Forgot your password?
typodupeerror
Music Security Sony Entertainment

Hackers Nab Unreleased Michael Jackson Tracks From Sony 192

Posted by samzenpus
from the take-a-look-at-yourself-and-then-make-a-change dept.
wiredmikey writes "Sony once again has found itself in the news surrounding another hacking-related incident. This time around, the breach doesn't appear to involve any lost user data or customer accounts, but instead, some valuable property owned by the record company. Today, several British news outlets have reported that more than 50,000 music tracks have been illegally accessed and downloaded by hackers, including a large number from the late Michael Jackson. Sony bought the catalog from Jackson's estate for $250 million in 2010, giving the company distribution rights to the unreleased music. The attack reportedly occurred shortly after details of the massive PlayStation Network breach last April, but details were only revealed this past weekend."
This discussion has been archived. No new comments can be posted.

Hackers Nab Unreleased Michael Jackson Tracks From Sony

Comments Filter:
  • why? (Score:5, Interesting)

    by MickyTheIdiot (1032226) on Monday March 05, 2012 @11:48AM (#39248315) Homepage Journal

    Not every system you have needs to be connected to the Internet. Why in the world was such valuable digital property on a system that had ANY connection to the Internet, thorough NAT or otherwise?

    I'm sorry... it just doesn't make sense. It's like all the talk of the vulnerable power grid... just don't put those items on the open internet. Or better yet... don't network them at all and have a human attend it in a secure place.

    • Re: (Score:2, Insightful)

      by Loether (769074)
      Wow what a pain that would be to administer such a landlocked system. Patching, backups, updating the content, accessing the content. What do they do when they want to access the file to mix it, or to distribute, publish the new song. What do they do when they get a new artist signed and it's time to add a song to the collection. Send in Joe the Admin with his thumbdrive to download or upload the needed song. I agree with you that there security is beyond poor, but land-locking the entire system as a
      • Re:why? (Score:5, Insightful)

        by jesseck (942036) on Monday March 05, 2012 @12:21PM (#39248853)

        I agree with you that there security is beyond poor, but land-locking the entire system as a solution to me doesn't seem like the best course of action.

        I guess it depends on how valuable the item is- if RIAA were to be counting, what was stolen was trillions of dollars. A thumbdrive and a dedicated admin to administer the landlocked system is a fraction of the value in that case.

        Of course, in the real world, Sony knew the music was not worth trillions, and that is why it was connected to the Internet.

      • by bernywork (57298)

        There is plenty of times these exact things happen. It's called "Security" and it's big business. While you complain about it, in a lot of places these things happen for a reason and yes there is security personnel who review data brought between the networks. Stop being so short sighted.

        • Re: $50,000 Tracks (Score:5, Insightful)

          by TaoPhoenix (980487) <TaoPhoenix@yahoo.com> on Monday March 05, 2012 @12:44PM (#39249223) Journal

          Wait a minute, the Spin Doctor got here and led us right where he wants us.

          So the real story is that Sony lost security on 50,000 tracks and the title became "Michael Jackson tracks copied"?! Really? They had to pick one of only about 10 Flamebait artists?

        • by Sir_Sri (199544)

          Again though, if you have 25 studios all around the world, each one of which could be working on all or part of a track, it becomes very hard to manage thousands of separate pieces of data.

          It's not that the potential security arrangements are impossible, they certainly aren't, record companies did business long before the internet, so that's even an option. It's that an effective, collaborative workflow for hundreds or thousands of employees around the world, or even on one large facility, it's a time wast

          • by Lumpy (12016)

            "Again though, if you have 25 studios all around the world, each one of which could be working on all or part of a track, it becomes very hard to manage thousands of separate pieces of data."

            that never happens. they dont mix the beginning in hong kong and then have the ireland guys clean up the drums.

            and even if you had to have such a wacked out unrealistic setup, you can easily have an isolated network that spans the globe, you just pay for a point to point connection. the size of sony, they could purch

            • by Sir_Sri (199544)

              Are you sure they don't? I did IT work for a guy who had a studio in toronto where he did guitar work for artists, which they did real time collaboration with other studios to integrate things. The artist could be in London or Los Angles or the like and they had some setup where they could collaboratively combine all of that stuff at once. I know his studio did voice work as well, but his specialty was guitar so I know they had some special hookup on the guiltar so it would transmit specially (i.e. the f

      • Wow what a pain that would be to administer such a landlocked system. Patching, backups, updating the content, accessing the content.

