Microsoft Source Code Thief Heads to Prison

Selling Microsoft’s source code on the Internet will cost a Connecticut man two years in prison. William Genovese Jr., 29, of Meriden, Conn., will also face three years of supervised probation when released from prison.

Genovese was charged with one count of unlawfully distributing a trade secret in violation of the Economic Espionage Act.

According to federal prosecutors, Microsoft learned significant portions of the source code for both Windows NT 4.0 and Windows 2000 were stolen and released on the Internet on or about Feb. 12, 2004.

That same day, Genovese posted a message on his Web site, illmob.org, announcing he had obtained a copy of the stolen source code and was offering the code for sale.

Over the course of several e-mail exchanges, an investigator hired by Mircosoft and an undercover FBI agent bought the code for $20.

Genovese was arrested on Nov. 9, 2004, and ultimately pleaded guilty in August of last year. He is scheduled to begin his prison term on March 14.

The source code for the popular operating system was originally discovered through Internet channels when a tip sheet site revealed the code was available on the Internet.

The news touched off a firestorm of downloads from curious developers and end-users alike, appearing on BitTorrent forums and IRC channels around the world.

It was originally thought the code would unleash a new wave of zero-day attacks on the Windows NT and 2000 platforms, since malware writers would have access to the underlying code behind the systems. But security experts downplayed the effect of the leak.

Worldwide dissemination of the code even prompted analysts to comment that the leak gave users and administrators more reason to migrate to Windows XP to avoid any serious vulnerability, while others even suggested the leak was a good way for Microsoft to get free advice from developers on any weaknesses in the code.

At the time of Genovese’s arrest, he was serving a two-year probation term for an electronic eavesdropping conviction.

The charges arose from Genovese’s unauthorized access in 2000 to a number of computers in Connecticut. According to the Department of Justice, Genovese gained access to the computers by infecting the machines with spyware that allowed him to monitor keystrokes and remotely control the users’ machines.