Microsoft catches alleged leaker by searching private Hotmail account
FBI agents arrested a former Microsoft employee Wednesday for allegedly stealing the company’s trade secrets and sharing them with a blogger.
Prosecutors say Alex Kibkalo, a Russian national who spent seven years working for Microsoft, leaked the information to a French tech blogger in July and August 2012. The leak included source code for Windows 8 before the product was released to the public, as well as a kit that could be used to activate the software.
Perhaps the most-bizarre aspect of the case: The unnamed blogger led Microsoft to Kibkalo by keeping the data in his account on Hotmail, Microsoft's own email service.
According to a criminal complaint filed by an FBI special agent earlier this week in federal court in Seattle, an anonymous source told Microsoft that the blogger had used a Hotmail account to contact him for help interpreting the leaked code. Microsoft then searched the blogger’s account and allegedly found an email from Kibkalo with six zip folders containing the leaked material.
So MS caught the leaker of software nobody cares about and permanently damaged their reputation for privacy, which *everybody* cares about.— Matthew Green (@matthew_d_green) March 20, 2014
Microsoft’s service agreement states that the company can use content uploaded to its servers to “protect and improve Microsoft products and services.”
According to the criminal complaint, the FBI interviewed the blogger at his home, where the agency uncovered what it says are chat logs of conversations between Kibkalo and the blogger.
The logs appear to show Kibkalo encouraging the blogger to leak the software, to which the blogger offers a reply suggesting the action would be “crossing a line” and “pretty illegal lol.”
“I know :),” reads Kibkalo’s alleged response.
Kibkalo worked for Microsoft in its offices in Moscow and Lebanon before he resigned in 2012 after the company refused to amend a negative performance review, according to court documents. At the time of his arrest, Kibkalo was working as director of product management for the U.S.-based tech firm 5Nine Software, according to his LinkedIn profile.
A federal judge ordered Kibkalo to remanded to custody pending trial because his “ties to Russia” pose a risk of flight.
Update: Shortly after we published this story, a Microsoft spokesperson sent the following statement to the Daily Dot:
“During an investigation of an employee we discovered evidence that the employee was providing stolen IP, including code relating to our activation process, to a third party. In order to protect our customers and the security and integrity of our products, we conducted an investigation over many months with law enforcement agencies in multiple countries. This included the issuance of a court order for the search of a home relating to evidence of the criminal acts involved. The investigation repeatedly identified clear evidence that the third party involved intended to sell Microsoft IP and had done so in the past.
As part of the investigation, we took the step of a limited review of this third party’s Microsoft operated accounts. While Microsoft’s terms of service make clear our permission for this type of review, this happens only in the most exceptional circumstances. We apply a rigorous process before reviewing such content. In this case, there was a thorough review by a legal team separate from the investigating team and strong evidence of a criminal act that met a standard comparable to that required to obtain a legal order to search other sites. In fact, as noted above, such a court order was issued in other aspects of the investigation.”
Photo by medithIT/Flickr (CC BY 2.0)