NSA dev in the clink for 5.5 years after letting Kaspersky, allegedly Russia slurp US exploits

The now-former NSA employee at the heart of the Kaspersky Lab exploit siphoning scandal has been thrown behind bars for five and a half years.

Nghia Hoang Pho, 68, was sent down on Tuesday in the same Baltimore US district court where last year he pleaded guilty to one felony count of willful retention of national defense information.

Back in 2015, Pho was working for the NSA as a programmer on its highly secretive Tailored Access Operations (TAO) hacking team, when he took top-secret exploit code from America’s surveillance nerve-center home with him to Ellicott City, Maryland, to study.

When Pho loaded the classified security vulnerability exploits up on his home Windows PC, they were scanned by his Kaspersky Lab antivirus software, detected as particularly interesting by the toolset, and subsequently uploaded to the Russian biz’s backend for analysis. From there, the exploit code supposedly fell into the hands of Kremlin agents.

It would later surface that Pho had been taking his highly classified work home with him for roughly five years prior to the incident, and had amassed what US prosecutors called “massive troves” of classified information.

Reality Winner

Winner, Winner, prison dinner: Five years in the clink for NSA leaker

READ MORE

Though Kaspersky would deny that it knowingly handed any of the exploit code over the Russian government, the fallout from the brouhaha resulted in the security biz being slapped with a ban on doing business with Uncle Sam’s Homeland Security and the rest of the federal government.

Kaspersky was accused of handing, directly or indirectly, the slurped NSA cyber-weapons to Russian government spies to study and use, but the antivirus maker denied any direct link: the biz claimed it deleted the uploaded files as soon as it realized they were leaked NSA tools.

Pho, meanwhile, took a plea deal, and faced the unenviable position of being made an example US prosecutors set for other intelligence workers who may be tempted to compromise their own classified work by taking it off government premises.

“Pho’s intentional, reckless, and illegal retention of highly classified information over the course of almost five years placed at risk our intelligence community’s capabilities and methods, rendering some of them unusable,” said Assistant US Attorney General John Demers.

“Today’s sentence reaffirms the expectations that the government places on those who have sworn to safeguard our nation’s secrets.”

Well, kind of. Remember David Petraeus, the US general who shared classified military secrets with his mistress? He got probation. ®

Sponsored: Following Bottomline’s journey to the Hybrid Cloud

READ MORE HERE