Microsoft has filed a lawsuit against a person or persons who used stolen keys to activate pirated copies of of its software.

Despite being one of the most pirated software vendors in the world, Microsoft doesn’t have a long track record of cracking down on individual pirates.

In fact, two months ago Microsoft CEO Satya Nadella noted that in some cases piracy can act as a conversion tool.

“We’ve always had freemium. Sometimes our freemium was called piracy,” Nadella said, adding that the usage first approach has its advantages.

This doesn’t mean that all pirates can have their way though. Microsoft does keep a close eye on the unauthorized use of its products with help from its in house cybercrime center.

Late last week Microsoft filed a copyright infringement lawsuit against a person (or persons) who activated pirated copies of Windows 7 and Office 10 from an AT&T Internet connection.

“Microsoft’s cyberforensics have identified a number of product key activations originating from IP address 76.245.7.147, which is presently assigned to ISP AT&T Internet Services..,” the complaints (pdf) reads.

“These activations have characteristics that on information and belief, establish that Defendants are using the IP address to activate pirated software.”

While many people believe that unauthorized copies are hard for Microsoft to detect, the company explains that its cybercrime team leverages state-of-the-art technology to detect software piracy.

The company describes its investigative approach as cyberforensics. Among other things, they look for activation patterns and characteristics which make it likely that certain IP-addresses are engaged in unauthorized copying.

“As part of its cyberforensic methods, Microsoft analyzes product key activation data voluntarily provided by users when they activate Microsoft software, including the IP address from which a given product key is activated,” the company writes.

According to the complaint, the defendant(s) in this case have activated numerous copies of Windows 7 and Office 2010 with suspicious keys. These keys were likely stolen from Microsoft’s supply chain, used without permission from the refurbisher channel, and used more often than the license permits.

Microsoft is now looking to identify the person or persons responsible for the copyright and trademark infringements, to recoup the damage they’ve suffered.

From the descriptions used in the complaint it seems likely that the target is not an average user, but someone who sells computers containing pirated software. Time will tell whether that’s indeed the case.