Hackers Nab Unreleased Michael Jackson Tracks From Sony 192
wiredmikey writes "Sony once again has found itself in the news surrounding another hacking-related incident. This time around, the breach doesn't appear to involve any lost user data or customer accounts, but instead, some valuable property owned by the record company. Today, several British news outlets have reported that more than 50,000 music tracks have been illegally accessed and downloaded by hackers, including a large number from the late Michael Jackson. Sony bought the catalog from Jackson's estate for $250 million in 2010, giving the company distribution rights to the unreleased music. The attack reportedly occurred shortly after details of the massive PlayStation Network breach last April, but details were only revealed this past weekend."
why? (Score:5, Interesting)
Not every system you have needs to be connected to the Internet. Why in the world was such valuable digital property on a system that had ANY connection to the Internet, thorough NAT or otherwise?
I'm sorry... it just doesn't make sense. It's like all the talk of the vulnerable power grid... just don't put those items on the open internet. Or better yet... don't network them at all and have a human attend it in a secure place.
Re: (Score:2, Insightful)
Re:why? (Score:5, Insightful)
I agree with you that there security is beyond poor, but land-locking the entire system as a solution to me doesn't seem like the best course of action.
I guess it depends on how valuable the item is- if RIAA were to be counting, what was stolen was trillions of dollars. A thumbdrive and a dedicated admin to administer the landlocked system is a fraction of the value in that case.
Of course, in the real world, Sony knew the music was not worth trillions, and that is why it was connected to the Internet.
Re: (Score:2)
There is plenty of times these exact things happen. It's called "Security" and it's big business. While you complain about it, in a lot of places these things happen for a reason and yes there is security personnel who review data brought between the networks. Stop being so short sighted.
Re: $50,000 Tracks (Score:5, Insightful)
Wait a minute, the Spin Doctor got here and led us right where he wants us.
So the real story is that Sony lost security on 50,000 tracks and the title became "Michael Jackson tracks copied"?! Really? They had to pick one of only about 10 Flamebait artists?
Re: (Score:2)
Again though, if you have 25 studios all around the world, each one of which could be working on all or part of a track, it becomes very hard to manage thousands of separate pieces of data.
It's not that the potential security arrangements are impossible, they certainly aren't, record companies did business long before the internet, so that's even an option. It's that an effective, collaborative workflow for hundreds or thousands of employees around the world, or even on one large facility, it's a time wast
Re: (Score:2)
"Again though, if you have 25 studios all around the world, each one of which could be working on all or part of a track, it becomes very hard to manage thousands of separate pieces of data."
that never happens. they dont mix the beginning in hong kong and then have the ireland guys clean up the drums.
and even if you had to have such a wacked out unrealistic setup, you can easily have an isolated network that spans the globe, you just pay for a point to point connection. the size of sony, they could purch
Re: (Score:2)
Are you sure they don't? I did IT work for a guy who had a studio in toronto where he did guitar work for artists, which they did real time collaboration with other studios to integrate things. The artist could be in London or Los Angles or the like and they had some setup where they could collaboratively combine all of that stuff at once. I know his studio did voice work as well, but his specialty was guitar so I know they had some special hookup on the guiltar so it would transmit specially (i.e. the f
Re: (Score:2)
Wow what a pain that would be to administer such a landlocked system. Patching, backups, updating the content, accessing the content.
Do you really need to do those things on a machine that has no network connection?
Assuming that when the machine was put into place it did the functions it was required to, what is the point of updating? I remember doing an update on a machine once to find out that the single file changed was the software providers logo - they had changed a background color and listed it as a required update.
Re: (Score:2)
Do you really need to do those things on a machine that has no network connection?
Absolutely -- there are going to be insider threats, and they have the potential to do more damage than outsiders. Do you really think that your $35k/year janitor is not going to be paid twice that by someone trying to download your valuable data? Do you really think that a disgruntled employee would not try to run an exploit pack on your airgapped, security-sensitive system? Security is about more than simply keeping the outsiders out.
