Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Crime Government Privacy Security Software The Courts United States

Ex-NSA Employee Gets 5 Years In Prison For Taking Home Top Secret Files (cnet.com) 174

Former NSA employee Nghia Hoang Pho, 64, was sentenced to five and a half years in prison for taking top secret U.S. defense files to his home. Pho pleaded guilty in December to willful retention of national defense information, the U.S. Justice Department said in a statement. The maximum sentence for this crime is 10 years, but prosecutors were recommending a sentence of eight years. CNET reports: Pho, a naturalized U.S. citizen originally from Vietnam, worked in the NSA's Tailored Access Group, the agency's team that focuses on tools that can directly hack surveillance targets. Between 2010 and March 2015, Pho took home paper and digital copies of U.S. government documents and writings that contained national defense information on them, the Justice Department said. Pho reportedly had antivirus software from Kaspersky Lab on his home computer network and the software scooped up the top secret information as part of its virus scanning process. Kaspersky has acknowledged that its software lifted hacking tools from a home computer in 2014 but said it wasn't part of an intentional effort to steal information from the NSA. Pho said in court he took the materials home so he could put in more work to earn a promotion, according to CBS Baltimore.
This discussion has been archived. No new comments can be posted.

Ex-NSA Employee Gets 5 Years In Prison For Taking Home Top Secret Files

Comments Filter:
  • Comment removed (Score:5, Insightful)

    by account_deleted ( 4530225 ) on Wednesday September 26, 2018 @05:10AM (#57377828)
    Comment removed based on user account deletion
  • by Anonymous Coward

    ...another rule for Hilary.

    • by Anonymous Coward

      Elite status has it's perks.

      Seriously, this IS the same kind of thing, putting classified information on unclassified computers. I don't know if Hillary actually was the one who copied the classified stuff down, but it was on her unclassified E-mail system and apparently she sent and received such information.

      I suppose the "ignorance" defense, "I didn't know it was classified" is worth something, but if this guy gets 8 years, shouldn't those responsible for the classified information on Clinton's E-mail

      • Comey said as much (Score:5, Informative)

        by mpercy ( 1085347 ) on Wednesday September 26, 2018 @07:19AM (#57378128)

        "There is evidence to support a conclusion that any reasonable person in Secretary Clinton’s position, or in the position of those government employees with whom she was corresponding about these matters, should have known that an unclassified system was no place for that conversation.

        "To be clear, this is not to suggest that in similar circumstances, a person who engaged in this activity would face no consequences. To the contrary, those individuals are often subject to security or administrative sanctions. But that is not what we are deciding now.

        • by commodore64_love ( 1445365 ) on Wednesday September 26, 2018 @03:02PM (#57380830) Journal

          I'm glad someone mentioned Hillary. She did the same thing as this convicted felon, but faced no consequences. (Even a trial that ended "not guilty" would have been better than nothing.)

          Two justices exist in this world: Us and them. Us get punished and Them rarely do, even when they break the same laws.

          • by dublin ( 31215 ) on Wednesday September 26, 2018 @03:48PM (#57381044) Homepage

            Worse yet, there wasn't even a real investigation. Just preemptive exoneration before she had even been "interviewed" (The quotes around interview are justified in that when an interview finally was done, she was not under oath, as is normal practice in cases involving Top Secret/SCI information...)

      • by MachineShedFred ( 621896 ) on Wednesday September 26, 2018 @07:56AM (#57378288) Journal

        The ignorance defense wasn't worth shit, as the documents found had the classification markings still on them. There's no chance you become Secretary of State without being able to recognize a classification marking, and receive training on the proper care and handling of documents with those markings.

        This is completely a double standard.

        • Re: (Score:2, Insightful)

          by Anonymous Coward

          Even ignoring that, she should have been brought up on obstruction of justice charges for "losing" all those files that would be needed to assess the situation. She also likely violated the law with regards to public records as those records should have been screen to verify that there weren't any public records involved. While many of those emails were classified at the time, there were others that won't and classified documents frequently get declassified in the future when they're no longer deemed sensit

          • Mutually Assured Destruction (MAD). If Hillary goes down, the DNC dumps it's dirt, then the RNC dumps it's dirt.

            Why isn't Cheney is prison? Same answer.

            Think of it as a reboot of American politics. We can hope.

