Hacking has become a major issue in today s world of technology. Even software giant Microsoft has been affected. Recently hackers broke into Microsoft s computer system. The hacker or hackers created new accounts so that they could gain access to parts of the software giant s computer network. Some accounts were being created that did not match or normal audit logs, Mr. Schmidt the corporate security office for the Microsoft Corporation, said (Schwartz, 2000).

According to The New York Times, the attacker did not directly enter Microsoft s network. The point of entry was an employee s home computer, connected to the company s network. The intruder sent the Microsoft employee a rogue program called QAZ Trojan hidden within another program. This type of program makes it s way through the person s defenses through trickery, and once inside releases a potent hidden payload. The program opened a back door on the machine, and this allowed the intruder to search for other computer s on Microsoft s network and commandeer those machines as well, sending the network addresses and passwords of each infected machine to a designated Internet location.

Microsoft s network is protected by a firewall. Those security systems prevent unauthorized users from getting into the network, but a firewall alone cannot prevent a connection from an unauthorized user s machine that has been taken over by an unauthorized third party (Schwartz 2000).

Howard Schmidt, corporate security officer for the Microsoft Corporation monitored the activities of the hackers over the next several days, and watched the intruders pop in and out of the system, creating new accounts with different permissions, or access to the Microsoft Corporation network. Microsoft said, the intruder came across the source code for a product being prepared for future release but not part of the company s core products (Schwartz 2000).

Mr. Schmidt stated that they monitored the intruder quietly, instead of shutting down the attacker right away. Initially, Microsoft denied access to the intruder, and shut down the created accounts on Friday October 20th. Over the weekend, no new attacks or intrusions were detected. The following Monday, the intruder was back attempting to access the network through the same route. The following day, Microsoft officials shut down the accounts and notified law enforcement.

Microsoft officials stated that although the intruders might have seen the code for the new product, there was no record of any attempt to download or transfer any files.

Hacking is affecting corporations at an alarming rate, more and more people and interested and intrigued with the idea of stealing people s information. It is imperative that corporations take appropriate precautions to protect their networks from these types of attacks. Most people would think that software giant Microsoft would be immune to these types of attacks by hackers.

I work in an industry where security cannot be compromised. I work for an Internet Health Care portal. Daily highly sensitive medical documents and records are transmitted via our networks. Any hint of a break or breach of our security could literally bring down our business. Recently, an employee was checking his personal web mail account via our network. He unknowingly opened a version of the Melissa virus and it got into our network, and into several clients machines because they were in the corporate address book. Unfortunately, this employee was terminated for this incident. Our security was breached, and if we cannot protect our own network from a virus, a client s impression would be, how are we going to protect their sensitive data from hackers? The unfortunate incident brought into the company a written policy on utilizing company equipment for personal use (web surfing, reading e-mail, etc.). If the company had a security policy for employees in place, such an incident may not have occurred. Unfortunately, it took an innocent mistake of an employee and the loss of someone s job for such a policy to be put in effect. u

Schwartz, John (2000, October 29). Irregular New Accounts Alerted Microsoft to Network Intruder. The New York Times. [Online reprint]. Available. http://www.nytimes.com/2000/10/29/technology/29SOFT.html