To co ponizej to z Wall Street Journal, juz prawie zaczelam wspolczuc
pracownikom MS, ze sa obiektami atakow tak wyrafinowanych hackersow, az
doszlam do miejsca:
"An unknown employee received an e-mail message carrying the dangerous
software payload and inadvertently installed it. The viruslike software
disguised itself as Notepad, a Windows program used for reading text
messages."
Taki "dangerous software payload" wysylajacy do Chin mielismy na domowym
komputerze przed +- miesiacem, dal sie latwo wykryc zwykla personal
firewall. Teraz tylko zastanawiamy sie, czy zostal podeslany e-mailem czy
tez przyszedl z nowym Microsoftowym Office2000.
zdumiona niepomiernie jak to mozna z wlasnej agno/ignorancji zrobic widly na
skale swiatowa --
Mirka
==
================================
October 27, 2000
Microsoft Said Hackers Failed to See Codes for Its Most Popular Products
A WSJ.COM News Roundup
Microsoft Corp. said Friday that hackers who broke into its computer
networks gained access to blueprints for software under development but
didn't see codes for the company's most popular products.
"This situation appears to be much narrower than originally thought," said
spokesman Mark Murray. "The investigation shows no evidence the intruder
gained access to the source codes for Windows ME, Windows 2000 or Office.
That is very good news."
Windows is the company's flagship operating system for personal computers
and networks, with Windows ME the latest version of the software for
consumers, while Office is its package of word processing, spreadsheet and
other business software.
Mr. Murray said the hackers viewed codes only for products being designed
for release years from now, and didn't modify or corrupt those codes.
While that was a relief to the company, the Redmond, Wash., software giant
remains extremely concerned about the intrusion.
"They did in fact access the source codes," Chief Executive Steve Ballmer
said during a meeting in Stockholm Friday. "You bet this is an issue of
great importance."
The break-in was discovered Wednesday by Microsoft's security employees
after they detected passwords being remotely sent to an e-mail account in
St. Petersburg, Russia. Microsoft interpreted electronic logs as showing
that those internal passwords were used to transfer source code outside the
Microsoft campus.
Another Microsoft spokesman, John Pinette, said consumer, business and
government computers running Microsoft software should be safe. "We don't
believe customers are going to be affected in any way," he said.
Mr. Pinette wouldn't speculate on who was responsible for the break-in or
on a possible motive. But industry experts opined Thursday that the
intrusion could have been an attempt at a "data hostage" case, in which
hackers threaten to publicly disclose a corporation's intellectual property,
an increasingly common ploy among the most sophisticated electronic
thieves. Microsoft has long faced problems with more traditional software
piracy, particularly in developing countries, where people make and sell
unauthorized copies of Microsoft products.
Other possible motives include economic espionage, though experts said only
a rogue company might knowingly buy stolen software, using it either to
improve its own products or make those products more compatible with
Microsoft's best-selling operating systems.
Though it has shared some of its source code, under strict contracts, with
some partners, Microsoft generally guards the code jealously, as the secret
technology continues to underpin multibillion-dollar software businesses for
the company. During Microsoft's recent antitrust trial, the fate of the
source code became a major bone of contention between the company and the
government.
Microsoft initially sought to investigate the break-in itself but decided
Thursday to contact the Federal Bureau of Investigation. The electronic
burglary is an embarrassment for Microsoft, among the world's most powerful
companies and a favorite target of hackers, who deride the security
components that Microsoft builds into its software.
After the attack, Microsoft meticulously examined every computer file on
the compromised network that had been modified for any reason during the
preceding three months -- the period during which the company believes the
hackers have had access to the codes. The company also closely examining
recently shipped code for the Windows ME and Windows 2000 operating systems,
the Outlook and Outlook Express e-mail and calendar programs, and Microsoft
Office.
One person familiar with the case said it appeared the hackers initially
gained access to Microsoft's corporate computers by using hacker software
called the QAZ Trojan, which first surfaced in China in July. The QAZ
software is traditionally delivered by e-mail and opens a "back door"
to hackers, giving them remote control over the infected computer.
Here is how experts believe Microsoft was hacked:
An unknown employee received an e-mail message carrying the dangerous
software payload and inadvertently installed it. The viruslike software
disguised itself as Notepad, a Windows program used for reading text
messages.
QAZ then sent a remote signal to a computer in Asia with the location on the
Internet of the newly infected computer. Experts said QAZ also may have
automatically downloaded and installed hacker tools from a Web site in the
South Pacific. QAZ gave the intruder some control over the victim's
computer, and it automatically spread to any computers it found in that
section of Microsoft's campus.
The hackers used another program to collect employee passwords, which were
automatically sent to the Russian e-mail address.
Posing as Microsoft employees working off-campus, the hackers used the
pilfered passwords to enter sensitive areas of the network and began
downloading files.
===============================
