Security Experts:

Connect with us

Hi, what are you looking for?



Former Microsoft Worker Sent to Prison for Theft of Trade Secrets

A former Microsoft employee who admitted leaking Windows 8 and other software products to a French blogger, was sentenced on Tuesday to three months in prison.

A former Microsoft employee who admitted leaking Windows 8 and other software products to a French blogger, was sentenced on Tuesday to three months in prison.

Russian national Alex Kibkalo pleaded guilty to one count of theft of trade secrets back in March, when he agreed to a three-month prison sentence and the payment of $22,500 to Microsoft. Court documents (PDF) reveal that the court imposed a monetary penalty of $100, which has been waived due to the man’s inability to pay, but there’s no mention about any restitution to Microsoft.

Kibkalo was arrested in Seattle on March 19 and he has been in custody ever since, so he has almost served his sentence. He will be sent back to Russia, where, according to a letter Kibkalo sent to the judge, he wants to get a full time job and maybe even publish a book based on his story.  

Kibkalo started working for Microsoft Russia in 2005 and was later transferred to Microsoft Lebanon. He left the company in 2012 after a poor performance review that sparked a conflict. When he left, he made sure that he had access to Microsoft’s systems after his departure, Russian publication TheVista reported.

In the same year, Kibkalo uploaded preview versions of Windows 8, the Microsoft Activation Server Software Development Kit (SDK), and other proprietary software to his Windows Live SkyDrive account. He then shared the information with an anonymous French blogger who published it online.

Microsoft identified Kibkalo as the leaker after accessing the Hotmail account used by the blogger, the complaint against Kibkalo revealed. Microsoft’s decision to access the account was heavily criticized, which led to the company changing its privacy practices.

“Effective immediately, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property from Microsoft, we will not inspect a customer’s private content ourselves. Instead, we will refer the matter to law enforcement if further action is required,” Brad Smith, the general counsel and executive VP of legal and corporate affairs at Microsoft, said at the time.

Related: Microsoft Stops Probing Hotmail to Plug Leaks

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack


CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.