BBC Homepage World Service Education
BBC Homepagelow graphics version | feedback | help
BBC News Online
 You are in: Business
Front Page 
UK Politics 
Market Data 
Your Money 
Business Basics 
Talking Point 
In Depth 

Friday, 27 October, 2000, 13:56 GMT 14:56 UK
No network is safe from attack
Windows logo  Microsoft
Where do the hackers want to go today?
By BBC News Online internet reporter Mark Ward

Security experts say the attack on Microsoft shows that no-one is safe - not even the people who make the software that is being attacked.

The incident also demonstrates that organisations need to change their ways if they want to secure their networks and protect themselves from malicious hackers.

But security experts also say that Microsoft is a victim of its self-imposed rate of change, as it churns out continously new versions of its software.

The company could also have done much more to protect itself and seems to have ignored warnings about similar attacks carried out earlier this year.

Without warning

Details of who hacked Microsoft and what they got away with are scant, but the incident goes to show that even companies that produce software for a living are not immune from the attentions of malicious hackers.

"No-one is safe," says Terrence Peters, operations manager at ethical hacking group Defcom. "You have to be on your guard all the time."

Kenneth De Spiegeleire, consulting manager at Internet Security Systems, says that although there are many good security products available and a lot of expert knowledge that can be called on, at the end of the day it falls to the managers of corporate networks to ensure they are doing all they can to seal and secure networks.

"It is the management of security that is the real headache," he says.

Certainly Microsoft seems to have ignored warnings about the malicious program the hackers used in their attack on the software giant.

Reports suggest that the hackers smuggled a program called QAZ Trojan into Microsoft's corporate network. This piece of software then proceeded to identify machines within the network and stole information on these computers.

The QAZ Trojan was first identified in July this year. Patches for anti-virus programs to safeguard computers against it were available soon after.

The Computer Emergency Response Team issued a warning about attacks using such trojans as early as March, and Microsoft itself issued advice to customers about the problem.

"Why has it taken since July for someone to draw it to Microsoft's attention or for them to do something about it?" asks Mr Peters.

Enormous network

But it may have been the sheer size of Microsoft's computer network - serving 40,000 employees - that defeated attempts to protect it.

"Network security managers have to find and plug every hole in their network to be completely safe," said Mr De Spiegeleire, "But a hacker only needs to find one hole and he is in."

Like its name implies the QAZ trojan masquerades as a benign program but starts to attack once it has breached the defences of its target.

QAZ does not damage files but does propagate itself inside a company's network, and report back on all the machines it infects to an outside machine. Information stolen from Microsoft seems to have been sent to Russia, although this could be a front for people anywhere on the net.

Anyone who is looking for vulnerabilities in Microsoft products to exploit, has no shortage of targets. When Windows 2000 was released earlier this year Microsoft admitted that the software had around 20,000 "known issues".

Top target

What also might have defeated Microsoft is its relentless pace of change. The company regularly issues updates to programs adding new features, fixing bugs or completely updating the software.

"When you have changes like that people will look to see how secure the new software is," said Mr Peters.

Defcom always waits until the third release of a new Microsoft program before using it, after which the biggest bugs should have been found.

Microsoft is more of a target than most because of its dominance of the personal software world and its perceived arrogance. Many hacking groups and programmers happily spend hours searching for holes in Microsoft products and revealing how they leave customers open to attack.

If the malicious hackers have stolen some source code, the incident could be very embarrasing for Microsoft given what it is currently developing.

In June Bill Gates unveiled Microsoft's .Net strategy, and attempt to unify its Windows family of products and put the internet at the heart of everything the company is doing.

The strategy called for an overhaul of most of the software in the Windows family. Some of the future enhancements to Windows are already hidden inside older versions of Microsoft's software.

If the hackers discovered the undocumented features or future product plans, they may have downloaded some very valuable information.

Search BBC News Online

Advanced search options
Launch console
See also:

17 May 00 | Sci/Tech
Hackers get backdoor access
24 Aug 00 | Sci/Tech
'Trojans' open online accounts
01 Sep 00 | Sci/Tech
Virus threat to handheld PCs
30 Jun 00 | Sci/Tech
Interpol patrols the web
26 Feb 00 | Sci/Tech
Web hackers strike again
12 Feb 00 | Sci/Tech
Hackers slam 'web vandals'
22 Jun 00 | Sci/Tech
Windows embraces the web
Links to more Business stories are at the foot of the page.

E-mail this story to a friend

Links to more Business stories