The hacking group behind the SolarWinds compromise was able to break into Microsoft and access some of its source code, the technology giant said late on Thursday, something experts said sent a worrying signal about the spies' ambition.
Source code - the underlying set of instructions that run a piece of software or operating system - is typically among a technology company's most closely guarded secrets and Microsoft has historically been particularly careful about protecting it.
It is not clear how much or what parts of Microsoft's source code repositories the hackers were able to access, but the disclosure suggests that the hackers who used software company SolarWinds as a springboard to break into sensitive US government networks also had an interest in discovering the inner workings of Microsoft products as well.
Microsoft had already disclosed that like other firms it found malicious versions of SolarWinds' software inside its network, but the source code disclosure is new.
Three people briefed on the matter said Microsoft had known for days that the source code had been accessed.
A Microsoft spokesman said security employees had been working "around the clock" and that "when there is actionable information to share, they have published and shared it”.
The SolarWinds hack is among the most ambitious cyber operations ever disclosed, compromising at least half-a-dozen federal agencies and potentially thousands of companies and other institutions.
US and private sector investigators have spent the holidays combing through logs to try to understand whether their data has been stolen or modified.
Modifying source code - which Microsoft said the hackers did not do - could have potentially disastrous consequences given the ubiquity of Microsoft products, which include the Office productivity suite and the Windows operating system. But experts said that even just being able to review the code could offer hackers insight that might help them subvert Microsoft products or services.
"The source code is the architectural blueprint of how the software is built," said Andrew Fife of Israel-based Cycode, a source code protection company.
"If you have the blueprint, it is far easier to engineer attacks," he added.
Matt Tait, an independent cybersecurity researcher, agreed that the source code could be used as a roadmap to help hack Microsoft products. He also cautioned that elements of the company's source code were already widely shared, for example with foreign governments. He said he doubted that Microsoft had made the common mistake of leaving cryptographic keys or passwords in the code.
"It's not going to affect the security of their customers, at least not substantially,” Mr Tait said.
Microsoft noted that it allows broad internal access to its code, and former employees agreed that it is more open than other companies.
In its blog post, Microsoft said it had found no evidence of access "to production services or customer data."
"The investigation, which is ongoing, has also found no indications that our systems were used to attack others," it said.
While you're here
Ed Husain: The far left is trying to hijack Muslim minds in the West
Sulaiman Hakemy: Why it is very important to lose elections
Rashmee Roshan Lall: US race relations in three words
Ms Yang's top tips for parents new to the UAE
- Join parent networks
- Look beyond school fees
- Keep an open mind
The Cockroach
(Vintage)
Ian McEwan
New UK refugee system
- A new “core protection” for refugees moving from permanent to a more basic, temporary protection
- Shortened leave to remain - refugees will receive 30 months instead of five years
- A longer path to settlement with no indefinite settled status until a refugee has spent 20 years in Britain
- To encourage refugees to integrate the government will encourage them to out of the core protection route wherever possible.
- Under core protection there will be no automatic right to family reunion
- Refugees will have a reduced right to public funds
Illegal%20shipments%20intercepted%20in%20Gulf%20region
Brief scoreline:
Manchester United 2
Rashford 28', Martial 72'
Watford 1
Doucoure 90'
Brief scoreline:
Manchester United 2
Rashford 28', Martial 72'
Watford 1
Doucoure 90'
Results
Our legal columnist
Name: Yousef Al Bahar
Advocate at Al Bahar & Associate Advocates and Legal Consultants, established in 1994
Education: Mr Al Bahar was born in 1979 and graduated in 2008 from the Judicial Institute. He took after his father, who was one of the first Emirati lawyers
US%20federal%20gun%20reform%20since%20Sandy%20Hook
GAC GS8 Specs
Engine: 2.0-litre 4cyl turbo
Power: 248hp at 5,200rpm
Torque: 400Nm at 1,750-4,000rpm
Transmission: 8-speed auto
Fuel consumption: 9.1L/100km
On sale: Now
Price: From Dh149,900
More from Rashmee Roshan Lall
Results
2pm Handicap (PA) Dh85,000 1,800m
Winner AF Al Baher, Tadhg O’Shea (jockey), Ernst Oertel (trainer).
2.30pm Maiden (TB) Dh75,000 1,400m
Winner Alla Mahlak, Fabrice Veron, Rashed Bouresly.
3pm Handicap (TB) Dh80,000 1,400m
Winner Davy Lamp, Adrie de Vries, Rashed Bouresly.
3.30pm Handicap (TB) Dh105,000 1,400m
Winner Ode To Autumn, Richard Mullen, Satish Seemar.
4pm Handicap (TB) Dh80,000 1,950m
Winner Arch Gold, Pat Dobbs, Doug Watson.
4.30pm Maiden (TB) Dh75,000 1,800m
Winner Meqdam, Pat Dobbs, Doug Watson.