        Do you really need to do those things on a machine that has no network connection?

        Assuming that when the machine was put into place it did the functions it was required to, what is the point of updating? I remember doing an update on a machine once to find out that the single file changed was the software providers logo - they had changed a background color and listed it as a required update.

        • Do you really need to do those things on a machine that has no network connection?

          Absolutely -- there are going to be insider threats, and they have the potential to do more damage than outsiders. Do you really think that your $35k/year janitor is not going to be paid twice that by someone trying to download your valuable data? Do you really think that a disgruntled employee would not try to run an exploit pack on your airgapped, security-sensitive system? Security is about more than simply keeping the outsiders out.

          • by Lumpy (12016)

            You know how easy it is to get someone to infiltrate the cleaning crew? IF you want in a company's secret systems, that is what you do. The morons on the executive wing and security office don't understand this. the only way to fix it is either pay the cleaning people handsomely, or clean up your own trash. Either one will never happen in a corporation.

            In fact at comcast we used to call the cleaning crew to get into the areas we did not have access. Their keycards would let them in everywhere, includ

            • How about clean while you're there like it happens in our place? (Unless you can't handle a minor interruption once a day)

              • How about clean while you're there like it happens in our place? (Unless you can't handle a minor interruption once a day)

                Yeah, like I'm going to pick up trash in my f**king $6300 suit.

                Come on!

                (/gob)

                • I fucked up what I was trying to say. The cleaning crew comes when we are present. If we are not present, door is locked and no one gets inside.

      • Re:why? (Score:5, Insightful)

        by betterunixthanunix (980855) on Monday March 05, 2012 @12:52PM (#39249385)

        Wow what a pain that would be to administer such a landlocked system

        If you paid $250 million for the data stored on that system, and you know that there are lots of people who would love to download that data without your permission, would you really think that the administrative work is too much? That should have been one of the highest security systems Sony owned, and it should not have been connected to the Internet.

        What do they do when they want to access the file to mix it, or to distribute, publish the new song

        None of those require an Internet connection. You can connect the computers involved in mixing to a private network, where you can control who has access to the network and you can monitor the network as a whole, and then you can transfer the files. Likewise with machines that publish the music on physical media. Publishing electronically will be harder, but for the money they paid for that data, it seems like a reasonable effort.

        What do they do when they get a new artist signed and it's time to add a song to the collection

        Not store it on the same system as the collection that can never be updated, and that once leaked loses a lot of value. This sounds like a pretty typical MLS problem.

        • Sony did not pay $250,000 for copies of those songs. They paid $250,000 for the rights to SELL (or license as they call it) those songs for a profit. Sure, someone could steal the songs, but the "thief" is not going to be able to then sell those albums for $10 a pop at HMV or post them on iTunes. Remember, as soon as they start selling the songs, security of the original version is pretty much pointless since everyone with 10 bucks can get a legal copy as well. The only exception (as the title actually poin
      • If I ever complete my novel and become famous I plan to do exactly this. Maintain a landlocked system where I write.

        Of course- I need to complete a book first. Before that- I need to learn basic grammer and spelling.

      • by Lumpy (12016)

        The same thing they do on Video editing systems at most places. cart the files on a drive. I did IT for a major Tv production house, none of the AVID's were on a private separated network. all projects and assets were carted around outside the AVID isolated network and media server.

        IF IT whines, you smack them and tell them to STFU and RTFM as putting extra effort into protecting the machines that actually makes money is more important than upsetting a few wanna-be BOFH's.

      • I suppose this is why all the top secret military information is on machines hooked up to the internet - so that it's easy to patch them.

        If you have information that you never want to be released, why keep it on a "machine" at all? You'd put that data onto several kinds of storage media, to future-proof it, and store several copies in different locked vaults. No need at all to even have it available live.

    • Re:why? (Score:5, Insightful)

      by Lennie (16154) on Monday March 05, 2012 @11:57AM (#39248491) Homepage

      It might have started with just a desktop with a browser you know. After one system gets compromised it might be possible to get deeper in the corporate networks of Sony.

