Ads by TechWords

See your link here
Receive the latest technology news and information.
Security
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

Think tank warns that Microsoft hack could pose national security risk

December 27, 2000 12:00 PM ET

Computerworld - Although Microsoft Corp. has denied that the hacker who penetrated its network in October gained access to any of the company's source code, a recent report by a Washington-based think tank is warning that the compromise may hold grave national security implications.

In a report released this month titled "Cyber Threats and Information Security: Meeting the 21st Century Challenge," the Center for Strategic and International Studies (CSIS) concluded that the government and the private sector should be concerned about the "trustworthiness" of future Microsoft products in the aftermath of the hack into the company's network. Former Deputy Secretary of Defense John Hamre, a longtime cybersecurity proponent in the defense and intelligence communities, heads the CSIS.

"It is doubtful that the millions (sometimes billions) of lines of code required to power Microsoft's products could readily be sanitized," the CSIS report states. "With most military and government systems powered by Microsoft software and more generally reliant on [commercial, off-the-shelf systems], this recent development can pose grave national-security-related concerns," the 73-page report concludes.

Microsoft, however, strongly disagrees with the analysis.
"The CSIS quote sensationalizes the incident and misstates the facts in a number of important ways," a Microsoft spokesman said. "Most important, Microsoft has repeatedly stated that after tracking the intruders and investigating their activities, there is no evidence and no basis to believe that they had any access at all to Windows or Office source code. That is, we have no reason to believe that the intruders were able to see Windows or Office source code, much less modify it. Microsoft's current and future products remain intact and secure, and customers can use them with confidence."
Microsoft security personnel discovered the hack in October when they noticed that passwords were being remotely sent to an e-mail account in Russia. The hackers then posed as Microsoft employees working off-site rather than at the company's Redmond, Wash., headquarters to gain access to sensitive areas within Microsoft's internal network (see story).

Government systems aren't the only ones at risk, according to CSIS. "Whoever stole proprietary secrets at the heart of the ubiquitous Windows program can hack into any PC in the world that uses it and is connected to the Internet," the report states. Such security concerns could hold serious implications for the dozens of private-sector companies that own and operate the nation's critical infrastructure.
Although initial reports alluded to the possibility that the hacker may have gained access to the source code of some of the company's future products, including Windows Me, Windows 2000and Office, a Microsoft spokeswoman said that no source code was compromised or stolen and that every possible step has been taken to ensure the integrity of the code for future users
For more security coverage, head to our Security Watch community.

Read more about security in Computerworld's Security Knowledge Center.



Jump to comments

Security

Additional Resources

EFD vs. HDD - What You Need to Know
WHITE PAPER
Enterprise flash drives provide a new Tier 0 storage layer capable of delivering high I/O performance at a very low latency. Proper use of EFDs in an Oracle environment can deliver increased performance compared to fibre channel drives. Read the recommendations for identification of the best DB components for EFDs.
Gartner Research Report: Magic Quadrant for Application Delivery Controllers, 2009
WHITE PAPER
The market for products to improve the delivery of application software over networks remains dynamic and innovative. Vendors focused on solving enterprises' most-pressing application problems have become the top players.
Eight Criteria for Server Load Balancing
WHITE PAPER
Server load balancers are a simple yet highly effective means to scale an application environment while ensuring its availability. Today's solutions should also address application performance and security. Read about the top eight criteria you should consider when choosing a server load balancer and how Citrix NetScaler meets those requirements.

White Papers & Webcasts

Death to PST Files
Download Now  

Web 2.0, Social Media and the Dark Web - A Web Criminals Paradise?
In this discussion, learn about the challenges of protecting your users from the potentially unsafe content hidden in the "Dark Web".

eGuide: Enterprise Security
Smart Security Strategies for 2010. Read now!  

Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...


IT Jobs