Microsoft has admitted that source code for some of its products under development was seen by hackers who gained access to its corporate network.

The FBI last week began an investigation into the computer break-in at the Redmond giant, which Microsoft said gave intruders access to its corporate network for 12 days. However, it said it was aware of the incident for much of this time.

Microsoft initially said "the integrity of our source code remains intact", but late Friday admitted that the hacker "was able to view some source code under development". However, Microsoft said source code for its existing Windows and Office software was not seen.

The break-in, as well as damaging Microsoft's reputation, raised fears that the hacker could have modified products, making them damaging to end users. Microsoft claims "no modifications or corruptions" were made and "no source code was downloaded".

Speaking to the Associated Press newswire on Sunday, Microsoft spokesman Rick Miller said: "We start[ed] seeing these new accounts being created, but that could be an anomaly of the system. After a day or two, we realised it was someone hacking into the system."

According to the Wall Street Journal, the break-in was discovered on Wednesday after Microsoft security staff detected passwords being remotely sent to an email account in St Petersburg, Russia.

A Microsoft spokeswoman said of the hackers, who could have had undetected access since July: "This has been a deplorable act of industrial espionage and we are working with law enforcement agencies to protect our intellectual properties."

Access to the network was gained by emailing a program, called the QAZ Trojan, into Microsoft's network that created a 'back door' for the intruders, according to the paper's sources.

These internal passwords may have been used to transfer source code outside of the Microsoft campus. By yesterday, the software giant had begun to check every file on the compromised areas of its network that had been modified for any reason in the past three months.

Microsoft said: "We are implementing an aggressive plan to protect our corporate network from unauthorised attempts to gain access, and are working on both immediate and long-term solutions."

Paul Rogers, network security analyst at MIS Corporate Defence Solutions, said the QAZ Trojan theory is "certainly one of the three most likely scenarios in this case and seems perfectly plausible".

Another involves scanning the network for weaknesses, while a third cause could be a disgruntled employee disabling security protection methods such as firewalls.

Rogers expressed surprise that the hack could possibly have gone undetected for so long. "Large organisations such as Microsoft should be more proactive in their security. The QAZ Trojan hasn't had much publicity but is well known within the security industry," he said.

Graham Cluley, senior technology consultant at antivirus software firm Sophos, told vnunet.com: "The QAZ surfaced in July but we didn't issue our first alert until 29 August as it was only then reports of the virus began to filter through.

"If it is the QAZ Trojan, then it becomes a question of how many computers were affected and exactly what the users had access to. Microsoft should be able to identify what hasn't been affected easily enough, but it will be harder for them to identify what may have been altered.

"But really, a decent firewall or updated antivirus software should have stopped this happening."

See also:

Stolen Windows code hits the internet

Sections of Windows 2000 and NT turn up on peer-to-peer programs  13 Feb 2004

Microsoft week ends with another attack

Microsoft said it was the victim of a second denial of service attack that prevented some customers from accessing its website late Friday UK time.  29 Jan 2001

Microsoft in fresh hack attack

Microsoft confirmed it was the victim of a denial of service attack yesterday, which it said was separate to the human error that crippled its main web properties for much of Tuesday and Wednesday.  26 Jan 2001

Hackers beat Microsoft - again

Microsoft this morning fell victim to hackers for the second time in just three days when attackers brought down the software giant's Slovenia website.  18 Dec 2000

Security spending doesn't match risks

Security breaches cause more than $15bn worth of damage worldwide every year, yet total investment on network security is only half this, according to a study by analyst Datamonitor.  15 Nov 2000

Internet worms spread from Latin America

Internet worms, which at first were thought to be dormant, are spreading around the world after incubating in areas such as Latin America, where antivirus protection is less stringent.  13 Nov 2000

Christmas card virus strikes worldwide

Antivirus companies are warning of an internet worm, previously thought to be of little harm, which struck 10 of the Fortune 500 companies in the US on Friday.  10 Nov 2000