      Even the Nuclear facilities in Iran were not connected the Internet (it did have an air gap) but the Stuxnet virus still got in.

      • Sure, data got in, Stuxnet got in. But no data got out. If you want to protect your IP from "theft" (they still have the data, so any file sharing evangelist won't call it theft) landlocking seems like a perfect layer of security. Trusting just the one layer is not very smart, but as security layers come, in this case, it would be quite effective.

        Encrypting each individual track and storing the keys on another landlocked location would make it a lot better, but it would make access to the date quite a bit
        • by Dog-Cow (21281) on Monday March 05, 2012 @12:46PM (#39249277)

          All my servers are landlocked. Unless the data center gets flooded.

        • by tlhIngan (30335)

          Sure, data got in, Stuxnet got in. But no data got out. If you want to protect your IP from "theft" (they still have the data, so any file sharing evangelist won't call it theft) landlocking seems like a perfect layer of security. Trusting just the one layer is not very smart, but as security layers come, in this case, it would be quite effective.

          If Stuxnet could get in, it could leak data out (It just wasn't designed to). The fact it got in meant people with thumbdrives were regularly plugging stuf

      • Even the Nuclear facilities in Iran were not connected the Internet (it did have an air gap) but the Stuxnet virus still got in.

        Getting in is the 'easy' part. It is the getting back out with useful information where the air-gap is useful.

        Even the US DoD's air-gap networks were infilitrated [wired.com] but the attack didn't get back out again

    • Re:why? (Score:5, Insightful)

      by AvitarX (172628) <<gro.derdnuheniwydnarb> <ta> <em>> on Monday March 05, 2012 @12:04PM (#39248587) Journal

      It's fucking music tracks they were not releasing to cash in at a later point.

      This was going to be available at some point in the future, and it's better for society that it's available now. Locked up in a vault they had zero value.

      • Re:why? (Score:5, Insightful)

        by poetmatt (793785) on Monday March 05, 2012 @12:17PM (#39248783) Journal

        Yep, this actually highlights some really supreme losses to society by virtue of the Jackson estate hoarding the shit out of Michael's music and Sony too.

        Were it not for this we'd see Jackson remixes for the next 100 years if Sony had their way. Good on the hackers to get that stuff out there instead into society where *society* can benefit.

        Talk about greed vs culture.

        • Re:why? (Score:5, Insightful)

          by Richard_at_work (517087) <<richardprice> <at> <gmail.com>> on Monday March 05, 2012 @12:46PM (#39249275)

          I'm sorry, is "society" really entitled to everything a person created, ever? Even if they themselves never published it to the world?

          My opinion is that, no, society isn't entitled to everything - a person is quite entitled to not release something and its no loss at all to society at large, because it never influenced it in the first place.

          • Re:why? (Score:5, Insightful)

            by Toze (1668155) on Monday March 05, 2012 @03:49PM (#39252319)

            because it never influenced it in the first place.

            Except that Michael Jackson was influenced by Little Richard, James Brown, and Diana Ross. And Michelangelo lifted Ghiberti's Gates of Paradise for the posing of the Sistine Chapel. And every artist ever is influenced tremendously by all the artists that preceded them, and no art is created ex nihilo. The arguments for not releasing an artist's work (ie copyright) are never that the artist doesn't owe anything to society, but that the artist needs to make a living, or to ensure that their children are provided for.

            In other words, yes, society really is entitled to everything a person creates, ever, even if they never published it, because that person appropriated the majority of their work from society in the first place. Our societies have, in the last 400 years, been willing to trade some of what we're owed in free speech in order to provide monetary reward to the artists, but we're still owed that speech. Disney didn't invent Cinderella, Dan Brown didn't invent the Catholic church, Dan Bull didn't invent either rapping or Skyrim (nor did Bioware invent fantasy adventure or videogames, nor did Tolkien invent magic rings or elves, etc.., etc., etc.).

            • I'm sorry, but that entire argument is just fucking ridiculous, but I expect nothing less of a community such as Slashdot to come up with such rubbish.

              The fact that an artist is influenced by those that went before him has absolutely nothing to do with the apparent appropriation of private, unreleased works - you have no right to those, no entitlement to them, and there is no justification you can give to support the forced acquisition of said private works.

