Was hack attack Microsoft's own fault?

While admitting its corporate networks fell prey to a hacker attack, Microsoft denies reports that intruders accessed source code for its major operating system products Microsoft released a statement Friday saying hackers did not actually steal Windows code.

"This situation appears to be much narrower than originally reported," Microsoft says in its statement. "Our investigation shows no evidence that the intruder gained access to the source code for our major products, such as Windows Me, Windows 2000, or Office."

Microsoft does say the hacker or hackers could "view source code under development for a future product," but that the perpetrator did not modify or corrupt that code.

Microsoft's new excuse for bugs?

Microsoft's statement is nothing more than an attempt to diminish its embarrassment, says Jeffrey Tarter, editor and publisher of Softletter.

"The day I believe Microsoft PR statements is the day I'll believe Clinton on his sex life," Tarter says. "Once a hacker opens a file, I don't think there's any way Microsoft could know whether the code was downloaded or what had been done to it."

While Windows source code would clearly be a valuable steal, it is unclear what kind of damage, other than illegal distribution, would result from this particular hack.

Initial reports say the hacked information was sent to a site in Russia. Programmers there could conceivably use the code to distribute illegal copies of Windows, but "most likely the hackers will just do mischief with it like posting the source code on bulletin boards," Tartar says.

While Microsoft says it is confident "the integrity of its intellectual property remains secure," the fact that anyone could hack into the networks of the world's largest software company says something about Microsoft's attitude toward security, Tartar adds.

"Any network has vulnerabilities, but it should not have been possible for a hacker -- no matter how good -- to get at source code, Microsoft's most valuable asset," Tarter says.

"The interesting question is whether the hackers did mess around with any files," he adds. "It'd be a wonderful excuse for bugs Microsoft could use for the next two or three years."

And if Windows source code appears on Web bulletin boards and chat rooms, so much the better, according to Tarter. "Putting Windows out in the open might have some benefit to Microsoft, as programmers might look at it and suggest ways it could be better," he says.

Damage could be severe (or not)

Security experts say if Microsoft suspects a hacker could have manipulated source code, the company would have to painstakingly check code against changes logged by authorised programmers -- a process that could take months.

The source code for Microsoft programs like the Windows operating system is under more or less constant modification by Microsoft's team, as it looks for errors and work on upgrades, says Russ Cooper, the moderator for an online forum for computer security, NTBugTraq.

Changes in source code would have a ripple effect, he notes. "It's not like the copy of Windows you buy on a CD-ROM in the store," he says. "What if I make a change in Windows Me that will be shipped to consumers with a 'back door,' so I can break into their systems? The possibilities are endless."

The hackers appeared to have accessed Microsoft computers by the QAZ Trojan, typically delivered via e-mail, according to an unnamed source cited by the Wall Street Journal.

But Cooper doubts the QAZ program alone could enable access.

"The claim that the QAZ Trojan caused this is highly doubtful," he says. The QAZ program can identify a PC's IP address, so a hacker might establish a connection, he notes. "But in order to do that, I would have to go through Microsoft's firewall. Out-of-date antivirus software and a broken firewall is highly unlikely."

(George A. Chidi Jr. and Laura Rohde, IDG News Service, contributed to this report.)

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Cameron Crouch

PC World
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?