Re: (Score:2)
You know how easy it is to get someone to infiltrate the cleaning crew? IF you want in a company's secret systems, that is what you do. The morons on the executive wing and security office don't understand this. the only way to fix it is either pay the cleaning people handsomely, or clean up your own trash. Either one will never happen in a corporation.
In fact at comcast we used to call the cleaning crew to get into the areas we did not have access. Their keycards would let them in everywhere, includ
Re: (Score:2)
How about clean while you're there like it happens in our place? (Unless you can't handle a minor interruption once a day)
Re: (Score:2)
How about clean while you're there like it happens in our place? (Unless you can't handle a minor interruption once a day)
Yeah, like I'm going to pick up trash in my f**king $6300 suit.
Come on!
(/gob)
Correction. (Score:2)
I fucked up what I was trying to say. The cleaning crew comes when we are present. If we are not present, door is locked and no one gets inside.
Re:why? (Score:5, Insightful)
Wow what a pain that would be to administer such a landlocked system
If you paid $250 million for the data stored on that system, and you know that there are lots of people who would love to download that data without your permission, would you really think that the administrative work is too much? That should have been one of the highest security systems Sony owned, and it should not have been connected to the Internet.
What do they do when they want to access the file to mix it, or to distribute, publish the new song
None of those require an Internet connection. You can connect the computers involved in mixing to a private network, where you can control who has access to the network and you can monitor the network as a whole, and then you can transfer the files. Likewise with machines that publish the music on physical media. Publishing electronically will be harder, but for the money they paid for that data, it seems like a reasonable effort.
What do they do when they get a new artist signed and it's time to add a song to the collection
Not store it on the same system as the collection that can never be updated, and that once leaked loses a lot of value. This sounds like a pretty typical MLS problem.
Re: (Score:2)
Re: (Score:2)
If I ever complete my novel and become famous I plan to do exactly this. Maintain a landlocked system where I write.
Of course- I need to complete a book first. Before that- I need to learn basic grammer and spelling.
Re: (Score:2)
The same thing they do on Video editing systems at most places. cart the files on a drive. I did IT for a major Tv production house, none of the AVID's were on a private separated network. all projects and assets were carted around outside the AVID isolated network and media server.
IF IT whines, you smack them and tell them to STFU and RTFM as putting extra effort into protecting the machines that actually makes money is more important than upsetting a few wanna-be BOFH's.
Re: (Score:2)
I suppose this is why all the top secret military information is on machines hooked up to the internet - so that it's easy to patch them.
If you have information that you never want to be released, why keep it on a "machine" at all? You'd put that data onto several kinds of storage media, to future-proof it, and store several copies in different locked vaults. No need at all to even have it available live.
Re: (Score:3)
Pretty sure he knows what the actual definition of landlocked is.
And yet, everyone instantly knew what he meant. Perfectly intuitive metaphor (ie, the internet as ocean).
Re:why? (Score:4, Funny)
Ohhhhhh, so that's where Clouds come from. I get it now.
Re:why? (Score:5, Insightful)
It might have started with just a desktop with a browser you know. After one system gets compromised it might be possible to get deeper in the corporate networks of Sony.
Even the Nuclear facilities in Iran were not connected the Internet (it did have an air gap) but the Stuxnet virus still got in.
But did data get out? (Score:2)
Encrypting each individual track and storing the keys on another landlocked location would make it a lot better, but it would make access to the date quite a bit
Re:But did data get out? (Score:4, Funny)
All my servers are landlocked. Unless the data center gets flooded.
Re: (Score:3)
If Stuxnet could get in, it could leak data out (It just wasn't designed to). The fact it got in meant people with thumbdrives were regularly plugging stuf
Re: (Score:2)
Even the Nuclear facilities in Iran were not connected the Internet (it did have an air gap) but the Stuxnet virus still got in.
Getting in is the 'easy' part. It is the getting back out with useful information where the air-gap is useful.
Even the US DoD's air-gap networks were infilitrated [wired.com] but the attack didn't get back out again
Re:why? (Score:5, Insightful)
It's fucking music tracks they were not releasing to cash in at a later point.
This was going to be available at some point in the future, and it's better for society that it's available now. Locked up in a vault they had zero value.
