Follow us:

Microsoft Pri0

Welcome to Microsoft Pri0: That's Microspeak for top priority, and that's the news and observations you'll find here from Seattle Times technology reporter Matt Day.

March 19, 2014 at 6:22 PM

Former Microsoft employee arrested on charges of stealing trade secrets

FBI agents today arrested a former Microsoft employee on charges that he stole Microsoft trade secrets and leaked them to a blogger.

Federal prosecutors are accusing Alex A. Kibkalo of stealing trade secrets related to pre-release software updates for Windows 8 and Microsoft’s “Activation Server Software Development Kit” (SDK), and giving that information to a tech blogger in France.

Kibkalo is a Russian national and former 7-year Microsoft employee who worked as a software architect in Lebanon, according to a complaint filed Monday in U.S. District Court in Western Washington.

Kibkalo could not be reached for comment Wednesday.

Federal agents arrested Kibkalo this morning in Bellevue, where he was apparently traveling. He currently lives in Russia, according to the complaint.

The complaint says Microsoft had done its own internal investigation and concluded that in July and August 2012 Kibkalo had uploaded the proprietary software to a computer in Redmond and then to his personal SkyDrive account.

From there, Kibkalo allegedly provided the blogger with links to the files on his SkyDrive account and encouraged the blogger to share the software development kit with others “who might be able to reverse engineer the software and write ‘fake activation server’ code,” the complaint says.

An FBI agent said in the complaint that Microsoft investigators interviewed Kibkalo in September 2012, and Kibkalo admitted he had provided confidential Microsoft products and information to the blogger, including “internal unreleased ‘hotfixes’ for Windows 8, ‘code for the PID generator’ (a technical description of the SDK), unreleased versions of Windows Live messenger and documents and presentations about products.”

The Windows 8 hotfixes were intended to update and correct critical operating system flaws prior to the release of the operating system. The Activation Server Software Development Kit, which was used for product key validation and distributed only for teams inside Microsoft, “could help a hacker trying to reverse engineer the code,” a Microsoft manager is quoted as saying in the complaint.

The complaint also notes that Kibkalo had received a poor performance review in 2012.

Microsoft found out about Kibkalo when on Sept. 3, 2012, an outside source who asked not to be identified contacted Microsoft saying that he/she had been contacted by the blogger. The blogger had sent the source the proprietary Microsoft code, asking the source to help the blogger understand it better, the complaint says.

The source said the blogger used a Microsoft Hotmail email account to make that contact. After receiving approval from Microsoft’s Office of Legal Compliance, the company pulled content from the blogger’s Hotmail account, which subsequently revealed email from Kibkalo’s Windows Live Messenger account to the blogger which included the Windows 8 hotfixes, according to the complaint.

Microsoft provided the FBI with the results of its internal investigation in July 2013, according to FBI agent Armando Ramirez III.

The blogger to whom Kibkalo allegedly provided the information is unnamed in the complaint but “was known to those in the Microsoft blogging community for posting screenshots of pre-release versions of the Windows Operating System.” That blogger “deliberately hid his identity,” the complaint says.

The blogger allegedly admitted in an interview to “knowingly obtaining confidential and proprietary Microsoft IP from Kibkalo, and selling Windows Server activation keys on eBay,” according to the complaint, which also says computer files found in the blogger’s home showed the blogger trying to get Kibkalo to find pre-release software, attempting to use Kibkalo’s corporate network access to access Microsoft servers, and discussing Kibkalo leaking data.

Microsoft issued a statement today, saying: “We take protection of our intellectual property very seriously, including cooperating with law enforcement agencies who are investigating potential criminal actions by our employees or others.”




Comments | More in Microsoft | Topics: alex kibkalo


No personal attacks or insults, no hate speech, no profanity. Please keep the conversation civil and help us moderate this thread by reporting any abuse. See our Commenting FAQ.

The opinions expressed in reader comments are those of the author only, and do not reflect the opinions of The Seattle Times.

The Seattle Times

The door is closed, but it's not locked.

Take a minute to subscribe and continue to enjoy The Seattle Times for as little as 99 cents a week.

Subscription options ►

Already a subscriber?

We've got good news for you. Unlimited content access is included with most subscriptions.

Subscriber login ►
The Seattle Times

To keep reading, you need a subscription upgrade.

We hope you have enjoyed your complimentary access. For unlimited access, please upgrade your digital subscription.

Call customer service at 1.800.542.0820 for assistance with your upgrade or questions about your subscriber status.

The Seattle Times

To keep reading, you need a subscription.

We hope you have enjoyed your complimentary access. Subscribe now for unlimited access!

Subscription options ►

Already a subscriber?

We've got good news for you. Unlimited content access is included with most subscriptions.

Activate Subscriber Account ►