Nghia Hoang Pho, a NSA employee from Tailored Access Division, pleads guilty in illegally taking home classified information which were allegedly leaked due to Kaspersky Anti-virus software.
Last October 2017, Kaspersky was blamed by several security companies worldwide, especially US-based security agencies, for providing access on their anti-virus software to Russian intelligence. It was reported that last 2015, a set of NSA hacking tools were leaked to the public by utilizing a backdoor in the Kaspersky anti-virus software.
On 17 November 2017, Kaspersky announced that they were not actually involved in the 2015 breach. According to cyber-forensics analysis made by security-analysts from the said company, the breach was actually made not in 2015, but in 2014, and that the exposed secret tools were from the NSA’s Equation Group.
The 2014 leaks happened due to an employee of NSA itself, Nghia Hoang Pho, a 67-year-old of Ellicott City, Maryland. Said employee is a developer for the Tailored Access Operations (TAO) hacking group at the NSA, and has been illegally taking classified documents to his Windows computer at home from 2010 to 2015 which was allegedly breached due to the Kaspersky anti-virus. However, the allegation against Kaspersky was already cleared. Kaspersky claimed that the breach was not conducted due to their anti-virus program, but because of an infected Microsoft Office file. Furthermore, Kaspersky also averred that the malware could not have been installed if their anti-virus program was enabled.
On 01 December 2017, the said NSA employee, Pho, pleaded guilty to the crimes charged of illegally taking home information classified as Top Secret and Sensitive Compartmented Information and was sentenced to ten (10) years imprisonment. Consequently, Kaspersky have denied any contribution with the matter, and challenged the US government that the company shall leave Russia at once should the Russian government seek their aid in spying.
Allegations against Kaspersky are now almost cleared, since NSA leaks originate from their own personnel. The admission of guilt by Pho should be a warning to most government agencies to strengthen their security policies and measures to avoid having employees leak information and distribute it to attackers worldwide.