A former Microsoft Corp. (MSFT) employee was charged with stealing the software maker’s trade secrets, including code for a program to protect against copyright infringement, and leaking them to a blogger in France.
Alex Kibkalo, a Russian national, was arrested yesterday and ordered held without bail, according to federal court filings in Seattle. He admitted to Microsoft’s investigators that he provided the confidential information to the blogger, according to the criminal complaint filed by U.S. prosecutors.
Microsoft was alerted to the theft in 2012 by an individual, who asked that his identity wouldn’t be disclosed and who had been contacted by the blogger to help examine code for the Microsoft Activation Server Software Development Kit, a product developed for internal Microsoft use only, according to the complaint.
The company’s internal investigation traced the leaked information to Kibkalo, a seven-year employee who was working as a software architect in Lebanon, prosecutors said. He has been working for another U.S. technology company after he returned to Russia, according to the criminal complaint.
The Center for Responsible Enterprise & Trade, a Washington-based advocacy organization headed by former Microsoft Deputy General Counsel Pamela Passman, in February released a study on the economic effects of trade-secret theft. The study identified “malicious insiders” as one of five categories of potential misappropriators of trade secrets. The others were nation states, competitors, transnational organized crime and what the report’s authors called “hactavists.”
As part of the company’s internal investigation, Microsoft accessed the blogger’s Hotmail account, which contained e-mail messages from Kibkalo with pre-release “hot fixes” for Windows 8 for mobile devices that weren’t publicly available, according to the criminal complaint.
“While Microsoft’s terms of service make clear our permission for this type of review, this happens only in the most exceptional circumstances,” the company said today in a statement. “We apply a rigorous process before reviewing such content.”
Microsoft Deputy General Counsel John Frank said in a separate statement that the company can’t obtain a court order to search its own data, as it did when it accessed the blogger’s Hotmail account.
The company ensures it meets the same criteria as would be needed for a court order by using a legal team not involved in the investigation to determine whether there’s sufficient evidence of a crime, according to the statement. Going forward, the company will also submit the evidence to an outside attorney who is a former federal judge to ensure there’s sufficient evidence, Frank said.
Russell Leonard, a federal public defender representing Kibkalo, didn’t respond to phone messages seeking comment on the case.
The case is U.S. v. Kibkalo, 14-mj-00114, U.S. District Court, Western District of Washington (Seattle).
To contact the reporters on this story: Edvard Pettersson in Federal court in Los Angeles at
To contact the editors responsible for this story: Michael Hytha at email@example.com Peter Blumberg