Was hack attack Microsoft's own fault?

While admitting its corporate networks fell prey to a hacker attack, Microsoft denies reports that intruders accessed source code for its major operating system products Microsoft released a statement Friday saying hackers did not actually steal Windows code.

"This situation appears to be much narrower than originally reported," Microsoft says in its statement. "Our investigation shows no evidence that the intruder gained access to the source code for our major products, such as Windows Me, Windows 2000, or Office."

Microsoft does say the hacker or hackers could "view source code under development for a future product," but that the perpetrator did not modify or corrupt that code.

Microsoft's new excuse for bugs?

Microsoft's statement is nothing more than an attempt to diminish its embarrassment, says Jeffrey Tarter, editor and publisher of Softletter.

"The day I believe Microsoft PR statements is the day I'll believe Clinton on his sex life," Tarter says. "Once a hacker opens a file, I don't think there's any way Microsoft could know whether the code was downloaded or what had been done to it."

While Windows source code would clearly be a valuable steal, it is unclear what kind of damage, other than illegal distribution, would result from this particular hack.

Initial reports say the hacked information was sent to a site in Russia. Programmers there could conceivably use the code to distribute illegal copies of Windows, but "most likely the hackers will just do mischief with it like posting the source code on bulletin boards," Tartar says.

While Microsoft says it is confident "the integrity of its intellectual property remains secure," the fact that anyone could hack into the networks of the world's largest software company says something about Microsoft's attitude toward security, Tartar adds.

"Any network has vulnerabilities, but it should not have been possible for a hacker -- no matter how good -- to get at source code, Microsoft's most valuable asset," Tarter says.

"The interesting question is whether the hackers did mess around with any files," he adds. "It'd be a wonderful excuse for bugs Microsoft could use for the next two or three years."

And if Windows source code appears on Web bulletin boards and chat rooms, so much the better, according to Tarter. "Putting Windows out in the open might have some benefit to Microsoft, as programmers might look at it and suggest ways it could be better," he says.

Damage could be severe (or not)

Security experts say if Microsoft suspects a hacker could have manipulated source code, the company would have to painstakingly check code against changes logged by authorised programmers -- a process that could take months.

The source code for Microsoft programs like the Windows operating system is under more or less constant modification by Microsoft's team, as it looks for errors and work on upgrades, says Russ Cooper, the moderator for an online forum for computer security, NTBugTraq.

Changes in source code would have a ripple effect, he notes. "It's not like the copy of Windows you buy on a CD-ROM in the store," he says. "What if I make a change in Windows Me that will be shipped to consumers with a 'back door,' so I can break into their systems? The possibilities are endless."

The hackers appeared to have accessed Microsoft computers by the QAZ Trojan, typically delivered via e-mail, according to an unnamed source cited by the Wall Street Journal.

But Cooper doubts the QAZ program alone could enable access.

"The claim that the QAZ Trojan caused this is highly doubtful," he says. The QAZ program can identify a PC's IP address, so a hacker might establish a connection, he notes. "But in order to do that, I would have to go through Microsoft's firewall. Out-of-date antivirus software and a broken firewall is highly unlikely."

(George A. Chidi Jr. and Laura Rohde, IDG News Service, contributed to this report.)

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Cameron Crouch

PC World
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?