back to top
World

An NSA Hacker's Guilty Plea Closes A Chapter In The Kaspersky Saga

Nghia Hoang Pho, 67, who worked for the NSA, took documents home from work. They ended up in Russia.

Posted on

An elite National Security Agency hacker has pleaded guilty to illegally taking his work home — and in the process, to have inadvertently provided the Russian government with highly sensitive US hacking tools.

Nghia Hoang Pho, 67, admitted Tuesday to unauthorized possession of classified documents relating to national defense, according to documents the Department of Justice released Friday.

What the documents don't say is that Pho is the government hacker whose computer, according to the New York Times, provided secret NSA code to a controversial Russian cybersecurity firm, Kaspersky Lab, some of whose employees also have worked for Russian intelligence. Pho had installed Kaspersky anti-virus software on his home computer.

Like many anti-virus programs, Kaspersky routinely scans its clients' computers for viruses. In Pho's case, Kaspersky detected the NSA code and sent it to Kaspersky's servers in Moscow for analysis. That analysis matched the new code with code Kaspersky had previously connected to what it has nicknamed the Equation Group – widely believed to be to NSA’s elite Tailored Access Operations division, where Pho worked.

How the code then ended up in Russian hackers' hands is unclear. In October, the Wall Street Journal reported that Russian government hackers had stolen NSA tools from a contractor who had taken them home and viewed them on his home computer, which ran Kaspersky Anti-Virus. Kaspersky has said it believes the NSA tools ended up with hackers when its client turned off his anti-virus software because it was preventing him from generating an encryption key. Kaspersky claims it destroyed the NSA hacking tools when it realized what they were.

In September, the Department of Homeland Security announced a directive that all federal agencies would have to stop using Kaspersky software by Dec. 12.

According to the charges against Pho, he habitually took home both digital and paper files, including ones marked top secret, though he never received authorization to do so.

Pho is not alleged to have given up the files knowingly.

Pho is at least the third NSA worker accused of having illegally taken home classified information in recent years. In 2013, Edward Snowden, an NSA contractor who worked for Booz Allen, stole a cache of agency documents, which he turned over to the news media. In 2016, the Department of Justice charged Hal Martin, also a contractor with Booz Allen, with storing classified NSA documents in his home.

Kevin Collier is a cybersecurity correspondent for BuzzFeed News and is based in New York.

Contact Kevin Collier at kevin.collier@buzzfeed.com.

Got a confidential tip? Submit it here.

Promoted