During a lecture at the University of Washington Business School, departing Microsoft executive Bob Herbold gave the most detailed explanation yet of a hacker attack that compromised the software giant's network last October. Herbold, who announced earlier this month that he is retiring from his position as Chief Operating Officer (COO), said that human error--not a software malfunction--led to the success of the attack on Microsoft. Such is usually the case, Herbold said.
"It's not the technology, folks; it's the people," Herbold explained. "When we trace \[such attacks\] back, it's always human error." In this case, he revealed, an employee inadvertently left a password blank when configuring a server. The attacker then easily gained access to the company's network and managed to roam around for 10 to 14 days before being caught. The attacker, Herbold admitted, did indeed view the source code for some of Microsoft's "key programs." At the time of the attack, Microsoft changed its story at least three times, with the company finally settling on a version that claimed that neither Windows nor Office source code was compromised. Herbold's comments suggest that the hacker did indeed access at least part of the code for one or both of these platforms.
Microsoft's network is constantly under attack from hackers, however, which Herbold noted during his lecture. In this particular attack, he said, the hacker physically gained access to the Microsoft network using an employee's PC. Then the hacker searched for, and eventually found, a server with a blank administrator account. That server was running Windows NT 4.0, not Windows 2000, he said, noting that Win2K doesn't use a blank password by default for the administrator account (this statement isn't strictly true, however). Then the hacker could look for other computers with blank or easily broken passwords.
Herbold says that Microsoft became aware of the activity and began monitoring the hacker's movements throughout the network. When it became clear that source code had been compromised, the company contacted the FBI and went public with the invasion. The investigation is still ongoing. Microsoft and the FBI have yet to comment on any of the specifics of the case, such as whether the hacker used a Trojan Horse virus to gain the initial access and which of Microsoft's programs were compromised
