Feeds

Hotmail-gate: Windows 8 code leaker pleads guilty to theft of trade secrets

On the bright side, he's won our world's worst software pirate prize

The essential guide to IT transformation

A former Microsoft employee accused of leaking prerelease Windows 8 software has pleaded guilty to stealing the company's trade secrets.

Alex Kibkalo, a Russian national who spent seven years as a Microsoft employee in Russia and Lebanon, was arrested in Seattle, US, in March on charges that he shared proprietary Microsoft code with an unnamed French tech blogger.

The software architect was accused of dishing out unreleased updates for the Windows 8-based RT operating system and a copy of the Microsoft Activation Server Software Development Kit – hackers could circumvent Redmond's anti-piracy measures if they got their hands on said kit, prosecutors said.

While still a Microsoft employee, Kibkalo emailed the sensitive files to the blogger's Microsoft-provided Hotmail account. The company's anti-leak team, in search of evidence, secretly went through the blogger's private inbox after receiving a tipoff, found the leaked data, and alerted the FBI. Microsoft has since rewritten its Hotmail T&Cs following outcry by privacy activists.

If found guilty at trial, Kibkalo could have faced a prison sentence of up to ten years, plus a maximum fine of $250,000. On Monday, his attorney entered a guilty plea in a US federal court in Seattle in exchange for a significantly reduced sentence.

The plea agreement [PDF], which was negotiated with federal prosecutors but has yet to be approved by a judge, recommends a three-month prison term, plus restitution of $22,500 to be paid to Microsoft.

It also stipulates, however, that should Kibkalo engage in any further "illegal activity," the court can nullify the agreement and prosecutors can potentially file additional charges against him.

Such plea negotiations are a common tactic used by prosecutors, but they are not legally binding on the court, which could still choose to impose a harsher sentence.

Kibkalo's formal sentencing hearing is scheduled to take place at 9am Pacific Time on July 1. ®

The essential guide to IT transformation

More from The Register

next story
Super Cali signs a kill-switch, campaigners say it's atrocious
Remote-death button bad news for crooks, protesters – and great news for hackers?
UK government accused of hiding TRUTH about Universal Credit fiasco
'Reset rating keeps secrets on one-dole-to-rule-them-all plan', say MPs
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Ex US cybersecurity czar guilty in child sex abuse website case
Health and Human Services IT security chief headed online to share vile images
Don't even THINK about copyright violation, says Indian state
Pre-emptive arrest for pirates in Karnataka
The police are WRONG: Watching YouTube videos is NOT illegal
And our man Corfield is pretty bloody cross about it
Felony charges? Harsh! Alleged Anon hackers plead guilty to misdemeanours
US judge questions harsh sentence sought by prosecutors
prev story

Whitepapers

A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.