REDMONT The FBI is investigating a break-in by hackers who penetrated Microsoft’s computer network and gained access to its closely guarded source code, which if disseminated could badly hurt the software giant.
Hackers broke into top-secret Microsoft Corp.s computer network and gained access to blueprints for the companys latest software, Microsoft said Friday. The FBI is investigating the break-in. But the news is a big blow to Microsoft.
They did in fact access the source codes, the companys chief executive, Steve Ballmer, said during a meeting in Stockholm. You bet this is an issue of great importance. I can also assure you that we know that there has been no compromise of the integrity of the source codes, that it has not been tampered with in any way.
The source code contains the blueprints for such products as the Windows operating system.
Were still looking into it. Were still trying to figure out how it happened, said company spokesman Rick Miller said. This is a deplorable act of industrial espionage and we will work to protect our intellectual property.
At company headquarters, Microsoft spokesman John Pinette would not speculate Friday on who was responsible for the break-in or what their motive might be. Microsoft is trying to limit and prevent damage to its software, he said.
Pinette said that consumer, business and government computers running Microsoft software should be safe.
We dont believe customers are going to be affected in any way, he said. Over the long term we will be taking additional steps to protect more securely our corporate assets on our IT [information technology] network, Pinette said.
Source codes are the building blocks of computer programs, and Microsofts codes are the most coveted in the industry. With access to the source codes of Microsofts operating systems, competitors could easily write programs that challenge the dominance, for example, of the computer giants Office suite of word processing, spreadsheet and other applications.
The break-in was discovered Wednesday by the software giants security employees, according to The Wall Street Journal, which first reported the story, citing people familiar with the situation.
Security employees discovered that passwords used to transfer the source code behind Microsofts software were being sent from the companys computer network in Redmond to an e-mail account in St. Petersburg, Russia.
The identities of the hackers are unknown. The Journal reported that the hackers are believed to have had access to the software codes for three months, but a source familiar with the case said that it had been going on for at most five weeks.
A person familiar with the break-in said that it appeared the hackers accessed Microsofts system by e-mailing software, called QAZ Trojan, to the companys network and then opening a so-called back door through the infected computer.
In hacking terms, a trojan is quite similar to the Trojan Horse of Greek mythology. It looks like a normal attachment in an e-mail, such as a Word document or picture, but contains a hidden code that can, in effect, take limited control of the recipients computer.
Once inside, the hacker software can be used to deliver passwords from one computer to another, or even destroy files.
While no motive for the break-in has been mentioned, hackers have in the past tried to extort companies after accessing information from their computers and threatening to publish it on the Internet.
Following an initial investigation, Microsoft issued the following statement:
REDMOND, Wash., October 27, 2000 — Microsoft is working with law enforcement to resolve a situation in which a hacker gained access to certain parts of the company’s internal corporate network.
“This situation appears to be much narrower than originally reported. Although Microsoft Corporate Security is continuing to investigate, we have no reason to believe that any customers have been or will be affected in any way by this incident.
“Our investigation shows no evidence that the intruder gained access to the source code for our major products, such as Windows Me, Windows 2000 or Office. Although the hacker apparently was able to view some source code under development for a future product, the investigation confirmed that there was no modification or corruption of any source code.
“We are confident that the integrity of Microsoft’s intellectual property remains secure. Similarly, we have no evidence to suggest that any of Microsofts online services have been or will be affected by the incident. We have no reason to believe that any of our customers have been or will be affected.
“The security breach did not involve a security vulnerability in any Microsoft product. We are working with law enforcement to address this deplorable act of industrial espionage. There are regular attempts at unauthorized entry into Microsoft’s network — as well as most large corporations and government agencies around the world. We actively address these issues, and we are working aggressively to isolate this problem and ensure the security of our internal network.”
