Microsoft says it knew of hacker all along

By GENE JOHNSON

Associated Press

SEATTLE — A hacker had high-level access to Microsoft Corp.’s computer system for 12 days — not up to five weeks, as the company had first reported — and was monitored the entire time.

While the company says it believes no major corporate secrets were stolen, some security experts believe the 12-day period was plenty of time for a hacker to do damage that may not have been detected yet.

Microsoft spokesman Rick Miller said Sunday that beginning Oct. 14 a hacker gained access to high-level secrets and that at some point over the next 12 days viewed blueprints, or source code, for Microsoft software that is being developed.

When it confirmed the incident Friday, the software giant based in Redmond, a Seattle suburb, said an electronic intruder had access to source code for as long as five weeks. Microsoft used that time estimate because the duration of the hacker’s presence was unclear and the company wanted to be sure it did not underestimate the problem, Miller said.

The company was alerted to the break-in by the creation of new accounts giving users access to parts of Microsoft’s computer network, Miller said.

"We start seeing these new accounts being created, but that could be an anomaly of the system," Miller said. "After a day or two, we realized it was someone hacking into the system."

It was not until Oct. 26, however, that the company notified federal law enforcement, which is investigating the matter. Microsoft said it initially planned to handle the break-in on its own.

"We realized the intrusion had grown to the level that warranted bringing in the FBI," Miller said. Miller said the activity did not corrupt or modify the code for the product, which he declined to identify.

If any attempts to download or transfer the source code were made, such activity was not recorded in Microsoft’s logs, Miller said, adding that it is extremely unlikely any source code files were copied because of their immense size.

But some security experts questioned that assessment.

"It’s impossible to say with absolute certainty that (source code) file has not been copied," according to Simon Perry, vice president of security solutions at Computer Associates International in Islandia, N.Y. "Over a 12-day period, it would be absolutely possible to take a copy of that."

Ray Pompon of Seattle-based Conjungi Networks, which installed some security tools for Microsoft in 1994, agreed, saying, "Source code files can be very big, but they’re easily compressible."

Microsoft has refused to say at what point it learned the hacker saw the source codes. Pompon said whether the company discovered it immediately would depend on what type of monitoring it was doing — something the company has not disclosed.

Miller acknowledged the hacker could have been in the system for longer than 12 days, but he said the company is confident that high-level access occurred only between Oct. 14 and Oct. 25.

But even with low-level access, the hacker could have accessed corporate e-mails and other confidential information, Miller said.

Microsoft has refused to identify what program the source code was for, except to say it was a product years from release — not Windows or Office software.

Pompon said it’s less damaging to Microsoft that the product was not one already on the market. "Microsoft can be more careful about what they’re going to release and make sure it’s not vulnerable," he said.

Microsoft’s source codes are the most coveted in the multibillion-dollar industry.

With access to software blueprints, competitors could write programs that undermine Microsoft or use the data to identify weaknesses, making computer break-ins and virus-writing easier.

Copyright ©2000 Associated Press. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.