Stories
Slash Boxes
Comments

SoylentNews is people

posted by LaminatorX on Thursday March 20 2014, @12:00PM   Printer-friendly
from the who-wanted-that? dept.

Rashek writes:

"Alex Kibkalo, an ex-Microsoft employee was just arrested for stealing and leaking company secrets.

Having spent seven years working for Microsoft, Kibkalo is alleged to have leaked Windows 8 code to a French technology blogger in mid-2012, prior to the software's release. Kibkalo was apparently angry over a poor performance review."

Related Stories

Microsoft Changes Policy on Email Reading 14 comments

Blackmoore writes:

SN reported last week the story of a search by Microsoft through a reporter's Hotmail account looking for evidence of stolen IP, which resulted in quite a bit of criticism for Microsoft's heavy-handed approach.

Mike Masnick at TechDirt reports that Microsoft and its legal team took the criticism seriously. Microsoft's General Counsel Brad Smith has now put out a new blog post announcing a complete change in policy, promising that it will not unilaterally look through any Microsoft user's content in search of "stolen" intellectual property. If such a search is thought necessary they will refer the matter to Law Enforcement.

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Funny) by wantkitteh on Thursday March 20 2014, @12:14PM

    by wantkitteh (3362) on Thursday March 20 2014, @12:14PM (#18851) Homepage Journal

    "Kibkalo was apparently angry over a poor performance review."

    Feature request for next Win8 SP - a sense of irony.

  • (Score: 5, Insightful) by grub on Thursday March 20 2014, @12:16PM

    by grub (3668) on Thursday March 20 2014, @12:16PM (#18852)

    med to be authentic, prompting corporate investigators to dredge the Hotmail account the blogger used to contact the Microsoft worker.[...] While searching the blogger’s account, Microsoft investigators found an email from Kibkalo
     
    What the hell? Microsoft now reserves the right to search through a person's hotmail account based on suspicion?
     
    Run your own email server if possible and PGP whenever possible, even if just muffin recipes.

    --
    Trolling is a art,
    • (Score: 4, Interesting) by MrGuy on Thursday March 20 2014, @12:58PM

      by MrGuy (1007) on Thursday March 20 2014, @12:58PM (#18859)

      Since this took place in the EU, is Microsoft guilty of violating privacy standards by reading personal e-mail without a court order?

      I recognize Hotmal servers are owned by Microsoft, but it feels like this is the sort of thing that they'd have needed a court order to troll through if the blogger happened to be using a Gmail or other provider's account.

      Or maybe Microsoft's TOS give them the right to troll through your e-mail whenever they think you might be damaging Microsoft in any way (even in a way totally unrelated to Hotmail)?

      Of course, if it was the US they could simply argue that "metadata" about who e-mailed who are simply "business records" that aren't personally identifying and obviously aren't an invasion of privacy...

      • (Score: 2) by mhajicek on Thursday March 20 2014, @03:27PM

        by mhajicek (51) on Thursday March 20 2014, @03:27PM (#18919)

        Company email can be read by the company. A MS employee using Hotmail is using company email.

        --
        The spacelike surfaces of time foliations can have a cusp at the surface of discontinuity. - P. Hajicek
        • (Score: 5, Informative) by MrGuy on Thursday March 20 2014, @04:05PM

          by MrGuy (1007) on Thursday March 20 2014, @04:05PM (#18934)

          The concern isn't about MS reading the MS employee's e-mail. What they read the BLOGGER'S e-mail account. The blogger happened to have/use a hotmail account to communicate with the MS employee.

          The question is whether MS reading a non-MS-employee's personal hotmail account because they suspected that person MIGHT have what MS considered confidential info is OK.

          • (Score: 1) by monster on Thursday March 20 2014, @06:02PM

            by monster (1260) on Thursday March 20 2014, @06:02PM (#18986) Journal

            As of employees' email, it depends of the specific country (different laws about it). For third parties, I think it is big no and may invalidate any evidence they got through it.

    • (Score: 5, Informative) by Sir Garlon on Thursday March 20 2014, @01:00PM

      by Sir Garlon (1264) on Thursday March 20 2014, @01:00PM (#18861)

      What the hell? Microsoft now reserves the right to search through a person's hotmail account based on suspicion?

      Yes. Read the Microsoft Services Agreement [microsoft.com], section 3.5. It's right there in black and white.

      Be careful what you agree to.

