The inevitable finally happened in late October 2000: Microsoft announced that intruders had cracked and accessed its internal network over a period of time. The company discovered the break-in when security staffers noticed that someone was sending employee passwords to an email address in St. Petersburg, Russia. The stolen passwords apparently permitted access to the software source code for one of Microsoft's future products (the company refuted early reports that the break-in compromised the source code for Whistler and Office 10). Microsoft claimed that the crackers didn't destroy or modify any source code and that an internal examination showed all was well.
"We recently became aware of a hack to our corporate network," a Microsoft spokesperson confirmed the week of the announcement. "Microsoft is moving aggressively to isolate the problem and ensure the security of our internal network. We are confident that the integrity of Microsoft source code remains secure." Security experts said that the intruders might have intended the break-in to force Microsoft to release the source code to its software. (Unlike open-source software such as Linux, Mozilla, and Open-Office, Microsoft's source code is the company's crown jewels and a jealously guarded secret. The company has come under fire recently for refusing to embrace an open model of software development.)
After a quick internal examination revealed the extent of the intrusion, Microsoft contacted the Federal Bureau of Investigation (FBI). Most alarming was the revelation—which the company later refuted—that the intruders had access to Microsoft's product source code for an extended period. Although Microsoft's story has changed several times, the crackers had access to the network for between 5 days and 3 months, making the break-in an embarrassment of epic proportion for a company that many people criticize for neglecting security in its products. The day after Microsoft revealed the break-in, a report in The Wall Street Journal quoted sources close to the intruders. These sources stated that the malicious entities used the Qaz.Trojan virus, which generally spreads through email, to gain entry to Microsoft's network. The report noted that one or more Microsoft employees received an infected email message and inadvertently installed the Trojan horse. The program, which disguises itself as the Notepad text editor, reportedly sent messages to a remote computer in Asia, which gained control over the infected system or systems. The intruders then used other programs to collect employee passwords and send them to another email address. Then, the intruders used the passwords to gain remote entry to private areas of Microsoft's network, where the source code to the company's products resides.
Microsoft President and CEO Steve Ballmer, who was in Sweden at the time of the discovery, said then that the break-in was "not very damaging, but we want to make sure it doesn't get that way. ... That's why we called in the FBI." Ballmer initially denied that the intruders had accessed any Microsoft source code, but recanted a few days later. Ballmer immediately began working to calm Microsoft's corporate customers, who were understandably distressed by the possibility that the company shipped code that intruders might have modified. Two days later, the story changed yet again: Microsoft claimed that no one stole or modified the source code for currently shipping products and that the break-in provided external access to only one unnamed future product.