Skip to main content
ad info

 
CNN.com technology > computing
    Editions | myCNN | Video | Audio | Headline News Brief | Feedback  

 

  Search
 
 

 
TECHNOLOGY
TOP STORIES

Consumer group: Online privacy protections fall short

Guide to a wired Super Bowl

Debate opens on making e-commerce law consistent

(MORE)

TOP STORIES

More than 11,000 killed in India quake

Mideast negotiators want to continue talks after Israeli elections

(MORE)

MARKETS
4:30pm ET, 4/16
144.70
8257.60
3.71
1394.72
10.90
879.91
 


WORLD

U.S.

POLITICS

LAW

ENTERTAINMENT

HEALTH

TRAVEL

FOOD

ARTS & STYLE



(MORE HEADLINES)
*
 
CNN Websites
Networks image


Report: Microsoft hack a U.S. security risk

Computerworld

(IDG) -- Although Microsoft Corp. has denied that the hacker who penetrated its network in October gained access to any of the company's source code, a recent report by a Washington-based think tank is warning that the compromise may hold grave national security implications.

In a report released this month titled "Cyber Threats and Information Security: Meeting the 21st Century Challenge," the Center for Strategic and International Studies (CSIS) concluded that the government and the private sector should be concerned about the "trustworthiness" of future Microsoft products in the aftermath of the hack into the company's network. Former Deputy Secretary of Defense John Hamre, a longtime cybersecurity proponent in the defense and intelligence communities, heads the CSIS.

  MESSAGE BOARD
 

"It is doubtful that the millions (sometimes billions) of lines of code required to power Microsoft's products could readily be sanitized," the CSIS report states. "With most military and government systems powered by Microsoft software and more generally reliant on [commercial, off-the-shelf systems], this recent development can pose grave national-security-related concerns," the 73-page report concludes.

Microsoft, however, strongly disagrees with the analysis.

IDG.net INFOCENTER
IDG.net
Related IDG.net Stories
Features
Visit an IDG site


IDG.net search



"The CSIS quote sensationalizes the incident and misstates the facts in a number of important ways," a Microsoft spokesman said. "Most important, Microsoft has repeatedly stated that after tracking the intruders and investigating their activities, there is no evidence and no basis to believe that they had any access at all to Windows or Office source code. That is, we have no reason to believe that the intruders were able to see Windows or Office source code, much less modify it. Microsoft's current and future products remain intact and secure, and customers can use them with confidence."

Microsoft security personnel discovered the hack in October when they noticed that passwords were being remotely sent to an e-mail account in Russia. The hackers then posed as Microsoft employees working off-site rather than at the company's Redmond, Wash., headquarters to gain access to sensitive areas within Microsoft's internal network (see "Microsoft stung by hack attack," link below).

Government systems aren't the only ones at risk, according to CSIS. "Whoever stole proprietary secrets at the heart of the ubiquitous Windows program can hack into any PC in the world that uses it and is connected to the Internet," the report states. Such security concerns could hold serious implications for the dozens of private-sector companies that own and operate the nation's critical infrastructure.

Although initial reports alluded to the possibility that the hacker may have gained access to the source code of some of the company's future products, including Windows Me, Windows 2000 and Office, a Microsoft spokeswoman said that no source code was compromised or stolen and that every possible step has been taken to ensure the integrity of the code for future users.




RELATED STORIES:
MS, hacker secretive about meeting
November 22, 2000
Users show some sympathy to Microsoft over security
November 9, 2000
Microsoft servers hit by another hacker
November 7, 2000
Hospital hack points to need for standards
December 20, 2000
NASA hacker pleads guilty
December 6, 2000

RELATED IDG.net STORIES:
Microsoft stung by hack attack
(Computerworld)
MS, hacker secretive about meeting
(IDG.net)
Third time's no charm for Microsoft
(The Industry Standard)
Users show some sympathy to Microsoft over security breach
(Computerworld)
Security holes found in Windows Media Player
(IDG.net)
Bug hunter reveals another IE vulnerability
(Computerworld)
Security hole found in Internet Explorer
(IDG.net)
Microsoft adding security controls to Office 10
(Network World Fusion)

RELATED SITES:
The Center for Strategic and International Studies
Microsoft Corp.


Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.

 Search   

Back to the top  © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.