Microsoft's digital rights management hacked
By Sam Costello
(IDG) -- Microsoft has confirmed that an anonymous hacker known only as "Beale Screamer" has hacked the copy control software used in Microsoft Windows Media format.
The hack means that digital music files that had once been protected from copying can now be swapped freely. The scope of the hack is limited in that it only applies to media protected with version 7 of the digital rights management (DRM) system of Windows Media, says David Caulton, product manager for the Windows digital media division at Microsoft.
Most available content uses version 1 of the system (version 7 is the upgrade to version 1), and that content is still protected, he says. Additionally, in order for the hack to be performed, at least one legal, authorized media file must initially be present on the hacker's computer, he says.
Microsoft is currently working on a fix for the hack, which will be offered to its partners and then to users as a free download, Caulton says. He declined to comment on whether the company will seek to identify or prosecute Beale Screamer.
That DRM might be hacked was not an unforeseen possibility at Microsoft, Caulton says.
"We don't believe any possible DRM system is actually invulnerable," he says. This is why Microsoft's DRM is updatable, rather than static, he adds.
Screamer posted his or her lengthy analysis of how to break the digital rights management features of Windows Media (WMA) on the sci.crypt Usenet message board on October 18. At the same time, Screamer also posted the source code for a number of programs which, when compiled, can be used to strip the DRM out of Windows Media files.
Digital rights management is a way for content owners to control the use and number of copies that can be made from their works. The software was thrust into the spotlight in the wake of Napster, when entertainment and technology companies sought a way to provide digital content to compete with Napster while at the same time foiling Napster's wanton copying, which the entertainment industry says hurts profits.
DRM's critics, however, charge that the software infringes on consumer's fair-use rights, which allow consumers to make a backup copy of a work for private use and to share works among friends, among other things. They also charge that DRM ends the first-sale doctrine, which holds that when a work is purchased legally, it can be resold by the purchaser. DRM-protected files cannot be resold.
Further complicating matters is the 1998 Digital Millennium Copyright Act (DMCA), a law which was designed to update copyright for the digital age. Instead, the DMCA has become a flash point of criticism in many circles due to a provision that makes it a crime to circumvent or provide information about how to circumvent copy control restrictions. This provision of the law has been at the root of a number of lawsuits, the first being the DVD descrambling case about DeCSS (De-Contents Scramble System).
Although the news that Microsoft's DRM has been hacked will grab headlines, it may not be a major problem for the company, says Matt Bailey, senior analyst at the digital media research firm Webnoize.
"It's pretty important to stress that all the security companies that have designed systems for digital music have expected attacks" and have ways of dealing with them, he says. DRM companies have built in updating features and ways to combat these attacks, he says. In addition, the files needed to decrypt the software are hard to find and use, Bailey says.
"It's a blow to Microsoft's security system," Bailey says, but "Microsoft doesn't have to go back to the drawing board."
"Security firms are in the stronger position," he says.
Microsoft has agreements with both Pressplay, the digital download company formed by Universal Music Group and Sony Music Entertainment, and CenterSpan, a peer-to-peer file-sharing company. Neither of these deals should be affected by the hack, Bailey says.
Nevertheless, Bailey says, "I'm sure there'll be an ongoing war between security companies and hackers."
Microsoft's Caulton says he hopes such a war doesn't break out.
"I would hope that it wouldn't happen, but we'd be foolish not to be vigilant," he says.
"There are a lot of people out there trying to hack into various systems. These people are tenacious, and it's important to be able to adapt," he adds.
Perhaps surprisingly, Beale Screamer doesn't seem to want such a war either. Screamer included messages to the entertainment companies using DRM, to users, to Microsoft, and to artists in the posting.
To music companies, he wrote: "Give us more options, not fewer. If you try to take away our current rights, and dictate to us what we may or may not do, you're going to get a lot of resistance."
To users, the very people who might offer that resistance, Screamer says, "please respect the uses I have intended this software for. I want to make a point with this software, and if you use it for purposes of violating copyrights, the message stands a very good chance of getting lost."
To Microsoft, Screamer writes, "My real beef is with the media publisher's use of this software, not the technology itself." Lastly, Screamer tells artists not to "fear new distribution methods--embrace them ... [Entertainment companies] want a piece of the action for your creativity, and you don't need to let them in on it any more. Your fans will treat you nicely, unless you treat your fans poorly (take note of that Lars)."
The last note is an apparent reference to Lars Ulrich, drummer for Metallica and noted antiNapster crusader.
'Chinese' virus targets Microsoft security hole
July 20, 2001
Brazilian hackers target Microsoft sites
May 7, 2001
RELATED IDG.net STORIES:
New law will treat hackers as terrorists
After being hacked, don't press the panic button
Hackers attack government servers
Hacker shows offer tips, tricks
Computer forensics involves more than just hackers
Firm tracks threats, not vulnerabilities
Downsizings leave firms vulnerable to digital attacks
Hackers taunt European Commission with site defacement
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.
TECHNOLOGY TOP STORIES:
Report: SUVs pose danger to cars
New telemarketer tool trumps TeleZapper
Terra Lycos logs $2.2B loss
AOL to offer song downloads
Microsoft seeks fiscal fountain of youth
|Back to the top|