Microsoft hacked but downplays impact

A Microsoft spokesman said Friday afternoon that a hacker had managed to view -- but not alter -- source code to Microsoft software, but said the code was for a product under development that wasn't due to be released for "several years."

"The situation appears to be much narrower than we originally thought," said Microsoft spokesman Richard Miller. "We have no evidence that the hacker gained access to the source code to any of our products in release."

According to a Microsoft statement posted on the company's Web site, an investigation has produced "no evidence" that the intruder gained access to source code for any of the company's major products, including Windows Me, Windows 2000 or Office.

"We have no reason to believe that any of our customers are affected," the company asserted in the statement, in which it called the incident an act of "industrial espionage."

Miller said that investigators from the US Federal Bureau of Investigation were looking at the case, and that there have been no arrests, but could not comment further.

Microsoft discovered Wednesday that hackers had infiltrated computer systems at its Redmond headquarters, using a Trojan horse virus program embedded in an e-mail attachment. The intrusion was reported in Friday's Wall Street Journal.

The QAZ-Trojan will send information to an external e-mail address, and in Microsoft's case the address was in St. Petersburg, Russia and the information was passwords, a Microsoft spokeswoman who asked not to be named said earlier today. Microsoft contacted the FBI. on Thursday, she said.

Contrary to reports published earlier which suggested that Microsoft's networks may have first been breeched as long as three months ago, a source close to the investigation said this afternoon that the hackers had access to Microsoft's internal systems for six weeks or less.

"It's very rare that a company would reveal that it had been hacked this way ... it appears that it was serious," said Richard Stiennon, a security analyst for the market research firm Gartner Group. "We've seen that they have a good incident response team. Most corporations wouldn't know what the next step to take is."

"Even with all the security in place [at] Microsoft, and that Microsoft is the most attacked [company] in the world, this says that someone can still find and exploit weaknesses," Stiennon said.

Anna Johnson, director at Melbourne-based security consulting company Shake, says the "most amazing thing about the attack is that it could have been avoided."

"The QAZ Trojan has been around since July 2000," she said, "If Microsoft used up-to-date anti-virus filtering on their firewall and computer systems they would have been able to detect it."

The source code for Microsoft programs like the Windows operating system is under more-or-less constant modification by Microsoft's team as they look for errors and work on upgrades, said Russ Cooper, the moderator for an online forum for computer security, NTBugTraq.

Changes in source code would also have a ripple effect, he noted. "It's not like the copy of Windows you buy on a CD-ROM in the store," he said. "What if I make a change in Windows Me that will be shipped to consumers with a 'back door,' so I can break into their systems? The possibilities are endless. You can go off in 97 different directions."

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Show Comments

Most Popular Reviews

Latest News Articles


PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?