Featured Videos


  •  
    Ultrasonic Welding

    Ultrasonic Welding

    Ultrasonic welding is a process whereby high-frequency ultrasonic waves are locally applied to workpieces being held together under pressure to create a solid-state weld.

  •  
    Hydrogen Electrolyser

    Hydrogen Electrolyser

    Green hydrogen, produced by using renewable energy to split water molecules into hydrogen and oxygen, is expected to play a vital role in the energy transition.      

  •  
    Tesla electric car 10:23

    Tesla electric car

    Tesla is accelerating the world's transition to sustainable energy with electric cars, solar, and integrated renewable energy solutions for homes and businesses.

More Videos


 

Latest News


 

SolarWinds hackers accessed Microsoft source code


Source code - the underlying set of instructions that run a piece of software or operating system - is typically among a technology company's most closely guarded secrets and Microsoft has historically been particularly careful about protecting it.

It is not clear how much or what parts of Microsoft's source code repositories the hackers were able to access, but the disclosure suggests that the hackers who used software company SolarWinds as a springboard to break into sensitive U.S. government networks also had an interest in discovering the inner workings of Microsoft products as well.

Microsoft had already disclosed that like other firms it found malicious versions of SolarWinds' software inside its network, but the source code disclosure - made in a blog post - is new. After Reuters reported it was breached two weeks ago, Microsoft said it had not "found any evidence of access to production services."

Three people briefed on the matter said Microsoft had known for days that the source code had been accessed. A Microsoft spokesman said security employees had been working "around the clock" and that "when there is actionable information to share, they have published and shared it."

The SolarWinds hack is among the most ambitious cyber operations ever disclosed, compromising at least half-a-dozen federal agencies and potentially thousands of companies and other institutions. U.S. and private sector investigators have spent the holidays combing through logs to try to understand whether their data has been stolen or modified.

Modifying source code - which Microsoft said the hackers did not do - could have potentially disastrous consequences given the ubiquity of Microsoft products, which include the Office productivity suite and the Windows operating system. But experts said that even just being able to review the code could offer hackers insight that might help them subvert Microsoft products or services.

Matt Tait, an independent cybersecurity researcher, agreed that the source code could be used as a roadmap to help hack Microsoft products, but he also cautioned that elements of the company's source code were already widely shared. He said he doubted that Microsoft had made the common mistake of leaving cryptographic keys or passwords in the code.

"It's not going to affect the security of their customers, at least not substantially," Tait said.
Microsoft noted that it allows broad internal access to its code, and former employees agreed that it is more open than other companies.

In its blog post, Microsoft said it had found no evidence of access "to production services or customer data."
"The investigation, which is ongoing, has also found no indications that our systems were used to attack others," it said.

Reuters reported a week ago that Microsoft-authorized resellers were hacked and their access to productivity programs inside targets leveraged in attempts to read email. Microsoft acknowledged some vendor access was misused but has not said how many resellers or customers may have been breached.

Both Tait and Ronen Slavin, Cycode's chief technology officer, said a key unanswered question was which source code repositories were accessed. Microsoft has a huge range of products, from widely used Windows to lesser known software such as social networking app Yammer and the design app Sway.

Slavin said he was worried by the possibility that the SolarWinds hackers were poring over Microsoft's source code as prelude to a much more ambitious offensive.

"To me the biggest question is, 'Was this recon for the next big operation?'" he said.