Cock up or conspiracy? Only the hacker and Microsoft know whether the penetration of its computer systems was a skilled break-in using custom code, or whether somebody working for the software giant did something human, and stupid. Microsoft isn't saying.
Chris McNab, a network security analyst at MIS Corporate Defence Solutions in Maidstone, says there are three possible scenarios. The most feasible, in his view, is that the hacker managed to get a Trojan (a rogue program) past Microsoft's defences, using electronic mail. The second possibility is that the hacker exploited a security lapse: perhaps an employee disabled his security software, or not all Microsoft's anti-virus software was kept up to date. The third possibility is that it was "an inside job": a disaffected employee or "summer intern" let the hacker in.
The current speculation is that Microsoft's firewalls - software designed to block intruders - and mailsweepers - software to detect malicious code attached to email messages - were penetrated by a Trojan: a program that presents itself as a useful document, image file, utility or game. When the user runs the attachment, the hidden Trojan code is installed on their computer.
Once installed, the Trojan could then do its work. It could, for example, record log-on names and passwords and email them to an address outside Microsoft. The common Love Letter virus used similar scripting techniques to mail itself to people in its victims' address books.
The hacker could then use the stolen names and passwords to log on to Microsoft's internal network, in effect pretending to be an employee working "off campus". Depending on that user's security level, the hacker might then be able to find and download "source code", the program code used to create popular applications such as Microsoft Office or Windows 2000.
Having the source code is like having a secret recipe for Coca-Cola. Examining the source code would enable hackers and rival software vendors to learn the strengths and weaknesses of Microsoft's programs. They might be able to improve their own software, by making it more compatible with Windows, or exploit any security holes they might find.
According to the conspiracy theory, a skilled hacker created a custom Trojan to evade Microsoft's defences, which would identify and remove any of the ones in common circulation. Examples include QAZ, SubSeven, Netbus and BackOrifice.
But according to the cock up theory, QAZ or a similar Trojan was installed by accident, and a hacker got lucky. Perhaps someone downloaded an infected program from the internet, installed it from a CD-rom, or brought in an infected notebook computer loaded with an out-of-date virus checker.
Such things should not happen, but they do. Philip Ryan, chairman of the Security Forum and an information security specialist with Peapod, says: "I do security audits all the time, and even in companies that you would think would be the most secure, there are always staff using out-of-date security products."
Graham Cluley, senior technology consultant at Sophos Anti-Virus in the UK, says: "All companies are at risk, because firewalls and anti-virus software are not enough. Staff have to realise that they can't download programs from the web, and they can't run programs unless there's a justifiable business reason for running them. It's all about getting users to act sensibly and take responsibility for the data on their disks."
Related articles:
The issue explained: How Microsoft was hacked
Hackers attack Microsoft network
Useful links:
Internet protection centre - nipc
