Microsoft's Computer Network Broken Into by Hackers

greenspun.com : LUSENET : Grassroots Information Coordination Center (GICC) : One Thread

Microsoft's Computer Network Broken Into by Hackers (Update2) By Ashley Gross

Redmond, Washington, Oct. 27 (Bloomberg) -- Microsoft Corp. said its computer network was broken into by hackers. The world's biggest software maker is working with federal authorities to track down the culprits.

Microsoft became aware of the attack in the last few days, spokesman John Pinette said, confirming a report earlier in the Wall Street Journal.

Source code to some of Microsoft's most valuable software, including the latest versions of Windows and Office, may have been stolen by the hackers, the Journal reported.

``It sounds like they've got a serious problem with their security,'' Graham Cluley, senior technology consultant at U.K.- based antivirus company Sophos Plc, said in an interview. ``They won't know what the hackers have got and what they haven't got.''

``At this point, we don't view that anyone has compromised or otherwise tampered with our source code,'' Pinette said, declining to comment on the specifics of the crime. ``We view this as a deplorable act and are working with law enforcement to protect our intellectual property.''

Microsoft security employees discovered the break-in on Wednesday, the WSJ said. They found that internal passwords were being sent to an e-mail address in St. Petersburg, Russia, and were being used to transfer computer source code outside of the company's campus, the paper said.

Access for Three Months

The hackers are believed to have had access to the computer network for three months, the Journal said. It appears that they were initially able to slip into Microsoft's network using a software program called QAZ Trojan, the paper said, citing a person familiar with the case.

``It doesn't look very good on Microsoft because this Trojan horse has been around for a couple of months,'' Cluley said. ``Up- to-date antivirus software would have intercepted and stopped it. Also, they should have been using firewall software.''

So-called Trojans allow hackers to get into a computer network undetected and then use the system against the will of the authorized users, said Sam Curry, security architect at McAfee.com Corp., a computer-security software maker.

If the hackers were able to get Microsoft source code, they'd be able to create their own versions of the software or make perfect copies, he said.

``When you get source code from a company, you're stealing the blueprints to a piece of software,'' Curry said.

Redmond, Washington-based Microsoft tried to trace the break- in itself and then contacted the FBI yesterday, the Journal said. A possible motive for such a break-in may be hackers who want to hold Microsoft hostage by threatening to disclose the company's intellectual property, the paper said.

This isn't the first time Microsoft's computers have been hacked into, Pinette said. A previous security breach resulted in Microsoft unwittingly sending viruses to customers.

``People have accessed portions of our network before and we've moved aggressively to address the problem,'' Pinette said.

http://quote.bloomberg.com/fgcgi.cgi?ptitle=Top%20World%20News&s1=blk&tp=ad_topright_topworld&T=markets_bfgcgi_content99.ht&s2=blk&bt=ad_position1_windex&middle=ad_frame2_windex&s=AOfllQhXmTWljcm9z

-- Martin Thompson (mthom1927@aol.com), October 27, 2000

Answers

MS hacked! Russian mafia swipes Whistler, WinME source? By: John Lettice Posted: 27/10/2000 at 09:04 GMT

Hackers may have made off with the source code for Whistler, Microsoft Office and - for all we know - Bob.NET. A major breach of the company's networks reported in today's Wall Street Journal (nice shooting, Ted) seems to have effectively compromised the integrity of a whole range of Microsoft products, including Windows Me, the gold code (or maybe not) of which shipped just last month.

The hack is being described by Microsoft as industrial espionage, so no doubt the FBI will shortly be in touch with Larry Ego-san of Oracle, who earlier this year confessed to funding trawls through MS- related trash. But it looks to have been too sophisticated for Larry and his spook squads. According to the WSJ the hackers probably (very detailed for "probably," this) planted the QAX Trojan disguised as Notepad in a Microsoft employee's email. QAZ then alerted a computer in Asia, and may also have installed tools from a site in the South Pacific.

Other computers were infected, employee passwords collected, and then sent to an email address in St Petersburg. Sensitive areas could then be entered, and files downloaded.

So the Russians have got Whistler? There does appear to have been some serious intent behind the exercise, rather than it being one of those merry prankster 'look at me' things. On the contrary - the hackers could have had access to the files for up to three months, and they didn't say look at me once.

But why did they do it? There are advantages to some company associated with getting access to Microsoft source code, but these would be entirely negated if it wasn't legal access. There might be all sorts of cool things you could do, but the Feds would start wondering what special advantages you'd had to be able to do them. Even Larry, surely, wouldn't risk it.

But you might speculate that one of the less controlled and responsible secret services might. Given that Microsoft software is now ubiquitous, there are security issues. The French certainly think so, but surely not even the French secret service would...

The code having been taken hostage is a slightly more likely scenario, although it's still not entirely plausible. If Microsoft just refused to deal, said publish and be damned, where would that get the kidnappers? On the other hand, publish and be damned all over the Web to such an extent that it could never be returned to captivity, that might be a big problem. If Redmond does hear from the kidnappers, it would perhaps be wise not to turn them down straight off.

But the most immediate problem for Microsoft is that the company seems not to know whether or not the code it's been producing in the last three months is safe. It's going through the files now, examining all changes made during that period, and until it's through it can't be sure that anything produced in the past three months, including Windows Me and Whistler beta code, is clean. So more delays and worries, surely. B.

-- Martin Thompson (mthom1927@aol.com), October 27, 2000.


Microsoft hackers 'must have had inside help'

A British security expert who worked as one of Microsoft's top fraud investigators says hackers who broke into the US computer giant almost certainly had inside help.

Former Detective Superintendent Graham Satchwell was Microsoft's senior investigator in Europe, the Middle East and Africa until last month.

"If this was not a case of a 17-year-old hacker getting lucky and actually a case of organised crime then they would need someone on the inside," Mr Satchwell said.

"I believe that is the most likely explanation of what has happened. Even the most secure organisations can be damaged by hackers if they are subjected to sustained assault. Every security system ultimately relies on people keeping confidences about passwords, and so on."

The FBI has been called in to investigate after it was discovered hackers may have stolen blueprints to Microsoft's latest versions of the Windows and Office software.

Company spokesman Rick Miller would not say whether the hackers, believed to be based in Russia, accessed any of Microsoft's software under development.

"We're still looking into it. We're still trying to figure out how it happened," Mr Miller said. "This is a deplorable act of industrial espionage and we will work to protect our intellectual property."

Mr Miller said there was no evidence that any commercial software made by Microsoft had been modified or corrupted since the company's computer system was breached.

The identities of the hackers are unknown. They are believed to have had access to the software codes for three months, and sent them to an e-mail account in St Petersburg.

Mr Satchwell, now managing director of Worthing-based computer security firm Dick Tracy, said damage suffered by Microsoft could be 'phenomenal' and extend beyond the commercial value of its products. He said if hackers had gained access to the company's research and development data, the secrets could be worth a huge amount on the black market.

Last updated: 18:49 Friday 27th October 2000.

http://www.ananova.com/news/story/sm_98364.html

-- Martin Thompson (mthom1927@aol.com), October 27, 2000.


At last! Poetic justice at last! How long have Microsoft been inflicting thier laughable idea of network security on all of us? Maybe now network admins and CIOs will think twice about trusting multibillion US$ corporations to winNT!

-- clivus nondog (clivus@ibm.net), October 28, 2000.

Moderation questions? read the FAQ