TUESDAY, 31 OCTOBER 2000
On Wednesday, 25/10/2000, Microsoft's security employees discovered that passwords for accessing the company network were being sent to an email address at St. Petersburg. System logs also showed that the passwords had been used to read the source code of a new program.It appears that the crackers gained access to the network by emailing the QAZ Trojan virus to a Microsoft employee. A Trojan, as named after the original one of Greek mythology, is a seemingly harmless program with malicious code hidden inside it. After the program was installed on a computer, the Trojan started spreading itself on other computers on Microsoft's intranet (internal network) and sending information to the crackers. This 'back door' then allowed the crackers to install other software, which would collect passwords and other data.
The QAZ is a well known virus. Software to protect against it has been available from anti-virus companies since mid-July. It is possible that a Microsoft employee had disabled the anti-virus software, thus letting the Trojan horse through.
The attack may have been the first stage of a 'data hostage' case, where the crackers would threaten to publicize the source code. Alternatively, it may be a more common case of industrial espionage; however, it would be fairly difficult to make use of the code without being caught.
Further investigations have shown that the first infected computer may have been the home machine of an employee, with a connection to the intranet. The source code under attack was related to Microsoft's .NET strategy, a plan to incorporate the Internet into all its products. The code had not been modified by the crackers.
Links:
Note: the MSNBC articles incorrectly use the term 'hacker' when 'cracker is actually meant.
Description of the QAZ Trojan
Original article on MSNBC
An update to the above
Risto A. Paju is an Undergraduate in Physics at Queens'