Re:why? (Score:5, Insightful)
Yep, this actually highlights some really supreme losses to society by virtue of the Jackson estate hoarding the shit out of Michael's music and Sony too.
Were it not for this we'd see Jackson remixes for the next 100 years if Sony had their way. Good on the hackers to get that stuff out there instead into society where *society* can benefit.
Talk about greed vs culture.
Re:why? (Score:5, Insightful)
I'm sorry, is "society" really entitled to everything a person created, ever? Even if they themselves never published it to the world?
My opinion is that, no, society isn't entitled to everything - a person is quite entitled to not release something and its no loss at all to society at large, because it never influenced it in the first place.
Re:why? (Score:5, Insightful)
because it never influenced it in the first place.
Except that Michael Jackson was influenced by Little Richard, James Brown, and Diana Ross. And Michelangelo lifted Ghiberti's Gates of Paradise for the posing of the Sistine Chapel. And every artist ever is influenced tremendously by all the artists that preceded them, and no art is created ex nihilo. The arguments for not releasing an artist's work (ie copyright) are never that the artist doesn't owe anything to society, but that the artist needs to make a living, or to ensure that their children are provided for.
In other words, yes, society really is entitled to everything a person creates, ever, even if they never published it, because that person appropriated the majority of their work from society in the first place. Our societies have, in the last 400 years, been willing to trade some of what we're owed in free speech in order to provide monetary reward to the artists, but we're still owed that speech. Disney didn't invent Cinderella, Dan Brown didn't invent the Catholic church, Dan Bull didn't invent either rapping or Skyrim (nor did Bioware invent fantasy adventure or videogames, nor did Tolkien invent magic rings or elves, etc.., etc., etc.).
Re: (Score:2)
I'm sorry, but that entire argument is just fucking ridiculous, but I expect nothing less of a community such as Slashdot to come up with such rubbish.
The fact that an artist is influenced by those that went before him has absolutely nothing to do with the apparent appropriation of private, unreleased works - you have no right to those, no entitlement to them, and there is no justification you can give to support the forced acquisition of said private works.
I couldn't care less that Disney didn't invent Cin
Re: (Score:2)
Wow, you're really mad about this, huh? Okay. I have a clarification and a question.
The clarification is that I was talking about completed works after the artist's death.
The question is this; you describe the idea of society being owed the creative work as "rubbish" and "ridiculous" and "sociopathic" and "infantile" and that releasing work "should be" the artist's choice. Why? I get that you don't buy the idea that all art is theft- though I disagree with you on that- but you haven't explained what system
Re: (Score:2, Insightful)
I'm sorry, is "society" really entitled to everything a person created, ever? Even if they themselves never published it to the world?
Yes. Article 2, section 8 of the US Constitution:
Copyright is granted in order for more works to become the public domain's. I don't own the stories I write, you do, as does
Re: (Score:2)
Yes, they are. Why do you suppose copyright isn't forever? Eventually society is entitled to everything. It's just that people are selfish *and* idiotic and think that hoarding is somehow better. (cue arguments about "Steaaaling!" etc etc).
Not one piece of music wasn't influenced by something prior - hardly even a 'creative' work. Just a remix/derivative.
Re: (Score:2)
I'm sorry, is "society" really entitled to everything a person created, ever? Even if they themselves never published it to the world?
My opinion is that, no, society isn't entitled to everything - a person is quite entitled to not release something and its no loss at all to society at large, because it never influenced it in the first place.
This is an excellent point that just helped me clarify my own views on copyright:
A person or organization should not be allowed unlimited control over something they have used to influence society.
A person or organization SHOULD be allowed unlimited control over the choice of whether to use some work to influence society.
Pedants aside, and following the "Limited" discussion in the AT&T story, restricting socialization of works artificially in order to "create" value for the producer is anti-social. The
Re: (Score:2, Informative)
it's better for society that it's available now
I disagree- this is Michael Jackson's music we're talking about- it is better that this never is broardcast ever. Legally or illlegally.
