October 27, 2000 1:45 PM PDT

Microsoft computer network hacked; FBI steps in

The FBI said it has opened an investigation of the break-in to Microsoft's computer network, following the software giant's vow late Thursday to shore up its internal security.

Microsoft had enlisted the help of the FBI in investigating the attack after a hacker succeeded in breaking into the company's network, according to a source familiar with the matter. FBI spokeswoman Debbie Weierman gave no further details.

As reported last night, while attempted attacks on Microsoft's corporate network and those of other high-profile companies are routine, Microsoft characterized this incident in unusually strong terms.

"This was a deplorable act of industrial espionage," Microsoft spokesman Rick Miller said Thursday. "We're taking this very seriously and have both an immediate and long-term solution to protect our internal corporate network."

The hackers who broke into the company's computer systems gained access to some of its key programs but did not change them, Microsoft chief executive Steve Ballmer said Friday, according to Reuters.

"It is clear that hackers did see some of our source code," Ballmer told Microsoft programmers and reporters at a seminar in Stockholm, Reuters reported.

To sooth fears that a virus had been hidden inside future releases of Microsoft products, Ballmer added that the burglars had not changed any of Microsoft's software programs, according to Reuters. "I can assure you that we know that there has been no compromise of the integrity of the source code, that it has not been modified or tampered with in any way," Ballmer said.

Earlier on Friday, Ballmer had said that hackers had not gained access to any of Microsoft's key programs or source code, characterizing the break-in as not very damaging.

Gartner security analyst John Pescatore said that while Ballmer may claim no source code was taken, it is too early to tell.

"That part is really difficult for companies to figure out," he said. "It could take weeks. You might have a preliminary indication that something's been deleted or gone, or get some sense by reading some logs that nobody's been here."

But Pescatore warned that logs can be deleted or changed to confuse an investigation. "A sophisticated hacker will do a very good job at covering his tracks," he said.

According to The Wall Street Journal, hackers with an email address based in St. Petersburg, Russia, had orchestrated the attack in order to


Gartner analyst John Pescatore says that although the vast majority of virus attacks don't lead to the same level of information compromise Microsoft may have suffered, attacks targeted at acquiring or destroying specific data are growing rapidly.

see commentary

steal source code to Microsoft's Windows operating system and Office productivity software suite.

Microsoft discovered the security breach Wednesday after observing that passwords were spirited off to the Russian destination using a password-stealing exploit, according to the report.

While Microsoft has good reason to guard its intellectual property, the actual ramifications of any software theft in this case could be mitigated by the sheer ubiquity of the company's applications, said one security analyst.

"If a piece of software is not so well-known, you could resell it in the market," said SecurityFocus.com analyst Elias Levy, as reported last night. "I don't know how valuable the source code to Office may be, because with such a well-known piece of software it's unlikely they would come up with a knockoff and try to sell it. It's too easy to spot. But it might be interesting to competitors because they might be able to get insights on how Microsoft is working, to steal ideas from it rather than steal it outright."

Robert Graham, chief technology officer with security software maker Network Ice, explained that pilfered source code could potentially expose unknown vulnerabilities.

"Let's say the hacker downloads some, not all, the Microsoft Word source code," he said. "Now let's say he finds some vulnerability no one else knows about. Now he has a secret way to get into Microsoft Word documents. He can now send out Microsoft Word documents that once they're opened would allow him access to everyone's machine."

The value of Windows source code has become an issue in the government's antitrust case against Microsoft. During the trial, which now awaits consideration by an appeals court, Microsoft critics and some in the government camp suggested that the software giant give other companies the Windows 95 and 98 source code to restore competition in the marketplace. But Microsoft rebuffed government attempts to open application programming interfaces (APIs)--software used to develop Windows programs--arguing that opening them would reveal Windows source code to competitors.

However, a stolen copy of the source code is a far cry from a legal license to use it, Levy pointed out. While the latter would allow a company to market a competitor to Windows, the former would not.

Instead, it could provide aid to projects that are trying to reverse-engineer aspects of Windows. One example is a group called Wine working on technology that lets Windows programs run on Intel-based Linux systems, though that group has explicitly ruled out using any Microsoft code in order to shield itself from charges of intellectual property theft.

Stolen software code can also yield clues to a product's security flaws.

The worst-case scenario for a company whose source code has been exposed is that invaders make changes to the original that aren't noticed until the product ships. In that case, the attackers could add back doors or could program malicious code into the product.

Levy termed any blackmail scenario--in which thieves threaten to expose the source code unless demands are met--unlikely in Microsoft's case.

"A sophisticated attacker would realize that Microsoft is more likely to get law enforcement help than pay up," Levy said.

News.com's Joe Wilcox contributed to this report.

 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.