Although a hacker, or group of hackers supposedly based in Russia gained
access deep into Microsoft’s world of corporate secrets, they apparently did
not gain access to the company’s source code for key products such as the
Windows OS or Office product lines.
Originally the Wall Street Journal had quoted sources close to the situation
that hackers had stolen the blueprints to the latest versions of its flagship
operating system Windows and its Office software package. But Microsoft
officials said that was not true and that the hackers had gained access to
future products that are still in early stages of development.
Last week, Microsoft officials revealed that hackers, using WORM technology,
had gained access to sensitive data, including the source code for a future
product. Microsoft was able to monitor the intrusion for more than a week. But
the company has not been able to trace the source of the hackers, although vital
company information was mailed to an e-mail address in Russia.
"It is clear that hackers did see some of our source code," said
Microsoft CEO Steve Ballmer. "I can assure you that we know that there has
been no compromise of the integrity of the source code, that it has not been
modified or tampered with in any way."
Some speculate that the hackers may have been after information on Microsoft’s
.NET product, which will enable computer users to access Microsoft software
products online through a broad range of devices. Other products that may have
been targeted include the Whistler next generation Windows OS, as well as an
update to Office.
Even if these key products were involved, analysts said it is unlikely the
hackers would have seen the complete product, as several groups work on
different aspects of a product. The FBI has been put on the case to see if there
was possible industrial espionage involved.
The hacker attack was discovered after Microsoft noticed that passwords were
being sent to an e-mail account in Russia. The attack was reportedly carried out
by a variant of the QAZ worm program, a Trojan Horse-type virus that surfaced in
China several months ago.
The program is attached to an innocent document. Once activated at the
designated point of target, the virus makes copies of itself to send to other
machines on the network. Once activated, it can perform tasks such as destroying
data, transmitting files, or letting a hacker enter the computer.
Microsoft has acknowledged that the hackers could have been in their system
longer than 12 days since the attach was first noticed. But officials said they
are confident that high-level access occurred only between October 14 and 25.
If prior to detection the hacker has low-level access, he could have accessed
corporate e-mail and other confidential information.
The hacker was able to create new accounts for himself because many computer
networks offer that kind of flexibility so that midlevel managers can create
accounts for new workers and teams. Once the hacker creates an account, he can
look like a normal person logging in.
After the hacker attach was first reported to Microsoft security on Oct. 14,
the company monitored the various accounts the hacker set up and the methods he
used to try to upgrade his security clearance in order to get access to higher
level information.