Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Ex-Microsoft employee arrested, accused of stealing Windows RT, product activation secrets

Gregg Keizer | March 21, 2014
Big mistake: Allegedly used Hotmail, SkyDrive to share trade secrets with French blogger.

A former Microsoft employee accused Wednesday of leaking Windows RT updates and software that validates product key codes faces federal criminal charges of stealing trade secrets.

Alex Kibkalo, identified on his LinkedIn profile as director of product management at Beverly, Mass.-based 5nine Software, was arrested yesterday, according to the Seattle Post-Intelligencer, which first reported on the charges.

While he worked at Microsoft, Kibkalo allegedly leaked pre-release software updates for Windows RT, the tablet-specific operating system, to a French blogger in July and August 2012, months before its official release. The FBI, which was called into the case after a Microsoft investigation, also alleged that Kibkalo provided the same blogger with the Activation Server SDK (software development kit), internal-only code to create the activation systems which validate product keys, Microsoft's primary anti-piracy technology.

Kibkalo, a Russian national and at the time working for Microsoft in its Lebanon office, was apparently angry at a prior poor performance evaluation, and struck back by leaking the software, FBI Special Agent Armando Ramirez wrote the court in a criminal complaint filed with the U.S. District Court in Seattle on Monday.

After allegedly sharing the information with the unidentified French blogger -- who Microsoft had already been monitoring because of leaks published on the blogger's Twitter account and blog -- Kibkalo encouraged the blogger to contact a hacker who could use the Activation Server SDK to write a fake product key activation server.

The blogger subsequently posted screenshots and other information about the unreleased Windows software, and tried to sell Windows Server activation keys on eBay, said Ramirez.

Microsoft first got wind of Kibkalo's alleged theft in September 2012 when a source claimed that the blogger had shared the Activation Server SDK code, asking the source to help verify its legitimacy and assist the blogger to better understand the SDK. The source, also unnamed in the complaint, then contacted Steven Sinofsky, at the time the head of Windows development, but ousted from the company in November 2012.

Microsoft kicked off an internal investigation of the blogger, beginning with the bloggers Hotmail email account. Hotmail was renamed in mid-2013.

"After confirmation that the data was Microsoft's proprietary trade secret, on September 7, 2012, Microsoft's Office of Legal Compliance (OLC) approved content pull of the blogger's Hotmail account," wrote Ramirez.

Email from Kibkalo's own Hotmail account was discovered in the blogger's inbox. Further digging, presumably on Microsoft instant chat service, found messages between Kibkalo and the blogger.

"The sample code in Kibkalo's accounts was the same sample code that the Microsoft source received from the blogger, prompting Microsoft's investigation," Ramirez told the court.

Microsoft's Trustworthy Computing Investigations (TWCI), a Microsoft department tasked to protect the company from both outside hackers and internal leakers, interviewed Kibkalo in September 2012, when he allegedly admitted that he "leaked confidential and proprietary Microsoft information, products and product-related information to the blogger," the charge sheet stated.


1  2  Next Page 

Sign up for CIO Asia eNewsletters.