Exploring the arrest of Windows leaker Kibkalo: what happened and whats next

Zac Bowden

Microsoft

Microsoft kept a close eye on who had access to Windows 8 during its development phase, and even went so far as to personalizing the development builds which enabled Microsoft authorities to quickly and easily track down leaks via a unique hash ID built with the operating system. 

This hash ID made it more difficult, but not impossible for a leak to occur, as Microsoft could pretty much instantly find out where the build came from. Windows 8 and Windows 8.1 are the first Windows operating systems in a long time to not have leaked as frequently. 

Windows 7 had countless builds leak, as did Windows Vista and Windows XP. This was because the operating system was never personalized to an individual or group during its development phase, meaning it was pretty much impossible for Microsoft to identify a source of the leak. 

A total of four Windows 8 builds leaked during its development phase, and seven Windows 8.1 builds. The amount of builds leaked during the Windows 8/8.1 development phase compared to older Windows operating systems is shocking, but it showed how much Microsoft was cracking down on leaks. 

Although Microsoft is making it harder to leak information regarding Windows during its development stages, it’s still able to happen. With Windows 8, we got a lot more information/screenshot leaks rather than actual builds, which is still a good thing. 

Microsoft can’t really track a leak if the screenshot is edited by the leaker to hide the unique hash ID, which was often the case with screenshot leaks. Blogs such as WinUnleaked and WZOR.net always made sure the hash ID was hidden from view to protect their sources. 

With the recent news claiming that a Microsoft Employee who had been arrested for supplying development builds of Windows 8 to a French Blogger, it’s got us all wondering what actually went down inside the walls of Redmond and with the French Blogger. 

Firstly, let’s take a look at the damage this news has caused. A known leaker by the name of WZOR has shut down his blog and Twitter account which was dedicated to leaking information regarding Windows. 

WZOR claims he is ceasing activities due to personal factors, which is interesting. Alex Kibkalo, the former Microsoft Employee who was supplying the leaks, hasn’t worked for Microsoft for a long time, so WZOR couldn’t have possibly been receiving the leaks from him. 

Let’s jump back in time, shall we? During the development of Windows 8, a leaker came to fame rather quickly by the name of ‘Canouna’, and even launched his/her own blog dedicated to leaking information regarding Windows 8. The blog went by the name of WinUnleaked, and was literally the go-to place for all Windows 8 leaks. WinBeta frequently reported on leaks from that blog, along with others such as Neowin and The Verge. 

We understand that Canouna was French, and according to the report regarding the Microsoft Employee, he was supplying the leaks to a ‘French Blogger’.  

At some point in 2012, Kibkalo was caught in the act. He was questioned by Microsoft and we assume he was fired soon after. Around this time, Canouna literally disappeared from the internet. WinUnleaked went with it, and nothing was said on the matter. 

Looking at it now, WinUnleaked disappeared for a reason. Kibkalo was caught, meaning Canouna didn’t have a source anymore, and Microsoft were onto him too. 

Kibkalo also leaked an SDK, in which the blogger went to another an outside source to confirm it’s legitimacy. The the outside source did the right thing on his/her standard by going to a Microsoft Executive, who at the time was Steven Sinosfky to tell them that someone outside of Microsoft had gained access to the SDK. This is what got the ball rolling.

Soon after, Microsoft went ahead and dived into the account in which the blogger used to contact the Microsoft Employee. Microsoft could do this, as the blogger used a Hotmail account, a rookie mistake indeed. 

This is most likely how Kibkalo was caught. Within the account, the Microsoft team in charge of searching the bloggers account found emails from Kibkalo containing things such as hotfixes for Windows 8. At the time, Windows 8 had not been released. 

They also found a chat log between him and the French blogger, which confirms that the Windows 8 Enterprise N leak that happened in 2012 was indeed from Kibkalo. August 2nd, 2012 was the date in which our first Windows 8 RTM build leaked. We covered the news as it happened, and the leak came from WinUnleaked/Canouna. 

Kibkalo: I would leak enterprise today probably 
Blogger: Hmm 
Blogger: Are you sure you want to do that? Lol
Kibkalo: why not? 
Blogger: 1st time I speak with a “real” leaker since Zuko era 
Kibkalo: mm 
Kibkalo: To be honest, in nwin7_rtm and win7_sp1 I leaked 250GB 🙂 

Microsoft also found emails in which Kibkalo described himself sneaking into Building 9 at Microsoft and copying files from a secure server. Yes, apparently it’s that easy. 

But, what does this mean for future leaks? Well, this news has made everyone with access to development builds quiet regarding the matter. WZOR completely shut down all operations with it, and we assume others will do the same soon. 

As of this moment, we’ve still got leakers from China, and websites like WinClubl may or may not return with future leaks. But for now, the main leakers have gone into hiding. 

What’s interesting is that Microsoft didn’t really care about screenshots of Windows 8 leaking, it was more the SDK which Kibkalo attempted to leak. The SDK never got around to leaking publicly, but we can see why Microsoft got worried about it. 

Unfortunately, I have a feeling we’re going to hear a lot less regarding the development of Windows 9 now that leakers are going quiet. We’ll have to wait and see what happens. What are your thoughts on this?