Microsoft confirms hackers saw code for upcoming software
The company acknowledges that hackers had accessed source code to programs in development, but company representatives say the intruders did not see code for existing products.
The admission quells fears hackers might have stolen the source code, or blueprint, for some of Microsoft's most valuable programs, including Office, Windows Me and Windows 2000.
As a criminal investigation under the direction of the FBI progressed, the nature of the attack appeared to be more sophisticated than first suspected, adding fuel to speculations of industrial espionage.
"There's no evidence that the unauthorized intruder gained access to source code for our major products," said Microsoft spokesman Ricardo Adame. "It appears the hacker was able to view some source code under development."
Adame emphasized that while the hackers were able to view the source code, "there were no modifications or corruptions" and "no source code was downloaded."
Investigators believe a Microsoft employee received email containing a common hacker program known as a Trojan horse, which he or she unknowingly launched.
The program then attempted to spread to other computers on Microsoft's network and pilfered passwords that were later sent to a Russian email address, said sources familiar with the investigation.
While Microsoft and many other companies encrypt passwords so they cannot be easily stolen, careless employees can make the process easy for hackers, said Gartner security analyst John Pescatore.
"A lot of people have emails that say, 'Hey, I'm on vacation. If you need to get to such and such, here's the password,'" he said.
The hacker could have launched a program that searched for and retrieved emails containing the word password.
Sources familiar with the investigation said that once the hacker had obtained one or more passwords, he or she connected to Microsoft's home campus in Redmond, Wash., posing as an employee working off-site.
Once inside and behind Microsoft's security firewall, the hacker had limited access to some other computers on Microsoft's network.
"Since you're running on someone else's computer, it's assumed you are a trusted user," explained Richard Smith, chief technology officer for The Privacy Foundation. "So the hacker could have been probing around the network leisurely for a few weeks. Then they started to probe around where the source code is kept."
In fact, the criminal investigation has determined the hack started around the end of September, Adame said, and went undetected until early this week.
"There was some unusual behavior in the security protocols we use in terms of the network," he said. "That's when the security team started the whole (investigation) process."
How far the hacker got is still uncertain, but sources close to the company said much of the intrusion was confined to a single computer.
Whether, given more time, the hacker could have pilfered the development code he or she saw or gained access to more valuable code is uncertain, Pescatore said.
"They key message here is, do you know where your crown jewels are stored?" he said. "Do you have extra levels of security for your corporate crown jewels?"
Pescatore compared someone getting the source code of Windows 2000 to stealing the formula to Pepsi.
Security experts were surprisingly supportive of Microsoft, despite the amount of time the hacker may have had access to the company's network.
"If you look at what Microsoft said about the entire incident, it shows they have got auditing and logging on, which, by the way, is something many big corporations don't do very well," said Robert Graham, chief technology officer with security software maker Network Ice.
"This would point to the efficiency of Microsoft's security stance," he said.