Re:why? (Score:5, Insightful)
While I don't condone the theft, your comment is striking in how it highlights the way copyright has gone astray. Some of Micheal's music has been in copyright for close to 40 years already. And yet for a lucid, rational person for yourself, it seems reasonable to put forward that his kids need another shot of royalties so that they will have a "legacy". Now, I have nothing against providing your children (especially young children) with a bundle of cash to get them through early life and their educations - hell, maybe even a nice starter-mansion and first Rolls-Royce... but all of that could have been done through saving his money, investments, and life insurance... they sure don't need society to grant them welfare payments just because their dad(?) was a good singer.
Copyright is supposed to be about convincing artists to produce their creative works. It's supposed to be about making it a reasonable career choice to become a singer, painter, artist, etc. Why? So that we, as a society, get more creative output. It is not about making sons-of-good-singers rich. When the artist you are providing an incentive to dies, the incentive should die as well. At the very least, it should die within the number of years that a typical corporation plans for. If I'm being generous, Sony might have a 10-year plan.
As for the pizza parlor and the UPS man, this is beginning to sound an awful lot like the broken window fallacy to me. I have a sneaking suspicion that UPS could ship works based upon Michael Jackson's songs that fell into public domain just as well as they ship his 20-30 year-old stuff.
Re: (Score:2)
they sure don't need society to grant them welfare payments just because their dad(?) was a good singer.
Or their granddad. Or their great granddad. Because there's copyrights around now that have outlived not merely the creator but also some (or all) of the creator's children, even when the creator died early and the children are dying of old age. The great-grandkids are old enough to have jobs while the works of someone who's more ancestor than family member are still under copyright, not that they ever see the profits anyway.
Long way from the desperate-widow-and-her-baby-in-a-shack image the companies pro
Re: (Score:2)
Shold MJ's kids profit form "anyone" singing MJ's songs? I don't think so. Should they profit from copies of their Father singing the song? I don't see a problem in that.
They can and do profit from it, even without royalties. If my father was a wall street tycoon (I wish), I would benefit from it even without getting a magic royalty benefit check every month. Presumably, he would have saved some money for me (maybe in a rich boy trust?), he would have fed me well, and he would have given me a good education. The fact is that those kids did no work whatsoever - not one shred, and they are getting paid for it by society (by the government, really). That makes it pure charity,
Re: (Score:2)
I am sorry, I don't understand the 'getting paid by government' part how does this work out?
The only reason that copyright exists is through government. That we pay them directly is just an implementation detail.
I guess, to be more clear is that I believe people should get paid for tangible products they create within the scope of original CP law but the intangible elements should be shared.
I see it all as equally tangible/not tangible. Especially now with everything going digital, most music never sees any kind of physical distribution. There is also nothing less tangible about notes printed on a sheet of paper than there is bits etched on a shiny disk.
At the end of the day, it is all just information. In ye olden days, you had two choices with any kind of information: share
Re: (Score:2)
So while I understand the need
Re: (Score:2)
Still got more mod points I see?
Re: (Score:2)
Or in other words, the normal Slashdot mantra...
Re: (Score:2)
Re: (Score:2)
Not every system you have needs to be connected to the Internet. Why in the world was such valuable digital property on a system that had ANY connection to the Internet, thorough NAT or otherwise?
I'm sorry... it just doesn't make sense. It's like all the talk of the vulnerable power grid... just don't put those items on the open internet. Or better yet... don't network them at all and have a human attend it in a secure place.
Really couldn't agree more. There'd be so little to read on Slashdot if people had a lick of sense anymore regarding networking computers. If it needs to be on the local network, put it there. If it needs to get to the outside, put it behind a firewall. If it doesn't require any connectivity, then don't network it at all (damn Microsoft and their auto-updates, forget about them!)
Geez, it's like the current generation of IT people would, in charge of a bank, leave the doors and vault open all night, with
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
It's obvious, when they want to distribute their latest (s)hits they use Megaupload! Didn't you see the video? Loads of Sony artists use it!
Re: (Score:2)
Smooth (Score:5, Funny)
Some smooth criminals!
Bad (Score:5, Funny)
Re: (Score:2)
Re: (Score:2)
It was Dangerous
Re: (Score:3)
Whatever security measure Sony had in place, these hackers beat it.
