back to article NSA dev in the clink for 5.5 years after letting Kaspersky, allegedly Russia slurp US exploits

The now-former NSA employee at the heart of the Kaspersky Lab exploit siphoning scandal has been thrown behind bars for five and a half years. Nghia Hoang Pho, 68, was sent down on Tuesday in the same Baltimore US district court where last year he pleaded guilty to one felony count of willful retention of national defense …

  1. This post has been deleted by its author

    1. This post has been deleted by its author

      1. Nolveys Silver badge
        Windows

        Re: Kaspersky 'Standalone Virus Removal Tool'

        AC: Interesting posts. Would upvote if I could easily find verification. Sadly, a quick search of Google through a haze of vodka doesn't yield results.

        5 years at 68 has to suck hard, not much paper left on the bog roll at that point. Maybe just stupidity and a love for his work? Maybe supervisors wanting more than he could provide without doing some work on the sly? I'm not smelling a lot of malice, but I'm also not feeling particularly informed.

        My advice: only work for the government if you make obscene amounts of money and never ever do any actual work.

        1. This post has been deleted by its author

          1. This post has been deleted by its author

            1. This post has been deleted by its author

        2. Anonymous Coward
          Anonymous Coward

          Re: Kaspersky 'Standalone Virus Removal Tool'

          It's hi own fault - if he had the good sense to be called "Charles Winchester III" he would have got early retirement

      2. ST Silver badge
        Linux

        Re: Kaspersky 'Standalone Virus Removal Tool'

        > Anyone got a reliable recommendation for alternative standalone virus removal tool [ ... ]

        Malwarebytes.

        It's very fast and lightweight. And quite accurate. Won't hog your CPU.

        Don't know if it runs off an USB stick or not, though. Never tried it.

        Disclaimer: I have no association whatsoever with Malwarebytes. I just like their anti-virus based on direct personal experience.

        Yes, I am forced to use Win7 on one laptop because photography software is either Microsoft or Apple these days. And, contrary to Sir Jony Ive's pronouncements, I find Apple's UI, single-button mouse and sucky keyboards extremely difficult and unintuitive/uncomfortable to use.

  2. bombastic bob Silver badge
    Devil

    what part of 'classified'

    was not completely understood? I bet they had a "no personal device" policy also.

    just sayin'.

    (on a related note, I visited my old sub before it was decommissioned a few years ago. they had a standing "no device" policy in which they told everyone up front, 'leave your phones and devices in your car". I think that was pretty sufficient notification.)

  3. Kernel

    "Pho's NSA's intentional, reckless, and illegal retention immoral suppression of highly classified information software vulnerabilities over the course of almost five many years has placed at risk our intelligence personal and business community’s computing capabilities and methods, rendering some of them unusable and causing billions of dollars in consequent damages and clean up costs in all parts of the world's economy,"

    There, FTFY.

    1. Aodhhan Bronze badge

      This is only true, if they leaked what they found. Which of course, they don't do. GL

      What's worse is a vendor who knowingly releases a product with vulnerabilities. This happens every day. As a penetration tester, I'm amazed at how many vulnerabilities are in high dollar commercial products. Like the applications which manage systems, your money, or keep data on you and your family. Some of these vulnerabilities were so easy to find, there is no way they didn't know them if they conducted proper due care and due diligence in their QA procedures.

  4. 89724102172714182892114I7551670349743096734346773478647892349863592355648544996312855148587659264921

    Use spyware to catch a spy? I don't recall seeing GDPR notices on any antivirus programs, or firewalls for that matter, which also buzz back with who knows what and to who knows whom

    1. Spazturtle Silver badge

      GDPR only applies to personal information. So your antivirus doesn't need your permission to automatically upload viruses it finds on your PC to a server to be analysed.

      1. Roland6 Silver badge

        GDPR only applies to personal information. So your antivirus doesn't need your permission to automatically upload viruses it finds on your PC to a server to be analysed.

        However, as the AV uploads an infected file, there is nothing to say that file doesn't or couldn't contain personal information. I think when I installed the latest edition of Kaspersky it did ask for permission to upload files.

        1. tjavguy

          Any AV/Malware software that claims to be capable of protecting you and their millions of customers around the globe, needs information from endpoints to analyze, remedy, and share that remedy. You can opt out of sharing info with Kaspersky and most AV offerings,; however, the default when you load it up is to have this "share" capability on. The least useful info to any AV company is your PID. And I appreciate those who point out that about 18 months after this thing broke, no one can point a single concrete piece of evidence that Kaspersky did anything but the job they promised the NSA they could (and did) do. This is a horribly written article.

  5. Anonymous Coward
    Anonymous Coward

    Good trick to steal secrets

    I'm not a fan of Kapersky at all, but you need to give credit to the Kremlin for infiltrating Kapersky in some sort, and what better tool than an AV to detect any interesting intel on your personal laptop/desktop ?

