BBC Homepage World Service Education
BBC Homepagelow graphics version | feedback | help
BBC News Online
 You are in: Business
Front Page 
UK Politics 
Market Data 
Your Money 
Business Basics 
Talking Point 
In Depth 

Computer security consultant Robert Shifreen:
"It is going to do Microsoft an awful lot of damage"
 real 28k

Oliver Roll, Microsoft UK
"We have called in the FBI to help us with the investigation"
 real 56k

Monday, 30 October, 2000, 13:03 GMT
Microsoft downplays hack attack
Graphic BBC
Software giant Microsoft is trying to play down the damage done after malicious hackers infiltrated its computer network.

On Friday, the company said the hackers had roamed its systems for five weeks. Now, Microsoft insists that they had high-level access for just 12 days, were monitored during this time, and that no damage was done.

We realised the intrusion had grown to the level that warranted bringing in the FBI

Rick Miller, Microsoft
According to Microsoft spokesman Rick Miller, the hackers' biggest scoop was to be able to view the source code - or blueprint - of a Microsoft program still under development.

But he said the product - which he did not identify - was neither corrupted nor modified, and was still years from being released.

He also said Microsoft's log files suggested that the source code had not been downloaded or transferred to another computer outside the Microsoft network.

Computer security experts, however, are casting doubts on this assessment. They say 12 days are more than enough to copy a large source code file, and point out that such files can be easily compressed into a smaller format.

And anybody viewing the source code should be able to download it without too many problems, they argue.

If the hackers had managed to access the source code of a Microsoft program already on the market, they would have been able to distribute versions of the product that looked legitimate, but contained security holes or computer viruses.

Calling the FBI

Microsoft spokesman Rick Miller said the hackers had gained access to high-level secrets on Saturday, 14 October.

At first, the software firm tried to handle the situation by itself. But on 26 October, it notified the authorities after "the intrusion had grown to the level that warranted bringing in the FBI".

He said Microsoft had first given a larger timeframe because the exact duration of the hackers' presence had been unclear and the company wanted to make sure that it did not underestimate the problem.

First suspicions

First suspicions were raised when Microsoft discovered the creation of new user accounts for no good reason. "After a day or two, we realised it was someone hacking into the system", Mr Miller said.

Microsoft has not said how and for how long exactly it did monitor the hackers' activities, but judging from these comments, the intruders clearly had a window of opportunity to roam the company's network unchecked.

On Friday, Microsoft's president and chief executive, Steve Ballmer, had insisted that "we know there has been no compromise of the integrity of the source code; that it has not been modified or tampered with in any way".


There has been a lot of speculation as to who could be behind the hack attack.

Microsoft is hated in hacker circles, and an obvious target, as its software is found on more than 90% of all computers worldwide.

Joel de la Garza, expert with Silicon Valley-based computer firm Securify, said: "Eighty percent of the security incidents I see are teenage kids out to have a good time, but the remaining 20% [are] attackers with a stated objective and a definite plan on how to accomplish it".

Blackmail possibility

If the Microsoft hackers fall into the latter category, they could have been sent by commercial competitors that wanted to have a look at what their big rival was doing.

Another possible suspect are criminal gangs who might want to hold the source code "hostage", threatening to release it unless Microsoft pays up.

During the break-in, internal passwords for Microsoft's network were reportedly sent remotely to an e-mail account in St Petersburg in Russia.

Russian hackers have broken into corporate networks in the United States before, although these e-mails could quite easily be a decoy to hide the true identity of the attackers.

Help from virus

Computer security experts say the hackers appear to have used a virus called QAZ to break into Microsoft's network.

They say QAZ first surfaced in China in July and is a "worm" virus, which makes copies of itself to spread throughout a network.

Once installed, the QAZ program allows hackers unauthorised access to the network by, for example, relaying back to them passwords and other secret information.

It is also believed that the virus entered Microsoft's system within an inconspicuous-looking e-mail and, once inside, began replicating.

This kind of virus is known as a Trojan, after the Trojan Horse of Greek mythology, which was used to end the siege of Troy.

Search BBC News Online

Advanced search options
Launch console
See also:

17 Jun 00 | Sci/Tech
AOL hit by hackers
26 Sep 00 | Business
Time on Microsoft's side
Internet links:

The BBC is not responsible for the content of external internet sites

Links to more Business stories are at the foot of the page.

E-mail this story to a friend

Links to more Business stories