              I couldn't care less that Disney didn't invent Cin

              • by Toze (1668155)

                Wow, you're really mad about this, huh? Okay. I have a clarification and a question.

                The clarification is that I was talking about completed works after the artist's death.
                The question is this; you describe the idea of society being owed the creative work as "rubbish" and "ridiculous" and "sociopathic" and "infantile" and that releasing work "should be" the artist's choice. Why? I get that you don't buy the idea that all art is theft- though I disagree with you on that- but you haven't explained what system

          • Re: (Score:2, Insightful)

            by mcgrew (92797) *

            I'm sorry, is "society" really entitled to everything a person created, ever? Even if they themselves never published it to the world?

            Yes. Article 2, section 8 of the US Constitution:

            The Congress shall have power to... promote the progress of science and useful arts, by securing for limited times to authors and inventors the exclusive right to their respective writings and discoveries;

            Copyright is granted in order for more works to become the public domain's. I don't own the stories I write, you do, as does

          • by poetmatt (793785)

            Yes, they are. Why do you suppose copyright isn't forever? Eventually society is entitled to everything. It's just that people are selfish *and* idiotic and think that hoarding is somehow better. (cue arguments about "Steaaaling!" etc etc).

            Not one piece of music wasn't influenced by something prior - hardly even a 'creative' work. Just a remix/derivative.

          • I'm sorry, is "society" really entitled to everything a person created, ever? Even if they themselves never published it to the world?

            My opinion is that, no, society isn't entitled to everything - a person is quite entitled to not release something and its no loss at all to society at large, because it never influenced it in the first place.

            This is an excellent point that just helped me clarify my own views on copyright:
            A person or organization should not be allowed unlimited control over something they have used to influence society.
            A person or organization SHOULD be allowed unlimited control over the choice of whether to use some work to influence society.

            Pedants aside, and following the "Limited" discussion in the AT&T story, restricting socialization of works artificially in order to "create" value for the producer is anti-social. The

      • Re: (Score:2, Informative)

        it's better for society that it's available now

        I disagree- this is Michael Jackson's music we're talking about- it is better that this never is broardcast ever. Legally or illlegally.

    • Maybe they try to break their own 2011 hacking record? Frankly, considering the numerous and obvious methods used in 2011 (like SQL injection) I would not be surprised to learn (maybe from the inside) that their IT organization is an unimaginable mess.
    • by ackthpt (218170)

      Not every system you have needs to be connected to the Internet. Why in the world was such valuable digital property on a system that had ANY connection to the Internet, thorough NAT or otherwise?

      I'm sorry... it just doesn't make sense. It's like all the talk of the vulnerable power grid... just don't put those items on the open internet. Or better yet... don't network them at all and have a human attend it in a secure place.

      Really couldn't agree more. There'd be so little to read on Slashdot if people had a lick of sense anymore regarding networking computers. If it needs to be on the local network, put it there. If it needs to get to the outside, put it behind a firewall. If it doesn't require any connectivity, then don't network it at all (damn Microsoft and their auto-updates, forget about them!)

      Geez, it's like the current generation of IT people would, in charge of a bank, leave the doors and vault open all night, with

    • The data on those machines was not worth $250,000 as many people erroneously assume. It was the LICENSE to SELL those songs on the market that was worth $250,000. The instant Sony starts making any money (by selling/licensing them), they are instantly available for $.99/each. The "thieves" did not steal the $250,000 licenses, they simply stole one copy of each song (which are all either available already or will be soon). The only material stolen that could POSSIBLY be considered a problem would be tracks t
    • by tixxit (1107127)
      I do agree it was silly. Nonetheless, I (somewhat) recently read Kevin Mitnick's autobiography Ghost in the Wires. At some point he was basically going around collecting the source code of phone operating systems. For one OS, he went so far as to have someone mail out a set of floppies with the OS on it, since he couldn't get in from the outside.
    • by AmiMoJo (196126)

      It's obvious, when they want to distribute their latest (s)hits they use Megaupload! Didn't you see the video? Loads of Sony artists use it!

  • Smooth (Score:5, Funny)

    by Anonymous Coward on Monday March 05, 2012 @11:49AM (#39248325)

    Some smooth criminals!

