Microsoft's network is hacked
=============================
Intruders believed to have stolen code for software
By TED BRIDIS and REBECCA BUCKMAN
THE WALL STREET JOURNAL
WASHINGTON, Oct. 27 - Microsoft Corp. and U.S. authorities are
investigating an extraordinary computer break-in at Microsoft's
headquarters by hackers believed to have stolen the blueprints to its
most valuable software, including the latest versions of Windows and
Office, people familiar with the situation said.
'We recently became aware of a hack to our corporate network. ... We are
confident that the integrity of Microsoft source code remains secure.'
Microsoft SPOKESMAN
THE BREAK-IN was discovered Wednesday by Microsoft's security employees
after they detected passwords being remotely sent to an e-mail account
in St. Petersburg, Russia. Microsoft, of Redmond, Wash., interpreted
electronic logs as showing that those internal passwords were used to
transfer source code-software blueprints-outside the Microsoft campus.
A Microsoft spokesman confirmed that, "we recently became aware of a
hack to our corporate network. Microsoft is moving aggressively to
isolate the problem and ensure the security of our internal network." He
added: "We are confident that the integrity of Microsoft source code
remains secure." He declined to comment further.
MOTIVE UNKNOWN
The motive behind the break-in isn't known, but industry experts
speculated it could be the early phase of a "data hostage" case, in
which hackers threaten to publicly disclose a corporation's intellectual
property, an increasingly common ploy among the most sophisticated
electronic thieves. Microsoft has long faced problems with more
traditional software piracy, particularly in developing countries, where
people make and sell unauthorized copies of Microsoft products.
Other possible motives include economic espionage, though experts said
only a rogue company might knowingly buy stolen software, using it
either to improve its own products or make those products more
compatible with Microsoft's best-selling operating systems.
Though it has shared some of its source code, under strict contracts,
with some partners, Microsoft generally guards the code jealously, as
the secret technology continues to underpin multibillion-dollar software
businesses for the company. During Microsoft's recent antitrust trial,
the fate of the source code became a major bone of contention between
the company and the government.
Microsoft initially sought to investigate the break-in itself but
decided Thursday to contact the Federal Bureau of Investigation. The
electronic burglary is an embarrassment for Microsoft, among the world's
most powerful companies and a favorite target of hackers, who deride the
security components that Microsoft builds into its software products.
WELL-REGARDED SECURITY
Computer security at Microsoft's campus generally was well-regarded
until this latest incident. Microsoft was checking to ensure that the
hackers didn't alter some of the company's commercial software, which is
used by corporations, governments and consumers around the globe. The
hackers, whose identities are unknown, are believed to have had access
to the codes for three months.
While there is no evidence that any changes have been made to the codes,
and experts characterized such a risk as remote, any unauthorized
alterations to Microsoft's products would raise broad questions about
the trustworthiness of some of the world's most widely used software
applications.
Thursday, people familiar with the case said the company was
meticulously examining every computer file on the compromised network
that was modified for any reason during the preceding three months. It
also was closely examining recently shipped computer code for critical
Windows ME and Windows 2000 operating systems, the Outlook and Outlook
Express e-mail and calendar programs, and the Microsoft Office suite of
business applications.
Windows ME, the company's latest version of Windows for consumers, was
publicly released Sept. 14 -during the period when hackers could have
modified files. Its source code was finalized, however, much earlier,
on June 19, Microsoft said.
One person familiar with the case said it appeared the hackers initially
gained access to Microsoft's corporate computers by using hacker
software called the QAZ Trojan, which first surfaced in China in July.
The QAZ software is traditionally delivered by e-mail and opens a "back
door" to hackers, giving them remote control over the infected computer.
Here is how experts believe Microsoft was hacked:
*] An unknown employee received e-mail carrying the dangerous software
payload and inadvertently installed it. The viruslike software
disguised itself as Notepad, a Windows program used for reading text
messages.
*] QAZ then sent a remote signal to a computer in Asia with the location
on the Internet of the newly infected computer. Experts said QAZ also
may have automatically downloaded and installed hacker tools from a Web
site in the South Pacific. QAZ gave the intruder some control over the
victim's computer, and it automatically spread to any computers it found
in that section of Microsoft's campus.
*] The hackers used another program to collect employee passwords, which
were automatically sent to the Russian e-mail address.
*] Posing as Microsoft employees working off-campus, the hackers used
the pilfered passwords to enter sensitive areas of the network and began
downloading files.
-Gary Fields contributed to this article.
--
Eko Sulistiono
MIKRODATA & AntiVirus Media
Web: http://www.mikrodata.co.id/
WAP: http://www.mikrodata.co.id/wap/index.wml
This message contains no viruses. Guaranteed by AVP.
------------------------------------------------------------------------
Forum Komunikasi Penulis-Pembaca MIKRODATA (FKPPM)
Informasi : http:[EMAIL PROTECTED]
Arsip : http://www.mail-archive.com/forum%40mikrodata.co.id/
WAP : http://mikrodata.co.id/wap/index.wml
Milis ini menjadi kontribusi beberapa rubrik yang diasuh tim MIKRODATA.
Termasuk rubrik-rubrik yang ada di media lain.
Memakai, Menyebarluaskan, dan Memperbanyak software bajakan adalah
tindakan kriminal.
Please check with the latest AVP update before you ask about virus:
ftp://mikrodata.co.id/avirus_&_security/AntiViral_Toolkit_Pro/avp30.zip
