Man Charged with Peddling Stolen Windows Source Code

An alleged Microsoft hacker was arrested yesterday on charges that he illegally sold a secret source code used for Windows NT 4.0 and Windows 2000 programs.

The United States Attorney’s Office in Manhattan charged William P. Genovese, Jr., 27, of Connecticut, with unlawfully distributing a trade secret via his illmob.org site.

The charge carries a prison sentence of up to 10 years and a $250,000 fine if he is convicted.

Genovese allegedly posted a message on his Web site offering to sell the source code that had been previously stolen by a third-party, according to the government.

A Microsoft lawyer told The New York Times the arrest was “significant,” given the value of the intellectual property. “It is our secret recipe, our secret formula like the Coke formula,” associate general counsel Tom Rubin said.

Guarding the Secret Formula

While Microsoft has been more liberal in extending its source code to business partners and government agencies in recent months, the software giant has taken precautions against hackers seeking vulnerabilities in the program.

Ken Dunham, the director of malicious code research at iDefense, a Reston, Virginia-based threat intelligence firm, told the E-Commerce Times that guarding millions of lines of shared-source code from hackers is a daunting task.

“I see Microsoft taking steps to address security,” Dunham said. “Microsoft is making a lot of moves in the right direction.”

To Catch a Thief

Dunham said most hackers are never caught, but this alleged thief was reportedly nabbed by an undercover sting in which an FBI agent contacted Genovese to purchase the code and sent US$20 to an alias PayPal account.

What remains to be seen is if Genovese will be convicted, and what the penalty would actually be. Dunham said many hackers get nothing more than a slap on the wrist.

“The reality is that as computers continue to become integrated into our society, they are becoming a core part of our critical infrastructure,” Dunham said.

“It appears that company secrets getting leaked are potentially costing software makers a lot of money and may be putting all of us at a greater risk. That needs to be assessed when one is looking at sentencing for convicted criminals.”

Even if Genovese does spend 10 years behind bars and pays the maximum financial penalty, Dunham said his conviction still won’t deter money-motivated hackers. In fact, Dunham expects to see more headlines about stolen source code in the months and years ahead.