Defendant: Microsoft source code sale was a setup

'They're using me as an example'


A 27-year-old Connecticut man facing felony economic espionage charges for allegedly selling a copy of Microsoft's leaked source code for $20 says he's being singled out only because the software giant and law enforcement officials can't find the people who stole the code in the first place.

"They're using me as an example, to show if you do something like this, they're going to [work] you over," said William Genovese, in a telephone interview Thursday. "Why go after me? Why not go after the guy who took the code? Why not go after the guy who released it on the net?"

In February, two 200 megabyte files containing incomplete portions of the source code for the Windows 2000 and Windows NT operating systems appeared on websites and peer-to-peer networks around the world. Evidence in the files pointed to Microsoft partner Mainsoft, a developer of Unix tools for Windows, as the original source, but how the files were leaked, and by whom, remains a mystery.

What distinguishes Genovese from perhaps thousands of other curious computer geeks who shared the proprietary source code at the time is a short message he posted to his website, illmob.org - a hacker destination from which he distributes open source intrusion tools written under his handle, "illwill."

"Everyone was throwing up Bit Torrent links and downloading it on IRC," says Genovese. "I wrote on my website, joking, I have it, and if anybody wants it they can donate to my site."

Genovese claims he meant it as a joke, and he was surprised when someone actually responded a few days later and asked how much he should donate. "I was laughing, because I thought it was somebody stupid who wanted it and didn't know how to download it," he says.

The stranger gave Genovese $20 through the PayPal donation button on his website, and Genovese let him download a copy of the source code from his server. In July, the same man contacted Genovese again. "He emailed me again and said he had formatted his computer and basically he wanted to download the source again," says Genovese. "I didn't have it any more, and he said if you can find it I'll send you more money just for the hassle." Genovese says he found the files easily on a peer-to-peer network, and again provided them to the donor.

He isn't laughing any more.

According to court records, the mysterious donor was actually an investigator with an unnamed online security firm that Microsoft had hired to track people sharing the source code online. After the first "sale" was complete, Microsoft reported Genovese to the FBI.

The Bureau took the case seriously, and the Microsoft investigator arranged the second transaction at the FBI's request.

'Economic Espionage'

Armed with a federal criminal complaint out of Manhattan, FBI agents converged on Genovese's Connecticut home early Tuesday morning, searched his condo and arrested him. Now free on a $50,000 signature bond, Genovese stands accused of violating the 1996 Economic Espionage Act.

Passed to meet the perceived threat of foreign espionage against American companies, the Economic Espionage Act carries up to ten years in prison for stealing trade secrets for personal financial gain, or for a third party's economic benefit. For the first five years of its existence the law could only be used with approval from the Justice Department in Washington -- a limitation that was lifted in March, 2002.

The $20 payment is what opened the door for prosecutors to invoke the rarely-used law, says attorney Jennifer Granick, executive director of the Stanford Center for Internet and Society. "The statute requires you to act for the economic benefit of someone other than the trade secret owner," she says.

"The real question is whether this information remains a trade secret after it is globally available to anyone with an Internet connection," says Granick. "This is something that the courts have been grappling with, so it's pretty shocking that the government would pursue criminal charges for something that the civil courts can't even agree on."

Government offices were closed Thursday for Veteran's Day. Microsoft declined to comment for this story.

Although the complaint describes him as a "vendor" of stolen source code, Genovese says the only person who took his website post seriously was Microsoft's undercover agent. He claims that the same person later purchased another widely-traded underground file, the Paris Hilton video, for a $15 payment, though the transaction escaped mention in the complaint.

If convicted, under federal sentencing guidelines Genovese's sentence would be based on the value of the source code, if any, and his criminal history: Genovese has a conviction for intruding into private user's computers in 2000 and spying on their keystrokes, for which he was sentenced to two years of probation. "It happened right after I got my computer," he says. "I started using Trojan horses and stuff like that, and I ended up getting in trouble."

Copyright © 2004, SecurityFocus logo

Related Stories

MS source code fence busted
Source code loss excluded from insurance, says court
Sun deputizes Versora for Microsoft attack


Other stories you might like

  • Google Pixel 6, 6 Pro Android 12 smartphone launch marred by shopping cart crashes

    Chocolate Factory talks up Tensor mobile SoC, Titan M2 security chip ... for those who can get them

    Google held a virtual event on Tuesday to introduce its latest Android phones, the Pixel 6 and 6 Pro, which are based on a Google-designed Tensor system-on-a-chip (SoC).

    "We're getting the most out of leading edge hardware and software, and AI," said Rick Osterloh, SVP of devices and services at Google. "The brains of our new Pixel lineup is Google Tensor, a mobile system on a chip that we designed specifically around our ambient computing vision and Google's work in AI."

    This latest Tensor SoC has dual Arm Cortex-X1 CPU cores running at 2.8GHz to handle application threads that need a lot of oomph, two Cortex-A76 cores at 2.25GHz for more modest workloads, and four 1.8GHz workhorse Cortex-A55 cores for lighter, less-energy-intensive tasks.

    Continue reading
  • BlackMatter ransomware gang will target agriculture for its next harvest – Uncle Sam

    What was that about hackable tractors?

    The US CISA cybersecurity agency has warned that the Darkside ransomware gang, aka BlackMatter, has been targeting American food and agriculture businesses – and urges security pros to be on the lookout for indicators of compromise.

    Well known in Western infosec circles for causing the shutdown of the US Colonial Pipeline, Darkside's apparent rebranding as BlackMatter after promising to go away for good in the wake of the pipeline hack hasn't slowed their criminal extortion down at all.

    "Ransomware attacks against critical infrastructure entities could directly affect consumer access to critical infrastructure services; therefore, CISA, the FBI, and NSA urge all organizations, including critical infrastructure organizations, to implement the recommendations listed in the Mitigations section of this joint advisory," said the agencies in an alert published on the CISA website.

    Continue reading
  • It's heeere: Node.js 17 is out – but not for production use, says dev team

    EcmaScript 6 modules will not stop growing use of Node, claims chair of Technical Steering Committee

    Node.js 17 is out, loaded with OpenSSL 3 and other new features, but it is not intended for use in production – and the promotion for Node.js 16 to an LTS release, expected soon, may be more important to most developers.

    The release cycle is based on six-monthly major versions, with only the even numbers becoming LTS (long term support) editions. The rule is that a new even-numbered release becomes LTS six months later. All releases get six months of support. This means that Node.js 17 is primarily for testing and experimentation, but also that Node.js 16 (released in April) is about to become LTS. New features in 16 included version 9.0 of the V8 JavaScript engine and prebuilt Apple silicon binaries.

    "We put together the LTS release process almost five years ago, it works quite well in that we're balancing [the fact] that some people want the latest, others prefer to have things be stable… when we go LTS," Red Hat's Michael Dawson, chair of the Node.js Technical Steering Committee, told The Register.

    Continue reading

Biting the hand that feeds IT © 1998–2021