Microsoft hackers reached key programmes

[InfoSec News <isn () c4i org>]

http://www.nzherald.co.nz/storydisplay.cfm?storyID=157359&thesection=technology&thesubsection=general

28.10.2000
8:00 AM 

STOCKHOLM/LONDON - Microsoft President and Chief Executive Steve
Ballmer said the hackers who broke into the software giant's computer
systems had gained access to some of its key programs, but had not
changed them.

"It is clear that hackers did see some of our source code," Ballmer
told Microsoft programmers and reporters at a seminar in Stockholm
yesterday.

Source code is the basic building block of all software programs and
Microsoft has always tried to keep its source code a top secret.

Ballmer said the burglars had not changed any of its software
programs, soothing fears that a virus had been hidden inside future
releases of Microsoft products.

"I can assure you that we know that there has been no compromise of
the integrity of the source code that it has not been modified or
tampered with in any way," he added.

Earlier yesterday Ballmer had said hackers had not gained access to
any of Microsoft's key programs or source code.

Microsoft became aware of the attacks "in the last couple of days."
Asked if the attacks had now stopped, Microsoft spokesman Rick Miller
said: "We believe so."

Microsoft's security employees discovered the break-in after they
detected passwords being remotely sent to an e-mail account in St.
Petersburg, Russia, the Wall Street Journal reported.

The company interpreted electronic logs as showing that those internal
passwords were used to transfer source code outside the Microsoft
campus, it said.

Security experts said the break-in heralded a new phase as the hackers
had created an intelligent software agent, called a worm, which
rummages independently through networks for valuable information.

"It's very effective. A hacker doesn't need to hack into a computer
himself. The worm does it for him and then reports back," said Mikko
Hypponen, a security expert at Finnish-based data protection
specialists F-Secure.

"We've been forecasting worm-based industrial espionage to happen for
quite some time and it looks like now it has happened big time," he
added.

Microsoft confirmed earlier that it had reported the break-in to the
US Federal Bureau of Investigation (FBI).

The Wall Street Journal, citing sources close to the situation, said
Microsoft's flagship products Windows and Office had been the target.

Computer security experts told Reuters that hackers appeared to have
used a "well-known" worm called QAZ, which first surfaced in China
several months ago, to break into Microsoft's systems.

By early October anti-virus company Symantec had already spotted some
1,000 infections with the QAZ worm.

"This is very worrying (that Microsoft has been hit), because we have
had detection for it for three months," said Raimond Genes, European
marketing vice-president for Japan-based computer security company
Trend Micro.

Microsoft declined to comment on what, if anything, had been stolen.
The FBI was not immediately available for comment.

If unstopped, a worm that has entered a network will infect other
computers when files are shared, something that happens often in work
places where people work together on a single project, such as
software.

A worm is a distinct type of computer virus that makes copies of
itself across multiple systems.

This particular virus is believed to have entered Microsoft's
headquarters on the back of an inconspicuous looking Notepad-document,
which would also make it a so-called Trojan.

Named after the Greek myth of the Trojan Horse, the insidious worm
hides inside a file and once opened, a damaging program is installed
on the computer that starts sending copies of itself to other
computers.

Once the software is installed, hackers can gain easy access to the
information on that computer.

The fact that the worm had infected programmers' computers was not
unusual because programmers usually disable virus protection software
which slows down computers, Hypponen said.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.