A former Microsoft employee was arrested by the FBI in Seattle on Wednesday and charged with leaking confidential company information. Alex Kibkalo is a Russian national who reportedly was angry because of a critical evaluation of his job performance.
In the arrest, first reported by the Seattle Post-Intelligencer, Kibkalo is accused of leaking Windows RT software code to an unidentified French tech blogger, as well as Windows 7 program files and information about an internal company anti-piracy system, an Activation Server Software Development Kit (SDK).
Activation Server SDK is used to create and validate Microsoft product keys. The complaint against Kibkalo was filed in U.S. District Court in Seattle on Monday by FBI Special Agent Armando Ramirez. Kibkalo has been detained because of a possible flight risk.
According to the FBI, the company approached the federal agency last summer after an internal investigation pointed to Kibkalo's leaks. Microsoft said that the SDK could be used to help reverse engineer protected code and that it was provided to a French blogger to help make Microsoft software more vulnerable to copying.
The complaint indicated Microsoft had already been following the French blogger because of leaks he had posted online, and because he tried to sell via eBay activation keys for Windows Server.
The company said Kibkalo admitted making the SDK available in a September 2012 interview with the company's Trustworthy Computing Investigations department, which is charged with protecting against internal information leakers as well as outside hacking attacks. He reportedly also admitted to sharing unreleased Windows programs, and internal memos and documents. Kibkalo was subsequently fired, although no charges were brought at that point. In summer 2013, he started working for Russia-based 5nine, a virtualization and security company.
Court documents show screen shots posted by the blogger of a pre-release Windows 8 version. In September 2012, the same blogger sent the SDK to an employee of Microsoft to verify its authenticity, and the employee took the request to management, including, according to the criminal complaint, then-head of Windows Steven Sinofsky.
The code was genuine, and Microsoft tried to track the blogger down through his Hotmail account, which was authorized by the company's Office of Legal Compliance once it was clear that the Microsoft's proprietary information was being revealed. As they did so, they found an e-mail from Kibkalo about the then-unreleased Windows 8, according to the FBI. The company has also said it has IMs between Kibkalo and the blogger that involve company secrets.
In other e-mails with the blogger, Kibkalo also reportedly gave details of how he surreptitiously entered Building 9 at Microsoft's Redmond headquarters, in order to copy software.
In one e-mail mentioned in the complaint, after Kibkalo offered the confidential Activation Server SDK, the blogger said, "That's crossing a line you know pretty illegal. lol." To which Kibkalo reportedly wrote back: "I know:)"