Ex-Microsoft programmer arrested and charged with leaking Windows 8 code

A software architect who had worked for Microsoft for seven years was arrested today in Seattle by the Federal Bureau of Investigation. He is accused of, among other things, leaking code from Windows 8 prior to the operating system's launch in October 2012.

The Seattle Post-Intelligencer reports that the suspect, Alex Kibkalo, was charged with theft of trade secrets. The FBI claims that he leaked code from Windows 8 in mid-2012 to an unnamed French tech blogger, He is also accused of leaking the company's Activation Server Software Development Kit to the same blogger, which was made to help prevent unauthorized copies of Microsoft software.

The story says that internal Microsoft investigators found out about the leaks and interviewed Kibkalo, who reportedly admitted to his actions. Kibkalo was apparently not happy with a recent performance review of his work while at Microsoft.

In addition to the Windows 8 and the software activation kit, Kibkalo is also accused of leaking code from Windows 7 prior to its launch while he worked at Microsoft. He reportedly told the unnamed blogger that he snuck inside a building at the company's Redmond, Washington campus to copy the files.

Source: Seattle Post-Intelligencer | Image via Microsoft

Report a problem with article
Previous Story

'Flappy Bird' creator confirms he will release the game again, 'but not soon'

Next Story

New anti-social app 'Cloak' helps you hide from friends

68 Comments

Commenting is disabled on this article.

"You need more tails of Robin hood in your life son."

You must be thinking of the cartoon (fox) version; the "real" Robin Hood didn't have a "tail" in the normal sense of the word.

I would imagine MSFT knew it was this guy for quite some time but had to compile evidence so that he and his co-conspirators could be nailed on guilty. Obviouisly when they presented the evidence to him he confessed.
I`d imagine (don`t know for sure) that they weren`t hugely bothered by the ISO leaks but the activation kit or any source code (allthough unconfimed) would have really ticked them off and is probably why the FBI got involved...
More arrests to follow me thinks!

Why, isn't the PE format known? ReactOS seems to open them just fine. If you're referring to Linux and Wine, I might be wrong but as far as I know there's nothing legally preventing the OS from integrating clean-room reverse engineered Win32 APIs except of course why would they do so?

Izlude said,
Good! Maybe now someone can make an alternate OS that opens EXE files natively without silly add-on APIs.

Maybe you should do some reading up before you make incredibly daft comments? PE is well known about, the reason WINE and other programs aren't that great with windows software is because of the libraries and DLLs, all of which need to be manually RE-coded from scratch to the same standard of the native files using only open-source bases or fresh bases, you cannot just skank DLLs from windows, package them up and call it wine.

It's one thing to leak upcoming features that ordinary enthusiasts are excited about (although it's still technically giving the competition a small time-based advantage, among maybe other stuff, I dunno); but leaking code is just plain irresponsible. This code could be used in an attack or something. It's not like he's going to do anything remotely close to being productive, like leaking documents about corruption. The guy is in the wrong.

The thing that makes it even worst in this case is that it is codes of the operating system itself that was leaked not the iso that you install on your machine. That means that a good programmer or reverse engineer can use the codes to sell them to someone else that will use that to be part of there operating system or to create hacks or trojans or even worst.

If it was a copy of the iso that we install i would have said it is bad but not a major crime even if it is a crime in itself it is not major but in this case just because he was not happy with a review he got? omg total d**k He**. He will probably go to jail or wont be able to work in the field anymore. Who will hire someone like that?

if this guy was giving stuff to canouna then it wasn't source code but iso's. It is misleading to call it code when it has been compiled.

torrentthief said,
if this guy was giving stuff to canouna then it wasn't source code but iso's. It is misleading to call it code when it has been compiled.

They didn't specify if the code was human readable. Compiled code is still machine code. The law probably doesn't discriminate between the two. Both contain unreleased trade secrets.

It allowed rivals to reverse engineer or copy before Microsoft ever released or announced.

torrentthief said,
if this guy was giving stuff to canouna then it wasn't source code but iso's. It is misleading to call it code when it has been compiled.

It's already rumored this is how the Key Management Server activation got circumvented so soon and efficiently. It could be that he leaked server-side code so that building an emulator became child's play.

