Microsoft has charged an ex-employee who leaked Windows 8 builds -- but it's unlikely that Wzor, the current reigning champ of Windows leaks, will be affected
Yesterday Levi Pulkkinen at the Seattle Post Intelligencer broke the story that an ex-Microsoft employee was charged with passing trade secrets to a journalist. Several people came to the immediate conclusion that Wzor's source had been blown -- Wzor being the Russian-language leaker and driving force behind Wzor.net, who's figured prominently in Windows leaks for several years. It's now apparent that the busted former employee, Alex Kibkalo, was leaking the information to a different blogger entirely.
The Seattle PI article includes a few awkward statements, e.g., "[Kibkalo was] alleged to have stolen Microsoft's 'Activation Server Software Development Kit,' a propriety system used to prevent the unauthorized copying of Microsoft programs... a Microsoft manager said the software development kit 'could help a hacker trying to reverse engineer the code' used to protect against software piracy, according to charging papers."
In fact, having a working Activation Server was a key component of getting some leaked builds of Windows 7 and Windows 8 to work. As for the rest of it... yes, the SDK could help crack Activation Server, I suppose, but several crackers found ways to bypass Activation Server entirely.
Kibkalo told the blogger on August 2, 2012 that he "would leak Enterprise today probably."
According to the article, the loop was closed on September 3, 2012, when Kibkalo sent a copy of the SDK to the un-named blogger. Then, for reasons unknown, the blogger used Hotmail to send an entire copy of the SDK to a Microsoft employee for verification that it was valid. Not a hash code, mind you, but the whole thing. According to Pulkkinen, the Microsoft employee recipient took it to a Microsoft executive.
The SDK proved valid, so Microsoft investigators went through the blogger's Hotmail account and found an email from Kibkalo to the blogger that included links to Windows 8 "hot fixes" for a pre-release version of Win8. Bingo.
According to the PI, Kibklao was outed in September 2012:
Corporate investigators confronted Kibkalo in September 2012 during an interview in which he's alleged to have admitted to sharing the software. Kibkalo is alleged to have admitted to sharing unreleased Windows programs as well as company memos and documents; Microsoft investigators claim he was angry after a poor performance review.
May Jo Foley at ZDNet added several interesting points: Kibkalo "uploaded proprietary software including pre-release software updates for WIndows 8 RT and ARM devices" by transferring the software to a computer in Redmond, and subsequently uploading the software to his personal Windows Live SkyDrive account. That's known inside Microsoft as a Severe Career Limiting Move.
(SkyDrive and Hotmail? For sending confidential Microsoft material? Puh-lease.)
The dates and nature of the leaks make me think that Kibkalo was feeding Canouna, the enigmatic head of the WinUnleaked -- originally WinUnleaked.tk, then WinUnleaked.info. For example, when Windows 8 Enterprise leaked on August 3, Canouna publicly vouched for its authenticity.
As I said on Feb. 26, 2013 in "Windows 'Blue' rumors fly fast and furious":
Realize that during the Windows 8 beta process -- likely the most locked-down beta in Microsoft history -- there were only two sites that consistently came up with almost always accurate insider information: Win8China and Winunleaked. Unfortunately, Winunleaked and its enigmatic leader "Canouna" have disappeared off the face of the earth. The old Winunleaked site now redirects to the Microsoft main page, and Canouna's Twitter account has turned tweets up.
In fact, Canouna redirected his website to point to microsoft.com (!) in late January.
Those of you concerned that Wzor might have lost his (her? their?) primary source can sleep a little better tonight. While past experience is no guarantee of future performance, it's unlikely that Wzor's prime source just got nicked.
No comments:
Post a Comment