5pm Handicap (TB) Dh90,000 1,800m
Winner Native Appeal, Sam Hitchcott, Doug Watson.
5.30pm Maiden (TB) Dh75,000 1,400m
Winner Amani Pico, Tadhg O’Shea, Satish Seemar
The specs
- Engine: 3.9-litre twin-turbo V8
- Power: 640hp
- Torque: 760nm
- On sale: 2026
- Price: Not announced yet
• Remittance charges will be tackled by blockchain
• UAE's monumental and risky Mars Mission to inspire future generations, says minister
• Could the UAE drive India's economy?
• News has a bright future and the UAE is at the heart of it
• Architecture is over - here's cybertecture
• The National announces Future of News journalism competition
• Round up: Experts share their visions of the world to come
Groom and Two Brides
Director: Elie Semaan
Starring: Abdullah Boushehri, Laila Abdallah, Lulwa Almulla
Rating: 3/5
Kareem Shaheen on Canada
While you're here
Kareem Shaheen: Even a pandemic could not unite today's America
Michele Wucker: The difference between a black swan and a grey rhino
Robert Matthews: Has flawed science and rushed research failed us?
The%20Little%20Mermaid%20
Election pledges on migration
CDU: "Now is the time to control the German borders and enforce strict border rejections"
SPD: "Border closures and blanket rejections at internal borders contradict the spirit of a common area of freedom"
While you're here
Chitrabhanu Kadalayil: Singapore election is more than just a family feud over LKY's legacy
Sholto Byrnes: Robert Mugabe and Lee Kuan Yew: two leaders with very different legacies
Dr Vivian Balakrishnan: UAE and Singapore can be partners for a world in transition
Nick March: Singapore and UAE are on the move – in airport development
Whiile you're here
Damien McElroy: Anti-science attitudes in America are proving lethal
Editorial: What makes the UAE such a good place to test vaccines?
Editorial: The fight against Covid-19 should be guided by science
More from Firas Maksad
While you're here
Rashmee Roshan Lall: Climate refugees is not a new term but get used to hearing it more often
Gavin Esler: 'The new normal' must mean more compassion – not complacence
Sholto Byrnes: From the Amazon to South-East Asia, our house is on fire
The specs
The specs
Price, base / as tested Dh100,000 (estimate)
Engine 2.4L four-cylinder
Gearbox Nine-speed automatic
Power 184bhp at 6,400rpm
Torque 237Nm at 3,900rpm
Fuel economy, combined 9.4L/100km
MATCH INFO
Real Madrid 2
Vinicius Junior (71') Mariano (90 2')
Barcelona 0
On Women's Day
Dr Nawal Al-Hosany: Why more women should be on the frontlines of climate action
Shelina Janmohamed: Why shouldn't a spouse be compensated fairly for housework?
Samar Elmnhrawy: How companies in the Middle East can catch up on gender equality
Justin Thomas: Challenge the notion that 'men are from Mars, women are from Venus'
Itcan profile
Founders: Mansour Althani and Abdullah Althani
Based: Business Bay, with offices in Saudi Arabia, Egypt and India
Sector: Technology, digital marketing and e-commerce
Size: 70 employees
Revenue: On track to make Dh100 million in revenue this year since its 2015 launch
Funding: Self-funded to date
The%20specs
Neighbourhood Watch
Lexus LX700h specs
Engine: 3.4-litre twin-turbo V6 plus supplementary electric motor
Power: 464hp at 5,200rpm
Torque: 790Nm from 2,000-3,600rpm
Transmission: 10-speed auto
Fuel consumption: 11.7L/100km
On sale: Now
Price: From Dh590,000
- Europe named new epicentre of pandemic
- UAE steps up efforts to protect the public from the spread of Covid-19
- Oman restricts border crossing from March 15
- Italians take to singing from windows to beat quarantine blues
- Everything you need to know about Covid-19 in the UAE
- Coronavirus: Dubai's Sheikh Hamdan launches Dh1.5bn economic stimulus package
Uefa Nations League: How it works
The Uefa Nations League, introduced last year, has reached its final stage, to be played over five days in northern Portugal. The format of its closing tournament is compact, spread over two semi-finals, with the first, Portugal versus Switzerland in Porto on Wednesday evening, and the second, England against the Netherlands, in Guimaraes, on Thursday.
The winners of each semi will then meet at Porto’s Dragao stadium on Sunday, with the losing semi-finalists contesting a third-place play-off in Guimaraes earlier that day.
Qualifying for the final stage was via League A of the inaugural Nations League, in which the top 12 European countries according to Uefa's co-efficient seeding system were divided into four groups, the teams playing each other twice between September and November. Portugal, who finished above Italy and Poland, successfully bid to host the finals.
How to invest in gold
Investors can tap into the gold price by purchasing physical jewellery, coins and even gold bars, but these need to be stored safely and possibly insured.
