Hotmail-gate: Windows 8 code leaker pleads guilty to theft of trade secrets
On the bright side, he's won our world's worst software pirate prize
A former Microsoft employee accused of leaking prerelease Windows 8 software has pleaded guilty to stealing the company's trade secrets.
Alex Kibkalo, a Russian national who spent seven years as a Microsoft employee in Russia and Lebanon, was arrested in Seattle, US, in March on charges that he shared proprietary Microsoft code with an unnamed French tech blogger.
The software architect was accused of dishing out unreleased updates for the Windows 8-based RT operating system and a copy of the Microsoft Activation Server Software Development Kit – hackers could circumvent Redmond's anti-piracy measures if they got their hands on said kit, prosecutors said.
While still a Microsoft employee, Kibkalo emailed the sensitive files to the blogger's Microsoft-provided Hotmail account. The company's anti-leak team, in search of evidence, secretly went through the blogger's private inbox after receiving a tipoff, found the leaked data, and alerted the FBI. Microsoft has since rewritten its Hotmail T&Cs following outcry by privacy activists.
If found guilty at trial, Kibkalo could have faced a prison sentence of up to ten years, plus a maximum fine of $250,000. On Monday, his attorney entered a guilty plea in a US federal court in Seattle in exchange for a significantly reduced sentence.
The plea agreement [PDF], which was negotiated with federal prosecutors but has yet to be approved by a judge, recommends a three-month prison term, plus restitution of $22,500 to be paid to Microsoft.
It also stipulates, however, that should Kibkalo engage in any further "illegal activity," the court can nullify the agreement and prosecutors can potentially file additional charges against him.
Such plea negotiations are a common tactic used by prosecutors, but they are not legally binding on the court, which could still choose to impose a harsher sentence.
Kibkalo's formal sentencing hearing is scheduled to take place at 9am Pacific Time on July 1. ®
Sponsored: Network DDoS protection