[ISN] Connecticut Man Accused of Selling Microsoft Code
InfoSec News
isn at c4i.org
Wed Nov 10 05:17:49 EST 2004
http://www.nytimes.com/2004/11/10/technology/10soft.html
By ERIC DASH
November 10, 2004
A Connecticut computer hacker was arrested yesterday and charged with
selling copies of Microsoft Windows proprietary source code.
The United States attorney's office said the hacker, William O.
Genovese Jr., 27, of Meriden, Conn., used a Web site to unlawfully
distribute the programming blueprints behind the Microsoft NT 4.0 and
Windows 2000 operating systems.
"This is someone who stole and attempted to sell for profit some
valuable asset of Microsoft," said Tom Rubin, the associate general
counsel for Microsoft. "It is our secret recipe, our secret formula
like the Coke formula."
The arrest is the most significant legal action to emerge from an
F.B.I. investigation into the theft of Microsoft's source code; the
inquiry began earlier this year and is continuing.
Though sometimes Microsoft has provided its source code to business
partners and government agencies, access is tightly guarded because it
can allow software developers to replicate the program and hackers to
exploit vulnerabilities in the operating system, which is used on
hundreds of millions of computers.
In mid-February, the complaint said, Mr. Genovese obtained a stolen
copy of the Windows source code and posted a message on his Web site
that he was willing to sell it.
At about the same time, an investigator from an online security firm
hired by Microsoft sent an e-mail message to Mr. Genovese, who was
using an alias, and asked for a copy, the complaint said.
Mr. Genovese requested that $20 be sent to a PayPal account and when
the payment cleared, the investigator was given access to an Internet
address where he could download a file with the source code.
Mr. Rubin said that Microsoft then contacted federal authorities, who
conducted a similar investigation with the company's help. This is not
the first time Mr. Genovese has been at the center of a computer
crimes case. In March 2003, he was convicted of eavesdropping and
sentenced to two years of probation after gaining unauthorized access
to computers in Connecticut.
There has been another case this year involving a large technology
company's having its proprietary software code published on the
Internet. In September, Cisco Systems, the networking equipment
manufacturer, said British authorities made an arrest after a
four-month investigation.
More information about the ISN
mailing list