Attacks/Breaches
3/5/2012
01:29 PM
50%
50%

Sony Suffers Michael Jackson Song Hack Attack

Attackers last year reportedly stole 50,000 files, including music from Jackson and numerous Sony recording artists.

Anonymous: 10 Facts About The Hacktivist Group
Anonymous: 10 Facts About The Hacktivist Group
(click image for larger view and for slideshow)
Hackers who targeted Sony servers in May 2011 made off with a reported 50,000 files, including Michael Jackson's entire back catalog, some of it unreleased. But the alleged theft of music came to light only recently, when two men--James Marks, 26, and James McCormick, 25--appeared in British court to deny new charges that were made against them.

According to BBC News, the two men have been charged with computer misuse and copyright violations. The latter charge doesn't mean that the men have been accused of releasing any of the songs. Rather, under British law, that charge is often leveled against people accused of having unlawfully accessed computer systems.

Marks and McCormick were arrested in May 2011 and are due to stand trial in January 2013. "Because they were brought before a court, and the charges are now public, people realized that they're not just being charged with hacking Sony, but with downloading 50,000 files--we don't know if they're songs," said Harry Sverdlove, CTO of Bit9, via phone. "We believe the thieves were hackers, so they were traced--allegedly--through social networking."

[ Today's increasingly mobile IT environment makes security more important than ever. Here's some advice from last week's RSA security conference on how you can beef up your company's security practices: 10 Lessons From RSA Security Conference. ]

Sony confirmed that a number of Michael Jackson tracks--including an unreleased duet with Black Eyed Peas singer Will.i.am--had been stolen in the attack, but didn't confirm the scale of the breach, or exactly what had been stolen beyond the songs from Michael Jackson, who died in June 2009 at the age of 50. In a deal worth $395 million, Sony Music had acquired the rights to the Jackson back catalog from the singer's estate for seven years, and the company released the first tracks in December 2010.

The Sony Music website also hosts songs from Avril Lavigne, Foo Fighters, Jimi Hendrix, Leonard Cohen, and Paul Simon, among other artists.

The investigation that resulted in the arrest of the two men was conducted by Britain's Serious Organized Crime Agency (SOCA). A SOCA representative, reached by phone, said that he could only confirm the charges but not comment on the case, as it's ongoing.

The music heist apparently occurred shortly after attackers broke into Sony PlayStation Network systems in April 2011, exposing information related to 77 million customers. In short order, Sony suffered an ongoing series of attacks, which saw hackers access numerous databases, deface website pages, and leak customer information.

Sony ultimately brought in a team of digital forensic experts to investigate the attacks and plug related holes in its infrastructure. Sony estimated that cleanup costs from the breach would reach $168 million.

But the latest disclosure now adds intellectual property (IP) to the list of what Sony has lost. "You know the stages of grief? Here we have Sony going through the stages of data theft: defacement, loss of personal customer information, and with the loss of intellectual property, they're now at the final phase," said Sverdlove. "The next stage, quite frankly, would be a destructive attack--if Sony's power grid were taken out--because there's really no stage left for those guys. At some point, you have to kind of feel bad when someone keeps getting kicked on the ground."

To protect company and customer data, we need to determine what makes it so vulnerable and appealing. We also need to understand how hackers operate, and what tools and processes they rely on. In our How (And Why) Attackers Choose Their Targets report, we explain how to ensure the best defense by thinking like an attacker and identifying the weakest link in your own corporate data chain. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: No, no, no! Have a Unix CRON do the pop-up reminders!
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.