Microsoft hacked! Code stolen?

The break-in was discovered Wednesday by Microsoft's (msft) security employees after they detected passwords being remotely sent to an e-mail account in St. Petersburg, Russia. Microsoft, of Redmond, Wash., interpreted electronic logs as showing that those internal passwords were used to transfer source code -- software blueprints -- outside the Microsoft campus.

A Microsoft spokesman confirmed that, "we recently became aware of a hack to our corporate network. Microsoft is moving aggressively to isolate the problem and ensure the security of our internal network." He added: "We are confident that the integrity of Microsoft source code remains secure." He declined to comment further.

The motive behind the break-in isn't known, but industry experts speculated it could be the early phase of a "data hostage" case, in which hackers threaten to publicly disclose a corporation's intellectual property, an increasingly common ploy among the most sophisticated electronic thieves. Microsoft has long faced problems with more traditional software piracy, particularly in developing countries, where people make and sell unauthorized copies of Microsoft products.

Other possible motives include economic espionage, though experts said only a rogue company might knowingly buy stolen software, using it either to improve its own products or make those products more compatible with Microsoft's best-selling operating systems.

Though it has shared some of its source code, under strict contracts, with some partners, Microsoft generally guards the code jealously, as the secret technology continues to underpin multibillion-dollar software businesses for the company. During Microsoft's recent antitrust trial, the fate of the source code became a major bone of contention between the company and the government.

Microsoft initially sought to investigate the break-in itself but decided Thursday to contact the Federal Bureau of Investigation. The electronic burglary is an embarrassment for Microsoft, among the world's most powerful companies and a favorite target of hackers, who deride the security components that Microsoft builds into its software products.

Computer security at Microsoft's campus generally was well-regarded until this latest incident. Microsoft was checking to ensure that the hackers didn't alter some of the company's commercial software, which is used by corporations, governments and consumers around the globe. The hackers, whose identities are unknown, are believed to have had access to the codes for three months.

While there is no evidence that any changes have been made to the codes, and experts characterized such a risk as remote, any unauthorized alterations to Microsoft's products would raise broad questions about the trustworthiness of some of the world's most widely used software applications.

Thursday, people familiar with the case said the company was meticulously examining every computer file on the compromised network that was modified for any reason during the preceding three months. It also was closely examining recently shipped computer code for critical Windows ME and Windows 2000 operating systems, the Outlook and Outlook Express e-mail and calendar programs, and the Microsoft Office suite of business applications.

Windows ME, the company's latest version of Windows for consumers, was publicly released Sept. 14 -- during the period when hackers could have modified files. Its source code was finalized, however, much earlier, on June 19, Microsoft said.

One person familiar with the case said it appeared the hackers initially gained access to Microsoft's corporate computers by using hacker software called the QAZ Trojan, which first surfaced in China in July. The QAZ software is traditionally delivered by e-mail and opens a "back door" to hackers, giving them remote control over the infected computer.

Here is how experts believe Microsoft was hacked:

An unknown employee received e-mail carrying the dangerous software payload and inadvertently installed it. The viruslike software disguised itself as Notepad, a Windows program used for reading text messages.

QAZ then sent a remote signal to a computer in Asia with the location on the Internet of the newly infected computer. Experts said QAZ also may have automatically downloaded and installed hacker tools from a Web site in the South Pacific. QAZ gave the intruder some control over the victim's computer, and it automatically spread to any computers it found in that section of Microsoft's campus.

The hackers used another program to collect employee passwords, which were automatically sent to the Russian e-mail address.

Posing as Microsoft employees working off-campus, the hackers used the pilfered passwords to enter sensitive areas of the network and began downloading files. WASHINGTON -- Microsoft Corp. and U.S. authorities are investigating an extraordinary computer break-in at Microsoft's headquarters by hackers believed to have stolen the blueprints to its most valuable software, including the latest versions of Windows and Office, people familiar with the situation said.

The break-in was discovered Wednesday by Microsoft's (msft) security employees after they detected passwords being remotely sent to an e-mail account in St. Petersburg, Russia. Microsoft, of Redmond, Wash., interpreted electronic logs as showing that those internal passwords were used to transfer source code -- software blueprints -- outside the Microsoft campus.

A Microsoft spokesman confirmed that, "we recently became aware of a hack to our corporate network. Microsoft is moving aggressively to isolate the problem and ensure the security of our internal network." He added: "We are confident that the integrity of Microsoft source code remains secure." He declined to comment further.

The motive behind the break-in isn't known, but industry experts speculated it could be the early phase of a "data hostage" case, in which hackers threaten to publicly disclose a corporation's intellectual property, an increasingly common ploy among the most sophisticated electronic thieves. Microsoft has long faced problems with more traditional software piracy, particularly in developing countries, where people make and sell unauthorized copies of Microsoft products.

Other possible motives include economic espionage, though experts said only a rogue company might knowingly buy stolen software, using it either to improve its own products or make those products more compatible with Microsoft's best-selling operating systems.

Though it has shared some of its source code, under strict contracts, with some partners, Microsoft generally guards the code jealously, as the secret technology continues to underpin multibillion-dollar software businesses for the company. During Microsoft's recent antitrust trial, the fate of the source code became a major bone of contention between the company and the government.

Microsoft initially sought to investigate the break-in itself but decided Thursday to contact the Federal Bureau of Investigation. The electronic burglary is an embarrassment for Microsoft, among the world's most powerful companies and a favorite target of hackers, who deride the security components that Microsoft builds into its software products.

Computer security at Microsoft's campus generally was well-regarded until this latest incident. Microsoft was checking to ensure that the hackers didn't alter some of the company's commercial software, which is used by corporations, governments and consumers around the globe. The hackers, whose identities are unknown, are believed to have had access to the codes for three months.

While there is no evidence that any changes have been made to the codes, and experts characterized such a risk as remote, any unauthorized alterations to Microsoft's products would raise broad questions about the trustworthiness of some of the world's most widely used software applications.

Thursday, people familiar with the case said the company was meticulously examining every computer file on the compromised network that was modified for any reason during the preceding three months. It also was closely examining recently shipped computer code for critical Windows ME and Windows 2000 operating systems, the Outlook and Outlook Express e-mail and calendar programs, and the Microsoft Office suite of business applications.

Windows ME, the company's latest version of Windows for consumers, was publicly released Sept. 14 -- during the period when hackers could have modified files. Its source code was finalized, however, much earlier, on June 19, Microsoft said.

One person familiar with the case said it appeared the hackers initially gained access to Microsoft's corporate computers by using hacker software called the QAZ Trojan, which first surfaced in China in July. The QAZ software is traditionally delivered by e-mail and opens a "back door" to hackers, giving them remote control over the infected computer.

Here is how experts believe Microsoft was hacked:

An unknown employee received e-mail carrying the dangerous software payload and inadvertently installed it. The viruslike software disguised itself as Notepad, a Windows program used for reading text messages.

QAZ then sent a remote signal to a computer in Asia with the location on the Internet of the newly infected computer. Experts said QAZ also may have automatically downloaded and installed hacker tools from a Web site in the South Pacific. QAZ gave the intruder some control over the victim's computer, and it automatically spread to any computers it found in that section of Microsoft's campus.

The hackers used another program to collect employee passwords, which were automatically sent to the Russian e-mail address.

Posing as Microsoft employees working off-campus, the hackers used the pilfered passwords to enter sensitive areas of the network and began downloading files.