Microsoft's detective

Follow Us Get the newsletter

Hey y'all, it's Austin. A few years ago, a low-level Microsoft engineer named Volodymyr Kvashuk stole 152,000 Xbox gift cards from the company's online store, unbeknownst to his employer. And he might've gotten away with the digital plunder—worth $10.1 million—if it weren't for detective Andrew Cookson and Microsoft's Fraud Investigation Strike Team, also known as FIST. I recounted Kvashuk's heist last week in Bloomberg Businessweek, charting how he embezzled the virtual Xbox currency. The piece focuses on Kvashuk's extraordinary caper, but an unsung hero of the case was Cookson, the man who handled forensic investigations into employee malfeasance at Microsoft for almost 15 years. Defending against digital crime often seems like the provenance of computers, but Cookson brought a distinctly human approach to tracking down the Xbox cheat. Microsoft's fraud team first caught onto Kvashuk's wrongdoing in February 2018. As they would eventually discover, he had exploited a vulnerability in Microsoft's internal testing system which allowed him to generate virtually unlimited Xbox gift codes, redeemable for all types of hardware and software products at retail, for free. Kvashuk masked the theft by hacking into his Microsoft coworkers' accounts, routing his internet traffic through overseas servers, and attempting to destroy any money trail by anonymously reselling the gift cards for Bitcoin and then laundering the proceeds for cash. But he inadvertently left tiny digital breadcrumbs. When those crumbs led Microsoft's team to Kvashuk, they turned to Cookson. A self-described former "bobby," or uniformed officer, of London's Metropolitan Police and a veteran detective of Scotland Yard's computer-crime unit, Cookson was tasked with interrogating Kvashuk at Microsoft's headquarters in Redmond, Washington. As much circumstantial evidence as it had already collected, Microsoft was now reliant on face-to-face analysis, something Cookson was particularly adept at. Cookson, with a shaved scalp and grizzled beard, was a colorful character. He dressed well, drove a retro Range Rover, and owned an English bulldog named George. He also farmed apples in his spare time at a sizable Washington orchard, turning the fruits of his labor into what he described as "scrumpy" cider. He was known as a tenacious forensic investigator—a specialist in finding seemingly invisible traces of case clues in computer devices—and a natural conversationalist. Once, a Microsoft colleague witnessed him in the office hallway having what looked like a boisterous chat with a close coworker. Afterward, the colleague asked who the friend was, only for Cookson to respond, "I have no idea!" On May 18, 2018, Cookson sat across from Kvashuk and clicked on his audio recorder in conference room 1301 at Building 83, a stylish Microsoft office in Redmond with a skylit atrium. Cookson's questions, according to a transcript viewed by Bloomberg, focused on the software engineer's job, his experience with Xbox gift cards, and Microsoft's internal testing system. Most frequently, though, he gingerly asked Kvashuk to recall any details or documents that could prove his innocence. "It would be helpful if you can remember any more about it," Cookson said, in a typical refrain. "Because it goes to support that you're telling the truth." Kvashuk had tried to cover up his crime online, but he was less furtive in person. During the meeting, in his efforts to deflect Cookson's inquest, he unwittingly admitted to generating unauthorized Xbox gift cards, to using an internal test account tied to fraudulent purchases, and to a slew of other self-incriminating statements that federal prosecutors later cited in their criminal court case against him. By the time Cookson was finished, Kvashuk even came close to an admission of guilt: "I would like to refund and feel relieved that I returned the money," Kvashuk said. "I totally admit right now and understand that it shouldn't be happening." The computer hacker, it turned out, was no match for the human investigator. Microsoft's fraud team has since closed the vulnerability Kvashuk exploited in the company's internal testing system, and turned over evidence to federal prosecutors. Cookson passed away earlier this year soon after learning he had esophageal cancer. In an email, his son Chris told me his dad was exceptionally humble and would have preferred any spotlight to shine on the larger Microsoft team behind Kvashuk's investigation. Still, he wrote that his father "always had a natural aptitude for detective work, something that frustrated me greatly when I was growing up as I couldn't get away with anything. He could smell bullshit a mile away." —Austin Carr

If you read one thing

The stock price of Chinese ride-hailing giant Didi plunged about 20% on Monday, wiping out about $15 billion in market value following news of a government crackdown in Beijing. It's the latest government move to bring the country's tech companies under tighter control.

Paid Post Join WAICF and position your organization as a key player in the global AI market. Be the center of attention and engage top decision-makers during this 3-day event in Cannes, France. Share your expertise, present your technologies and solutions to increase engagement and educate your audience. Find out more World Artificial Intelligence Cannes Forum And here's what you need to know in global technology news

Russian government hackers breached the computer systems of the Republican National Committee last week, Bloomberg reported Tuesday. The attack from Moscow represents a major provocation for the Biden administration.  The Pentagon scrapped its $10 billion JEDI cloud-computing contract after years of legal wrangling over the deal. Officials indicated the contract could be split between rival bidders Microsoft and Amazon.  That was good news for Amazon, which had sued after the JEDI contract went to Microsoft. Amazon's stock climbed nearly 5% on Tuesday, sending the net worth of founder Jeff Bezos to all-time records.  Tesla's fall from grace in China shows the perils of betting on Beijing.

More from Bloomberg It's time to Power On. A new weekly newsletter by Bloomberg's Mark Gurman delivers Apple scoops, consumer tech news, product reviews and the occasional basketball take. Sign up to get Power On in your inbox on Sundays.   Like Fully Charged? | Get unlimited access to Bloomberg.com, where you'll find trusted, data-based journalism in 120 countries around the world and expert analysis from exclusive daily newsletters. You received this message because you are subscribed to Bloomberg's Fully Charged newsletter. Unsubscribe | Bloomberg.com | Contact Us Bloomberg L.P. 731 Lexington, New York, NY, 10022