Microsoft week ends with another attack
/v3-uk/news/1947410/microsoft-attack
29 Jan 2001, Jo Ticehurst , V3
Microsoft said it was the victim of a second denial of service attack that prevented some customers from accessing its website late Friday UK time.
The second attack rounded off a nightmare week for Microsoft in which its New Zealand website was hacked, an admin error blocked access to all its main websites for 24 hours, and it was attacked in an "attempt to interfere" with the routers in one of its internet data centres.
In a statement issued at around 10.15am PST (8.15pm GMT), Microsoft said the second attack was similar to the first, in which someone tried to block "legitimate" access to the company's websites by flooding network routers with large volumes of bogus requests - a denial of service attack.
Rick Devenuti, Microsoft vice president and chief information officer, said: "This attack was not an attempt at intrusion, and no customer data was compromised in any way."
He said all the company's sites were up and running normally again just over fours hours later.
Devenuti said Microsoft accepted full responsibility for all the attacks. "Through the experience of the past several days, we've learned some significant lessons."
He said that in the past, Microsoft had focused on the security of products it sold, rather than on the security of third-party products used in its networks.
"Through the painful lessons we've learned this week, we've already taken steps to change the architecture of our network infrastructure to improve its reliability and availability for customers."
Microsoft's network architecture has been strongly criticised by security experts in light of the outages.
Some of these steps already appeared to have been taken at the weekend as it was reported that network management company Akamai will operate four backup directories for Microsoft's major websites to help prevent outages.
Microsoft said it is continuing to work with the FBI to identify those responsible for the attacks.