By Ian Lynch and Andrew Craig, VNU Net
Microsoft has admitted that source code for some of its products
under development was seen by hackers who gained access to its
corporate network.
The FBI last week began an investigation into the computer
break-in at the Redmond giant, which Microsoft said gave intruders
access to its corporate network for 12 days. However, it said it
was aware of the incident for much of this time.
Microsoft initially said “the integrity of our source code
remains intact,” but late Friday admitted that the hacker “was able
to view some source code under development”. However, Microsoft
said source code for its existing Windows and Office software was
not seen.
The break-in, as well as damaging Microsoft’s reputation, raised
fears that the hacker could have modified products, making them
damaging to end users. Microsoft claims “no modifications or
corruptions” were made and “no source code was downloaded”.
Speaking to the Associated Press newswire on Sunday, Microsoft
spokesman Rick Miller said: “We start[ed] seeing these new accounts
being created, but that could be an anomaly of the system. After a
day or two, we realised it was someone hacking into the
system.”
According to the Wall Street Journal, the break-in was
discovered on Wednesday after Microsoft security staff detected
passwords being remotely sent to an email account in St Petersburg,
Russia.
A Microsoft spokeswoman said of the hackers, who could have had
undetected access since July: “This has been a deplorable act of
industrial espionage and we are working with law enforcement
agencies to protect our intellectual properties.”
Access to the network was gained by emailing a program, called
the QAZ Trojan, into Microsoft’s network that created a ‘back door’
for the intruders, according to the paper’s sources.
These internal passwords may have been used to transfer source
code outside of the Microsoft campus. By yesterday, the software
giant had begun to check every file on the compromised areas of its
network that had been modified for any reason in the past three
months.
Microsoft said: “We are implementing an aggressive plan to
protect our corporate network from unauthorised attempts to gain
access, and are working on both immediate and long-term
solutions.”
Paul Rogers, network security analyst at MIS Corporate Defence
Solutions, said the QAZ Trojan theory is “certainly one of the
three most likely scenarios in this case and seems perfectly
plausible”.
Another involves scanning the network for weaknesses, while a
third cause could be a disgruntled employee disabling security
protection methods such as firewalls.
Rogers expressed surprise that the hack could possibly have gone
undetected for so long. “Large organisations such as Microsoft
should be more proactive in their security. The QAZ Trojan hasn’t
had much publicity but is well known within the security industry,”
he said.
Graham Cluley, senior technology consultant at antivirus
software firm Sophos, told vnunet.com: “The QAZ surfaced in July
but we didn’t issue our first alert until 29 August as it was only
then reports of the virus began to filter through.
“If it is the QAZ Trojan, then it becomes a question of how many
computers were affected and exactly what the users had access to.
Microsoft should be able to identify what hasn’t been affected
easily enough, but it will be harder for them to identify what may
have been altered.
“But really, a decent firewall or updated antivirus software
should have stopped this happening.”