No unbreachable defence

Microsoft admitted at the end of October that hackers, believed to be based in St Petersburg, had broken through its network’s cyber-defences and that they “may have viewed the source code for a single future product under development.” The world’s leading software company stressed that the intruders did not gain access to the source code for Office or any Windows package. It also reported that Microsoft security detected the incursion “shortly after it first occurred”, without specifying when the initial breach took place, and monitored the hacker’s behaviour for 12 days between 14 October and 25 October. The FBI have been called in to investigate. At the time of writing the technique used and reason for the infiltration are unclear. Observers have suggested that the QAZ Trojan horse virus, embedded in an email or a file downloaded from the Internet, may have been triggered by a Microsoft employee working remotely. Once activated, the virus may have supplied password details back to the hackers. The intruder’s goal has also to be determined. Industrial espionage, sabotage and a shortcut to code vulnerabilities are all possible motives.