The hacking group behind the SolarWinds compromise was able to break into Microsoft and access some of its source code, the technology giant said late on Thursday, something experts said sent a worrying signal about the spies' ambition.
Source code - the underlying set of instructions that run a piece of software or operating system - is typically among a technology company's most closely guarded secrets and Microsoft has historically been particularly careful about protecting it.
It is not clear how much or what parts of Microsoft's source code repositories the hackers were able to access, but the disclosure suggests that the hackers who used software company SolarWinds as a springboard to break into sensitive US government networks also had an interest in discovering the inner workings of Microsoft products as well.
Microsoft had already disclosed that like other firms it found malicious versions of SolarWinds' software inside its network, but the source code disclosure is new.
Three people briefed on the matter said Microsoft had known for days that the source code had been accessed.
A Microsoft spokesman said security employees had been working "around the clock" and that "when there is actionable information to share, they have published and shared it”.
The SolarWinds hack is among the most ambitious cyber operations ever disclosed, compromising at least half-a-dozen federal agencies and potentially thousands of companies and other institutions.
US and private sector investigators have spent the holidays combing through logs to try to understand whether their data has been stolen or modified.
Modifying source code - which Microsoft said the hackers did not do - could have potentially disastrous consequences given the ubiquity of Microsoft products, which include the Office productivity suite and the Windows operating system. But experts said that even just being able to review the code could offer hackers insight that might help them subvert Microsoft products or services.
"The source code is the architectural blueprint of how the software is built," said Andrew Fife of Israel-based Cycode, a source code protection company.
"If you have the blueprint, it is far easier to engineer attacks," he added.
Matt Tait, an independent cybersecurity researcher, agreed that the source code could be used as a roadmap to help hack Microsoft products. He also cautioned that elements of the company's source code were already widely shared, for example with foreign governments. He said he doubted that Microsoft had made the common mistake of leaving cryptographic keys or passwords in the code.
"It's not going to affect the security of their customers, at least not substantially,” Mr Tait said.
Microsoft noted that it allows broad internal access to its code, and former employees agreed that it is more open than other companies.
In its blog post, Microsoft said it had found no evidence of access "to production services or customer data."
"The investigation, which is ongoing, has also found no indications that our systems were used to attack others," it said.
In numbers
- Number of children under five will fall from 681 million in 2017 to 401m in 2100
- Over-80s will rise from 141m in 2017 to 866m in 2100
- Nigeria will become the world’s second most populous country with 791m by 2100, behind India
- China will fall dramatically from a peak of 2.4 billion in 2024 to 732 million by 2100
- an average of 2.1 children per woman is required to sustain population growth
((Disclaimer))
The Liechtensteinische Landesbank AG (“Bank”) assumes no liability or guarantee for the accuracy, balance, or completeness of the information in this publication. The content may change at any time due to given circumstances, and the Liechtensteinische Landesbank AG is under no obligation to update information once it has been published. This publication is intended for information purposes only and does not constitute an offer, a recommendation or an invitation by, or on behalf of, Liechtensteinische Landesbank (DIFC Branch), Liechtensteinische Landesbank AG, or any of its group affiliates to make any investments or obtain services. This publication has not been reviewed, disapproved or approved by the United Arab Emirates (“UAE”) Central Bank, Dubai Financial Services Authority (“DFSA”) or any other relevant licensing authorities in the UAE. It may not be relied upon by or distributed to retail clients. Liechtensteinische Landesbank (DIFC Branch) is regulated by the DFSA and this advertorial is intended for Professional Clients (as defined by the DFSA) who have sufficient financial experience and understanding of financial markets, products or transactions and any associated risks.
MATCH INFO
Chelsea 4 (Mount 18',Werner 44', Hudson-Odoi 49', Havertz 85')
Morecambe 0
MATCH INFO
Uefa Nations League
League A, Group 4
Spain v England, 10.45pm (UAE)
Results
5pm: Wadi Nagab – Maiden (PA) Dh80,000 (Turf) 1,200m; Winner: Al Falaq, Antonio Fresu (jockey), Ahmed Al Shemaili (trainer)
5.30pm: Wadi Sidr – Handicap (PA) Dh80,000 (T) 1,200m; Winner: AF Majalis, Tadhg O’Shea, Ernst Oertel
6pm: Wathba Stallions Cup – Handicap (PA) Dh70,000 (T) 2,200m; Winner: AF Fakhama, Fernando Jara, Mohamed Daggash
6.30pm: Wadi Shees – Handicap (PA) Dh80,000 (T) 2,200m; Winner: Mutaqadim, Antonio Fresu, Ibrahim Al Hadhrami
7pm: Arabian Triple Crown Round-1 – Listed (PA) Dh230,000 (T) 1,600m; Winner: Bahar Muscat, Antonio Fresu, Ibrahim Al Hadhrami
7.30pm: Wadi Tayyibah – Maiden (TB) Dh80,000 (T) 1,600m; Winner: Poster Paint, Patrick Cosgrave, Bhupat Seemar
THE DETAILS
Director: Milan Jhaveri
Producer: Emmay Entertainment and T-Series
Cast: John Abraham, Manoj Bajpayee
Rating: 2/5
Key findings of Jenkins report
- Founder of the Muslim Brotherhood, Hassan al Banna, "accepted the political utility of violence"
- Views of key Muslim Brotherhood ideologue, Sayyid Qutb, have “consistently been understood” as permitting “the use of extreme violence in the pursuit of the perfect Islamic society” and “never been institutionally disowned” by the movement.
- Muslim Brotherhood at all levels has repeatedly defended Hamas attacks against Israel, including the use of suicide bombers and the killing of civilians.
- Laying out the report in the House of Commons, David Cameron told MPs: "The main findings of the review support the conclusion that membership of, association with, or influence by the Muslim Brotherhood should be considered as a possible indicator of extremism."