A cheaper and more straightforward way to benefit from gold price growth is to buy an exchange-traded fund (ETF).
Most advisers suggest sticking to “physical” ETFs. These hold actual gold bullion, bars and coins in a vault on investors’ behalf. Others do not hold gold but use derivatives to track the price instead, adding an extra layer of risk. The two biggest physical gold ETFs are SPDR Gold Trust and iShares Gold Trust.
Another way to invest in gold’s success is to buy gold mining stocks, but Mr Gravier says this brings added risks and can be more volatile. “They have a serious downside potential should the price consolidate.”
Mr Kyprianou says gold and gold miners are two different asset classes. “One is a commodity and the other is a company stock, which means they behave differently.”
Mining companies are a business, susceptible to other market forces, such as worker availability, health and safety, strikes, debt levels, and so on. “These have nothing to do with gold at all. It means that some companies will survive, others won’t.”
By contrast, when gold is mined, it just sits in a vault. “It doesn’t even rust, which means it retains its value,” Mr Kyprianou says.
You may already have exposure to gold miners in your portfolio, say, through an international ETF or actively managed mutual fund.
You could spread this risk with an actively managed fund that invests in a spread of gold miners, with the best known being BlackRock Gold & General. It is up an incredible 55 per cent over the past year, and 240 per cent over five years. As always, past performance is no guide to the future.
While you're here
• Remittance charges will be tackled by blockchain
• UAE's monumental and risky Mars Mission to inspire future generations, says minister
• Could the UAE drive India's economy?
• News has a bright future and the UAE is at the heart of it
• Architecture is over - here's cybertecture
• The National announces Future of News journalism competition
• Round up: Experts share their visions of the world to come
UPI facts
More than 2.2 million Indian tourists arrived in UAE in 2023
More than 3.5 million Indians reside in UAE
Indian tourists can make purchases in UAE using rupee accounts in India through QR-code-based UPI real-time payment systems
Indian residents in UAE can use their non-resident NRO and NRE accounts held in Indian banks linked to a UAE mobile number for UPI transactions
88 Video's most popular rentals
Avengers 3: Infinity War: an American superhero film released in 2018 and based on the Marvel Comics story.
Sholay: a 1975 Indian action-adventure film. It follows the adventures of two criminals hired by police to catch a vagabond. The film was panned on release but is now considered a classic.
Lucifer: is a 2019 Malayalam-language action film. It dives into the gritty world of Kerala’s politics and has become one of the highest-grossing Malayalam films of all time.
You might also like
The specs
Engine: 2.0-litre 4-cyl turbo
Power: 247hp at 6,500rpm
Torque: 370Nm from 1,500-3,500rpm
Transmission: 10-speed auto
Fuel consumption: 7.8L/100km
Price: from Dh94,900
On sale: now
Turkish Ladies
Various artists, Sony Music Turkey
Diriyah%20project%20at%20a%20glance
While you're here
The National editorial: Turkey's soft power weighs heavy on Europe's Muslims
Con Coughlin: How extremists use Zoom and other tools to exploit pandemic
Nicky Harley: Peace TV preacher Zakir Naik prompts UK hate laws review
While you're here
National Editorial: World trade has started to look inwards
Callum Patton: ‘Arrival of Asian century’ has eclipsed US
Robin Mills: Importance of China's energy markets clearer
Smart words at Make Smart Cool
Make Smart Cool is not your usual festival. Dubbed “edutainment” by organisers Najahi Events, Make Smart Cool aims to inspire its youthful target audience through a mix of interactive presentation by social media influencers and a concert finale featuring Example with DJ Wire. Here are some of the speakers sharing their inspiration and experiences on the night.
Prince Ea
With his social media videos accumulating more half a billion views, the American motivational speaker is hot on the college circuit in the US, with talks that focus on the many ways to generate passion and motivation when it comes to learning.
Khalid Al Ameri
The Emirati columnist and presenter is much loved by local youth, with writings and presentations about education, entrepreneurship and family balance. His lectures on career and personal development are sought after by the education and business sector.
Ben Ouattara
Born to an Ivorian father and German mother, the Dubai-based fitness instructor and motivational speaker is all about conquering fears and insecurities. His talk focuses on the need to gain emotional and physical fitness when facing life’s challenges. As well managing his film production company, Ouattara is one of the official ambassadors of Dubai Expo2020.
Wicked: For Good
Director: Jon M Chu
Starring: Ariana Grande, Cynthia Erivo, Jonathan Bailey, Jeff Goldblum, Michelle Yeoh, Ethan Slater
Rating: 4/5
Gully Boy
Director: Zoya Akhtar
Producer: Excel Entertainment & Tiger Baby
Cast: Ranveer Singh, Alia Bhatt, Kalki Koechlin, Siddhant Chaturvedi
Rating: 4/5 stars
