| Submit your comments on this article |
| -Lurid Crime Tales- |
| SolarWinds hackers accessed Microsoft source code, the company says |
| 2021-01-01 |
| [Rooters] The hacking group behind the SolarWinds compromise was able to break into Microsoft Corp and access some of its source code, Microsoft said on Thursday, something experts said sent a worrying signal about the spies' ambition. Hopefully they got Windows Vista Source code - the underlying set of instructions that run a piece of software or operating system - is typically among a technology company's most closely guarded secrets and Microsoft has historically been particularly careful about protecting it. It is not clear how much or what parts of Microsoft's source code repositories the hackers were able to access, but the disclosure suggests that the hackers who used software company SolarWinds as a springboard to break into sensitive U.S. government networks also had an interest in discovering the inner workings of Microsoft products as well. Microsoft had already disclosed that like other firms it found malicious versions of SolarWinds' software inside its network, but the source code disclosure - made in a blog post - is new. After Reuters reported it was breached two weeks ago, Microsoft said it had not "found any evidence of access to production services." Three people briefed on the matter said Microsoft had known for days that the source code had been accessed. A Microsoft spokesman said security employees had been working "around the clock" and that "when there is actionable information to share, they have published and shared it." The SolarWinds hack is among the most ambitious cyber operations ever disclosed, compromising at least half-a-dozen federal agencies and potentially thousands of companies and other institutions. U.S. and private sector investigators have spent the holidays combing through logs to try to understand whether their data has been stolen or modified. Modifying source code - which Microsoft said the hackers did not do - could have potentially disastrous consequences given the ubiquity of Microsoft products, which include the Office productivity suite and the Windows operating system. But experts said that even just being able to review the code could offer hackers insight that might help them subvert Microsoft products or services. "The source code is the architectural blueprint of how the software is built," said Andrew Fife of Israel-based Cycode, a source code protection company. "If you have the blueprint, it's far easier to engineer attacks Related: SolarWinds: 2020-12-21 Chris Krebs takes blame for massive hack: ‘It happened on my watch' SolarWinds: 2020-12-18 Feds call 'nine-month long undetected' Russian hack that breached US nuclear agencies SolarWinds: 2020-12-18 Microsoft says it found malicious software from SolarWinds in its systems |
| Posted by:Frank G |
| #9 H1B1 Indian Visa Microsoft coder made a lot of money for that code back in India for sure. |
| Posted by: Blackbeard Barnsmell6454 2021-01-01 13:09 |
| #8 One potential source of problems is that all the extra cases to maintain "backward compatibility" can lead to unreadable (=unmaintainable) code and unforeseen corner cases. I got the impression (no doubt thanks to great PR) that MS was redoing their code base to get rid of a lot of cruft, but I don't know how extensive the project was. |
| Posted by: james 2021-01-01 12:47 |
| #7 So it is a feature and not a bug then? |
| Posted by: DarthVader 2021-01-01 12:33 |
| #6 So what's worse? Hacker code or Microsoft's forced "updates"? |
| Posted by: Mercutio 2021-01-01 09:18 |
| #5 SolarWinds hackers accessed Microsoft source code, the company says... who then went on to write tighter more efficient code that could run on a 2001 era machine. Maawwahh. :) |
| Posted by: Procopius2k 2021-01-01 06:48 |
| #4 >unless MSFT was depending on obscurity for some aspects of security. I'd bet running Static Code Analysis on it would reveal rather a few holes. The hack inserted modified CODE into Solarwinds which then opened the trapdoor. The inserted code looked to be a higher quality than that written by solarwinds. The problem is that MS allows programs running on it's OS far too much access to basically do anything. |
| Posted by: Bright Pebbles 2021-01-01 05:34 |
| #3 Should be easy to catch. They all have dazed looks and cross eye from looking at the source code... And they babble incoherently. |
| Posted by: CrazyFool 2021-01-01 01:58 |
| #2 Then they turned to stone. |
| Posted by: KBK 2021-01-01 01:01 |
| #1 "No access to production services" and "access to source code" are different things. The first means the systems running their data centers -- and the customer applications running in them -- don't show evidence of access. The second means someone -- God help them -- was able to read the source code to SOME MSFT software. Access to source shouldn't matter in regard to security -- unless MSFT was depending on obscurity for some aspects of security. Linux source code has always been available, and its security issues are primarily with misconfigured software (default passwords; being behind on updates, etc.). |
| Posted by: Rob Crawford 2021-01-01 00:53 |