Security

Guilty: NSA bloke who took home exploits at the heart of Kaspersky antivirus slurp row

Maryland man cops to making illegal copies of top-secret code

By Shaun Nichols in San Francisco

113 SHARE

An NSA hacker has admitted taking home copies of classified software exploits – understood to be the cyber-weapons slurped from an agency worker's home Windows PC by Kaspersky Labs' antivirus.

Nghia Hoang Pho, 67, pleaded guilty in a US district court in Baltimore on Friday to one count of willful retention of national defense information. The Vietnam-born American citizen, who lives in Ellicott City, Maryland, faces roughly six to eight years in the clink, with sentencing set for April next year.

Pho is understood to be the Tailored Access Operations (TAO) programmer whose home computer was running Kaspersky Lab software that was allegedly used, one way or another, by Russian authorities to steal top-secret NSA documents and tools in 2015.

According to Kaspersky, its security package running on the PC detected Pho's copies of the NSA exploits as new malicious software, and uploaded the powerful spyware to its cloud for further analysis by its researchers. The biz deleted its copy of the archive as soon as it realized what it had discovered, it is claimed. It is further alleged by US government sources that Russian spies were able to get their hands on the top-secret code via the antivirus package, although Kaspersky denies any direct involvement.

Judging from his plea deal with prosectors, Pho broke federal law when, as a developer on the NSA's TAO hacking team, he took his work home with him multiple times and, in the process, exposed the classified information. Pho admitted that, over a five-year period starting in 2010, he copied information from NSA machines and took it all home with him.

"Beginning in 2010 and continuing through March 2015, Pho removed and retained U.S. government documents and writings that contained national defense information, including information classified as Top Secret and Sensitive Compartmented Information," the US Department of Justice said in disclosing Friday's guilty plea.

"This material was in both hard-copy and digital form, and was retained in Pho’s residence in Maryland."

No other charges were filed, and there is no mention of any efforts by Pho to sell or pass off any of the data.

Kaspersky Lab has denied any wrongdoing in the matter or illicit ties to Russian intelligence. The security vendor also pointed out Pho's machine was infected with loads of malware, meaning any miscreant could have stolen Uncle Sam's cyber-weapons.

Regardless, the Moscow-based biz is fighting a ban on the use of its products on American government networks. Meanwhile, British spies at surveillance nerve center GCHQ today warned Brits to be wary of cloud-based antivirus toolkits. Kaspersky isn't named specifically, but reading between the lines, Blighty's snoops are saying: don't Pho-k it up like the NSA did. ®

Sign up to our NewsletterGet IT in your inbox daily

113 Comments

More from The Register

Enigma message crack honours pioneering Polish codebreakers

Plus: The Reg chats to wartime Bombe operator Ruth Bourne

National Museum of Computing to hold live Enigma code-breaking demo with a Bombe

Turing-Welchman machine to do its thing – with original wartime operator present

Hua-no-wei! NSA, FBI, CIA bosses put Chinese mobe makers on blast

No probs, says Huawei: It's a big world, we don't need America

WikiLeaks drama alert: CIA forged digital certs imitating Kaspersky Lab

Vault 8 release says spooks used disguise to siphon off data

Cryptography is the Bombe: Britain's Enigma-cracker on display in new home

Replica war-winner now in Bletchley Park's historic Block H

Spotted: Miscreants use pilfered NSA hacking tools to pwn boxes in nuke, aerospace worlds

High-value servers targeted by cyber-weapons dumped online by Shadow Brokers

30 spies dead after Iran cracked CIA comms network with, er, Google search – new claim

Uncle Sam's snoops got sloppy with online chat, it seems

WW2 Enigma machine to be seized from shamed pharma bro Shkreli

Also his Picasso and that Wu Tang Clan album

Ex-CIA man fingered as prime suspect in Vault 7 spy tool manuals leak

Report claims former intel worker believed to be behind data dump

Spies do spying, part 97: The CIA has a tool to track targets via Wi-Fi

Thanks, WackyLeaks