Five Face Clink in MS Source Code, Software Thefts

Culminating its months-long investigation into the theft of Microsoft’s viciously guarded Windows source code, the FBI has arrested a Connecticut man it said used a Web site to distribute parts of the operating system.

William O. Genovese Jr., 27, faces up to 10 years in prison and a fine of US$250,000 if convicted on charges of distributing the stolen property, which included parts of the code for Windows NT 4.0 and parts of the core code for Internet Explorer 4.

The U.S. attorneys’ office in Connecticut said Genovese, operating under the pseudonym “illwill,” began offering the code for sale in February of this year. The code was stolen from an apparently hacked server belonging to Mainsoft Corp., a longtime partner of Microsoft’s.

The arrest doesn’t close the case, law enforcement officials said, but does give Microsoft a victory in its battle against piracy of its software code. Though Microsoft has been willing in the recent past to share some of its code with partners, software developers and key customers, it has generally guarded the Windows source code.

The complaint alleges that Genovese offered the code to an investigator hired by Microsoft in exchange for a $20 payment through PayPal. Once the payment was made, the investigator received a link to a site where the code could be downloaded. The FBI reportedly repeated the process with Genovese.

Genovese has been convicted of other computer-related crimes in the past after hacking computers in his home state in 2001.

Thick as Thieves

Separately, four former Microsoft employees were charged with jointly stealing more than $32 million worth of software.

All four defendants in that case face up to five years in prison and fines of $250,000. They are accused of manipulating an internal Microsoft system that enables employees to order company software for business purposes.

They allegedly altered an automatic notification system that would have alerted supervisors about their orders, which included copies of SQL Enterprise Server, which bears a $29,000 retail price tag, and other expensive packages.

The four are not the first to be charged with stealing software through the system, which Microsoft said has since undergone security enhancements. One former employee was reportedly charged with stealing $9 million worth of software and later committed suicide. At least two others have pleaded guilty to similar charges.

Pirates Beware

Analysts said while Microsoft can likely get the internal thefts under control with better corporate security measures, the theft of its code is far more serious. Microsoft underscored that point when it offered a bounty for the successful prosecution of those responsible, as it has with those responsible for some of the more damaging virus attacks.

Because the code stolen in February wasn’t complete, the most likely use for it was to develop attacks rather than attempt to create pirated versions of the software, Gartner analyst Richard Stiennon said.

In fact, within 24 hours of the code’s theft being made public, exploits were already being discovered on the Web by security firms.

“Microsoft’s concerns about its code are two-fold,” Stiennon said. “There’s the intellectual property risk and the security risk, which at least in the short-term is far more serious.”

Yankee Group analyst Laura DiDio said stopping software piracy is one area where private companies and law enforcement have developed strong partnerships.

That’s because the interests of individual countries are aligned with those of the country, which exports far more software than it imports.

“They’ve tried to extend these working relationships to cover spam and other issues, but so far that hasn’t been as successful,” DiDio said, noting that anyone caught can expect to face the maximum penalties to send a message to the rest of the piracy community. “Software pirates are at the top of everyone’s hit list.”