Microsoft plays down hacker attack

Redmond

Although a hacker, or group of hackers supposedly based in Russia gained access deep into Microsoft’s world of corporate secrets, they apparently did not gain access to the company’s source code for key products such as the Windows OS or Office product lines.

Originally the Wall Street Journal had quoted sources close to the situation that hackers had stolen the blueprints to the latest versions of its flagship operating system Windows and its Office software package. But Microsoft officials said that was not true and that the hackers had gained access to future products that are still in early stages of development.

Last
week, Microsoft officials revealed that hackers, using WORM technology, had
gained access to sensitive data, including the source code for a future product.
Microsoft was able to monitor the intrusion for more than a week. But the
company has not been able to trace the source of the hackers, although vital
company information was mailed to an e-mail address in Russia.

“It
is clear that hackers did see some of our source code,” said Steve Ballmer,
CEO, Microsoft. “I can assure you that we know that there has been no
compromise of the integrity of the source code, that it has not been modified or
tampered with in any way.”

Some speculate that the hackers may have been after information on Microsoft’s .NET product, which will enable computer users to access Microsoft software products online with a broad range of devices. Other products that may have been targeted include the Whistler next generation Windows OS, as well as an update to Office.

Even if these key products were involved, analysts said it is unlikely the hackers would have seen the complete product, as several groups work on different aspects of a product.

The FBI has been put on the case to see if there was possible industrial espionage involved.

The hacker attack was discovered after Microsoft noticed that passwords were being sent to an e-mail account in Russia. The attack was reportedly carried out by a variant of the QAZ worm program, a Trojan Horse-type virus that surfaced in China several months ago. The program is attached to an innocent document. Once activated at the designated point of target, the virus makes copies of itself to send to other machines on the network. Once activated it can perform tasks such as destroying data, transmitting files, or letting a hacker enter the computer.

Microsoft has acknowledged that the hackers could have been in their system longer than 12
days since the attack was first noticed. But officials said they are confident
that high-level access occurred only between October 14-25.

If
prior to detection the hacker has low-level access, he could have accessed
corporate e-mail and other confidential information. The hacker was able to
create new accounts for himself because many computer networks offer that kind
of flexibility so that midlevel managers can create accounts for new workers and
teams. Once the hacker creates an account, he can look like a normal person
logging in.

After
the hacker attack was first reported to Microsoft security on October 14, the
company monitored the various accounts as the hacker set up and the methods he
used to try to upgrade his security clearance in order to get access to higher
level information.

Leave a Reply

Your email address will not be published. Required fields are marked *