Former Microsoft Employee Arrested for Years of Code Leaks
posted Sunday Mar 23, 2014 by Scott Ertz
Over the last few generations of Windows software, there has been a scenario that most of us were surprised by: constant, up-to-date leaks of development builds. During the lead-up to Windows 7 and Windows 8, it seemed like every time the development team hit build, the installer was available online. While none of us knew exactly where the builds were coming from, it was clear someone inside the company, and someone inside the team, was responsible.
As it turns out, I was not the only one to know it was an employee on the team that was leaking the code, and the company has been investigating the problem for years. That investigation came to a head this week when former employee Alex Kibkalo was arrested in Seattle on March 19th. Microsoft has charged him with leaking pre-release versions of Windows 8 as well as the company's Activation Server Software, which is the technology that lets Microsoft protect their software. In addition, according to Seattle PI,
Investigators contend Kibkalo was also caught bragging about leaking Windows 7 program files, as well as an internal system meant to protect against software piracy.
So, while he has bragged about his involvement in the Windows 7 leaks, they investigators have not been able to actually pin it to him yet. The big question is, "how did someone inside of Microsoft manage to get away with releasing SO MUCH of Microsoft's code for SO LONG?" Apparently pure dumb luck.
As it turns out, the guy in question was not the brightest of individuals. His leaks were always directed at the same individual, an unnamed French blogger, who would then release them to the world in whatever means they used: usually BitTorrent. The only problem is that Kibkalo used his personal SkyDrive (now OneDrive) account to upload the code, and his personal Hotmail account to send the links to the blogger.
Now, while I applaud Kibkalo's unrelenting dedication to Microsoft and their technologies, it is probably a bad idea to steal from the company that writes your checks and, therefore knows who you are, and use their own monitored technology to make the handoff. An investigation into his OneDrive and Hotmail accounts is what finally sealed the deal.
It is believed that he leaked the code after a particularly negative personnel review. The review system in place at the time was controversial, to say the least. Based on the "stack ranking" concept, the review system forced supervisors to rank their subordinates in relation to one another. This forced developers who would be considered superstars at any other company to look like underperformers compared to the superstars of Microsoft, who are without comparison outside of the company. Before leaving his CEO post, Steve Ballmer saw the review system axed, but not before doing tremendous damage to the morale of the corporation.
