The FBI last week began an investigation into the computer break-in at the software company, which Microsoft said gave intruders access to its corporate network for 12 days. However, it said it was aware of the incident for much of this time.
Microsoft initially said ‘the integrity of our source code remains intact,’ but late on Friday admitted that the hacker ‘was able to view some source code under development.’ However, Microsoft said source code for its existing Windows and Office software was not seen.
The break-in, as well as damaging Microsoft’s reputation, raised fears that the hacker could have modified products, making them damaging to end users. Microsoft claims ‘no modifications or corruptions’ were made and ‘no source code was downloaded.’
Speaking to the Associated Press newswire on Sunday, Microsoft spokesman Rick Miller said: ‘We start[ed] seeing these new accounts being created, but that could be an anomaly of the system. After a day or two, we realized it was someone hacking into the system.’
According to the Wall Street Journal, the break-in was discovered on Wednesday after Microsoft security staff detected passwords being remotely sent to an email account in St Petersburg, Russia.
A Microsoft spokeswoman said of the hackers, who could have had undetected access since July: ‘This has been a deplorable act of industrial espionage and we are working with law enforcement agencies to protect our intellectual properties.’
Access to the network was gained by emailing a program, called the QAZ Trojan, into Microsoft’s network that created a ‘back door’ for the intruders, according to the paper’s sources.
These internal passwords may have been used to transfer source code outside of the Microsoft campus. By yesterday, the software giant had begun to check every file on the compromised areas of its network that had been modified for any reason in the past three months.
Microsoft said: ‘We are implementing an aggressive plan to protect our corporate network from unauthorised attempts to gain access, and are working on both immediate and long-term solutions.’
This article first appeared on vnunet.com
If businesses do not take cyber security seriously in their business planning regulators may do it for them, the ICAEW has warned
The Financial Reporting Council has issued guidance regarding the annual reporting of 1,200 large and smaller listed companies. The letter highlighted the key issues and improvements that can be made in the 2016 reporting season
Deloitte's north-west Europe foray; BDO, Smith & Williamson investment paths; Shelley Stock Hutter; and Wilkins Kennedy discussed by editor Kevin Reed on our Friday Afternoon Live broadcast
Company bosses are considering relocating operations or headquarters away from the UK following the country's decision to leave the European Union