Hacker Access Lasted 12 Days, Microsoft Says
Microsoft Corp. said Sunday that a hacker had high-level access to its computer system for 12 days--not up to five weeks, as the company had first reported--and that the company monitored the illegal activity the entire time.
While the company says no major corporate secrets were stolen, at least one security expert believes the 12-day period was plenty of time for a hacker to do damage that might not have been detected yet.
Microsoft spokesman Rick Miller said Sunday that beginning Oct. 14, a hacker gained access to high-level secrets and that at some point in the next 12 days viewed blueprints, or source code, for Microsoft software that is being developed.
Originally, the Redmond, Wash.-based software giant said an electronic intruder had access to source code for as long as five weeks. On Friday, when the company first confirmed the incident, the duration was unclear, Miller said Sunday.
The company was alerted to the break-in, Miller explained, by the creation of new accounts giving users access to parts of Microsoft’s computer network.
“We start seeing these new accounts being created, but that could be an anomaly of the system,” Miller said. “After a day or two, we realized it was someone hacking into the system.”
It was not until Oct. 26, however, that the company notified federal law enforcement, which is investigating the matter.
“We realized the intrusion had grown to the level that warranted bringing in the FBI,” Miller said. The activity, he said, did not corrupt or modify the code for the product.
If any attempts to download or transfer the source code were made, such activity was not recorded in Microsoft’s logs, Miller said, adding that it is unlikely any source code files were copied because of their immense size.
But at least one security expert questioned Miller’s assessment.
“It’s impossible to say with absolute certainty that [source code] file has not been copied,” according to Simon Perry, vice president of security solutions at Computer Associates International in Islandia, N.Y. “Over a 12-day period, it would be absolutely possible to take a copy of that.”
Miller acknowledged the hacker could have been in the system for longer than 12 days, but he said the company is confident that high-level access occurred only between Oct. 14 and Oct. 25.
But even with low-level access, the hacker could have accessed corporate e-mails and other confidential information, Miller said.
Microsoft has refused to identify what program the source code was for, except to say it was a product years from release--not Windows or Office software.
Microsoft’s source codes are the most coveted in the multibillion-dollar industry.
