Windows 2000 Port Invites Intruders

Exploiting a hole in Windows 2000, a hacker says he penetrated Microsoft's
corporate network earlier this month and had full access to hundreds of
the company's computers. 

The security breach, which took place over a six-day period beginning
August 12, involved a shopping server that was part of the Microsoft
Network in Europe, as well as scores of workstations and servers located
overseas, he says. A list of the vulnerable machines was provided to
Newsbytes by the anonymous intruder, a self-proclaimed white-hat hacker
who uses the nickname "Benign." 

Microsoft officials refused to comment on the incident, noting that the
company does not confirm or deny whether an unauthorized intrusion into
its network has occurred. 

But a security expert who reviewed specific details of the penetration
said the break-in appeared realistic. 

"It looks plausible. He was brazen, but a bit impressive too," said Jeff
Forristal, lead security developer at Neohapsis, a Chicago, Illinois-based
network and security consulting firm. 

To breach one of the most heavily defended networks on the planet, the
intruder says he did not exploit any known or new software bugs, nor did
he use any special hacking tools. Instead, Benign claims to have virtually
strolled into the systems' back door, using Windows 2000's TCP port 445,
which is open by default to allow file sharing with remote systems. 

Benign said his entry was unimpeded by authentication; all of the
computers had no password or used the word "password" for accessing the
systems' administrative accounts. 

According to the intruder, who says he worked alone and doesn't belong to
a hacking group, two insecure Windows 2000 (Win2K) systems on the
periphery of Microsoft's network were used to gain entry to the company's
firewalled corporate network. 


main page ATTRITION feedback