Attacks/Breaches
3/5/2012
01:29 PM
Connect Directly
RSS
E-Mail
50%
50%

Sony Suffers Michael Jackson Song Hack Attack

Attackers last year reportedly stole 50,000 files, including music from Jackson and numerous Sony recording artists.

Anonymous: 10 Facts About The Hacktivist Group
Anonymous: 10 Facts About The Hacktivist Group
(click image for larger view and for slideshow)
Hackers who targeted Sony servers in May 2011 made off with a reported 50,000 files, including Michael Jackson's entire back catalog, some of it unreleased. But the alleged theft of music came to light only recently, when two men--James Marks, 26, and James McCormick, 25--appeared in British court to deny new charges that were made against them.

According to BBC News, the two men have been charged with computer misuse and copyright violations. The latter charge doesn't mean that the men have been accused of releasing any of the songs. Rather, under British law, that charge is often leveled against people accused of having unlawfully accessed computer systems.

Marks and McCormick were arrested in May 2011 and are due to stand trial in January 2013. "Because they were brought before a court, and the charges are now public, people realized that they're not just being charged with hacking Sony, but with downloading 50,000 files--we don't know if they're songs," said Harry Sverdlove, CTO of Bit9, via phone. "We believe the thieves were hackers, so they were traced--allegedly--through social networking."

[ Today's increasingly mobile IT environment makes security more important than ever. Here's some advice from last week's RSA security conference on how you can beef up your company's security practices: 10 Lessons From RSA Security Conference. ]

Sony confirmed that a number of Michael Jackson tracks--including an unreleased duet with Black Eyed Peas singer Will.i.am--had been stolen in the attack, but didn't confirm the scale of the breach, or exactly what had been stolen beyond the songs from Michael Jackson, who died in June 2009 at the age of 50. In a deal worth $395 million, Sony Music had acquired the rights to the Jackson back catalog from the singer's estate for seven years, and the company released the first tracks in December 2010.

The Sony Music website also hosts songs from Avril Lavigne, Foo Fighters, Jimi Hendrix, Leonard Cohen, and Paul Simon, among other artists.

The investigation that resulted in the arrest of the two men was conducted by Britain's Serious Organized Crime Agency (SOCA). A SOCA representative, reached by phone, said that he could only confirm the charges but not comment on the case, as it's ongoing.

The music heist apparently occurred shortly after attackers broke into Sony PlayStation Network systems in April 2011, exposing information related to 77 million customers. In short order, Sony suffered an ongoing series of attacks, which saw hackers access numerous databases, deface website pages, and leak customer information.

Sony ultimately brought in a team of digital forensic experts to investigate the attacks and plug related holes in its infrastructure. Sony estimated that cleanup costs from the breach would reach $168 million.

But the latest disclosure now adds intellectual property (IP) to the list of what Sony has lost. "You know the stages of grief? Here we have Sony going through the stages of data theft: defacement, loss of personal customer information, and with the loss of intellectual property, they're now at the final phase," said Sverdlove. "The next stage, quite frankly, would be a destructive attack--if Sony's power grid were taken out--because there's really no stage left for those guys. At some point, you have to kind of feel bad when someone keeps getting kicked on the ground."

To protect company and customer data, we need to determine what makes it so vulnerable and appealing. We also need to understand how hackers operate, and what tools and processes they rely on. In our How (And Why) Attackers Choose Their Targets report, we explain how to ensure the best defense by thinking like an attacker and identifying the weakest link in your own corporate data chain. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0993
Published: 2014-09-15
Buffer overflow in the Vcl.Graphics.TPicture.Bitmap implementation in the Visual Component Library (VCL) in Embarcadero Delphi XE6 20.0.15596.9843 and C++ Builder XE6 20.0.15596.9843 allows remote attackers to execute arbitrary code via a crafted BMP file.

CVE-2014-2375
Published: 2014-09-15
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature.

CVE-2014-2376
Published: 2014-09-15
SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2014-2377
Published: 2014-09-15
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag.

CVE-2014-3077
Published: 2014-09-15
IBM SONAS and System Storage Storwize V7000 Unified (aka V7000U) 1.3.x and 1.4.x before 1.4.3.4 store the chkauth password in the audit log, which allows local users to obtain sensitive information by reading this log file.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
CISO Insider: An Interview with James Christiansen, Vice President, Information Risk Management, Office of the CISO, Accuvant