Associated Press
SEATTLE — Microsoft security experts tried and failed to catch the hacker in a more than weeklong game of electronic cat and mouse through the computer software giant’s vast system, company officials disclosed Monday.
"We are continuing to work closely with law enforcement," said company spokesman Rick Miller. "Beyond that, we really can’t say much more."
Company officials believe the hacker had access for about 12 days, but only to the source code, or blueprint, for a single product that is still in the early stages of development. That contrasts to initial company statements that the hacker could have been rummaging through the Microsoft network for as long as five weeks.
Miller acknowledged the hacker could have been in the system longer but said the company is confident that high-level access occurred only between Oct. 14 and Oct. 25.
Even with low-level access, the hacker could have opened corporate e-mail and read other confidential information, Miller said.
Mark Rasch, a former Justice Department official and now vice president of the Reston, Va.-based computer security firm Global Integrity, said Microsoft’s failure to catch the hacker is not surprising.
"Only the dumb ones get caught," Rasch said. "Microsoft’s experience is not atypical, especially if the bad guy was smart."
After the network administrators reported suspicions that a hacker could be inside the system to Microsoft security on Oct. 14, sources said the company monitored the intruder’s progress through the system as he tried to upgrade his security clearances. The hacker did manage to access the source code, or blueprints, to one product, the company said.
The company then tried to track the intruder on its own, sources said, but had little luck determining where his commands were coming from. Hackers often use other computers across the Internet, often ones they have previously broken into, to "bounce" their data around to confuse trackers.
"There’s always a trade-off between shutting them down and continuing to let them go while you investigate," Rasch said.
After law enforcement joined the investigation on Oct. 26, sources said there was little improvement. Microsoft was forced to shut down all the questionable accounts and barred outside access to the network for a time to stop the hacker from accessing more confidential data.
The company believes that its systems are now secure again, but would not confirm how the breach took place.
Media reports have said the hacker used a "Trojan" — a tool masquerading as an innocent file or program, usually sent through e-mail — that requires the recipient to click on it.
Copyright ©2000 Associated Press. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
Talk to us
> Give us your news tips.
> Send us a letter to the editor.
> More Herald contact information.