Spy Whose Files Were Plucked by Kaspersky Pleads Guilty

National Security Agency headquarters
One of the biggest computer security conflicts of the year was Kaspersky’s row with the U.S. government. Officials contended the anti-virus vendor’s software was co-opted by Russia, which used it to hunt for top-secret files, which Kaspersky denies.
See Also: Addressing the Identity Risk Factor in the Age of ‘Need It Now’
The conflict was rooted in a cache of top-secret National Security Agency information that ended up in Russian hands. But the files leaked in the first place due to a dumbfounding mistake: an NSA analyst took the material home and copied it to his home computer, where Kaspersky collected and analyzed spy agency malware.
银行木马程序袭击安卓系统,手机银行客户端盛行,安全状况令人担忧,亚马逊云服务被指托管银行木马内容,手机银行让移动支付显得很方便,手机银行用户成为犯罪份子新的目标。

The identity of the agent was unknown until Friday. The Justice Department announced that Nghia Hoang Pho, 67, of Ellicot City, Maryland, pleaded guilty to one count of wilfull retention of national security data. Born in Vietnam, Pho is a naturalized U.S. citizen. He is not accused of taking the material for espionage purposes.
Pho was a developer within the NSA’s Tailored Access Operations group, which is now called Computer Network Operations. The group specializes in penetrating into foreign computer networks for cyber espionage operations.
Pho could face up to 10 years in prison, but as part of his plea deal, he will receive no longer than eight years and possibly less. He is scheduled for sentencing April 6 in federal court in Maryland.
Working on a Resume?
On Friday, the Justice Department released the plea agreement and criminal information. Neither document contains detail as to why Pho, who worked for the TAO between 2006 and last year, mishandled classified material.
But citing unnamed government officials, The New York Times reported that Pho took the material home to purportedly work on his resume.
Pho began removing classified material both in paper and digital formats between 2010 and March 2015, according to the criminal information document. He kept the material “in a number of locations” in his Maryland home. He held security clearances for top secret data and SCI, short for sensitive compartmented information.
“Pho worked on highly classified, specialized projects and had access to government computer systems, programs, and information, including classified information,” it reads.
The document suggests that Pho was called out around March 9, 2015, when he “failed to deliver” documents to someone with authorization to receive the material.
Plucked by Kaspersky
Pho ran Kaspersky Lab’s anti-virus software on his home computer. Last month, Kaspersky said that between September and November 2014, its software collected a 7zip archive that contained suspected malware.
The company had been investigating malware related to the Equation Group, a sophisticated actor that is widely believed to be the NSA. Kaspersky says its software, like that of other anti-virus vendors, collects files that may be malicious as part of its proactive defenses.
In addition to Equation Group code, the archive also contained four classified Microsoft Word documents, which were brought to the attention of Eugene Kaspersky, the company’s co-founder. He ordered that those files be deleted (see Kaspersky Blames NSA Analyst For US Intel Leak).
Kaspersky placed the blame for the situation at the hands of the NSA analyst. The company alleged that he practiced poor security and further that his computer was riddled with other malware.
Anonymous U.S. officials, however, have alleged that tests showed Kaspersky’s software was tuned to trigger on keywords found in certain files. Kaspersky has vehemently denied the accusation and the correlation that it possibly collaborated with Russian intelligence agencies.
U.S. officials were tipped off by Israeli intelligence, which had infiltrated Kaspersky’s systems only to find that Russia was also inside the company’s networks. So far, no evidence has been made public that would indicate Kaspersky willingly worked with Russia. Nonetheless, the U.S. government banned the use of the company’s software in September (see Kaspersky Software Ordered Removed From US Gov’t Computers).
Maddening Leaks
Beginning with former NSA contractor Edward Snowden’s disclosures in 2013, the U.S intelligence community has been rocked by a devastating series of leaks and breaches. After Snowden, the U.S. attempted to shore up its defenses of classified material, but jaw-dropping incidents have continued.
Harold T. Martin III, a long-time government contractor, was accused in August 2016 of taken reams of classified material belonging to several U.S. intelligence agencies that was found in his car and residence. But like Pho, he is not suspected of taking the material with the intent of passing it onto others (see Former US Contractor Indicted in Theft of Classified Material).
Then in June, an employee of defense contractor Pluribus International Corp. was arrested. Reality Leigh Winner was accused of removing a top-secret NSA document that described Russian efforts to compromise the U.S. election and passing it to the media. The document turned up in a story by The Intercept (see Inside Job: NSA Fails to Stop Another Leaker).
周鸿祎在360新员工入职培训上的讲话 https://weibo.com/ttarticle/p/show?id=2309404179437762540587
None of the leaks have bee definitely linked with The Shadow Brokers, the group that began leaking NSA files and tools in August 2016 (see Ethical Debate: OK to Pay Shadow Brokers for Exploit Dumps?).
The CIA has also seen its own trouble. Wikileaks began releasing in March what it calls Vault7, which comprises 8,761 files describing the agency’s exploitation tools and techniques (see 7 Facts: ‘Vault 7’ CIA Hacking Tool Dump by WikiLeaks).
公司应该明确信息系统安全相关人员角色和职责,建立必要的岗位分离和职责权限制约机制,实行最小授权,避免单一人员权限过于集中引发风险,重要岗位应设定候补员工及工作接替计划。

猜您喜欢

平安产险青岛分公司:开展第二期新员工入职培训
依法管网与网络安全意识
网络安全法实施宣传
连锁健身房关停7家 1周前还办卡如今老板失联
POSITIVEWORDSTHATSTARTWITH PUBLICLANDS
个人数据安全保护基础