FBI agents today arrested a former Microsoft employee on charges that he stole Microsoft trade secrets and leaked them to a blogger.
Federal prosecutors are accusing Alex A. Kibkalo of stealing trade secrets related to pre-release software updates for Windows 8 and Microsoft’s “Activation Server Software Development Kit” (SDK), and giving that information to a tech blogger in France.
Kibkalo is a Russian national and former 7-year Microsoft employee who worked as a software architect in Lebanon, according to a complaint filed Monday in U.S. District Court in Western Washington.
Kibkalo could not be reached for comment Wednesday.
Federal agents arrested Kibkalo this morning in Bellevue, where he was apparently traveling. He currently lives in Russia, according to the complaint.
The complaint says Microsoft had done its own internal investigation and concluded that in July and August 2012 Kibkalo had uploaded the proprietary software to a computer in Redmond and then to his personal SkyDrive account.
From there, Kibkalo allegedly provided the blogger with links to the files on his SkyDrive account and encouraged the blogger to share the software development kit with others “who might be able to reverse engineer the software and write ‘fake activation server’ code,” the complaint says.
An FBI agent said in the complaint that Microsoft investigators interviewed Kibkalo in September 2012, and Kibkalo admitted he had provided confidential Microsoft products and information to the blogger, including “internal unreleased ‘hotfixes’ for Windows 8, ‘code for the PID generator’ (a technical description of the SDK), unreleased versions of Windows Live messenger and documents and presentations about products.”
The Windows 8 hotfixes were intended to update and correct critical operating system flaws prior to the release of the operating system. The Activation Server Software Development Kit, which was used for product key validation and distributed only for teams inside Microsoft, “could help a hacker trying to reverse engineer the code,” a Microsoft manager is quoted as saying in the complaint.
The complaint also notes that Kibkalo had received a poor performance review in 2012.
Microsoft found out about Kibkalo when on Sept. 3, 2012, an outside source who asked not to be identified contacted Microsoft saying that he/she had been contacted by the blogger. The blogger had sent the source the proprietary Microsoft code, asking the source to help the blogger understand it better, the complaint says.
The source said the blogger used a Microsoft Hotmail email account to make that contact. After receiving approval from Microsoft’s Office of Legal Compliance, the company pulled content from the blogger’s Hotmail account, which subsequently revealed email from Kibkalo’s Windows Live Messenger account to the blogger which included the Windows 8 hotfixes, according to the complaint.
Microsoft provided the FBI with the results of its internal investigation in July 2013, according to FBI agent Armando Ramirez III.
The blogger to whom Kibkalo allegedly provided the information is unnamed in the complaint but “was known to those in the Microsoft blogging community for posting screenshots of pre-release versions of the Windows Operating System.” That blogger “deliberately hid his identity,” the complaint says.
The blogger allegedly admitted in an interview to “knowingly obtaining confidential and proprietary Microsoft IP from Kibkalo, and selling Windows Server activation keys on eBay,” according to the complaint, which also says computer files found in the blogger’s home showed the blogger trying to get Kibkalo to find pre-release software, attempting to use Kibkalo’s corporate network access to access Microsoft servers, and discussing Kibkalo leaking data.
Microsoft issued a statement today, saying: “We take protection of our intellectual property very seriously, including cooperating with law enforcement agencies who are investigating potential criminal actions by our employees or others.”