Explainer: where, how and why would China get the source code to Microsoft's Windows?

The source code of Microsoft's Windows operating system, the most widely used desktop operating system in the world - used on about 90% of PCs - is one of the most valuable pieces of intellectual property in the western world. The source code is a human-readable set of around 50m lines (for Windows XP, released in 2001) to 75m lines (for Windows Vista) is what is used to "build" or "compile it" into machine-readable code the Windows program that runs those computers.

Microsoft does not normally release the code to anyone, because it makes its money from licensing the compiled code to computer makers and end users. It has provided limited access to very special customers, but it would not release the whole code - at least not willingly.

But Microsoft suffered an electronic break-in in October 2000, when for four months hackers had access to the whole of the company's internal systems - an attack very like that later aimed at Google in China. The method was almost identical: a staff member received an email containing a "Trojan horse" program which let outsiders gain control of the machine, and from there traverse the network and access the repository with the Windows source code.

The US Federal Bureau of Investigation (FBI) was called in. At the time Steve Ballmer, the president and newly-appointed chief executive, admitted that the hackers had seen the source code for Windows - which implies that there were able to copy it.

"It is clear that hackers did see some of our source code," he said then. "But I can assure you that we know that there has been no compromise of the integrity of the source code that it has not been modified or tampered with in any way."

The initial suspicion was that the 2000 electronic break-in was done by Russian hackers, because the compromised machine was contacting others in St Petersburg. But even if Russian hackers were behind the initial break-in, they could have sold the code to China.

China's security services would want the code not to be able to make illegitimate copies of Windows, but in order to find weaknesses in it that they could exploit in further hacker attacks. While the code for Windows has changed substantially between XP and Vista, and its successor Windows 7, many of the basic processes - and so code - will be unchanged in the past ten years, affording specialist hackers the opportunity to find previously unknown weaknesses with ease. Such "zero-day" vulnerabilities are the weapons of the hacker, who can use them to infect and control other machines at will.

0 Comment



Captcha image