NSA dev in the clink for 5.5 years after letting Kaspersky, allegedly Russia slurp US exploits

Bloke sent down after spilling Uncle Sam's cyber-weapons

26 Reg comments Got Tips?

The now-former NSA employee at the heart of the Kaspersky Lab exploit siphoning scandal has been thrown behind bars for five and a half years.

Nghia Hoang Pho, 68, was sent down on Tuesday in the same Baltimore US district court where last year he pleaded guilty to one felony count of willful retention of national defense information.

Back in 2015, Pho was working for the NSA as a programmer on its highly secretive Tailored Access Operations (TAO) hacking team, when he took top-secret exploit code from America's surveillance nerve-center home with him to Ellicott City, Maryland, to study.

When Pho loaded the classified security vulnerability exploits up on his home Windows PC, they were scanned by his Kaspersky Lab antivirus software, detected as particularly interesting by the toolset, and subsequently uploaded to the Russian biz's backend for analysis. From there, the exploit code supposedly fell into the hands of Kremlin agents.

It would later surface that Pho had been taking his highly classified work home with him for roughly five years prior to the incident, and had amassed what US prosecutors called "massive troves" of classified information.

Reality Winner

Winner, Winner, prison dinner: Five years in the clink for NSA leaker


Though Kaspersky would deny that it knowingly handed any of the exploit code over the Russian government, the fallout from the brouhaha resulted in the security biz being slapped with a ban on doing business with Uncle Sam's Homeland Security and the rest of the federal government.

Kaspersky was accused of handing, directly or indirectly, the slurped NSA cyber-weapons to Russian government spies to study and use, but the antivirus maker denied any direct link: the biz claimed it deleted the uploaded files as soon as it realized they were leaked NSA tools.

Pho, meanwhile, took a plea deal, and faced the unenviable position of being made an example US prosecutors set for other intelligence workers who may be tempted to compromise their own classified work by taking it off government premises.

"Pho's intentional, reckless, and illegal retention of highly classified information over the course of almost five years placed at risk our intelligence community’s capabilities and methods, rendering some of them unusable," said Assistant US Attorney General John Demers.

"Today's sentence reaffirms the expectations that the government places on those who have sworn to safeguard our nation’s secrets."

Well, kind of. Remember David Petraeus, the US general who shared classified military secrets with his mistress? He got probation. ®


Keep Reading

Citrix tells everyone not to worry too much about its latest security patches. NSA's former top hacker disagrees

Eleven flaws cleaned up including one that may be exploited to sling malware downloads

Trump reveals US cyber-attack on Russian election-misdirection troll farms

Maybe Donald isn’t in love with Vlad after all – but he did just give Russia attribution and maybe a peek at tradecraft

Welcome to the 2020s: Booby-trapped Office files, NSA tipping off Windows cert-spoofing bugs, RDP flaws...

Patch Tuesday Grab your Microsoft, Adobe, SAP, Intel, and VMware fixes now

Tracking President Trump with cellphone location data, Greta-Thunberg-themed malware, SharePoint patch, and more

Roundup Including: Nasty Mac malware and gas-pump infections

Huge if true... Trump explodes as he learns open source could erode China tech ban

The Register presents White House transcript obtained by Stealth Anti-Tracing Intelligence Remote Exfiltration

It's not every day the NSA publicly warns of attacks by Kremlin hackers – so take this critical Exim flaw seriously

GRU crew actively exploit hole – but you patched it months ago, right?

US govt: Julian Assange tried to recruit hacker to steal hush-hush dirt and we should know – the hacker was an informant

WikiLeaker accused of tapping up LulzSec's Sabu as a source

US-CERT lists the 10 most-exploited security bugs and, yeah, it's mostly Microsoft holes people forgot to patch

Update, update, update. Plus: Flash, Struts, Drupal also make appearances

Biting the hand that feeds IT © 1998–2020