Was hack attack Microsoft's own fault?

While admitting its corporate networks fell prey to a hacker attack, Microsoft denies reports that intruders accessed source code for its major operating system products Microsoft released a statement Friday saying hackers did not actually steal Windows code.

"This situation appears to be much narrower than originally reported," Microsoft says in its statement. "Our investigation shows no evidence that the intruder gained access to the source code for our major products, such as Windows Me, Windows 2000, or Office."

Microsoft does say the hacker or hackers could "view source code under development for a future product," but that the perpetrator did not modify or corrupt that code.

Microsoft's new excuse for bugs?

Microsoft's statement is nothing more than an attempt to diminish its embarrassment, says Jeffrey Tarter, editor and publisher of Softletter.

"The day I believe Microsoft PR statements is the day I'll believe Clinton on his sex life," Tarter says. "Once a hacker opens a file, I don't think there's any way Microsoft could know whether the code was downloaded or what had been done to it."

While Windows source code would clearly be a valuable steal, it is unclear what kind of damage, other than illegal distribution, would result from this particular hack.

Initial reports say the hacked information was sent to a site in Russia. Programmers there could conceivably use the code to distribute illegal copies of Windows, but "most likely the hackers will just do mischief with it like posting the source code on bulletin boards," Tartar says.

While Microsoft says it is confident "the integrity of its intellectual property remains secure," the fact that anyone could hack into the networks of the world's largest software company says something about Microsoft's attitude toward security, Tartar adds.

"Any network has vulnerabilities, but it should not have been possible for a hacker -- no matter how good -- to get at source code, Microsoft's most valuable asset," Tarter says.

"The interesting question is whether the hackers did mess around with any files," he adds. "It'd be a wonderful excuse for bugs Microsoft could use for the next two or three years."

And if Windows source code appears on Web bulletin boards and chat rooms, so much the better, according to Tarter. "Putting Windows out in the open might have some benefit to Microsoft, as programmers might look at it and suggest ways it could be better," he says.

Damage could be severe (or not)

Security experts say if Microsoft suspects a hacker could have manipulated source code, the company would have to painstakingly check code against changes logged by authorised programmers -- a process that could take months.

The source code for Microsoft programs like the Windows operating system is under more or less constant modification by Microsoft's team, as it looks for errors and work on upgrades, says Russ Cooper, the moderator for an online forum for computer security, NTBugTraq.

Changes in source code would have a ripple effect, he notes. "It's not like the copy of Windows you buy on a CD-ROM in the store," he says. "What if I make a change in Windows Me that will be shipped to consumers with a 'back door,' so I can break into their systems? The possibilities are endless."

The hackers appeared to have accessed Microsoft computers by the QAZ Trojan, typically delivered via e-mail, according to an unnamed source cited by the Wall Street Journal.

But Cooper doubts the QAZ program alone could enable access.

"The claim that the QAZ Trojan caused this is highly doubtful," he says. The QAZ program can identify a PC's IP address, so a hacker might establish a connection, he notes. "But in order to do that, I would have to go through Microsoft's firewall. Out-of-date antivirus software and a broken firewall is highly unlikely."

(George A. Chidi Jr. and Laura Rohde, IDG News Service, contributed to this report.)

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Cameron Crouch

PC World
Show Comments

Cool Tech

Breitling Superocean Heritage Chronographe 44

Learn more >

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?