MSN Site Hacking Went Undetected for Days
By TED BRIDIS, AP Technology Writer Fri Jun 3, 9:06 PM ET
Password-stealing software planted by hackers was active on
Microsoft's popular MSN Web site in South Korea for days before the
world's largest software company learned about the break-in and
removed the computer code.
Police investigators and Microsoft specialists are continuing to
search for clues to the culprits behind this week's high-profile
computer break-in. More details emerged Friday about the hacking,
which targeted subscribers of an online game called "Lineage" that is
popular in Asia.
Microsoft Corp. said it had cleaned the Web site, www.msn.co.kr, and
removed the software code that had been planted on its news page. It
said another company that operates the MSN Korea site apparently
failed to apply necessary software patches, leaving its server
computers vulnerable.
Security researchers at San Diego-based Websense Inc. discovered the
break-in late Sunday during routine scans it makes against more than
250 million Web sites each week looking for sources of viruses and
other infections.
A previous inspection by Websense of the MSN Korea site the evening of
May 27 did not detect the dangerous software.
"Our alarms went off (Sunday). We noticed it was infected," said Dan
Hubbard, its senior security director.
Hubbard said Websense researchers investigated further and quickly
updated protective software to keep its own corporate customers
safe. It did not successfully reach Microsoft officials to warn them
about the break-in until midday Tuesday, a day after the Memorial Day
holiday weekend.
Microsoft said it removed the password-stealing software from the MSN
site hours later.
The chronology suggests the hackers could have harvested stolen
passwords from visitors to the MSN site for up to three days. But
their target -- passwords to game accounts -- lessened the significance
of the break-in since the hacker software appeared not to collect any
network or banking passwords.
The Lineage game and its successor boast more than 4 million
subscribers, mostly in Asia, who pay about $15 each month, said Mike
Crouch, a spokesman for the U.S. subsidiary of South Korea-based
NCSoft Corp. Crouch said he was unaware of any significant increase in
complaints by subscribers about stolen passwords tied to the Microsoft
break-in.
South Korea is a leader in high-speed Internet users
worldwide. Microsoft's MSN Web properties -- which offer news,
financial advice, car- and home-buying information and more -- are
among the most popular across the Web.
A Microsoft spokesman, Adam Sohn, said the company was confident its
English-language Web sites were not vulnerable to the same type of
attack.
Microsoft shares fell 36 cents to close at $25.43 on the Nasdaq Stock
Market. They have traded in a range of $23.82 to $30.70 over the past 52
weeks.
Copyright 2005 The Associated Press.
NOTE: For more telecom/internet/networking/computer news from the
daily media, check out our feature 'Telecom Digest Extra' each day at
http://telecom-digest.org/td-extra/more-news.html . Hundreds of new
articles daily.
Lisa Minter (lisa_minter2001@yahoo.com)