YOU ARE HERE: LAT HomeCollections

Hacker Tapped Into Microsoft for 3 Months

Security: Firm says only the code from an unspecified future product was penetrated. The FBI is investigating.


Some of the most closely guarded secrets in technology--the underlying source code to some Microsoft software--have been penetrated over the last three months. Many experts see this as a sign of the quickening evolution of computer hacking from an underground pastime into an instrument of bold industrial espionage.

Microsoft Corp. security officials discovered the electronic break-in Wednesday after noticing that some of their employees' passwords, with access to the company's computer network, were being sent to an outside e-mail address. According to some reports, the information was sent to a computer address in St. Petersburg, Russia.

The unknown intruder never gained access to any major software products, such as Windows ME, Windows 2000 or Microsoft Office, the company said. Only the code from an unspecified future product was accessible and nothing was changed, the company said.

Microsoft Chief Executive Steve Ballmer said the break-in was not very damaging. "But we want to make sure it doesn't get that way, and that's why we called in the FBI," he told Reuters.

The company declined to reveal what software was the target of this attack, although it was for a product at least three years from production. Among the products Microsoft is developing is the next generation of Windows, code-named Whistler, and an update to its Office suite of business software. These products are part of Microsoft's strategy to build the Internet into all its software.

A potentially more troubling problem is the enormous amount of e-mail messages and internal documents that would have also been open to the intruder during a three-month period.

"Microsoft has a lot of material on its computers, things like contracts, shipping information and other business documents," said Eugene H. Spafford, director of the Center for Education and Research in Information Assurance and Security at Purdue University. "If you have access to the system, you can see whatever is stored there and monitor whatever is moving along the wires."

Just four months ago, Oracle Corp., a longtime nemesis of Microsoft, admitted it had paid a detective to go through garbage bins looking for information that could have assisted in the prosecution of the ongoing landmark Microsoft antitrust case.

"There's no question that somebody--and not just a business rival--could have been searching for a smoking gun that would make it easier to convict Microsoft of a crime," Spafford said. "These don't necessarily have to be parties with a commercial interest. Hacker groups and even some governments are very unhappy with Microsoft."

Experts say a significant breach of security at the world's most powerful software company vividly demonstrates that computer hacking, once the province of shaggy-haired geeks, has long since evolved into a tool of Information Age espionage.

"The elan of the hacker, the adventurous culture of the hacker--we've moved on from all of that," said Richard Power, editorial director of the Computer Security Institute in San Francisco. "There are corporations and governments and freelancers that are going straight into your systems, taking the secrets they want and using them [for] research and development, or to sell them."

What has set this penetration apart from the usual hacker attacks is Microsoft's determination that it was the victim of a more modern variant specifically seeking commercial secrets.

"We are very confident in describing this as an act of industrial espionage," said Microsoft spokesman Dan Leach.

The extent of damage from the hacker is still uncertain and could range from minor mischief to a serious theft of company secrets.

Neither Microsoft nor the FBI has released any details about how the company's computer system was penetrated. But one theory being discussed by security experts is that Microsoft was the victim of a relatively well-known virus that emerged out of China this summer known as the QAZ Trojan.

The QAZ virus is typically transmitted as an e-mail attachment. Once the virus is installed on a computer, it disguises itself as the standard Windows Notepad word processing program.

The virus collects passwords and then opens a "back door" route for the intruder to secretly enter the network. Once the passwords are discovered, the intruder can simply sign on to the Microsoft network like a regular employee.

The virus also spreads itself to other computers on the same network so that if it is cleaned off one computer the intruder still has many "Trojan horses" lying in wait.

Experts agreed that if Microsoft was compromised using the QAZ Trojan, it would reflect poorly on the company's security prowess. "They might as well have no security," said Power of the Computer Security Institute.

The QAZ virus raises the possibility that Microsoft was not the victim of a cunning industrial spy but an amateur who got lucky with a relatively well-known virus, analysts said.

Los Angeles Times Articles