Hackers burgle Microsoft source code

Company reveals hackers have stolen source code to applications and operating system, but says code has not been altered

Software giant Microsoft said hackers had broken into the company's computers, in what a spokesman called "a deplorable act of industrial espionage", and were believed to have gained access to the source code of such software as Windows operating systems and the Office software suite. The hackers were believed to have used hacker software to send sensitive passwords to an email address in St. Petersburg, Russia. The passwords were then used to transfer source code -- the tightly-protected blueprints that reveal the inner workings of software -- to computers outside of the Microsoft campus. During the three months in which the hackers had access to the code, there is a remote chance the software could have been altered, Microsoft told the Wall Street Journal. The company said there is no evidence such alterations were made, however, and experts say the risk of such alterations is small. Microsoft said it initially investigated the breach itself, but decided Thursday to report the break-in to the US Federal Bureau of Investigation. "We recently became aware of attacks to our corporate network," Microsoft spokesman Rick Miller said. "Microsoft is moving aggressively to isolate the problem and to secure our corporate network. We are confident that the integrity of our source code remains secure." He said the company was working with law enforcement "to protect our intellectual property". The company became aware of the attacks "in the last couple of days". Asked if the attacks had stopped, Miller said, "We believe so." Observers speculated that the hackers -- whose identities remain unknown -- could have been intending to hold the source code hostage, threatening to release it to the public unless a ransom were paid. The code could also be purchased by an unscrupulous company looking to make its applications work more smoothly with Microsoft's dominant operating systems. Microsoft said it is going over every file in the compromised area that was altered for any reason in the past three months, to ensure no unauthorised changes were made. It is also examining the source code for recently-released applications and operating systems, including Windows Me, Windows 2000, Outlook, Outlook Express, and Microsoft Office, the company told the Journal. Windows Me was released 14 September, during the period of unauthorised access, but the software was finalised 19 June, before the attack took place, Microsoft told the Journal. Experts believe Microsoft's network was attacked via an application called QAZ Trojan, according to the Journal. The application, typically delivered by email, invisibly infects the target computer and opens a "back door" through which hackers can remotely control the target. Other programs could then have been used to collect the internal passwords and transfer them to the St Petersburg email address. The passwords enabled hackers to access Microsoft's network from a remote location, posing as employees, Microsoft said. Industry security experts say that the incident demonstrates a surprising lack of security awareness for a company of Microsoft's size. "This really points to the fact that even companies as big as Microsoft aren't taking proper security precautions and aren't as worried as they should be," says Sal Viveros, director of marketing for security firm Network Associates. Viveros says that intrusion detection technology could have prevented the break-in by identifying suspicious network activity. He also, however, believes that Microsoft should have implemented some protection for its precious source code itself. "Microsoft should have encrypted any code. Then, even if hackers get the code the chances of breaking into it are slim."

  • Using stolen passwords, hackers apparently downloaded source code for important Microsoft applications and operating systems
    Microsoft does not believe, however, that the hackers altered any of the source code
  • Hackers had access to source code for about three months
    They obtained the passwords by using a "Trojan horse" program, which created a "back door" through which additional hacker software could be installed
  • Stolen passwords were transferred to an email address in St Petersburg, Russia, and then used to remotely access network, posing as employees
Reuters and Will Knight contributed to this report. Take me to the Hackers News Special What's your opinion of Microsoft? To have your say online click on the TalkBack button and go to the ZDNet News forum. Statements made by Microsoft directors saying that "of course" all their important data was secure have all the reassuring comfort of statements by John Selwyn Gummer about the hamburger he fed his daughter. Guy Kewney simply doesn't believe the people at Microsoft when they say that no damage was done to their corporate secrets. Go to AnchorDesk UK for the news comment. Let the editors know what you think in the Mailroom. And read what others have said.