  • Good marketing (Score:4, Insightful)

    by asdbffg (1902686) on Monday March 05, 2012 @11:49AM (#39248329)
    Really. This will get some good buzz going in advance of Sony formally releasing the tracks.
    • I wouldn't be surprised if those where the only copies, and the hackers deleted them. But they'll probably chase after the hackers and force them to re-upload the tracks to their servers in either case.

      • Re:Good marketing (Score:5, Insightful)

        by DarkOx (621550) on Monday March 05, 2012 @12:00PM (#39248527) Journal

        I certainly how those were the only copies and the hackers deleted them. If there is one thing Sony does not need its more money, and if there is one thing I don't want to have to suffer hearing on the play list of every pub, is more of that man's terrible music.

      • Highly unlikely that they are the only copy, knowing sony they are probably behind the times, and thus have copies on CD's for the executives to listen to, and no matter how good a hacker is... destroying CDs remotely is not an easy feat.
  • including a large number from the late Michael Jackson

    And nothing of value was lost ...

  • Will Sony finally get their heads out of their asses and get some adequate security now that they have gotten something important stolen from them instead of their customers?

  • Would copyright law apply to unreleased (and potentially unknown) materials? What if someone stamped their copyright notice on those stolen materials? How would Sony prove ownership and (exclusive) distribution rights? And would the simple assertion ("it's ours") be enough to support a take-down notice? Could anyone take down anything merely by making such a claim?

    • by langelgjm (860756)
      If the songs were created anytime in the past few decades, copyright applies automatically upon fixation of the work in a tangible medium of expression. Publication is not necessary. The rules for older works get much more complicated, but unlikely to apply here.
    • Copyright exists when the work is created. Registering a copyright with the appropriate government agency makes it official. One of requirements of copyright is ownership so someone other than Sony trying to register these works would likely be challenged. See the SCO v Novell situation. Novell registered the Unix copyrights before SCO did because of SCO's behavior.
  • Where's the music? (Score:5, Interesting)

    by Dan East (318230) on Monday March 05, 2012 @11:55AM (#39248463) Homepage Journal

    So where is this music? Why hasn't it spread far and wide over the net? I suspect the hackers are holding onto it in an attempt to blackmail Sony for a big chunk of cash.

    • by Hatta (162192)

      If I cared, I'd look for it on USENET or one of the darknets. Anyone connecting to a tracker that hosts this archive is begging for a lawsuit.

    • You know, Weapons of Mass Distortion...

      and not all of these tracks are by artist people want to hear, I mean, there are good chances of unreleased Celine Dion tracks in there. Think of the children

    • by ZombieBraintrust (1685608) on Monday March 05, 2012 @12:11PM (#39248667)
      Hackers likely didn't know what they had. They grabbed a ton of data and used software to sift through it for passwords, credit cards and email addresses. Going through all the music and finding the songs that were unrealeased would take plenty of ears or a music matching database. That is why Sony waited a full year before talking about this.
    • Maybe it was unreleased (and nobody bothered to make a torrent out of it) because it was actually awful?

  • by ciderbrew (1860166) on Monday March 05, 2012 @11:57AM (#39248483)
    Sony, distribution is not a right. Well it's not now anyway.
  • Is there a torrent or something now?

  • by Anonymous Coward

    Anyone want to bet that Sony will put a lot more time and money into this round of hacking versus the loss of customer data that happened previously?

  • I've never had much of a problem with the mischief-cracking set.

    This could change my mind.

  • Look, nothing against the guy, but how many people young enough to pirate still give a rat's ass about a singer whose career peeked about 25 years ago?

    • a singer whose career peeked about 25 years ago?

      Some witty rejoinder about poking would appear to be in order, but unfortunately I can't find any way at all to link it to the deceased performer in question.

    • by Ziekheid (1427027)

      You might want to think again when it comes to true sceners vs the average P2P user when it comes to age.
      Also, you might want to have a look at the itunes sales from 'a singer whose career peeked about 25 years ago'.

    • His career peaked 25 years ago, and he's dead; But I'll bet he still earned more money than you did last year...
    • by Hentes (2461350)

      It might come as a surprise but there are also people listening to music that is hundreds of years old.

  • Truly baffling (Score:5, Interesting)

    by Anonymous Coward on Monday March 05, 2012 @12:16PM (#39248745)

    Ok. So 50,000 tracks got downloaded.

