The inevitable apparently happened this week as Microsoft Corporation announced that its internal network had been hacked by a group of people who have reportedly stolen the source code to Microsoft Office and Windows. Microsoft discovered the break-in on Wednesday, when security staffers noticed that passwords needed to access the latest versions of Office and Windows were being sent to an email address in Russia. And that software source code--which includes that of Whistler and Office 10--has apparently been sent along to hackers in Russia as well. Microsoft says that the hackers haven't destroyed any of the source code and an internal examination apparently shows that all is well.
"We recently became aware of a hack to our corporate network," a Microsoft spokesperson confirmed. "Microsoft is moving aggressively to isolate the problem and ensure the security of our internal network. We are confident that the integrity of Microsoft source code remains secure." Security experts say that the hack was likely performed to force Microsoft to release the source code to its software. Unlike open source software such as Linux, Mozilla, and Open Office, Microsoft's crown jewels are jealously guarded secrets. The company has come under fire recently for refusing to embrace the new, open model of software development.
After a quick internal examination, Microsoft discovered that the break-in was vast enough to require attention by the Federal Bureau of Investigation (FBI), which was contacted Thursday. Most alarming is the revelation that the hackers have had access to Microsoft's internal source code for about three months, making this an embarrassment of epic proportions for a company that has often been criticized for the poor security in its own products. A report in the Wall Street Journal says that the hackers were able to gain entry to Microsoft's network using the QAZ Trojan software, which is generally delivered via email. The WSJ says that one or more employees of the company probably received an email infected with the Trojan and inadvertently installed it. The software then disguised itself as Notepad, the text editor that's included in all versions of Windows, and sent messages to a remote computer in Asia, which then gained control over the user's system. Hackers in Russia then used other programs to collect employee passwords, which were sent to the Russian email address. These passwords were then used to remotely gain entry to the private areas of Microsoft's network, where the source code is stored.
Microsoft president and CEO Steve Ballmer said Friday that the break-in was "not very damaging, but we want to make sure it doesn't get that way and that's why we called in the FBI." Ballmer denied that the hackers accessed any of Microsoft's source code. The comments were made to calm Microsoft's corporate customers, which would understandably be distressed by the possibility that the company had shipped code that could have been modified by hackers