    It's a good trick, damaged the NSA immensely it seems, and should remember everyone the AV may be spying on us, so those Kali Linux boot from USB and leave no track at shutdown are a must if confidential stuff need to be done at home. Ideally, nothing would be done there, of course !

    1. Tikimon Silver badge
      Facepalm

      Re: Good trick to steal secrets - NOT

      Sorry, that's a stupid trick to steal secrets! The instant it can be PROVEN that Kaspersky is spying and sharing with the Russian spooks, their reputation is gone for good. Eugene Kaspersky is not dumb enough to throw his whole business down the drain, and certainly not for something so minor as infiltrating one office drone.

      Kaspersky is a witch-hunt victim because of their integrity. They refuse to install backdoors for the UNITED STATES spooks, and they have revealed several Western government sponsored malware campaigns. Therefore the US Gummint wants to punish them for standing firm on honesty. They also prefer you use security software that has NSA-Approved backdoors in it and not one they can't subvert. So now our tax money is spent to smear one of the few honest companies to be found and try to destroy their business.

  6. Potemkine! Silver badge

    The link between Kaspersky and the Kremlin has been made by US officials only, without any evidence.

    For sure, US officials would prefer anyone using US tools, it would greatly simplify their 'survey, extrat and exploit' operations.

  7. amanfromMars 1 Silver badge

    Of Saints and Sinners and Spooks and Simians

    Well, kind of. Remember David Petraeus, the US general who shared classified military secrets with his mistress? He got probation.

    Thus proving it is not what you know but who you know which can be convenient and a jail breaker?

    1. Yet Another Anonymous coward Silver badge

      The link between Kaspersky and the Kremlin has been made by US officials only, without any evidence.

      They both begin with the same letter, in Donald's (colouring) book - that's enough

      1. Potemkine! Silver badge

        Make America Gink Again.

      2. Eddy Ito Silver badge

        You can't really put this one on 'duh Donald' though. As near as I can tell it was all sparked by senatorial uber blue team member Shaheen. Granted, it's all too easy to get Trump to try hobbling a foreign company even if he has to reach across the political cartel aisle to do it.

        Oddly Shaheen does sound rather like Trump when patting herself on the back. Then again, most politicians do.

    2. ST Silver badge
      Mushroom

      > The link between Kaspersky and the Kremlin has been made by US officials only, without any evidence.

      Hi, Volodya!

  8. Jon Gibbins
    Black Helicopters

    So let's look at this again (again).

    Man takes classified spyware home.

    Antivirus thinks it's suspicious.

    Antivirus uploads it for analysis.

    ... so how are Kaspersky guilty again?

    1. markrand
      Big Brother

      Re: So let's look at this again (again).

      Yes, Anti-virus software spots something that looks very much like a new virus and sends it off for further investigation. Surely a governent agency wouldn't be developing any sort of malware?

    2. EJ

      Re: So let's look at this again (again).

      You're conveniently leaving off the most important step:

      "Classified spyware ends up in Kremlin agent hands"

      That'll help you with the Kaspersky guilty logic jump... makes the leap that much easier to make.

    3. Crazy Operations Guy

      Re: So let's look at this again (again).

      His computer was infected as well. Apparently at some point, he disabled the antivirus on his computer so he can install a key-gen for Microsoft Office, then when he turn his AV back on, it rightfully reported that he was infected with several bits of malware and some stuff that looked a lot like malware it hadn't seen before (The NSA exploit code). Since it hadn't seen it, the data was uploaded to Kaspersky's servers for further analysis (So it can be determined if it really is malware and so a definition can be made to detect it in the future and for other users).

      So, more of:

      Man takes classified spyware home

      Disables antivirus because it was preventing him form running virus-riddled code

      Run code, machine gets infected

      Man turns Antivirus back on, it detects the infection and suspicious code as well

      AV attempts to clean the malware it knows about

      AV uploads suspicious code it never encountered before for analysis

      Really, the only thing Kaspersky is guilty of is trying to protect other users from some unknown bit of malware.

  9. K Silver badge

    Nobody else see the elephant in the room?

    Not meaning to be ageist...

    I wonder if there is some kind of assessment these older employees have to go through to evaluate mental-fitness? in the same spirit that certain professions have to go through Physical fitness evaluations.

    1. Roland6 Silver badge

      Re: Nobody else see the elephant in the room?

      >Nobody else see the elephant in the room?

      Yes wet wear of all ages and abilities can do dumb things.

  10. Anonymous Coward
    Anonymous Coward

    What if ‘classified’ falls under the category of just knowing?

  11. Adam 1 Silver badge

    > It would later surface that Pho had been taking his highly classified work home with him for roughly five years prior to the incident, and had amassed what US prosecutors called "massive troves" of classified information.

    ---

    But don't worry about those "our spooks need to crack at will but somehow, magically, isn't going to reduce security of encryption laws". There is just no way for those skeleton keys to find their way into an adversary's hands, and even if they did, it's not like they would have them for halfa decade with no-one noticing.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019