Microsoft Exec Details Hack Attack: Human Error to Blame

Departing Microsoft executive Bob Herbold gave the most detailed explanation yet of a hacker attack that compromised the software giant's network last October; he blamed human error.

Paul Thurrott

February 26, 2001

2 Min Read
ITPro Today logo in a gray background | ITPro Today

During a lecture at the University of Washington Business School, departing Microsoft executive Bob Herbold gave the most detailed explanation yet of a hacker attack that compromised the software giant's network last October. Herbold, who announced earlier this month that he is retiring from his position as Chief Operating Officer (COO), said that human error--not a software malfunction--led to the success of the attack on Microsoft. Such is usually the case, Herbold said.
  
"It's not the technology, folks; it's the people," Herbold explained. "When we trace [such attacks] back, it's always human error." In this case, he revealed, an employee inadvertently left a password blank when configuring a server. The attacker then easily gained access to the company's network and managed to roam around for 10 to 14 days before being caught. The attacker, Herbold admitted, did indeed view the source code for some of Microsoft's "key programs." At the time of the attack, Microsoft changed its story at least three times, with the company finally settling on a version that claimed that neither Windows nor Office source code was compromised. Herbold's comments suggest that the hacker did indeed access at least part of the code for one or both of these platforms.
  
Microsoft's network is constantly under attack from hackers, however, which Herbold noted during his lecture. In this particular attack, he said, the hacker physically gained access to the Microsoft network using an employee's PC. Then the hacker searched for, and eventually found, a server with a blank administrator account. That server was running Windows NT 4.0, not Windows 2000, he said, noting that Win2K doesn't use a blank password by default for the administrator account (this statement isn't strictly true, however). Then the hacker could look for other computers with blank or easily broken passwords.
  
Herbold says that Microsoft became aware of the activity and began monitoring the hacker's movements throughout the network. When it became clear that source code had been compromised, the company contacted the FBI and went public with the invasion. The investigation is still ongoing. Microsoft and the FBI have yet to comment on any of the specifics of the case, such as whether the hacker used a Trojan Horse virus to gain the initial access and which of Microsoft's programs were compromised

Read more about:

Microsoft

About the Author

Paul Thurrott

Paul Thurrott is senior technical analyst for Windows IT Pro. He writes the SuperSite for Windows, a weekly editorial for Windows IT Pro UPDATE, and a daily Windows news and information newsletter called WinInfo Daily UPDATE.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like