      --
      [Sir Garlon] is the marvellest knight that is now living, for he destroyeth many good knights, for he goeth invisible.
      • (Score: 4, Informative) by higuita on Thursday March 20 2014, @04:55PM

        by higuita (2465) on Thursday March 20 2014, @04:55PM (#18951)

        In Europe, TOS, internal rules, contracts, etc can not overpower national laws, they automatically became invalid.

        you can not sign a contract saying you want to be a slave or want to be tortured (but many companies try to do that)

        • (Score: 3, Informative) by Sir Garlon on Thursday March 20 2014, @06:01PM

          by Sir Garlon (1264) on Thursday March 20 2014, @06:01PM (#18985)

          The same is true in the US, it's just that the national laws are weaker.

          --
          [Sir Garlon] is the marvellest knight that is now living, for he destroyeth many good knights, for he goeth invisible.
    • (Score: 4, Insightful) by Dunbal on Thursday March 20 2014, @01:02PM

      by Dunbal (3515) on Thursday March 20 2014, @01:02PM (#18862)

      Not taking Microsoft's side here if they had no basis to do so, BUT - if it's a requirement for employees to use hotmail (which is owned by Microsoft) for internal and/or external communication, then this is no different than any other corporation going through its internal mail servers. You do know your IT department is "reading" your mail, right? Try to send porn pics or some other objectionable email through the company server and see how long it takes to be deleted and you summoned to your boss' office.

      • (Score: 2) by TheloniousToady on Thursday March 20 2014, @01:04PM

        by TheloniousToady (820) on Thursday March 20 2014, @01:04PM (#18863)

        Next time you try this experiment, just send the objectionable material directly to me. Then I'll have plausible deniability.

      • (Score: 5, Funny) by KritonK on Thursday March 20 2014, @02:10PM

        by KritonK (465) on Thursday March 20 2014, @02:10PM (#18890)

        You do know your IT department is "reading" your mail, right?

        Given that I am my company's IT department, they'd better be reading my mail!

        • (Score: 2) by Dunbal on Thursday March 20 2014, @06:20PM

          by Dunbal (3515) on Thursday March 20 2014, @06:20PM (#18995)

          Heh good one.

          True story. My wife's former boss insisted that he didn't real "emails" from anyone. He either communicated face to face or by phone, but not email. This, as a country manager for a Fortune 500 co. Long story short, my wife now works for another company at a higher level and with better pay. Some people actually try to get by without this whole newfangled e-mail thingie, apparently. But they're usually arse-holes.

    • (Score: 0) by Anonymous Coward on Thursday March 20 2014, @05:46PM

      by Anonymous Coward on Thursday March 20 2014, @05:46PM (#18979)

      The "cloud" is their computer, why not?

      How stupid for this idiot to use M$ services to try to get back at them.

    • (Score: 2) by Marand on Thursday March 20 2014, @06:42PM

      by Marand (1081) on Thursday March 20 2014, @06:42PM (#19014) Journal

      Run your own email server if possible and PGP whenever possible, even if just muffin recipes.

      And then never have to worry about anybody reading your emails, because they get marked as spam by Google/Microsoft/etc. unless you grease the right palms.

      I agree with you in principle, but aggressive spam filtering has led to this being a lot harder to maintain and use in practice.

      • (Score: 1) by bstamour on Friday March 21 2014, @01:39AM

        by bstamour (3803) <bryan@bryanstamour.com> on Friday March 21 2014, @01:39AM (#19131) Homepage

        I've been running a personal mail server for just over a year now, and I've had no issues with my emails being discarded. I regularly communicate with my thesis adviser (who uses gmail) as well as friends and family who all use various providers. As long as you've got your MX/SPF records in order, and you're not running an open relay, I see no issue with self-hosting.

        --
        Peace, love, and Unix
      • (Score: 2, Informative) by tftp on Friday March 21 2014, @02:31AM

        by tftp (806) on Friday March 21 2014, @02:31AM (#19137) Homepage

        they get marked as spam by Google/Microsoft/etc. unless you grease the right palms.

        I can only agree with bstamour - as long as you do simple measures, like having a static IP address and reverse DNS, you are good. I personally also publish a very aggressive DMARC policy: anything that pretends to be from me but does not pass SPF or DKIM checks is to be discarded. SPF only requires you to publish a simple record in DNS; DKIM for Postfix is free. Works great.