    Let's say for sake of argument, and since this was from their digital archive according to news radio this morning, that each of these tracks were in format of uncompressed audio. Would they really keep tracks as AAC, MP3, or MPA in their digital archive? I'm gonna be generous here and say each track was 25MB. That's roughly, 125GB of data to be downloaded. That isn't something you do overnight. That's something that takes days if not weeks, and possibly a month. Massive net security failure here, or what?

    You have an obviously massive amount of money invested in that archive, and yet you don't protect it with approriate network security? I have to wonder how much their yearly network security expenditure was to protect that investment. $10,000? Clearly, they still haven't gotten the message that network security is important, even after the PSN lashing.

    As little as I want to sympathize with Sony and it's continual targetting by subverts of the net, I just can't. They're a multi-Billion dollar a year company who have been in business for DECADES! How are you still in business with blunders like this?!?!? How the hell can you go around dropping hundreds of Millions on music catalogues and not protect your investment?

    On a personal note, I wrote off Sony in 2000 when I bought my last TV whose components shorted at half their estimated life-time. I'm just truly baffled that a company this large, and with such massive influence and monies, can't take its online presence seriously.

    • by Baloroth (2370816)

      This is Sony. Their idea of a Captcha is, well, this [sony.com] (Google, BTW, returns the Captcha letters in plaintext if you search for it. Yeah, not so good on the "stopping bots" there Sony). Sony is simply incompetent when it comes to security: there is no other way to put it. Their vaunted PS3 secure bootloader? Yeah, turns out they don't know how to properly sign their keys (instead of using random numbers in the signature, they always used the same number, allowing anyone to discover their private signing key w

      • by TheCarp (96830)

        Yes yes but any large enough org starts to stop acting like a single company at some point, and more like a country. Sure there is some central group who speak for everyone and claim singular direction and vision, when the reality is, they are full of different and often competing interests.

        It would surprise me more if they had all of the source for all of their software hosted on an unsecured FTP server...just because its unlikely there is a single company-wide repository...or even if there is one.... that

      • It's worse than that, the Captcha isn't even an image, it's a table with random vertical aligns (top, bottom). The letters are plain text in the source that Sony thinks disabling the context menu will protect.

  • Support your artists (Score:4, Interesting)

    by GodfatherofSoul (174979) on Monday March 05, 2012 @12:28PM (#39248951)

    If you don't want to more and more corporate-produced, demographically-designed artists, start buying your damned CDs from the people you like instead of downloading it for free and complaining about how crappy music is nowadays. I'm not even a huge music fan, but I make a point to buy CDs when I hear something I like.

  • by mindcandy (1252124) on Monday March 05, 2012 @12:31PM (#39249005)
    filetype:torrent "tiny violins"
  • No matter whether Sony should've kept this on an isolated network or they weren't really planning to do anything with the tracks, I expect them to portray this incident as evidence in support of legally locking down all digital media. I would not be surprised if the "look what can happen" card will be played with renewed vigor.

    • Michael Jackson is dead - so he is not going to finish or republish anything
    • Jackson -if you liked him or not- had massive influence on pop music during his creative phase
    • SONY kept unpublished works as "property" and locked away from the public
    • they had no right to do so

    They might be legally entitled to do so but this only shows how screwed up IP is as a concept. You can not seriously keep unpublished works of an artist locked away after his death, as they are of common interest. History of culture and especially contemporary music would be plain incomplete and partially wrong if noone can find out which pieces a major artist did not publish and for what reasons. In fine arts and literature this is considered obvious, in music it always has been - before major labels and their absurd ideas about "owning" works arose. No need to mention that creative works are not solitary, isolated entities but results and part of their cultural context. To lock this context away, means to cripple culture itself. It doesn't matter if you agree. Progress won't matter. It will just happen elsewhere.

  • by swschrad (312009) on Monday March 05, 2012 @01:53PM (#39250391) Homepage Journal

    if you got your CS skills from matchbook U, there's a job for you at Sony.

  • by Jawnn (445279)
    Why couldn't they have stolen some good music? Go ahead. Tag me for trolling. I don't care. Even at it's best, MJ's music, like so much "pop" music, has little to recommend it, sonically or stylistically.

1 Dog Pound = 16 oz. of Alpo

Working...