Microsoft promises Whistler next year

Microsoft claims it is on track to ship Whistler, the next version of its Windows operating system, next year despite influential analyst opinion that the release date is likely to slip.  08 Nov 2000

Microsoft plays down second hack attack

Microsoft's internal network has been broken into for the second time in as many weeks by a hacker who exploited the fact that the software giant had not applied its own security patches.  07 Nov 2000

Microsoft 'set hacker trap' theory

Hackers who broke into Microsoft's corporate network last month could have been lured into a hacker trap containing nothing more than dummy data, according to researcher Gartner.  06 Nov 2000

Microsoft patches Netmon security hole

Microsoft has issued a patch to prevent a potentially devastating vulnerability with its network management software that could allow an attacker to gain control of a victim's host system.  06 Nov 2000

Bug Watch: The rise of the network Trojan

The Microsoft hacking incident is one of the first high-profile cases of cyber espionage. It shows a growing trend towards viruses carrying Trojans that can launch websites or steal passwords. Experts have been predicting this evolution for the past two years.  03 Nov 2000

Users consider Microsoft hack implications

Analysts disagree over who was responsible for the hack on Microsoft's corporate network, why they did it, and how it might affect the software giant's customers.  02 Nov 2000

Microsoft hacked off with bug hunter

Microsoft has criticised a well-known bug hunter after he publicised details of a security weakness in one of the software giant's products before a patch was available.  01 Nov 2000

Website hacked after nine million attempts

The security information site that was hacked into over the weekend said it was the first successful attack out of nine million previous attempts.  31 Oct 2000

Warning issued over latest back door virus

Security experts have warned of a virus that can give intruders access to a user's computer, in a similar way to the method believed to have been used in the attack on Microsoft's corporate network.  31 Oct 2000

Microsoft hack boosts Trojan soundalike site

Microsoft may be reeling from last week's hack attack on its corporate network, but one UK company has benefited from the software giant's plight.  31 Oct 2000

Web attack cover-ups hamper policing

An expert on hacking has warned that the secrecy surrounding corporate security breaches is holding back the war against cybercrime.  27 Oct 2000

Anti-hacking squads could help corporates

Gartner has called on enterprises to consider establishing specialist internal anti-hacking teams who would have wide ranging powers to defend against internet attacks.  18 Oct 2000

Bug Watch: The hidden danger in email

Email is becoming the most popular form of communication in business. Discretion, however, is not one of its advantages.  13 Oct 2000

Bill Gates targeted in hack attack

A story posted on a US newspaper's website has suggested that Bill Gates has been arrested for breaking into "hundreds, maybe thousands" of computers including those of Nasa's Jet Propulsion Lab in Pasadena and Stanford University.  12 Oct 2000

Bug Watch: Protecting corporate credibility

If you read most of the media reports about the latest and greatest virus you will probably believe that the worst a virus can do is destroy your data. But is this really a disaster? After all, most companies make backups of important data and if hard disks get wiped, it's inconvenient but recoverable.  02 Oct 2000

HSBC web host under fire over fuel hack

The external supplier believed to be responsible for managing the areas of HSBC's website vandalised by a hacker this week has been criticised in connection with the incident.  22 Sep 2000

Hacked websites 'didn't read the manual'

Microsoft has blamed administrator error, rather than a bug in its software, for leaving hundreds of websites running SQL server open to attack this week.  18 Aug 2000

Security: how safe is your data?

While security has always been an issue, the ability of organisations and individuals to keep their confidential data safe not only from prying eyes but also from attack is becoming an ever greater concern. The problem is becoming particularly marked as the world becomes more networked and companies conduct increasing amounts of business over the internet. Here we look at a range of issues that are starting to affect every one of us.  29 Jun 2000

Like this story? Spread the news by clicking below:

 del.icio.us     Digg this     reddit!