Published court documents on Alexey Kibkalo
The story of the detention in the United States of a famous Russian developer, who is suspected of divulging Microsoft's trade secrets, was continued. Published the full text of the document filed in the court of the western district of Washington in Seattle. The document is dated March 17, 2014. The judge is Mary Alice Theiler.
The charge was filed with the phrase “theft of trade secrets,” especially the Activation Server SDK, and the violation of Section 18 of the US Code, Section 1832 (a) (2) and (a) (4). Punishment under these articles provides for imprisonment of up to 10 years.
The investigation was led by Special Agent Armando Ramirez III (Armando Ramirez III) from the FBI Operations Directorate in Seattle, who has eight years of experience in the FBI. In July 2013, Microsoft provided him with the results of an internal investigation, which revealed an unauthorized transfer of proprietary and confidential trade secrets from Alexei Kibkalo to a technology blogger in France (hereinafter referred to as a document simply as a “blogger”).
')
Among the transferred software were software updates for Windows 8 RT and ARM devices before their official release, Activation Server SDK, and so on. All this Alexey copied to a server in Redmond (Washington), to his personal Windows Live SkyDrive account to facilitate downloading.
Since the then Internet connection in the Microsoft corporate network in Lebanon was slow and unreliable, Aleksey installed a virtual machine on the Microsoft server in Redmond and used it to download “stolen Microsoft products” to your SkyDrive account. By the way, after five years of work in the Moscow office of Microsoft, the developer himself asked for a transfer to Lebanon, and his request was granted. However, in 2012, before the aforementioned events, managers assigned Alexey a low labor efficiency rating. He asked for a review of the rating, threatening dismissal. After refusing to revise the rating, the programmer submitted an application for resignation, and the events described occurred at about this time.
Copying the SDK took place on August 18, 2012. Kibkalo gave the blogger a link to the pidgenxsdk.rar file from his SkyDrive account and hinted that the program should be handed over to a hacker who can perform reverse engineering and write a “fake activation server”.
The further course of events is described in the previous article . We only note that for the correspondence with the blogger, Alexei used the mailbox on mail.ru and the Windows Live Messenger IM messenger. The blogger had a Hotmail account, to which the security department of Trustworthy Computing Investigations (TWCI)) immediately got access by asking for permission from the company's lawyers.
In a two-day interview with members of the security department on September 24, 2012, Kibkalo admitted that he passed on Microsoft's confidential information to a blogger through his SkyDrive account. Among the transferred files, he named a large number of Windows 8 hotfixes, code for the PID generator (SDK), unreleased versions of the Windows Live messenger, various documents and product presentations. In turn, the blogger, in a personal meeting with investigators, Microsoft acknowledged that he published information on Twitter and on his websites, and also sold activation keys to the Web Server on eBay.
The MSN chat history was found on the blogger's home computer, in which correspondence with akibkalo_at_mail.ru was preserved.
Below are fragments of correspondence from August 2, 3, 18, and 18 and 21 September 2012.
Judging by several circumstantial evidence, an unnamed French blogger may be Canouna, the owner of WinUnleaked.info, who disappeared in January 2013, and the site now has a redirect to Microsoft.com. For example, when the Windows 8 Enterprise build appeared on the Internet on August 3, 2012, Canouna publicly confirmed its authenticity. This may indicate that he had this build. The transfer of Enterprise was discussed in one of the fragments of Kibkalo's correspondence with an unnamed blogger.
By the way, shortly after the detention of Alexei yesterday, the most famous blog about leaks from Microsoft, the Russian-language Wzor.net, stopped working. At the same time deleted account WZorNET on Twitter. It is unclear how WZor is related to this case.
The charge was filed with the phrase “theft of trade secrets,” especially the Activation Server SDK, and the violation of Section 18 of the US Code, Section 1832 (a) (2) and (a) (4). Punishment under these articles provides for imprisonment of up to 10 years.
The investigation was led by Special Agent Armando Ramirez III (Armando Ramirez III) from the FBI Operations Directorate in Seattle, who has eight years of experience in the FBI. In July 2013, Microsoft provided him with the results of an internal investigation, which revealed an unauthorized transfer of proprietary and confidential trade secrets from Alexei Kibkalo to a technology blogger in France (hereinafter referred to as a document simply as a “blogger”).
')
Among the transferred software were software updates for Windows 8 RT and ARM devices before their official release, Activation Server SDK, and so on. All this Alexey copied to a server in Redmond (Washington), to his personal Windows Live SkyDrive account to facilitate downloading.
Since the then Internet connection in the Microsoft corporate network in Lebanon was slow and unreliable, Aleksey installed a virtual machine on the Microsoft server in Redmond and used it to download “stolen Microsoft products” to your SkyDrive account. By the way, after five years of work in the Moscow office of Microsoft, the developer himself asked for a transfer to Lebanon, and his request was granted. However, in 2012, before the aforementioned events, managers assigned Alexey a low labor efficiency rating. He asked for a review of the rating, threatening dismissal. After refusing to revise the rating, the programmer submitted an application for resignation, and the events described occurred at about this time.
Copying the SDK took place on August 18, 2012. Kibkalo gave the blogger a link to the pidgenxsdk.rar file from his SkyDrive account and hinted that the program should be handed over to a hacker who can perform reverse engineering and write a “fake activation server”.
The further course of events is described in the previous article . We only note that for the correspondence with the blogger, Alexei used the mailbox on mail.ru and the Windows Live Messenger IM messenger. The blogger had a Hotmail account, to which the security department of Trustworthy Computing Investigations (TWCI)) immediately got access by asking for permission from the company's lawyers.
In a two-day interview with members of the security department on September 24, 2012, Kibkalo admitted that he passed on Microsoft's confidential information to a blogger through his SkyDrive account. Among the transferred files, he named a large number of Windows 8 hotfixes, code for the PID generator (SDK), unreleased versions of the Windows Live messenger, various documents and product presentations. In turn, the blogger, in a personal meeting with investigators, Microsoft acknowledged that he published information on Twitter and on his websites, and also sold activation keys to the Web Server on eBay.
The MSN chat history was found on the blogger's home computer, in which correspondence with akibkalo_at_mail.ru was preserved.
Below are fragments of correspondence from August 2, 3, 18, and 18 and 21 September 2012.
Judging by several circumstantial evidence, an unnamed French blogger may be Canouna, the owner of WinUnleaked.info, who disappeared in January 2013, and the site now has a redirect to Microsoft.com. For example, when the Windows 8 Enterprise build appeared on the Internet on August 3, 2012, Canouna publicly confirmed its authenticity. This may indicate that he had this build. The transfer of Enterprise was discussed in one of the fragments of Kibkalo's correspondence with an unnamed blogger.
By the way, shortly after the detention of Alexei yesterday, the most famous blog about leaks from Microsoft, the Russian-language Wzor.net, stopped working. At the same time deleted account WZorNET on Twitter. It is unclear how WZor is related to this case.
Source: https://habr.com/ru/post/216575/
All Articles