The guy was just trying to get his 15 minutes of fame like that Snowden dude and was hoping for protection from Russia! ;)

But, yeah, the guy needs to spend some time in the joint.

To the poster above (zikalify,) who says "He robbed from a multi-billion dollar company, they'll get over it"

What a stupid thing to say or think!

amnesiality said,
"to an unnamed French tech blogger"

His nickname was Canouna.

Yeah, this is a bit bigger than they are stating. Canouna used to be a huge source of leaks... if this is the guy feeding him the information, that's big.

amnesiality said,
"to an unnamed French tech blogger"

His nickname was Canouna.


The programmer is Russian and WZOR is Russian. The French blogger, as you say, most likely is Canouna. I also wonder if this is bigger than it may seem.

I just googled a bit, and what stuck out was how often Canouna reported stuff on behalf of WZOR.

Maybe the person he leaked the source to will release a customized version of windows 8.x with the metro code stripped out of it.


/s

Order_66 said,
Maybe the person he leaked the source to will release a customized version of windows 8.x with the metro code stripped out of it.


/s

give it up.

Biggest WTF is he's responsible for such a huge security breach, then joins as Director of Product Management for Security products at his next job.

Romero said,
Biggest WTF is he's responsible for such a huge security breach, then joins as Director of Product Management for Security products at his next job.

Working from prison might make the transition to a new job a bit problematic.

Mobius Enigma said,

Working from prison might make the transition to a new job a bit problematic.

He's been at the new job for seven months or so already.

Mobius Enigma said,

Working from prison might make the transition to a new job a bit problematic.


Who knows... You need a thief to catch a thief.....

Romero said,
He's been at the new job for seven months or so already.

Whoops, I missed that part.

Let's assume his upcoming jail time and the possibility he will be criminally forbidden from working in the same industry hurt his 'new' career.

Mobius Enigma said,
Let's assume his upcoming jail time and the possibility he will be criminally forbidden from working in the same industry hurt his 'new' career.
I certainly hope that's the case.

Kibkalo was apparently not happy with a recent performance review of his work while at Microsoft.

Well, it looks like his supervisor was right to give him what I assume is a low score on his performance review.

naap51stang said,
Win7, yeah, but going to jail for leaking Windows 8? FAIL!

This might be beyond your level of comprehension, but you're going to go to jail regardless of what was leaked. Doesn't matter if it's Windows 8 or its older, inferior predecessor.

Kibkalo was apparently not happy with a recent performance review of his work while at Microsoft.

Nah, I think they pretty much nailed it.

To be honest, i'm surprised this wasn't more common in the past at microsoft...

... or maybe it was and I just never saw it in the news.

Askew_ said,
To be honest, i'm surprised this wasn't more common in the past at microsoft...

... or maybe it was and I just never saw it in the news.

The same reason it isn't common at a company like Coke or Pepsi. Like with any trade secret, there is a lot of security, and the criminal penalties are severe. Even conspiring to leak trade secrets can land a person in jail rather easily.

Mobius Enigma said,

The same reason it isn't common at a company like Coke or Pepsi. Like with any trade secret, there is a lot of security, and the criminal penalties are severe. Even conspiring to leak trade secrets can land a person in jail rather easily.

True, but considering how long Microsoft has been in business and how much control they had in the PC market, i'm surprised one bad apple (no pun) didn't leak some of the source earlier, say Win9x. Anyone who would want to steal code would find a way...

Microsoft must have tighter control than I ever expected.

They were notoriously horrible in the past, however. That, of course, should make you leave the company if dissatisfied though, not leak code or products. :p This can't make it easy for him to find new jobs. Who will trust a guy who goes illegal if he's dissatisfied with something?

Northgrove said,
They were notoriously horrible in the past, however. That, of course, should make you leave the company if dissatisfied though, not leak code or products. :p This can't make it easy for him to find new jobs. Who will trust a guy who goes illegal if he's dissatisfied with something?

With the jail sentence he's probably facing I don't think hire-ability is on top of his worries at the moment...

