A leading Microsoft executive has admitted that an individual who broke into the Microsoft security system last October was able to roam around for 10 to 14 days before being caught.
Bob Herbold, a chief operating officer, told an audience at the University of Washington Business School that the hacker had gained access because an employee inadvertently left a password blank when configuring a server.
Herbold, who announced his retirement early last month, confirmed that the hacker would have had access to the source code for some of Microsoft's "key programmes" - including either or both the Windows and Office source codes.
However, he put the access down to human error rather than software malfunction. "It's not the technology, folks: it's the people," he said.
The hacker gained access to the network using a Microsoft employee's PC. Then he or she was able to search for and eventually find a server with a blank administrator account. Once the hacker had accessed the server, which was running Windows NT 4.0, he or she was able to look for other computers with blank or easily broken passwords. Once the incursion had been detected the FBI were called in to investigate. The investigation is still ongoing.
Herbold's speech was reported in the specialist Windows 2000 magazine. A spokesperson for Microsoft was unable to confirm or deny the substance of Herbold's remarks. The spokesperson did not believe a hacker's ability to roam around Microsoft's network for up to 14 days had any impact on Microsoft's .net strategy, which aims to persuade users to buy software services over the Web rather than install and maintain software in-house.