Language Selection

English French German Italian Portuguese Spanish

MSN site hacking went undetected for days

Filed under
Microsoft
Web

Password-stealing software planted by hackers was active on Microsoft's popular MSN Web site in South Korea for days before the world's largest software company learned about the break-in and removed the computer code.

Police investigators and Microsoft specialists are continuing to search for clues to the culprits behind this week's high-profile computer break-in. More details emerged Friday about the hacking, which targeted subscribers of an online game called "Lineage" that is popular in Asia.

Microsoft Corp. said it had cleaned the Web site, www.msn.co.kr, and removed the software code that had been planted on its news page. It said another company that operates the MSN Korea site apparently failed to apply necessary software patches, leaving its server computers vulnerable.

Security researchers at San Diego-based Websense Inc. discovered the break-in late Sunday during routine scans it makes against more than 250 million Web sites each week looking for sources of viruses and other infections.

A previous inspection by Websense of the MSN Korea site the evening of May 27 did not detect the dangerous software.

"Our alarms went off (Sunday). We noticed it was infected," said Dan Hubbard, its senior security director.

Hubbard said Websense researchers investigated further and quickly updated protective software to keep its own corporate customers safe. It did not successfully reach Microsoft officials to warn them about the break-in until midday Tuesday, a day after the Memorial Day holiday weekend.

Microsoft said it removed the password-stealing software from the MSN site hours later.

The chronology suggests the hackers could have harvested stolen passwords from visitors to the MSN site for up to three days. But their target -- passwords to game accounts -- lessened the significance of the break-in since the hacker software appeared not to collect any network or banking passwords.

The Lineage game and its successor boast more than 4 million subscribers, mostly in Asia, who pay about $15 each month, said Mike Crouch, a spokesman for the U.S. subsidiary of South Korea-based NCSoft Corp. Crouch said he was unaware of any significant increase in complaints by subscribers about stolen passwords tied to the Microsoft break-in.

South Korea is a leader in high-speed Internet users worldwide. Microsoft's MSN Web properties -- which offer news, financial advice, car- and home-buying information and more -- are among the most popular across the Web.

A Microsoft spokesman, Adam Sohn, said the company was confident its English-language Web sites were not vulnerable to the same type of attack.

Microsoft shares fell 36 cents to close at $25.43 on the Nasdaq Stock Market. They have traded in a range of $23.82 to $30.70 over the past 52 weeks.

Associated Press

More in Tux Machines

A Grand Experiment

The latest debacle over the "forced" upgrade to Windows 10 and Apple's increasingly locked-in ecosystem has got me thinking. Do I really need to use a proprietary operating system to get work done? And while I'm at it, do I need to use commercial cloud services to store my data? I've always used Linux since the first time I tried installing Slackware in the mid-90s. In 1998 we were the first national TV show to install Linux live (Red Hat). And I've often advocated Ubuntu to people with older computers. I usually have at least one computer running Linux around, in the past couple of years Dell XPS laptops have been great choices. And a couple of months ago I bought a 17" Oryx laptop from System76, an Ubuntu system integrator, for use in studio. But as time went by, even Ubuntu began to seem too commercial to me, and I've migrated to community supported Debian testing and the Arch-based Antergos distros for everything. (i use Antergos on my Oryx on the shows.) Read more Also: Microsoft lays off remaining handful of Microsoft Press staff

Karbonn confirms Android One smartphone(s) launching in Q1 next year

In an interview with TOI Tech, Karbonn Mobiles has confirmed it will be introducing new Android One-based smartphone(s) early next year. Karbonn's Managing Director Pradeep Jain said the company is in talks with Google for Android One, and we might see some Android One smartphone launch(es) in Q1 of next year. Read more

COM and Pico-ITX dev kit run Linux on dual-core Cortex-A7

iWave has launched a rugged, SODIMM-style COM and Pico-ITX form factor carrier board that run Linux on the Renesas dual-core, Cortex-A7 RZ/G1E SoC. In January, iWave launched the iW-RainboW-G20M-Qseven computer-on-module, built around the dual-core 1.5GHz Cortex-A15 based Renesas RZ/G1M and RZ/G1N SoCs. Now the company has followed up with a 67.6 x 37mm, SODIMM form factor “iW-RainboW-G22M-SM” COM that runs Linux 3.10.31 on the dual-core Cortex-A7 based RZ/G1E SoC from the same RZ/G series SoCs. Read more