music had acquired the rights to the Jackson back catalog from the singer's estate for seven years, and the company released the first tracks in December 2010.

The Sony Music website also hosts songs from Avril Lavigne, Foo Fighters, Jimi Hendrix, Leonard Cohen, and Paul Simon, among other artists.

The investigation that resulted in the arrest of the two men was conducted by Britain's Serious Organized Crime Agency (SOCA). A SOCA representative, reached by phone, said that he could only confirm the charges but not comment on the case, as it's ongoing.

The music heist apparently occurred shortly after attackers broke into Sony PlayStation Network systems in April 2011, exposing information related to 77 million customers. In short order, Sony suffered an ongoing series of attacks, which saw hackers access numerous databases, deface website pages, and leak customer information.

Sony ultimately brought in a team of digital forensic experts to investigate the attacks and plug related holes in its infrastructure. Sony estimated that cleanup costs from the breach would reach $168 million.

But the latest disclosure now adds intellectual property (IP) to the list of what Sony has lost. "You know the stages of grief? Here we have Sony going through the stages of data theft: defacement, loss of personal customer information, and with the loss of intellectual property, they're now at the final phase," said Sverdlove. "The next stage, quite frankly, would be a destructive attack--if Sony's power grid were taken out--because there's really no stage left for those guys. At some point, you have to kind of feel bad when someone keeps getting kicked on the ground."

To protect company and customer data, we need to determine what makes it so vulnerable and appealing. We also need to understand how hackers operate, and what tools and processes they rely on. In our How (And Why) Attackers Choose Their Targets report, we explain how to ensure the best defense by thinking like an attacker and identifying the weakest link in your own corporate data chain. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0985
Published: 2014-09-20
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the NodeName parameter.

CVE-2014-0986
Published: 2014-09-20
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the GotoCmd parameter.

CVE-2014-0987
Published: 2014-09-20
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the NodeName2 parameter.

CVE-2014-0988
Published: 2014-09-20
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the AccessCode parameter.

CVE-2014-0989
Published: 2014-09-20
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the AccessCode2 parameter.

Best of the Web
Dark Reading Radio