            If you don't get this, you don't get the internal R stress. Why Sessions is there, just to start.

            Also expect Trump's behavior to change if the DNC ever gets actual dirt on him.

        • To some extent, yes, there is a double standard. But consequences matter, too.

          If you're texting while driving and a cop sees you, you get a ticket. If you're texting while driving and you run over a kid, you go to prison.

          If you mishandle sensitive documents and your boss finds out, you get a reprimand. If you mishandle sensitive documents and they end up in Russia, you go to prison.

          Is it fair? Not really, since the same negligence on your part can have vastly different punishments. But it is human nature, a

        • by Uberbah ( 647458 )

          The ignorance defense wasn't worth shit, as the documents found had the classification markings still on them.

          And even if they weren't the talking point was still deliberate misdirection. If Hillary, say, emailed the ambassador to Saudi Arabia about the war on Yemen, that conversation was inherently classified. It didn't have to wait for a state department flunky to mark it as such.

          If the CIA manages to do a snatch-and-grab on Snowden, I hope he has the chutzpah to argue "it was ok to leak those document

    • Re: (Score:3, Insightful)

      by BlueStrat ( 756137 )

      [One rule for the rank and file... ] ...another rule for Hilary.

      History will judge Hillary and Bill and those who conspired with them, and it will not be kind.

      Strat

      • History judges no one and no thing.

        People, you and I for instance, consider history and make our own judgments. But the judgment of true justice is lacking in this example. No real consequences suffered, and the claim that this cost someone their opportunity to gain an office of the highest responsibility is even made betrays a misunderstanding of just how deep the betrayal was.

        No, there is yet no justice in this 'matter'. And as such, it only encourages future abuses and betrayals. Even if somehow there is

  • he had kapersky on his computer and when that got out they traced it back to him..hey at least NSA doesnt do ageism..he was in his 60s and still working and going for a promotion
  • by rtb61 ( 674572 ) on Wednesday September 26, 2018 @05:24AM (#57377850) Homepage

    Basically the kaspersky anti-virus tool picked up on hacking software by it's coding signature. Strings of code, designed to hack other computers, it is recognisable when you do scans, especially when you do https://en.wikipedia.org/wiki/... [wikipedia.org] ie sound likes, looks like, hacking code.

    Now as it turns out when you scan for virusy like code, whether it is the tool to apply the code or the applied code itself, well, it's going to contain the same hacking code, be identified and been contained and a copy sent back for further analysis if you allow it. SO the twisty swervy version of that, ohh ahh, the Russians stole information (no the sent a copy of the code, containing hacking heuristics for further analysis, as the user agreed to when they installed the product).

    The main reason the US government wants to ban kaspersky, it is the intention of the US government to back door all security software and obviously they will not be able to do that to a Russian program. Still not as bad as the wobbly told be the fellow claiming he took it home to do extra work on it, that near retirement, it was taken home to fund retirement in various non legal ways.

    I will at least take the fellows recommendation for the use of Kaspersky software, why because clearly the NSA hates it, makes life all together too difficult for them. They much prefer software with individually identified security upgrades so they know exactly the user getting the security upgrade, to ensure they get a downgrade instead, instead of a lock and wide open back door but I suppose it's still better to allow those third grade anal retentive tech types to hack your computer to spy on nothing rather than have them kicking your front and back doors down, accidentally repeatedly shooting you and stealing your computers.

    • by mysidia ( 191772 )

      is the intention of the US government to back door all security software and obviously they will not be able to do that to a Russian program.

      What Kaspersky should do is engage in Information Sharing with other non-US-based non-EU-based Antivirus companies and publicize that to ensure they can all detect the backdoors, and then "Ban Kaspersky" won't be a means to that end anymore.

    • Basically the kaspersky anti-virus tool picked up on hacking software by it's coding signature.

      Actually, some antivirus programs like kaspersky double as a RAT [wikipedia.org]. From what I've read, when it detects files from a state-sponsored APT (in this case the NSA) it will open a line of communications and send a notification back to HQ. At that time they simply told the antivirus to send back all the files in the same directory. This is how they got a hold of all the tools.