        I also run a similar setup (but with MS Exchange) for the business. DKIM for Exchange costs a few hundred dollars (one time fee for the software.) I tried several outsourced email providers, and they all were rejected, for one reason or another. You simply have no control; when something happens all you can do is to call the provider and beg them to look into the problem. I even have my own network of three DNS servers (at different IP addresses) because anything else is just testing your patience. The DNS at the domain registrar is controlled through the Web interface, does not work, and the tech support is just telling me that it's all OK and I have nothing to worry about - when I have a specific bug identified and presented to them. It was infinitely cheaper and easier to just deploy three boxes with BIND.

        I have three network accounts in my MUA. Two of them are on my servers, the third one is a 3rd party account. Guess which account fails now and then? People at hosting companies have no second thought about messing with the email system whenever it is convenient to them.

    • (Score: 2) by Open4D on Saturday March 22 2014, @12:12PM

      by Open4D (371) on Saturday March 22 2014, @12:12PM (#19671) Journal
      • (Score: 1) by grub on Saturday March 22 2014, @02:38PM

        by grub (3668) on Saturday March 22 2014, @02:38PM (#19703)

        Yep. I was lighting a torch and getting my pitchfork when others were making excused for MS... ;)

        --
        Trolling is a art,
  • (Score: 5, Insightful) by Thexalon on Thursday March 20 2014, @12:17PM

    by Thexalon (636) on Thursday March 20 2014, @12:17PM (#18853)

    Read 'em before you sign 'em. Know that violating one can cost you both a lot of money and quite possibly your career (because you've just shown that you are untrustworthy and vindictive).

    And never, ever, burn bridges on the way out the door of a company (which, if you're acting this way, you're on the way out). It's not that you expect to work directly for the people you're leaving behind, it's that those people know other people who you might want to work for, and so how you treat the company you're leaving has a big effect on your professional reputation.

    --
    The only thing that stops a bad guy with a compiler is a good guy with a compiler.
    • (Score: 3, Insightful) by Sir Garlon on Thursday March 20 2014, @01:12PM

      by Sir Garlon (1264) on Thursday March 20 2014, @01:12PM (#18867)

      And just generally, being a dick is bad. I know. I've been doing it for years. :-)

      --
      [Sir Garlon] is the marvellest knight that is now living, for he destroyeth many good knights, for he goeth invisible.
      • (Score: 5, Insightful) by Ethanol-fueled on Thursday March 20 2014, @01:23PM

        by Ethanol-fueled (2792) on Thursday March 20 2014, @01:23PM (#18871) Homepage

        There's absolutely nothing wrong with fucking over a corporation that would just as soon fuck you in the end if it meant saving a few pennies.

        That being said, its amazing how ignorant some people who work in the tech world and should know better still manage to get caught doing stupid shit like this. Instead of providing code, the idiot could have posted something more juicy, like internally-posted poor adoption numbers, or show-stopping bugs, etc.

        Or, better yet, contacting customers anonymously and telling them everything they needed to know about their having been swindled all these years. Or contacting their ISO auditor and pointing him exactly where he needs to look.

        • (Score: 4, Interesting) by TK on Thursday March 20 2014, @01:56PM

          by TK (2760) on Thursday March 20 2014, @01:56PM (#18887)

          A thousand times this. Sending an anonymous (or otherwise) tip to the local ISO auditor, or better yet OSHA, EPA or any other fear-inducing acronym can put most companies in a world of inconvenient pain, while you get away squeaky clean, because everybody working there knows about those violations, even if they don't talk about them.

          --
          The fleas have smaller fleas, upon their backs to bite them, and those fleas have lesser fleas, and so ad infinitum
    • (Score: 5, Insightful) by Grishnakh on Thursday March 20 2014, @01:19PM

      by Grishnakh (2831) on Thursday March 20 2014, @01:19PM (#18869)

      This is bullshit. What this guy did is not a crime, it's a tort. Why is it that when companies steal from you, they never go to jail, and you just have to sue them, but if you "steal" from them, you go to jail? It's bullshit.

      • (Score: 1, Redundant) by koreanbabykilla on Thursday March 20 2014, @01:57PM

        by koreanbabykilla (968) on Thursday March 20 2014, @01:57PM (#18888)

        This

      • (Score: 5, Informative) by MrGuy on Thursday March 20 2014, @04:33PM

        by MrGuy (1007) on Thursday March 20 2014, @04:33PM (#18939)

        If he'd taken a wad of cash out of a drawer from Microsoft and handed it to someone, it would be a tort (causing someone to suffer harm), but it would also be a crime (theft). It's not an either/or.

