Microsoft Subnet An independent Microsoft community View more

In defense of Microsoft's leak investigation

Some people may be upset with Microsoft for going into the leaker's email account, but it had no choice.

By now, you've probably heard about the former Microsoft employee arrested for spilling trade secrets to a French website, and the impact it has had throughout the underground community that thrived on leaks. How Microsoft was able to get him might be trust-damaging to some, but not to me.

Alex Kibkalo, a Russian national who worked at Microsoft's Lebanon office and left Microsoft in 2012, is accused of leaking pre-release software updates for Windows RT and activation key technology for Microsoft software to a French blogger in July and August 2012. According to a criminal complaint filed with the U.S. District Court in Seattle, Kibkalo was apparently angry at a prior poor performance evaluation and retaliated in this way. (Stack ranking strikes again.)

The indictment claims Kibkalo fed information, screenshots, and builds of Windows 8 to an unnamed "French blogger," although it's believed that site was the now-defunct WinUnleaked.tk, which was French despite the Tokelau domain. That site had a ridiculous amount of information on Windows 8 all through its development.

Here's where it gets interesting. The popular Russian leaker group Wzor has also gone silent. Wzor had a great track record, and it's been leaking information since the Vista days, through Windows 7 and into Windows 8.

But in the blink of an eye, Wzor has shut down his/their blog, which was hosted on LiveJournal, a Russian-owned blogging site, and his Twitter feed is suddenly gone. Why Wzor would vanish like that is a mystery because his/their work predates Kibkalo by years. It's also a bummer for me because it was a great source.

Here's what I find stunning - Microsoft caught the guy because he was using their services to do his dirty work. ZDNet's Ed Bott documented how Kibkalo used MSN Messenger, SkyDrive, and Hotmail.com to coordinate the leaks. All they had to do was search through their own network and his Hotmail account to catch him.

Seriously, Kibkalo, turn in your hacker card.

Around September 2012, the person running WinUnleaked.tk, who went by the name Canouna, sent an email to a person in Redmond that allegedly contained some stolen code from the Microsoft Activation Server SDK, asking if the recipient could help him "better understand its contents." The source contacted Steven Sinofsky instead.

Ever hear stories of moronic drug dealers who contact the cops when someone steals their dope? Yeah, this is the high-tech equivalent.

From that point, Microsoft’s Office of Legal Compliance (OLC) approved content pulls of the blogger’s Hotmail account. Yes, they have permission to do that. You accepted it when you signed up for Hotmail. From there, they found evidence in his SkyDrive and Hotmail accounts. The fact that it took another 18 months to pull the trigger and arrest Kibkalo shows the careful deliberation Microsoft took. And maybe a little red tape along the way.

There's a mindset out there that unfashionable companies, those that are OK to dislike, have no right to defend themselves. I've read some amazing things over the weekend regarding Microsoft's actions. They didn't do this on a hunch or a fishing expedition. They had clear evidence that someone internally was leaking intellectual property and every right to find out who it was.

Bott correctly points out that if Kibkalo had used DropBox and Gmail, Microsoft would have gone for court orders and gotten them. This is significant IP theft, and a court is going to side with Microsoft on this one. They didn't have a hunch; they had a solid lead because Canouna was stupid enough to mail them.

Canouna and Kibkalo were stupid, not to mention engaging in criminal activity. They got what they deserved. But man, I'm going to miss Wzor.

To comment on this article and other Network World content, visit our Facebook page or our Twitter stream.
Must read: Hidden Cause of Slow Internet and how to fix it
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.