      The primary use of heuristic analysis in file scanning is to identify new versions/variants of an existing virus as it commonly generates

    • by Puls4r ( 724907 )
      Kaspersky is in the pocket of the Russian government. Just as US tech companies' are in the US's pocket. Kaspersky is not better. It's just owned by a different political power.
  • Missing facts (Score:5, Interesting)

    by mseeger ( 40923 ) on Wednesday September 26, 2018 @05:28AM (#57377866)

    There IMHO some important facts missing in the description:

    a) He did not have a Office license, so he downloaded a key generator.

    b) The Kaspersky software would not let him run that generator because it considered it harmful

    c) He disabled Kaspersky, ran the key generator and got his PC infected

    d) He re-enabled Kaspersky, the software detected an infection and began looking for malicious files

    e) The software found the NSA written malware and did exactly what it was supposed to do: it was configured to upload new suspicious files to Kaspersky.

    f) The upload server was under surveillance by the Israeli secret service.

    • by Anonymous Coward

      Why bother running an antivirus if you're just going to disable it to run malicious software in spite of its warnings
      Is NSA really this incompetent that they'd hire a guy like this or is it just a psy-op

      • Comment removed based on user account deletion
      • Why bother running an antivirus if you're just going to disable it to run malicious software in spite of its warnings

        Because a lot of the time the antivirus will "warn" you about software which poses no risk. I've had port scanner and such flagged as "hacking tools" and prevented from running. If you're certain that the software you're about to run doesn't actually pose a risk then it makes sense to temporarily disable the antivirus (or put in an exception rule if possible).

    • b) The Kaspersky software would not let him run that generator because it considered it harmful

      c) He disabled Kaspersky, ran the key generator and got his PC infected

      I'm glad to see that the NSA is hiring "the best and the brightest" when it comes to computer security!

    • Funny. Back in the day I used to run a simple machine in my lab just to use dodgy software. It suffered, as if you can call Windows ME anything else but suffering, so much that it often took hours to boot, more hours to deliver a usable cursor, and days to clean out and recover. Not a record, a client delivered us a Windows ME machine that took 6 hours to boot - we did that just to see. It was unfortunate. Just plugging your ME machine into your Internet router is, was, and always has been spectacularly ba

    • by mea2214 ( 935585 )
      This is fascinating if true. Why would the NSA of all places allow anything to be uploaded to Kaspersky or anyone outside their network without manual sign off? Do their Windows 10 boxes all send telemetry back to Microsoft?
    • if true, he's more of an idiot than i suspected...but then he did work for the gubmnt...
  • Promotion (Score:3, Funny)

    by mentil ( 1748130 ) on Wednesday September 26, 2018 @05:33AM (#57377876)

    Pho said in court he took the materials home so he could put in more work to earn a promotion

    He went from an NSA employee to a convicted felon. That's a promotion in status in my eyes.

  • Kaspersky has acknowledged that its software lifted hacking tools from a home computer in 2014 but said it wasn't part of an intentional effort to steal information from the NSA

    just a lucky break for the Russians then....

  • by Anonymous Coward on Wednesday September 26, 2018 @05:49AM (#57377906)

    Yah. Perverse work morale.

    I do feel sorry for this guy. OTOH, I hope he learns the lesson: If you kill yourself at work, your boss won't give a shit. If you don't kill yourself at work, (s)he won't, eiter. What to do?

    Kill your boss, of course.

    • The government discourages working more than 40 hours a week. It is illegal for the government to accept charity, not sure if this guy was a contractor but working more than your allotment is not allowed.
  • Lesson learned (Score:5, Interesting)

    by bobstreo ( 1320787 ) on Wednesday September 26, 2018 @06:42AM (#57378008)

    NEVER TAKE WORK HOME!

    And nobody was interested if his name is pronounced Fa?

    The lack of any apparent controls at the NSA regarding removing classified information should cause some serious investigations of the agency and it's processes.

    • by mi ( 197448 )

      NEVER TAKE WORK HOME!

      And honestly pay for the software you want to use... Seriously, for all the abundance of comments here, no one mentioned the inherent dishonesty of his trying to crack Microsoft Office — and getting burned by the "free" tool he used to do it...

  • Clinton (Score:1, Troll)

    and yet Hilary Clinton gets nothing for her doing the same. Wakeup people, we have two different sets of laws, one for us, the little people, and one for our Lords and Ladies. Just like insider trading is illegal for you and I, but our elected officials are only requested to let us know when they do it!

No spitting on the Bus! Thank you, The Mgt.

Working...