Microsoft Searched Hotmail Messages To Track Leak
Microsoft acknowledged Thursday it had searched emails in a blogger's Hotmail account to track down who was leaking company secrets.
John Frank, deputy general counsel for Microsoft, wrote in a blog post Thursday that the software company "took extraordinary actions in this case, based on the specific circumstances"
Microsoft received information that indicated an employee was providing stolen intellectual property, including code relating to its activation process, to a third party who, in turn, had a history of trafficking for profit in this type of material.
Frank said that Microsoft conducted an investigation over many months with law enforcement agencies in multiple countries, including the issuance of a court order for the search of a home relating to evidence of the criminal acts involved. He said that the investigation identified clear evidence that the third party involved intended to sell Microsoft IP and had done so in the past.
As part of the investigation, Microsoft undertook "a limited review of this third party's Microsoft operated accounts." Frank said that Microsoft's terms of service make clear the company's permission for this type of review, which happens "only in the most exceptional circumstances."
In the future, he said, Microsoft would consult an outside attorney who is a former judge to determine if a court order would have allowed such a search.
The case involves former employee Alex Kibkalo, a Russian native who worked for Microsoft as a software architect in Lebanon.
According to an FBI complaint, Microsoft found Kibkalo in September 2012 after examining the Hotmail account of the blogger with whom Kibkalo allegedly shared proprietary Microsoft code. The complaint filed Monday in federal court in Seattle did not identify the blogger.
The email search uncovered messages from Kibkalo to the blogger containing fixes for the Windows 8 RT operating system before they were released publicly. The complaint alleges Kibkalo also shared a software development kit that could be used by hackers to understand more about how Microsoft uses product keys to activate software.
Ironically, Microsoft has a long-running negative ad campaign called "Scroogled," in which it slams Google for scanning "every word in every email" to sell ads, saying that "Google crosses the line."
Microsoft received information that indicated an employee was providing stolen intellectual property, including code relating to its activation process, to a third party who, in turn, had a history of trafficking for profit in this type of material.
Frank said that Microsoft conducted an investigation over many months with law enforcement agencies in multiple countries, including the issuance of a court order for the search of a home relating to evidence of the criminal acts involved. He said that the investigation identified clear evidence that the third party involved intended to sell Microsoft IP and had done so in the past.
As part of the investigation, Microsoft undertook "a limited review of this third party's Microsoft operated accounts." Frank said that Microsoft's terms of service make clear the company's permission for this type of review, which happens "only in the most exceptional circumstances."
In the future, he said, Microsoft would consult an outside attorney who is a former judge to determine if a court order would have allowed such a search.
The case involves former employee Alex Kibkalo, a Russian native who worked for Microsoft as a software architect in Lebanon.
According to an FBI complaint, Microsoft found Kibkalo in September 2012 after examining the Hotmail account of the blogger with whom Kibkalo allegedly shared proprietary Microsoft code. The complaint filed Monday in federal court in Seattle did not identify the blogger.
The email search uncovered messages from Kibkalo to the blogger containing fixes for the Windows 8 RT operating system before they were released publicly. The complaint alleges Kibkalo also shared a software development kit that could be used by hackers to understand more about how Microsoft uses product keys to activate software.
Ironically, Microsoft has a long-running negative ad campaign called "Scroogled," in which it slams Google for scanning "every word in every email" to sell ads, saying that "Google crosses the line."