Microsoft Hack Challenges Administrators
- By Scott Bekker
In what is being called the biggest coup for hackers in
recent memory, Microsoft Corp.
president and CEO Steve Ballmer confirmed that Microsoft’s network was hacked
with a known virus.
While it was initially believed that source code for Windows
and Office were compromised, a Microsoft spokesman now says that the hackers
merely viewed source code for a future product under development. That source
code was not manipulated or altered in any way. However, the spokesman noted
that, “This is an act of industrial espionage, pure and simple.” Microsoft is
working with law enforcement, including the FBI, to resolve the security
The hack was reportedly perpetrated with a backdoor Trojan
virus known as QAZ. The QAZ virus piggybacks on an e-mail message and replaces
the Windows accessory Notepad.exe. When the user launches Notepad.exe, the
virus runs and changes the system registry to give the hacker access to the
computer when it is connected to the Internet.
Microsoft security personnel discovered the hack when they detected
network passwords being sent to an e-mail account in St. Petersburg, Russia.
Initial reports said that Microsoft security may have been aware of the intrusion for up to three months.
However, the Wall Street Journal of Monday, October 30, quoted an anonymous Microsoft official as saying that the attack lasted only 12 days and was closely monitored during that time in order to accumulate enough evidence to identify the hacker and assist law enforcement with their investigation. In the article, Microsoft claimed the attack only lasted from October 14 to October 25, rather than several months as earlier reported.
The hack comes several months after several well-publicized
attacks on Web giants Yahoo, eBay, and Amazon crippled traffic and business on
those sites. Security experts say that the attack damages Microsoft’s
credibility in the network security sector.
David Hughes, president of U.S. operations for Sophos Inc., an anti-virus and network
security vendor, says that the virus itself could have been stopped at
Microsoft’s network firewall gateway or at the individual users’ desktops. The
fact that it managed to breach security points to the need for Microsoft – for
all large enterprise networks – to shore up their network security practices
through a triumvirate of anti-virus software, strict implementation of safe
practices, and education of network users on the issue of viruses.
"If it can happen to Microsoft, it can happen to anyone," notes Hughes.
Fredric Pinkett, vice president of product marketing for Shym Technology, a security vendor, points to
the weak nature of passwords and PINs as security measures. Pinkett points out that
digital key technology, in which secure messages are stamped with a one-time
cryptographic “key”, are more secure than passwords and PINs. Digital key
technology could be poised to gain market prominence after this attack. - Isaac Slepner
Scott Bekker is editor in chief of Redmond Channel Partner magazine.