By MICHAEL J. MARTINEZ
Associated Press
SEATTLE – Hackers who broke into Microsoft Corp.’s computer network gained access to blueprints for software under development, but did not see codes for the company’s most popular products, a Microsoft spokesman said today.
“This situation appears to be much narrower than originally thought,” said spokesman Mark Murray. “The investigation shows no evidence the intruder gained access to the source codes for Windows ME, Windows 2000 or Office. That is very good news.”
Windows is the company’s flagship operating system for personal computers and networks, and Office is its package of word processing, spreadsheet and other business software.
The hackers viewed codes only for products being designed for release years from now, but did not modify or corrupt those codes, Murray said.
Still, the company’s top executive underscored the seriousness of the break-in, and the FBI was called in.
“They did in fact access the source codes,” chief executive Steve Ballmer said during a meeting in Stockholm. “You bet this is an issue of great importance.
“I can also assure you that we know that there has been no compromise of the integrity of the source codes, that it has not been tampered with in any way.”
The company said consumer, business and government computers running Microsoft software should be safe. FBI spokesman Steve Berry said the agency is investigating but refused to discuss details.
Source codes, the building blocks of computer programs, contain the blueprints for such products as the Windows operating system. Microsoft’s codes are the most coveted in the industry.
With access to the right codes, competitors could easily write programs that challenge the dominance of Microsoft in personal software.
“We’re still looking into it. We’re still trying to figure out how it happened,” company spokesman Rick Miller said. “This is a deplorable act of industrial espionage and we will work to protect our intellectual property.”
Another spokesman, John Pinette, would not speculate on who was responsible for the break-in or what their motive might be. He said Microsoft is trying to limit and prevent damage to its software.
The break-in was discovered Wednesday by the software giant’s security employees, according to The Wall Street Journal, which first reported the story.
Security employees found that passwords used to transfer the source code behind Microsoft’s software were being sent from the company’s computer network in Redmond to an e-mail account in St. Petersburg, Russia, the Journal reported.
The Journal said the hackers were believed to have had access to the software codes for three months, but a source familiar with the case told The Associated Press it had been going on for at most five weeks.
The hackers appeared to have accessed Microsoft’s system by e-mailing software, called QAZ Trojan, to the company’s network and then opening a so-called back door through the infected computer, the Journal reported.
In hacking terms, a “trojan” is quite similar to the Trojan horse of Greek mythology. It looks like a normal attachment in an e-mail, such as a Word document or picture, but contains a hidden code that can, in effect, take limited control of the recipient’s computer.
Once inside, the hacker software can be used to deliver passwords from one computer to another, or even destroy files.
Bruce Schneier, chief technical officer of Counterpane Internet Security Inc. of San Jose, Calif., said the break-in highlights companies’ general lack of network traffic monitoring.
“If you’re not watching your logs 24 hours a day, seven days a week this is the kind of thing that happens,” he said. “Microsoft got whacked and it made the news. But this could have happened to anyone.”
He said very few companies – “a few major financials” and clients of companies like Counterpane – watch their network traffic logs.
While no motive for the break-in has been mentioned, hackers in the past have tried to extort companies after accessing information from their computers and threatening to publish it on the Internet.
Copyright ©2000 Associated Press. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
Talk to us
- You can tell us about news and ask us about our journalism by emailing newstips@heraldnet.com or by calling 425-339-3428.
- If you have an opinion you wish to share for publication, send a letter to the editor to letters@heraldnet.com or by regular mail to The Daily Herald, Letters, P.O. Box 930, Everett, WA 98206.
- More contact information is here.