Re: (Score:2)
Re:Smooth (Score:5, Funny)
Sony are you ok? Are you ok Sony?
Re: (Score:2)
Oh no!
Re: (Score:2)
Good marketing (Score:4, Insightful)
Re: (Score:2)
I wouldn't be surprised if those where the only copies, and the hackers deleted them. But they'll probably chase after the hackers and force them to re-upload the tracks to their servers in either case.
Re:Good marketing (Score:5, Insightful)
I certainly how those were the only copies and the hackers deleted them. If there is one thing Sony does not need its more money, and if there is one thing I don't want to have to suffer hearing on the play list of every pub, is more of that man's terrible music.
Re: (Score:2)
Including a large number from Michael Jackson (Score:5, Funny)
And nothing of value was lost ...
In further news ... (Score:5, Funny)
Reporter: "So you're saying that these are unreleased tracks that were made before Michael Jacksons' death?"
Sony: "No, no - these are tracks from the LATE Michael Jackson!"
Reporter: "You mean, this is stuff from AFTER he died?"
Sony: "Exactly! This is music he created after death."
Reporter: "That's didiculous! How can he write music if he's dead?"
Sony: "He's de-composing, duh!"
Sony: "It's all in the contract. When you sign with us, we really do own your soul!"
Re: (Score:2)
Of course not, it was only copied and the original version is still there.
Re: (Score:2)
I wonder (Score:2)
Will Sony finally get their heads out of their asses and get some adequate security now that they have gotten something important stolen from them instead of their customers?
Re:I wonder (Score:5, Insightful)
No. They can now just conflate crackers, hackers AND pirates and get even stricter laws into enforcement. This isn't a security problem on their end of course. This is because we're too soft on those dirty music downloaders.
Re: (Score:3)
Okay, I really can't let that go.
Whoosh.
Re: (Score:2)
Yeah, if only you had actually meant it that way.
Re: (Score:2)
Unreleased = No Copyright? (Score:2)
Would copyright law apply to unreleased (and potentially unknown) materials? What if someone stamped their copyright notice on those stolen materials? How would Sony prove ownership and (exclusive) distribution rights? And would the simple assertion ("it's ours") be enough to support a take-down notice? Could anyone take down anything merely by making such a claim?
Re: (Score:3)
Re: (Score:2)
Publication is not necessary. The rules for older works get much more complicated, but unlikely to apply here.
The question was about how they will prove they own the work. Anyone can claim they make the track in his basement with synthesizer and various audio filter. Yes, copyright apply before publication, but if you are not the first to publish the burden of the prove rest on you. While i have no doubt that Sony has enough money to win any cause in court, the question remain valid and interesting.
Afaik you could use a use a sealed postal letter to yourself (not sure if this translates correctly) or use a public notary to do something similar; both would at least work as a sign of you being in possession of the songs before they were released.
Re: (Score:2)
Where's the music? (Score:5, Interesting)
So where is this music? Why hasn't it spread far and wide over the net? I suspect the hackers are holding onto it in an attempt to blackmail Sony for a big chunk of cash.
Re: (Score:2)
If I cared, I'd look for it on USENET or one of the darknets. Anyone connecting to a tracker that hosts this archive is begging for a lawsuit.
Service to man kind (Score:3)
You know, Weapons of Mass Distortion...
and not all of these tracks are by artist people want to hear, I mean, there are good chances of unreleased Celine Dion tracks in there. Think of the children
Re:Where's the music? (Score:5, Insightful)
Re: (Score:2)
Maybe it was unreleased (and nobody bothered to make a torrent out of it) because it was actually awful?
distribution rights :) (Score:5, Interesting)
Where can we get it? (Score:2)
Is there a torrent or something now?
Arrests will be made (Score:2, Insightful)
Anyone want to bet that Sony will put a lot more time and money into this round of hacking versus the loss of customer data that happened previously?
Until now (Score:2)
This could change my mind.
Were they hackers from 1985? (Score:2)
Look, nothing against the guy, but how many people young enough to pirate still give a rat's ass about a singer whose career peeked about 25 years ago?
