News > Technology
Microsoft: big hack attack
October 27, 2000: 7:28 p.m. ET

Raiders cracked into networks, but software titan plays down the damage
By Staff Writer Jamey Keaten
graphic graphic
LONDON (CNNfn) - Hackers gained access to some of Microsoft Corp.'s essential product secrets, the world's most powerful technology company said Friday, acknowledging a security breach that is a major embarrassment for the software company and its wealthy chairman, Bill Gates.

Redmond, Wash.-based Microsoft (MSFT: Research, Estimates) said it had not yet found any damage from the raid on its network, and is working with graphicthe U.S. Federal Bureau of Investigation to track down the culprits while buckling down its security systems to prevent a recurrence of such incidents, said a spokesman. The company said the hackers' motive is not yet known.

The Wall Street Journal first reported Monday that the unknown hackers were believed to have gained access to the source code to its most valuable software, including latest versions of Windows and Office.

The source code for a software application contains the readable building blocks that enable a program to do its job.

A Microsoft spokesman told CNNfn Friday afternoon that they did not see any source code for the company's major products including Windows 2000 and Office. What they appear to have had access to is the source code for products in development "years and years away," the spokesman said.

Microsoft, though, said it had "no information yet" on whether anything was stolen.

Microsoft Chief Executive Officer and President Steve Ballmer, speaking in Stockholm, Sweden, where he was attending a conference, said hackers had seen but not managed to change key source codes, according to a Reuters report.

"It is clear that hackers did see some of our source code," Ballmer told Microsoft programmers and reporters at a seminar in Stockholm. "I can assure you that we know that there has been no compromise of the integrity of the source code," he added.

But some security experts aren't so sure. In an interview on CNNfn's Moneyline News Hour Friday, Ira Winkler, president of Internet Security Advisers Group, said Microsoft's statements that the incident will not have any impact on its products or customers may be premature. [117K WAV or 117K AIFF]

A person close to the matter told the hackers could have had access to internal systems for as many as 60 days. A London spokesman for Microsoft found signs the intrusion "may have come from St. Petersburg in Russia." graphic

Microsoft declined to estimate the cost to the company, but the incident highlights the vulnerability of Microsoft's intellectual property.

While the hackers may not have tampered with the software, access to the underlying code could have enabled them to write their own software, or sell the code to other unscrupulous operators. The hackers could also try to blackmail Microsoft into paying to win back any purloined code -- what industry experts call a "data hostage" ploy.

Who could benefit?

Industry experts said that getting access to confidential information from Microsoft's internal network could theoretically be of benefit to the software giant's competitors.

"If someone can get the jump on where Microsoft is going next -- or, as it puts it where it wants to go today -- [the person] can steal a march and get ahead," said Gary Grant, director of global operations at computer security system provider Defcom in London. However, he said "it would be tantamount to suicide" for competitors to exploit illegally obtained information about Microsoft code for their commercial benefit.

Although the company strives to preserve the confidentiality of how its software is put together, Microsoft shares the code for Windows among graphicpartner companies that write software to fit the Windows operating system.

In afternoon Nasdaq trading Friday, shares of Microsoft were up $3.88 at $68.31.

While such a breach of security is an embarrassment for Microsoft, its cost in dollars is likely to be minimal, some market watchers said.

"If it were as negative as it appears on the surface, Microsoft stock would be dropping like a rock, and it's doing just the opposite," said Gerard Cassidy, an analyst at Tucker Anthony Capital Markets. "It doesn't appear to be something that's material in nature."

Attempted break-ins are common at Microsoft, company spokesman Rick Miller said, adding that the latest incident has prompted Microsoft to put in place an "aggressive plan to protect its internal networks." The company, as the world's leading software maker, has long been a victim of piracy -- the illegal copying of its products.

"Microsoft has got a real problem because they must be in the top 10 percent of companies that are attempted to be hacked into," said Grant.

The cost of piracy

The Business Software Association, a Washington-based software industry consortium, estimated in a May report that losses due to piracy topped $12 billion worldwide in 1999. Today one in four pieces of software in circulation is pirated, a spokeswoman for the organization in London told Friday.

The Journal, citing a person familiar with the break-in, said it appeared that the electronic intruders tapped into Microsoft's system by e-mailing software known as QAZ Trojan into the company network, which can be then used to delete files or deliver passwords.

But industry experts said that Trojan is a relatively unsophisticated hacker's tool, which isn't likely to have duped Microsoft's systems on its own.

"Microsoft's credibility will have been damaged by this hack," said Graham Cluley, a senior technology consultant with Sophos Anti-Virus, a provider of anti-hacking solutions in London. "How can the biggest software company in the world not employ the simple safe-computing practices which could have protected it from this sort of attack?"

Defending a company's networks against Trojan, said Grant of Defcom, "is a basic level of protection that you'd expect any high-profile company to have." For hackers, he said, the prestige of cracking into the systems of the world's biggest software company could be motivation enough to launch such an attack.

Security breaches rife

In a survey published in March 2000, industry group Computer Security Institute found that 90 percent of respondents, mainly big corporations and government agencies, detected computer security breaches over the previous 12 months. Twenty-five percent of respondents detected penetration from outside the organization. The study was conducted with help from the San Francisco FBI.

The siege comes after a difficult period for Microsoft, which has been battling against a U.S. government effort to break the software company in two on that grounds that it allegedly misused its market power.

Microsoft is appealing District Judge Thomas Penfield Jackson's final order that requires the company to separate its Windows operating system business from its applications business, and bars the software company from engaging in practices that the court found led to the antitrust law violations.

The appeal may eventually be heard by the U.S. Supreme Court.

And Bill Gates' company is not the only high-tech firm that has become the target of unauthorized hacking in recent months. A barrage of cyber-assaults was directed at Web sites of, Yahoo!, eBay and last February by hackers intent on disrupting Internet business. Back to top


British hackers busted - Mar. 24, 2000

Cybercrime on the rise - Mar. 10, 2000

Ebay,, Amazon, sites hit - Feb. 8, 2000



Note: Pages will open in a new browser window
External sites are not endorsed by CNNmoney