FC: Microsoft hacked, source code taken, from Wall Street Journal

[Declan McCullagh <declan () well com>]

[A few thoughts, based on this account: 1. Don't use Microsoft email 
programs; they're terribly vulnerable (but that's nothing new); 2. I 
suspect it's easier to snare a copy of the Windows source than to 
successfully alter what's included in a shipping product. I'm sure 
Microsoft must use RCS or something similar, perhaps providing an 
additional level of security; 3. The commented source code to Windows must 
be huge, gigabytes, and (perhaps) rarely combined in one place except when 
compiling. I suspect the hackers didn't get it all; 4. Even if they did get 
it all, the NuPrometheus League (which didn't) hardly ended Apple Computer: 
http://www.eff.org/pub/Publications/John_Perry_Barlow/HTML/crime_and_puzzlement_1.html 
5. Maybe now we'll be able to figure out what that purported NSA back door 
in Windows was all about. :) http://www.politechbot.com/p-00590.html --Declan]

********

From: "Bridis, Ted" <Ted.Bridis () dowjones com>
To: "'declan () well com'" <declan () well com>
Subject: Microsoft hacked
Date: Fri, 27 Oct 2000 00:41:49 -0400

http://interactive.wsj.com/articles/SB972610940488497271.htm

October 27, 2000

Microsoft's Network Is Hacked
And Code for Software Is Taken

By TED BRIDIS and REBECCA BUCKMAN
Staff Reporters of THE WALL STREET JOURNAL

WASHINGTON -- Microsoft Corp. and U.S. authorities are investigating an
extraordinary computer break-in at Microsoft's headquarters by hackers
believed to have stolen the blueprints to its most valuable software,
including the latest versions of Windows and Office, people familiar with
the situation said.

The break-in was discovered Wednesday by Microsoft's security employees
after they detected passwords being remotely sent to an e-mail account in
St. Petersburg, Russia. Microsoft, of Redmond, Wash., interpreted electronic
logs as showing that those internal passwords were used to transfer source
code -- software blueprints -- outside the Microsoft campus.

A Microsoft spokesman confirmed that, "we recently became aware of a hack to
our corporate network. Microsoft is moving aggressively to isolate the
problem and ensure the security of our internal network." He added: "We are
confident that the integrity of Microsoft source code remains secure." He
declined to comment further.

The motive behind the break-in isn't known, but industry experts speculated
it could be the early phase of a "data hostage" case, in which hackers
threaten to publicly disclose a corporation's intellectual property, an
increasingly common ploy among the most sophisticated electronic thieves.
Microsoft has long faced problems with more traditional software piracy,
particularly in developing countries, where people make and sell
unauthorized copies of Microsoft products.

Other possible motives include economic espionage, though experts said only
a rogue company might knowingly buy stolen software, using it either to
improve its own products or make those products more compatible with
Microsoft's best-selling operating systems.

Though it has shared some of its source code, under strict contracts, with
some partners, Microsoft generally guards the code jealously, as the secret
technology continues to underpin multibillion-dollar software businesses for
the company. During Microsoft's recent antitrust trial, the fate of the
source code became a major bone of contention between the company and the
government.

Microsoft initially sought to investigate the break-in itself but decided
Thursday to contact the Federal Bureau of Investigation. The electronic
burglary is an embarrassment for Microsoft, among the world's most powerful
companies and a favorite target of hackers, who deride the security
components that Microsoft builds into its software products.

Computer security at Microsoft's campus generally was well-regarded until
this latest incident. Microsoft was checking to ensure that the hackers
didn't alter some of the company's commercial software, which is used by
corporations, governments and consumers around the globe. The hackers, whose
identities are unknown, are believed to have had access to the codes for
three months.

While there is no evidence that any changes have been made to the codes, and
experts characterized such a risk as remote, any unauthorized alterations to
Microsoft's products would raise broad questions about the trustworthiness
of some of the world's most widely used software applications.

Thursday, people familiar with the case said the company was meticulously
examining every computer file on the compromised network that was modified
for any reason during the preceding three months. It also was closely
examining recently shipped computer code for critical Windows ME and Windows
2000 operating systems, the Outlook and Outlook Express e-mail and calendar
programs, and the Microsoft Office suite of business applications.

Windows ME, the company's latest version of Windows for consumers, was
publicly released Sept. 14 -- during the period when hackers could have
modified files. Its source code was finalized, however, much earlier, on
June 19, Microsoft said.

One person familiar with the case said it appeared the hackers initially
gained access to Microsoft's corporate computers by using hacker software
called the QAZ Trojan, which first surfaced in China in July. The QAZ
software is traditionally delivered by e-mail and opens a "back door" to
hackers, giving them remote control over the infected computer.

Here is how experts believe Microsoft was hacked:

An unknown employee received e-mail carrying the dangerous software payload
and inadvertently installed it. The viruslike software disguised itself as
Notepad, a Windows program used for reading text messages.

QAZ then sent a remote signal to a computer in Asia with the location on the
Internet of the newly infected computer. Experts said QAZ also may have
automatically downloaded and installed hacker tools from a Web site in the
South Pacific. QAZ gave the intruder some control over the victim's
computer, and it automatically spread to any computers it found in that
section of Microsoft's campus.

The hackers used another program to collect employee passwords, which were
automatically sent to the Russian e-mail address.

Posing as Microsoft employees working off-campus, the hackers used the
pilfered passwords to enter sensitive areas of the network and began
downloading files.

-- Gary Fields contributed to this article
 




-------------------------------------------------------------------------
POLITECH -- the moderated mailing list of politics and technology
You may redistribute this message freely if it remains intact.
To subscribe, visit http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
-------------------------------------------------------------------------