Northgrove said,
They were notoriously horrible in the past, however. That, of course, should make you leave the company if dissatisfied though, not leak code or products. :p This can't make it easy for him to find new jobs. Who will trust a guy who goes illegal if he's dissatisfied with something?

Well if he just pitches a fit and does what he did, a bad performance review isn't the least bit surprising.

Enron said,
Good, he should be sentenced to code open source for 15 years in e-Gulag to repay his debts.

LOL you mean work for the Linux foundation? :D

law is not made to be broken. If you not happy with your performance reviews or your boss leave the company. I am pretty sure market is good for developers.

zikalify said,
He robbed from a multi-billion dollar company, they'll get over it.

Wow, really? Using your logic, then murder is ok in a highly populated city, too?

Additionally, theft of 'code' and 'trade secrets' can literally destroy or cripple the largest company. For example, if everyone could make Pepsi at home, the company would be become worthless overnight.

zikalify said,
He robbed from a multi-billion dollar company, they'll get over it.

The impact such things can have is substantial. As someone who was working on the product at the time, things like that were incredibly frustrating. Things like this mean you can't trust other employees at the company. At least he wasn't in Windows or a real engineer. But this is exactly the sort of thing that leads to teams not being able to share plans or code with other teams out of fear they'll leak ####. I'm glad they caught this guy and hope other would-be leakers take notice and think twice before ####ing with their hardworking colleagues.

zikalify said,
Why are you putting words in my mouth Mobius? Murder is never OK. Also they don't seem crippled to me.

I'm not putting words in your mouth, I'm just using your logic to demonstrate why it fails.

I'm no fan of greedy companies, but that doesn't make it legally or morally ok to treat them any different than the kind couple that runs a 'mom and pop' shop down the street.

As my old business law professor would say, "It doesn't matter if you would sleep with someone for one million dollars, or one dollar; either way you are still a hooker."

Ethics can't vary based on an amount or a personal bias, theft is theft.

zikalify said,
Why are you putting words in my mouth Mobius? Murder is never OK. Also they don't seem crippled to me.

Murder is never OK, but stealing is?

If you're going to steal, do it for a worthy cause. He didn't help humanity by stealing. It was simply selfish.

I didn't say that theft was OK, I said they will get over it, they will. Windows always leaks to the internet and Microsoft always make billions when they release the software. Look on the bright side of things, lets say that a windows XP user in China pirates this version of Windows and upgrades their computer, one less XP user!

Mobius Enigma said,

I'm not putting words in your mouth, I'm just using your logic to demonstrate why it fails.

I'm no fan of greedy companies, but that doesn't make it legally or morally ok to treat them any different than the kind couple that runs a 'mom and pop' shop down the street.

As my old business law professor would say, "It doesn't matter if you would sleep with someone for one million dollars, or one dollar; either way you are still a hooker."

Ethics can't vary based on an amount or a personal bias, theft is theft.

zikalify said,
I didn't say that theft was OK, I said they will get over it, they will. Windows always leaks to the internet and Microsoft always make billions when they release the software. Look on the bright side of things, lets say that a windows XP user in China pirates this version of Windows and upgrades their computer, one less XP user!

Again you are trying to split hairs that just don't split.

This isn't just about availability of pirated copies, this is actual CODE theft and SECURITY CODE theft. The more likely outcome is malware being released based on the code given away.

So using your XP user example, that person is able to install a malware filled version of Windows and be officially certified for upgrades that don't ever allow the malware to be removed. So his machine works like crap and fills your inbox with tons of SPAM and is used as a 'bot' to hack into military organizations and launch missiles killing you.

(Do you see how 'justification' can be used in other crazy ways that have a less favorable outcome?)

zikalify said,
He robbed from a multi-billion dollar company, they'll get over it.

It's still early in the day but so far this is the most idiotic thing I have read today and I'm almost done reading my news and blogs for the morning so that says a lot...

zikalify said,
I didn't say that theft was OK, I said they will get over it, they will. Windows always leaks to the internet and Microsoft always make billions when they release the software. Look on the bright side of things, lets say that a windows XP user in China pirates this version of Windows and upgrades their computer, one less XP user!

they might get over this case but they will never get over these kind of employees who think like you.