X

Microsoft defends opening Hotmail account of blogger in espionage case

Company says it cracked open the Hotmail account of an unnamed blogger involved in a Windows 8 espionage case in part because he was selling Windows Server activation keys.

Seth Rosenblatt Former Senior Writer / News
Senior writer Seth Rosenblatt covered Google and security for CNET News, with occasional forays into tech and pop culture. Formerly a CNET Reviews senior editor for software, he has written about nearly every category of software and app available.
See full bio
Seth Rosenblatt
2 min read

Microsoft's Panos Panay proudly shows off the then-new Surface hardware at the company's unveiling event at Chelsea Piers in New York, October 2012. Windows RT source code, which runs on the Surface RT, is among the intellectual property at the center of a trade secrets theft case. Seth Rosenblatt/CNET

Microsoft defended what it called the "exceptional" step of a "limited review" of a blogger's Hotmail account as part of a larger Windows espionage case, saying it had caught the blogger selling Microsoft's intellectual property without permission.

A court filing alleges that the unnamed blogger had been provided prerelease Windows 8 RT source code by then-Microsoft employee Alex Kibkalo. Kibkalo is being charged with stealing trade secrets.

The filing says that Microsoft triggered an internal investigation into the blogger's actions when the blogger sent the source code to an unnamed person, hoping for verification of its origins. Instead, that person tipped off then-Windows chief Steven Sinofsky, who forwarded the details to Microsoft's Trustworthy Computing Investigations department, which investigates external threats and internal information leaks.

The March 17 filing (PDF) alleges that the unnamed blogger confessed to selling Microsoft's intellectual property.

During his interview, the blogger admitted to posting information on Twitter and his Web sites, knowingly obtaining confidential and proprietary Microsoft IP from Kibkalo, and selling Windows Server activation keys on eBay.

Microsoft provided CNET with a statement defending its actions:

During an investigation of an employee, we discovered evidence that the employee was providing stolen [intellectual property], including code relating to our activation process, to a third party. In order to protect our customers and the security and integrity of our products, we conducted an investigation over many months with law enforcement agencies in multiple countries. This included the issuance of a court order for the search of a home relating to evidence of the criminal acts involved. The investigation repeatedly identified clear evidence that the third party involved intended to sell Microsoft IP and had done so in the past.

As part of the investigation, we took the step of a limited review of this third party's Microsoft operated accounts. While Microsoft's terms of service make clear our permission for this type of review, this happens only in the most exceptional circumstances. We apply a rigorous process before reviewing such content. In this case, there was a thorough review by a legal team separate from the investigating team and strong evidence of a criminal act that met a standard comparable to that required to obtain a legal order to search other sites. In fact, as noted above, such a court order was issued in other aspects of the investigation.