Hackers have broken into Microsoft’s computer system and may have gained access to the source code behind its software.
The hackers were thought to have had access to source codes behind Microsoft’s software for three months and could have stolen blueprints of Windows and Office products.
Microsoft, however, was confident that the integrity of its source code remained secure. Spokesperson Rick Miller said there was no evidence that any source code for Windows or other commercial software made by Microsoft had been modified or corrupted since the computer system had been broken into.
The attack, discovered by security staff, was being investigated by the company and the FBI.
The Wall Street Journal said security staff had discovered that passwords used to transfer the source code behind Microsoft’s software were being sent from the company’s computer network in Redmond, Washington, to an e-mail account in St. Petersburg, Russia using a password-stealing exploit.
Microsoft, meanwhile has vowed to shore up internal security.
While attempted attacks on its corporate network and those of other high-profile companies are routine, the company characterized this incident in unusually strong terms. “This was a deplorable act of industrial espionage,” Rick Miller said. “We’re taking this very seriously and have both an immediate and long-term solution to protect our internal corporate network.”
The value of the Windows source code has become an issue in the US government’s antitrust case against Microsoft. Forcing the company to license the Windows source code to other companies is a remedy the government had considered.
But a stolen copy of the source code is a far cry from a legal license to use it. While the latter would allow a company to market a competitor to Windows, the former would not. Instead, it could provide aid to projects that are trying to reverse-engineer aspects of Windows.
Stolen software code can also yield clues to a product’s security flaws. The worst-case scenario for a company whose source code has been exposed is that invaders make changes to the original that aren’t noticed until the product ships. In that case, the attackers could add back doors or program malicious code into the product.