Former Microsoft employee Alex Kibkalo, who two weeks ago was charged with stealing -- then leaking -- company secrets, pleaded guilty on Monday in a Seattle federal court.
In a plea deal reached between U.S. prosecutors and Kibkalo's public defender, Kibkalo will plead guilty to theft of trade secrets. In return, prosecutors will recommend a three-month prison sentence. Kibkalo will also be required to pay Microsoft $22,500 in restitution, according to the agreement.
Kibkalo, a Russian national who was working in Microsoft's Lebanon office when he was terminated in September 2012, allegedly stole pre-release copies of Windows RT and the Activation Server SDK (software development kit), internal-only code used to create the activation systems which validate product keys, Microsoft's primary anti-piracy technology.
He shared that information with an unidentified French blogger, and encouraged the blogger to contact a hacker who could use the Activation Server SDK to write a fake product key activation server, federal authorities claimed.
Microsoft first got wind of Kibkalo's alleged theft in September 2012 when a source claimed that the blogger had shared the Activation Server SDK code, asking the source to help verify its legitimacy and assist the blogger to better understand the SDK. The source, also unnamed in the original complaint, then contacted Steven Sinofsky, at the time the head of Windows development, but later ousted from the company.
Microsoft kicked off an internal investigation of the blogger, beginning with the blogger's Hotmail email account. Hotmail was renamed Outlook.com in mid-2013. Email from Kibkalo's own Hotmail account was discovered in the blogger's inbox. Further digging also found instant messages between Kibkalo and the blogger.
Microsoft's prowling through Kibkalo's and the blogger's email accounts prompted a firestorm of protest, with critics accusing the Redmond, Wash. company of spying on users. Prominent privacy advocates, including the Electronic Frontier Foundation (EFF), lambasted Microsoft, calling its actions in the Kibkalo case "indefensible and tone-deaf."
Although Microsoft defended its right to go through the email messages -- the accounts were from its own service, it said, and the terms of service allowed it to search inbox contents in certain circumstances -- it first amended those policies then last week went further, saying it would no longer peek into email accounts but would instead present future investigative findings to law enforcement, which could request a court order to access the information on Microsoft's servers.
By striking a plea agreement, Kibkalo was able to avoid the possibility of a much longer prison sentence if he had been convicted by a jury. In court documents, prosecutors said that the statutory maximum sentence for the crime was a 10-year stretch in federal prison, a fine of up to $250,000 and three years of probation.
Kibkalo's requirement to pay Microsoft $22,500 in restitution was based on Microsoft's estimate of its production costs, which it pegged as more than $15,000 but less than $30,000. The $22,500 was thus a split of the difference.
"The value of the SDK is substantial because to Microsoft it prevents software piracy across the line of Microsoft products," the plea agreement stated. "Therefore, the value is significantly greater than the time invested in the SDK's development and creation. However, because there is no external market for the SDK, it is not easily appraised."
One mystery in the case is how Kibkalo, who was working in Russia for 5nine, a virtualization management and security company with offices in St. Petersburg and Moscow, was enticed to come to the U.S.
According to Kibkalo's arrest warrant, he was arrested by the FBI on March 19 in Bellevue, Wash., a town east of Seattle across Lake Washington that abuts Redmond, Wash., where Microsoft is headquartered. Microsoft also has offices in Bellevue.
Kibkalo's sentencing was scheduled for July 1. Until then, he will remain in federal custody, where he has been detained since a court hearing last month judged him a flight risk.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is email@example.com.