No, the Sony Server Hack DID NOT Reveal that Sony was Pirating eBooks About Hacking
There is a story going around this week that Sony was pirating a couple books on hacking, but the evidence doesn’t support that claim.
The Daily Dot reported on Friday that they had found two "pirated" ebooks when they were searching Wikileaks' archive of the files and emails stolen in the Sony hack last year.
That archive has proven to be a treasure trove of insider secrets like the fact that Mississippi Attorney General Jim Hood was and is a puppet of the MPAA, and The Daily Dot would have you believe that the archive also revealed that Sony was a pirate.
Unfortunately, the evidence presented so far doesn’t support that claim. I took a few hours this evening to confirm the report, and I reached an entirely different conclusion.
While I can confirm that the ebooks were and are available in the archive, I cannot say with any certainty that they were pirated.
The books in question, Inside Cyber Warfare and Hacking the Next Generation, were published by O’Reilly Media. As anyone who buys programming books can tell you, O’Reilly sells its books in multiple formats – without DRM.
You can indeed buy these ebooks as PDFs, which means that before we accuse Sony of piracy we first have to make sure that these ebooks were actually pirated and not legally purchased.
Sony did have copies of Inside Cyber Warfare and Hacking the Next Generation on its servers. Both books were posted as PDF and as text files, yes, but certain details suggest that the ebooks might have been legally purchased.
For example, the PDFs look nothing like the versions hosted by Safari Books Online (the text, formatting, and organization is different), nor do they look like they were scanned from the original paper copy.
Instead, the two PDFs look like they were sold as PDFs. What’s more, one of the supposedly pirated titles looks like the copy I just bought.
For the sake of thoroughness, I went to the O’Reilly website and tried to buy Inside Cyber Warfare and Hacking the Next Generation. I bought Hacking, but passed on Carr’s Inside Cyber Warfare because Sony’s copy was the first edition, and I could only buy the second edition.
After an hour of eyeballing the two versions of Hacking, I can’t find any evidence that would show that Sony’s copy was any less legal than my copy. Sony’s copy was slightly larger (7MB vs 6.47MB) and had not been modified since it was produced in 2009. My copy had been modified in 2013.
I can’t tell you why the file sizes are different ( I don’t have access to a comparison tool which would work on PDFs) or exactly how they differ but I don’t think that is a critical issue.
What I can report is that there is insufficient evidence to prove that Sony pirated these two ebooks. For all I know someone at Sony legitimately bought its copies before uploading them to its servers.
One could argue that Sony is pirating the ebook simply by hosting a copy of the ebook, but I would remind you that O’Reilly also does corporate sales. There’s no way for us to determine, based on the evidence so far, that Sony did not buy the correct license from O’Reilly.
Folks, you are welcome to reach whatever conclusion you like, but I remain unconvinced that Sony pirated these PDFs.
I plan to go dig through the archive tomorrow and look for other pirated ebooks, but at this point I don’t know that I will find anything which I will be able to prove was pirated and not acquired legitimately. Stay tuned.
image by http://www.petsadviser.com
Medium Punch April 19, 2015 um 1:02 am
I take it the books were being used as study material to thwart us pirates /customers from pillaging their entitled profits. Well if they did purchase them, were they allowing the books to be downloaded by other employees since there was no DRM?
And any idea if either book is worth reading?
Nate Hoffelder April 19, 2015 um 1:51 pm
There’s no way to tell whether Sony allowed these PDFs to be downloaded. For all we know they had a PDF viewer which let you read and search a PDF without actually downloading the complete file.
There are academic platforms which work that way.
Bob W April 19, 2015 um 9:11 am
I find the comparison between the Sony hack and the iCloud hack interesting. Both involved stealing private data and releasing it on the internet. Both contained salacious data that many people were interesting in seeing and gossiping about. For the iCloud hack there was great moralising that if anyone even looked at the pictures it was re-victimising. For the Sony hack there was no moralising, the stolen private data is distributed everywhere. Is it just nude pictures that are considered private data?
Note: This is just a general observation and not directed at this site or Nate.
fjtorres April 19, 2015 um 11:49 am
Oh, you have go understand the two cases are "very different". 😉
One involves Apple, which is by definition and holy writ above all reproach and the other is Sony, which has been in decline for over a decade and been involved and scandals for at least as long (many deserved) and thus gets cut no slack and get no sympathy.
Haesslich April 19, 2015 um 12:46 pm
One also involved personal photos being exposed, while the other exposed emails with racist comments from company management, as well as documents where they insulted their customers. With the iCloud hack, it was easier to sympathize with the victims.
Nate Hoffelder April 19, 2015 um 12:50 pm
Plus, with the Sony hack the main victims were the fools who hadn’t used adequate security on their own servers.
In the case of iCloud, a number of the victims had thought they had used adequate security and were then betrayed by Apple’s incompetence and poor procedures (i.e., deleted photos not actually being delted).
fjtorres April 19, 2015 um 2:15 pm
Sony is assumed to be at fault by default, whether is was a leak by a disgruntled employee or rogue government hackers.
No breaks, no sympathy.
And if the published material includes a commercial ebook, it is assumed to be pirated, not legally purchased, and the entire company is blamed without even considering whether it might be the act of a single individual.
Nope, they jump straight to "Sony pirates ebooks" because… Well, it’s Sony.
I’m no fan of Sony management and I think they’re stuck in a death spiral, but come on!
How about producing some email evidence that it was corporate policy?
Nate Hoffelder April 19, 2015 um 2:36 pm
Nah, I won’t go looking for evidence. Making stuff up and calling people names is more fun. 😉
And anyway, I’m not sure what corp. policy you want me to go prove exists. My position on Sony has been relatively uncritical, and I only discuss the leaked stuff where it is strictly newsworthy.
fjtorres April 19, 2015 um 5:43 pm
I wasn’t aiming the policy thing at you, but at the torches and pitchforks mob. They’re the ones jumping at conclusions…
asotir April 19, 2015 um 2:55 pm
Typically, ebooks are not sold but licensed. O’Reilly has a more generous policy overall than most publishers. But if O’Reilly’s licensing terms prohibit putting a book you buy on a server and letting all your thousands of employees read it, then yes, these books were pirated.
But I don’t know O’Reilly’s licensing terms: it is quite possible that this practice was perfectly conformant to them. I am pretty sure that, had Sony put this online in a public place in their website, that would violate the license. But these books were on private corporate servers and, for all we know, only accessible to a few people in one department. And O’Reilly might allow this practice.
Nate Hoffelder April 19, 2015 um 4:01 pm
O’Reilly is far more permissive than most publishers, yes. In fact, this statement by an O’Reilly rep raises doubt that sony was doing anything wrong by hosting the PDFs:
Paypal's Out to STEAL Creators' Copyrights, and Other Nonsense | Ink, Bits, & Pixels April 30, 2015 um 8:28 am
[…] example, a few weeks ago I bought an ebook from O'Reilly and paid via Paypal (it was related to the Sony piracy story). That transaction listed the title of the ebook, and under a certain interpretation of that […]