        You can argue "all intellectual property is theft!" if you like, but trade secrets and intellectual property laws exist, and some really do have criminal penalties.

        • (Score: 2) by Grishnakh on Thursday March 20 2014, @04:48PM

          by Grishnakh (2831) on Thursday March 20 2014, @04:48PM (#18945)

          My point is that corporations are allowed to steal with impunity. For instance, if you give a car dealership a deposit on a car, and then the deal falls through or you exercise your right to back out, they're under no obligation to return your deposit. You have to sue them for it (and good luck collecting on a judgment). How is that not theft? Why don't they go to jail for it?

          • (Score: 1) by emg on Thursday March 20 2014, @06:35PM

            by emg (3464) on Thursday March 20 2014, @06:35PM (#19008)

            "For instance, if you give a car dealership a deposit on a car, and then the deal falls through or you exercise your right to back out, they're under no obligation to return your deposit."

            Uh, that's kind of the point of a deposit, isn't it? You give them money so they don't sell the car to anyone else until you complete the purchase?

            What's the point if they'll just give the money back if you decide not to buy?

            • (Score: 2) by Grishnakh on Thursday March 20 2014, @07:07PM

              by Grishnakh (2831) on Thursday March 20 2014, @07:07PM (#19029)

              >What's the point if they'll just give the money back if you decide not to buy?

              Because that's part of the contract. Holy shit, you really think they can just keep your money? What if your financing falls through? What if there's something wrong with the car?

              • (Score: 1) by emg on Friday March 21 2014, @12:17AM

                by emg (3464) on Friday March 21 2014, @12:17AM (#19123)

                "Because that's part of the contract. Holy shit, you really think they can just keep your money? What if your financing falls through? What if there's something wrong with the car?"

                Well, yes. But if you get financing and the car is fine, you're going to buy it, so why would you complain that they keep the deposit if you then turn around and change your mind?

                • (Score: 2) by Grishnakh on Friday March 21 2014, @01:07PM

                  by Grishnakh (2831) on Friday March 21 2014, @01:07PM (#19269)

                  I'm not talking about that, and I really don't know what the law is in that case if you get to such a late stage. I'm talking about where you give them a down-payment, and then there's something wrong with the car upon inspection, or the financing falls through; you have every right to back out and get your money back.

    • (Score: 1) by crAckZ on Thursday March 20 2014, @02:24PM

      by crAckZ (3501) on Thursday March 20 2014, @02:24PM (#18899) Journal

      +1
      Great point. I know I wouldn't hire a program guilty of leaking code.

  • (Score: 3) by skullz on Thursday March 20 2014, @03:43PM

    by skullz (2532) on Thursday March 20 2014, @03:43PM (#18925)

    This guy leaked code he had given his word to protect, tried to break into a building to copy a server, leaked more code and bragged about it being illegal. Hate M$ as much as you want, that was pretty shady.

    And what was this instant messaging thing that he was chatting on? MSN Messenger? Doesn't he know that IRC is where you go to be untraceable?

  • (Score: 3, Funny) by bucc5062 on Thursday March 20 2014, @06:43PM

    by bucc5062 (699) on Thursday March 20 2014, @06:43PM (#19015)

    On Sept. 3, 2012, the blogger sent the stolen software development kit code to a Microsoft employee asking that he or she verify it, the FBI agent said in court papers. The worker went to a Microsoft executive instead.

    Sheesh! Both of them are a class of dim-bulbs. The one makes a copy (with some attempt to do harm), brags about it, acknowledges his "illegal" act on a public message board then if a fit of brilliance, confesses to the people he meant to damage. With this level of intelligence at MS, Windows 8 makes more sense.

    The the blogger has the hubris to reach out to MS to ask, "hey, I got this nice internal toolkit and can you verify it is an authentic internal security toolkit?". I would figure that the blogger could get sucked into this mess by accepting material (viewed as stolen) without reporting the crime. I am also thinking that since it crossed international borders the Feds may have a field day with this guy. If an activist can get 35+ years for downloading basically free material (then kills himself), this broken lightbulb may wind up rotting in some hole as an example to future MS employees who are upset over a performance review.

    I am trying to find sympathy, I RTFA, I just can't. FFS, a bad review is not worth the rest of your life.

    --
    The more things change, the more they look the same
  • (Score: 0) by Anonymous Coward on Thursday March 20 2014, @08:19PM

    by Anonymous Coward on Thursday March 20 2014, @08:19PM (#19052)

    For releasing extreemely bad code out into the public.