Microsoft hackers leak secrets to Russia

Click to follow
The Independent Online

Hackers penetrated Microsoft's internal computer system and leaked company secrets to Russia in an electronic break-in which may have lasted for months.

Hackers penetrated Microsoft's internal computer system and leaked company secrets to Russia in an electronic break-in which may have lasted for months.

Company chiefs admitted yesterday that they discovered the breach on Wednesday but had no idea how long it had gone on. Initial reports suggested that it was caused by someone within the software giant's main campus at Redmond,, Washington state receiving an email infected with a 'Trojan horse' program, which let outsiders gain control of the machine.

However Microsoft's president and chief executive Steve Ballmer said that the attack had been "not very" damaging, though he admitted the hackers had seen - but not altered - source code of its top products. The company called in the US Federal Bureau of Investigation (FBI) to investigate, and called the breach "a deplorable act of industrial espionage".

The source code is the crown jewels of Microsoft's operation. If people could copy it, they might create programs using Microsoft expertise - or apparent duplicates which would actually contain 'back doors' to let them get confidential information.

Mr Ballmer said: "It is clear that hackers did see some of our source code. But I can assure you that there has been no compromise of the integrity of the source code and that it has not been modified or tampered with in any way."

If the source code has leaked out, the effect on Microsoft could be disastrous. "Our source code is what creates our products," said Shaun Orpen, UK director of corporate marketing for Microsoft. "When you buy Windows or Office, you need to feel confident that it is a fully authorised copy." Office and Windows are the platforms on which Microsoft's profits are built.

The break-in was discovered by Microsoft security staff on Wednesday, in emails heading to St Petersburg which contained specific passwords required to transfer source code for Windows and Office to external addresses. They apparently came from a programmer's machine inside Microsoft.

Mikko Hypponen, a security expert at Finland-based data protection specialists F-Secure, said the fact that the worm had infected programmers' computers was not unusual because programmers usually disable virus and Trojan- prevention software, which slows down computers.

But a former head of security for Microsoft in Europe suggested that rather than a Trojan, the attack could have been an inside job. "Microsoft takes all possible care to make sure that its computer systems can't be penetrated," said Graham Satchwell, now managing director of online security company Dick Tracy. "I think it's more likely that this will be as a result of some indiscretion within Microsoft. You would have to be very clever to get a Trojan program inside the Microsoft campus."

Some reports said that the break-in was the result of infection by a program called QAZ.

First seen in China in July this program uses e-mail to open up a 'back door' to the recipient's computer.