Re: (Score:2)
Some witty rejoinder about poking would appear to be in order, but unfortunately I can't find any way at all to link it to the deceased performer in question.
Re: (Score:2)
You might want to think again when it comes to true sceners vs the average P2P user when it comes to age.
Also, you might want to have a look at the itunes sales from 'a singer whose career peeked about 25 years ago'.
Re: (Score:2)
Re: (Score:2)
It might come as a surprise but there are also people listening to music that is hundreds of years old.
Truly baffling (Score:5, Interesting)
Ok. So 50,000 tracks got downloaded.
Let's say for sake of argument, and since this was from their digital archive according to news radio this morning, that each of these tracks were in format of uncompressed audio. Would they really keep tracks as AAC, MP3, or MPA in their digital archive? I'm gonna be generous here and say each track was 25MB. That's roughly, 125GB of data to be downloaded. That isn't something you do overnight. That's something that takes days if not weeks, and possibly a month. Massive net security failure here, or what?
You have an obviously massive amount of money invested in that archive, and yet you don't protect it with approriate network security? I have to wonder how much their yearly network security expenditure was to protect that investment. $10,000? Clearly, they still haven't gotten the message that network security is important, even after the PSN lashing.
As little as I want to sympathize with Sony and it's continual targetting by subverts of the net, I just can't. They're a multi-Billion dollar a year company who have been in business for DECADES! How are you still in business with blunders like this?!?!? How the hell can you go around dropping hundreds of Millions on music catalogues and not protect your investment?
On a personal note, I wrote off Sony in 2000 when I bought my last TV whose components shorted at half their estimated life-time. I'm just truly baffled that a company this large, and with such massive influence and monies, can't take its online presence seriously.
Re: (Score:2)
This is Sony. Their idea of a Captcha is, well, this [sony.com] (Google, BTW, returns the Captcha letters in plaintext if you search for it. Yeah, not so good on the "stopping bots" there Sony). Sony is simply incompetent when it comes to security: there is no other way to put it. Their vaunted PS3 secure bootloader? Yeah, turns out they don't know how to properly sign their keys (instead of using random numbers in the signature, they always used the same number, allowing anyone to discover their private signing key w
Re: (Score:2)
Yes yes but any large enough org starts to stop acting like a single company at some point, and more like a country. Sure there is some central group who speak for everyone and claim singular direction and vision, when the reality is, they are full of different and often competing interests.
It would surprise me more if they had all of the source for all of their software hosted on an unsecured FTP server...just because its unlikely there is a single company-wide repository...or even if there is one.... that
Re: (Score:2)
It's worse than that, the Captcha isn't even an image, it's a table with random vertical aligns (top, bottom). The letters are plain text in the source that Sony thinks disabling the context menu will protect.
Support your artists (Score:4, Interesting)
If you don't want to more and more corporate-produced, demographically-designed artists, start buying your damned CDs from the people you like instead of downloading it for free and complaining about how crappy music is nowadays. I'm not even a huge music fan, but I make a point to buy CDs when I hear something I like.
Tiny violins? (Score:5, Funny)
Legal lock down of digital media in 5..4..3..2... (Score:2)
No matter whether Sony should've kept this on an isolated network or they weren't really planning to do anything with the tracks, I expect them to portray this incident as evidence in support of legally locking down all digital media. I would not be surprised if the "look what can happen" card will be played with renewed vigor.
Data wants to be free - arts and music need to be (Score:3)
They might be legally entitled to do so but this only shows how screwed up IP is as a concept. You can not seriously keep unpublished works of an artist locked away after his death, as they are of common interest. History of culture and especially contemporary music would be plain incomplete and partially wrong if noone can find out which pieces a major artist did not publish and for what reasons. In fine arts and literature this is considered obvious, in music it always has been - before major labels and their absurd ideas about "owning" works arose. No need to mention that creative works are not solitary, isolated entities but results and part of their cultural context. To lock this context away, means to cripple culture itself. It doesn't matter if you agree. Progress won't matter. It will just happen elsewhere.
the "S" is for "sieve" (Score:3)
if you got your CS skills from matchbook U, there's a job for you at Sony.
Jeez... (Score:2)
Re: (Score:2)