The Friday edition of The Wall Street Journal reported that hackers with an email address based in St. Petersburg, Russia, had orchestrated the attack in order to steal source code to Microsoft's Windows operating system and Office productivity software suite.
Hackers may have made off with the source code for Whistler, Microsoft Office and - for all we know - Bob.NET. A major breach of the company's networks reported in today's Wall Street Journal (nice shooting, Ted) seems to have effectively compromised the integrity of a whole range of Microsoft products, including Windows Me, the gold code (or maybe not) of which shipped just last month.The hack is being described by Microsoft as industrial espionage, so no doubt the FBI will shortly be in touch with Larry Ego-san of Oracle, who earlier this year confessed to funding trawls through MS-related trash. But it looks to have been too sophisticated for Larry and his spook squads. According to the WSJ the hackers probably (very detailed for "probably," this) planted the QAX Trojan disguised as Notepad in a Microsoft employee's email. QAZ then alerted a computer in Asia, and may also have installed tools from a site in the South Pacific.
"You've got source code, and that means you've got a way to create very clever, very hard-to-defend attacks against the product," Counterpane's Schneier said. Others suggested the hackers could have planted bugs in products recently released that even Microsoft wouldn't know about, although there's no evidence yet that this has happened, and President Steve Ballmer said from Stockholm Friday that source code was not tampered with.
Microsoft acknowledged Friday that hackers had accessed source code to programs in development, but company representatives said the intruders did not see code for existing products
"No way. They aren't going to get the intruder," said Matthew Yarbrough, a former Department of Justice cybercrime prosecutor, now an associate attorney with Vinson and Elkins LLP.Yarbrough listed a host of difficulties that will hinder the investigation, including the difficulty in identifying smart intruders and the problems with prosecuting trespassers from another country.
"But in describing one possible chain of events, which corresponds to previous reports of the incident, they said the attacker did not directly enter Microsoft's computer networks. Instead, the point of entry was an employee's home machine, connected to the company's network."
The company was alerted to the break-in by the creation of new accounts giving users access to parts of Microsoft's computer network, Miller said."We start seeing these new accounts being created, but that could be an anomaly of the system," Miller said. "After a day or two, we realized it was someone hacking into the system."
It was not until October 26, however, that the company notified federal law enforcement, which is investigating the matter. Microsoft said it initially planned to handle the break-in on its own.
As it attempts its steepest corporate reinvention yet, Microsoft is painting itself as the company with products large enterprises can rely on to grow their businesses into the New Economy. Yet as demonstrated by the hacker attack uncovered last week, Microsoft itself cannot totally protect precious data from unwanted - and illegal - incursion in a Windows-based environment.
But what happened over the weekend? On that Friday the story from Microsoft was the hacker was there for months, the source code was accessed, and the FBI was called in. By the following Monday Microsoft was saying that it knew all along about the hacker, the attack only lasted 12 days, and none of the source code was touched.There's nothing to see here folks, so just move along.
Microsoft (MSFT) has been the target of hackers for a third time in less than two weeks, with the same Web server hit twice.The software giant remains unsure of exactly how the second hack was accomplished because the patch for the vulnerability that allowed it was installed after the initial hack Friday. Sohn could not say why the patch wasn't installed in the first place, even though the vulnerability had been known for some time. "This is certainly the exception, not the rule," he said.
"Our initial research suggests that it looks very much like they've [Microsoft] tried to apply too many patches at once and that only one has taken," said Matt Tomlinson, business development director at MIS Corporate Defence Solutions. "Not knowing how to patch your own kit, now that's embarrassing."
In a report released this month titled "Cyber Threats and Information Security: Meeting the 21st Century Challenge," the Center for Strategic and International Studies (CSIS) concluded that the government and the private sector should be concerned about the "trustworthiness" of future Microsoft products in the aftermath of the hack into the company's network. Former Deputy Secretary of Defense John Hamre, a longtime cybersecurity proponent in the defense and intelligence communities, heads the CSIS
In the largest criminal Internet attack to date, a group of Eastern European hackers has spent a year systematically exploiting known Windows NT vulnerabilities to steal customer data. More than a million credit cards have been taken and more than 40 sites have been victimized.
