A MiniDisc archive owned by frontman Thom Yorke was hacked last week by an unnamed person, who reportedly asked for a $150,000 ransom to return the recordings.The band's guitarist Jonny Greenwood confirmed the hack, and said: "Instead of complaining -- much -- or ignoring it, we're releasing all 18 hours on Bandcamp in aid of Extinction Rebellion. Just for the next 18 days. So for £18 you can find out if we should have paid that ransom. Never intended for public consumption (though some clips did reach the cassette in the OK Computer reissue) it's only tangentially interesting. And very, very long. Not a phone download."
Previously, previously, previously, previously.
The bigger story is that minidiscs can be hacked remotely. Who knew Sony were so ahead of their time that they installed tiny wifi transceivers in their otherwise pedestrian and proprietary magneto-optical disc format.
I was also wondering how this qualifies as a hack and not just plain theft. According to the article, the original asshole offering the files up for sale said he got them in a trade. Back in the day we used to call this pirating or bootlegging, depending on the provenance of the recording.
Presumably what exists is not physical minidiscs, but images of their content sitting on some storage somewhere, because, really, who is archiving physical minidiscs, for which, reasonably soon, soon no functioning players will exist? Someone got access to that storage and copied the content elsewhere. Obtaining access to storage and copying its content is certainly described as 'hacking' if the content is, say, usernames & passwords.
Lots of those "my home clown" type products either default to, or can easily be mistakenly connected to the public Internet. You can use bulk scan tools like Shodan to find them. You can use credential stuffing, known back doors that were "patched" in a firmware update no real users have ever applied, and other techniques to get in.
Because it's not organised and so one might be full of home video of someone's baby and the next full of scans of utility bills, monetising the result on an industrial scale is hard, but as a cottage industry it's promising. An enthusiast with some know-how and no ethics can switch from blackmailing a CFO with her nude selfies one day to selling interesting tax documents to prize-winning journalists the next day and make rent every month without having a "real" job. Radiohead probably did the smart thing here, nobody who stays successful in that line of work holds grudges, they've moved on once they didn't get paid.
We looked at trying to do something with this (but ethically, so no blackmailing people) when I was with a famous Credit Reference Agency, but like I said, hard to industrialise. A team did a bunch of proof-of-concept stuff though, there are a LOT of these devices out there.
That's interesting. I'd assumed it was more likely to be someone attacking one of the internet clown things -- iCloud or Dropbox or whatever. However in either case it seems unlikely that this is all they found. So perhaps it was something more specific and physical than that -- perhaps they gave someone they should not have trusted a bunch of old minidiscs to rip to some longer-term storage while they could still be read, and they took a copy for themselves. That would be just theft I think, not hacking.
"soon, soon"
I suspect that, like Laserdisc, MD players and recorders will long outlast their media.
And that's not to say the media is short-lived, either. Back in the day, I had an MD deck on my car head unit. CDs in cars last about two weeks outside the deck. I think I had exactly one broken MD, among dozens that I didn't exactly take care of.