recommended reading

Threatwatch

Aggrieved ex-Microsoft techie leaks Windows 8 and piracy code

Insider attack; Unauthorized use of employer’s data

The seven-year company veteran apparently was angry over a poor performance review.

Software architect Alex Kibkalo used Microsoft’s Hotmail consumer webmail to communicate with a technology blogger and share the trade secrets.

In addition to releasing Windows 8 code ahead of the product’s release, he stands accused of exposing Microsoft’s “Activation Server Software Development Kit,” a propriety system used to prevent the unauthorized copying of Microsoft programs.

“He is said to have admitted to passing the information to the blogger – unidentified in charging papers – after a meeting in an online forum,” Seattle P-I reports.

A Microsoft manager said the kit “could help a hacker trying to reverse engineer the code” used to protect against software piracy, according to charging papers.

The blogger sent the stolen kit code to a Microsoft employee for verification. The worker went to a Microsoft executive instead.

The idea, or Kibkalo’s idea, was for the blogger to share the kit online so others could pirate Microsoft products.

While searching the blogger’s account, company investigators found an email from Kibkalo in which he shared Windows 8 “hot fixes” through an online hosting system. Investigators also claim to have recovered instant messages Kibkalo exchanged with the blogger proving Kibkalo was sharing trade secrets illegally:

“I would leak enterprise today probably,” Kibkalo told the blogger during an Aug. 2, 2012 exchange, according to charging papers.

“Hmm,” the blogger replied. “Are you sure you want to do that? Lol.”

Told the leak would be “pretty illegal,” Kibkalo is alleged to have responded “I know :)”

ThreatWatch is a regularly updated catalog of data breaches successfully striking every sector of the globe, as reported by journalists, researchers and the victims themselves. 

sector

Technology

reported

March 19, 2014

reported by

Seattle Post-Intelligencer

number affected

Unknown

location of breach

Washington, United States

perpetrators

Employee

location of perpetrators

Washington , United States

date breach occurred

mid-2012

date breach detected

Summer 2012