A former Microsoft employee has recently been arrested for leaking copies of Windows 7 and Windows 8 to the Internet and although the software giant initially refused to provide too many details on the case, new information are now surfacing and actually raising more questions.
According to the initial report on the matter, a former Microsoft employee called Alex Kibkalo collaborated with a French blogger, reportedly known online as Canouna, to release information regarding new Windows projects to the web.
At the same time, it appears that Kibkalo also leaked a copy of Microsoft’s Activation Server Software Development Kit, which can be used to generate keys for Windows copies.
Information that emerged this morning, however, claims that Microsoft actually discovered who the leaker is by getting into his Hotmail account and accessing conversation with the French blogger.
Court documents show that the blogger contacted a source from Microsoft to find out whether the leaked details provided by Kibkalo are accurate or not. The Microsoft source, in his turn, contacted former Microsoft Windows boss Steven Sinofsky who then contacted the Trustworthy Computing Initiative to look into the matter.
In the end, Microsoft decided to look into the original Hotmail account used by the French blogger to find out who he was talking out, coming across conversations that revealed the identity of the original leaker.
Here’s what the indictment reveals:
“An e-mail from Microsoft employee ALEX KIBKALO was found within the blogger’s Hotmail account which established that KIBKALO shared confidential Microsoft information and data with the blogger through KIBKALO’s Windows Live Messenger account, firstname.lastname@example.org.
Specifically, on or around July 31, 2012, KIBKALO used his email@example.com e-mail account to send the blogger an email with the subject line of ‘Alex A. has shared a folder with you’. That e-mail contained six zip files of pre-release ‘hot fixes’ for Windows 8 RT for ARM devices, which KIBKALO made accessible through his SkyDrive account. The fixes were not publicly available, as Microsoft had not yet released Windows 8.”
While looking into users’ emails is clearly an issue of privacy, Microsoft clearly had a reason to access this email account, especially because it had evidence that a company employee was leaking trade secrets that obviously affected its business.
Of course, the problem wasn’t necessary that the fact the leaker posted screenshots and other information on the web, but that he published a copy of Microsoft’s Activation Server Software Development Kit, which means that licenses for Windows operating systems could be revealed online.