Microsoft Hack Challenges Administrators

In what is being called the biggest coup for hackers in recent memory, Microsoft Corp. president and CEO Steve Ballmer confirmed that Microsoft’s network was hacked with a known virus.

While it was initially believed that source code for Windows and Office were compromised, a Microsoft spokesman now says that the hackers merely viewed source code for a future product under development. That source code was not manipulated or altered in any way. However, the spokesman noted that, “This is an act of industrial espionage, pure and simple.” Microsoft is working with law enforcement, including the FBI, to resolve the security violation.

The hack was reportedly perpetrated with a backdoor Trojan virus known as QAZ. The QAZ virus piggybacks on an e-mail message and replaces the Windows accessory Notepad.exe. When the user launches Notepad.exe, the virus runs and changes the system registry to give the hacker access to the computer when it is connected to the Internet.

Microsoft security personnel discovered the hack when they detected network passwords being sent to an e-mail account in St. Petersburg, Russia. Initial reports said that Microsoft security may have been aware of the intrusion for up to three months.

However, the Wall Street Journal of Monday, October 30, quoted an anonymous Microsoft official as saying that the attack lasted only 12 days and was closely monitored during that time in order to accumulate enough evidence to identify the hacker and assist law enforcement with their investigation. In the article, Microsoft claimed the attack only lasted from October 14 to October 25, rather than several months as earlier reported.

The hack comes several months after several well-publicized attacks on Web giants Yahoo, eBay, and Amazon crippled traffic and business on those sites. Security experts say that the attack damages Microsoft’s credibility in the network security sector.

David Hughes, president of U.S. operations for Sophos Inc., an anti-virus and network security vendor, says that the virus itself could have been stopped at Microsoft’s network firewall gateway or at the individual users’ desktops. The fact that it managed to breach security points to the need for Microsoft – for all large enterprise networks – to shore up their network security practices through a triumvirate of anti-virus software, strict implementation of safe practices, and education of network users on the issue of viruses.

"If it can happen to Microsoft, it can happen to anyone," notes Hughes.

Fredric Pinkett, vice president of product marketing for Shym Technology, a security vendor, points to the weak nature of passwords and PINs as security measures. Pinkett points out that digital key technology, in which secure messages are stamped with a one-time cryptographic “key”, are more secure than passwords and PINs. Digital key technology could be poised to gain market prominence after this attack. - Isaac Slepner

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

comments powered by Disqus
Most   Popular