Aggrieved ex-Microsoft techie leaks Windows 8 and piracy code
Insider attack; Unauthorized use of employer’s data
The seven-year company veteran apparently was angry over a poor performance review.
Software architect Alex Kibkalo used Microsoft’s Hotmail consumer webmail to communicate with a technology blogger and share the trade secrets.
In addition to releasing Windows 8 code ahead of the product’s release, he stands accused of exposing Microsoft’s “Activation Server Software Development Kit,” a propriety system used to prevent the unauthorized copying of Microsoft programs.
“He is said to have admitted to passing the information to the blogger – unidentified in charging papers – after a meeting in an online forum,” Seattle P-I reports.
A Microsoft manager said the kit “could help a hacker trying to reverse engineer the code” used to protect against software piracy, according to charging papers.
The blogger sent the stolen kit code to a Microsoft employee for verification. The worker went to a Microsoft executive instead.
The idea, or Kibkalo’s idea, was for the blogger to share the kit online so others could pirate Microsoft products.
While searching the blogger’s account, company investigators found an email from Kibkalo in which he shared Windows 8 “hot fixes” through an online hosting system. Investigators also claim to have recovered instant messages Kibkalo exchanged with the blogger proving Kibkalo was sharing trade secrets illegally:
“I would leak enterprise today probably,” Kibkalo told the blogger during an Aug. 2, 2012 exchange, according to charging papers.
“Hmm,” the blogger replied. “Are you sure you want to do that? Lol.”
Told the leak would be “pretty illegal,” Kibkalo is alleged to have responded “I know :)”
ThreatWatch is a regularly updated catalog of data breaches successfully striking every sector of the globe, as reported by journalists, researchers and the victims themselves.
March 19, 2014
Link to report
location of breach
Washington, United States
location of perpetrators
Washington , United States
date breach occurred
date breach detected