Microsoft Hacked
By HREF, SASCHA.I.SEGAN, ABCNEWS.COMSASCHA
SEGAN Oct. 27
Email:
Someone broke into Microsoft's network and
accessed the basic codes for the company's latest software, Microsoft
president Steve Ballmer said today.
They did in fact access the source
codes, Ballmer said from Stockholm, Sweden. You bet this is an issue of
great importance. I can also assure you that we know that there has been no
compromise of the integrity of the source codes, that it has not been tampered
with in any way.
But malicious hackers don't need to tamper
with the source codes to use them to create destructive software, experts said.
(The source code is the basic blueprint of a piece of software, allowing
programmers to disassemble it and use its parts elsewhere.)
Owners of current Microsoft products have
nothing to worry about, according to the company, but the break-in may make
future products more vulnerable to attacks.
The hacker appears to have obtained some
source code for the development of future products, Microsoft spokesman Rick
Miller said.
Industrial Espionage?
The circumstances of the break-in are,
right now, mysterious. Microsoft is working with the FBI to track down the
culprits and said none of their currently on-the-market software has been
corrupted.
The incursion was discovered on Wednesday,
Miller said, but the attackers may have had access to Microsoft systems for a
considerable period of time something under three months.
We consistently monitor our networks
looking for any irregularities on the network, and this was discovered as
something that struck us as odd he said.
Oliver Roll, senior director of Microsoft
in the United Kingdom, said he didn't know who had broken in, or why.
Microsoft wouldn't comment on which future
products were affected. Competitors could theoretically use the code to steal
features from the new products, and malicious hackers could use it to design
viruses or other programs that exploit unpublicized security flaws.
Industrial espionage takes many forms. It
could be someone with a big ego; it could also be someone that wants to copy
our software; it could also be someone that wants to use our software in their
own software Roll said.
The Wall Street Journal reported in
today's editions that Microsoft passwords had been sent to St. Petersburg,
Russia. Microsoft declined to comment on that report.
Attackers, Not Competitors
Computer experts said the code wouldn't be
of much use to competitors. It's just too high-profile. Anyone trying to
blackmail Microsoft, to sell illegal copies or to use parts of the code in
their own products would probably get run to ground by Microsoft and the FBI,
said Graham Cluley of British antivirus company Sophos.
You could try and write a competing
product, but even that is very risky he said.
But the code could be of use to computer
attackers. A top security consultant with the firm @Stake, known by the hacker
name Weld Pond, said it wasn't uncommon for hackers to steal and circulate
source code.
Source code circulates in the underground
all the time. I have heard of source code for [Sun's] Solaris and some of
those other [operating systems] circulating, he said.
The danger is that malicious hackers could
write new viruses or other programs based on unpublicized flaws in the code.
They could even build components that look exactly like Microsoft programs like the Windows calculator or Notepad, say but secretly do damage or open
up back doors in computers.
That's one point raised by advocates of open source software like the Linux operating system, where everyone can
have access to the source code. With a world's worth of programmers looking at
the code, few weaknesses go unnoticed and unfixed, Linux partisans say.
Well-Known Attack
Right now, nobody's quite clear on how the
hackers got into the network.
Knowledgeable sources in the computer
security industry said the QAZ Trojan was involved. A well-known threat that
anti-virus companies have been tracking since August, QAZ appears as an
attachment to an e-mail. When a user opens the attachment, QAZ replaces the
Windows Notepad with a copy of itself and opens a back door into the
computer that hackers can access.
The problem is, all popular recent
antiviral software protects against QAZ, Cluley said. Microsoft says that they
update their antiviral software every day. QAZ also can't get through a
properly configured firewall, which would block the back door.
Microsoft refused to comment on whether
employees could turn off antiviral software, but said it's against company
policy to do so. Miller said he didn't know whether the company's firewall
blocks port 7597, the back door QAZ uses.
Ironically, QAZ was written with
Microsoft's own Visual C++ development program, antiviral company F-Secure
said.
How'd They Do It?
Perhaps QAZ was on an unsecured laptop computer
outside Microsoft's physical network, and that's how the hackers got the
passwords, Cluley speculated. Microsoft officials, for their part, are not
saying.
If it was just one laptop of one guy on
the road, maybe his anti-virus wasn't up to date, naughty him, Cluley said.
Microsoft does allow access to its internal
network from off-campus laptops, Miller said, but he added that the company
considered that access to be secure.
Common Target
Microsoft is a common target for malicious
hackers and virus writers. Their products are used by more than 90 percent of
U.S. PC users, so anyone seeking notoriety goes after their software. And
they're widely hated by the hacker community for what hackers say are
secretive, unfriendly and monopolistic business practices.
Microsoft officials said they're stepping
up security efforts.
We are implementing an aggressive plan to
protect our internal corporate network from unauthorized attempts to gain
access, the company said in a statement. The Associated Press contributed to
this story.
Post a Comment