The hacking group behind the SolarWinds compromise was able to break into Microsoft and access some of its source code, the technology giant said late on Thursday, something experts said sent a worrying signal about the spies' ambition.
Source code - the underlying set of instructions that run a piece of software or operating system - is typically among a technology company's most closely guarded secrets and Microsoft has historically been particularly careful about protecting it.
It is not clear how much or what parts of Microsoft's source code repositories the hackers were able to access, but the disclosure suggests that the hackers who used software company SolarWinds as a springboard to break into sensitive US government networks also had an interest in discovering the inner workings of Microsoft products as well.
Microsoft had already disclosed that like other firms it found malicious versions of SolarWinds' software inside its network, but the source code disclosure is new.
Three people briefed on the matter said Microsoft had known for days that the source code had been accessed.
A Microsoft spokesman said security employees had been working "around the clock" and that "when there is actionable information to share, they have published and shared it”.
The SolarWinds hack is among the most ambitious cyber operations ever disclosed, compromising at least half-a-dozen federal agencies and potentially thousands of companies and other institutions.
US and private sector investigators have spent the holidays combing through logs to try to understand whether their data has been stolen or modified.
Modifying source code - which Microsoft said the hackers did not do - could have potentially disastrous consequences given the ubiquity of Microsoft products, which include the Office productivity suite and the Windows operating system. But experts said that even just being able to review the code could offer hackers insight that might help them subvert Microsoft products or services.
"The source code is the architectural blueprint of how the software is built," said Andrew Fife of Israel-based Cycode, a source code protection company.
"If you have the blueprint, it is far easier to engineer attacks," he added.
Matt Tait, an independent cybersecurity researcher, agreed that the source code could be used as a roadmap to help hack Microsoft products. He also cautioned that elements of the company's source code were already widely shared, for example with foreign governments. He said he doubted that Microsoft had made the common mistake of leaving cryptographic keys or passwords in the code.
"It's not going to affect the security of their customers, at least not substantially,” Mr Tait said.
Microsoft noted that it allows broad internal access to its code, and former employees agreed that it is more open than other companies.
In its blog post, Microsoft said it had found no evidence of access "to production services or customer data."
"The investigation, which is ongoing, has also found no indications that our systems were used to attack others," it said.
The biog
Alwyn Stephen says much of his success is a result of taking an educated chance on business decisions.
His advice to anyone starting out in business is to have no fear as life is about taking on challenges.
“If you have the ambition and dream of something, follow that dream, be positive, determined and set goals.
"Nothing and no-one can stop you from succeeding with the right work application, and a little bit of luck along the way.”
Mr Stephen sells his luxury fragrances at selected perfumeries around the UAE, including the House of Niche Boutique in Al Seef.
He relaxes by spending time with his family at home, and enjoying his wife’s India cooking.
The Sand Castle
Director: Matty Brown
Stars: Nadine Labaki, Ziad Bakri, Zain Al Rafeea, Riman Al Rafeea
Rating: 2.5/5
The biog
Name: Abeer Al Bah
Born: 1972
Husband: Emirati lawyer Salem Bin Sahoo, since 1992
Children: Soud, born 1993, lawyer; Obaid, born 1994, deceased; four other boys and one girl, three months old
Education: BA in Elementary Education, worked for five years in a Dubai school
COMPANY%20PROFILE
%3Cp%3EFounder%3A%20Hani%20Abu%20Ghazaleh%3Cbr%3EBased%3A%20Abu%20Dhabi%2C%20with%20an%20office%20in%20Montreal%3Cbr%3EFounded%3A%202018%3Cbr%3ESector%3A%20Virtual%20Reality%3Cbr%3EInvestment%20raised%3A%20%241.2%20million%2C%20and%20nearing%20close%20of%20%245%20million%20new%20funding%20round%3Cbr%3ENumber%20of%20employees%3A%2012%3C%2Fp%3E%0A
Signs%20of%20%20%20%20%20%20%20heat%20stroke
%3Cul%3E%0A%3Cli%3EThe%20loss%20of%20sodium%20chloride%20in%20our%20sweat%20can%20lead%20to%20confusion%20and%20an%20altered%20mental%20status%20and%20slurred%20speech%3C%2Fli%3E%0A%3Cli%3EBody%20temperature%20above%2039%C2%B0C%3C%2Fli%3E%0A%3Cli%3EHot%2C%20dry%20and%20red%20or%20damp%20skin%20can%20indicate%20heatstroke%3C%2Fli%3E%0A%3Cli%3EA%20faster%20pulse%20than%20usual%3C%2Fli%3E%0A%3Cli%3EDizziness%2C%20nausea%20and%20headaches%20are%20also%20signs%20of%20overheating%3C%2Fli%3E%0A%3Cli%3EIn%20extreme%20cases%2C%20victims%20can%20lose%20consciousness%20and%20require%20immediate%20medical%20attention%3C%2Fli%3E%0A%3C%2Ful%3E%0A
Essentials
The flights
Emirates and Etihad fly direct from the UAE to Geneva from Dh2,845 return, including taxes. The flight takes 6 hours.
The package
Clinique La Prairie offers a variety of programmes. A six-night Master Detox costs from 14,900 Swiss francs (Dh57,655), including all food, accommodation and a set schedule of medical consultations and spa treatments.
Company%20profile
%3Cp%3E%3Cstrong%3ECompany%3A%20%3C%2Fstrong%3EWafeq%3Cbr%3E%3Cstrong%3EStarted%3A%20%3C%2Fstrong%3EJanuary%202019%3Cbr%3E%3Cstrong%3EFounder%3A%20%3C%2Fstrong%3ENadim%20Alameddine%3Cbr%3E%3Cstrong%3EBased%3A%20%3C%2Fstrong%3EDubai%2C%20UAE%3Cstrong%3E%3Cbr%3EIndustry%3A%20%3C%2Fstrong%3Esoftware%20as%20a%20service%3Cbr%3E%3Cstrong%3EFunds%20raised%3A%20%3C%2Fstrong%3E%243%20million%3Cbr%3E%3Cstrong%3EInvestors%3A%20%3C%2Fstrong%3ERaed%20Ventures%20and%20Wamda%2C%20among%20others%3C%2Fp%3E%0A
Ticket prices
- Golden circle - Dh995
- Floor Standing - Dh495
- Lower Bowl Platinum - Dh95
- Lower Bowl premium - Dh795
- Lower Bowl Plus - Dh695
- Lower Bowl Standard- Dh595
- Upper Bowl Premium - Dh395
- Upper Bowl standard - Dh295
