This detailed article explaining how the Shadow Brokers acquired some of the most coveted and sophisticated cyber attack weapons ever developed is quite interesting:
The Justice Department Friday announced that Nghia Hoang Pho, a 67-year-old from Ellicott City, Maryland, has admitted to willful retention of national defense information.
Pho illegally mishandled classified information in spite of being an agent in the NSA’s elite Tailored Access Operations foreign hacking group from 2006 to 2016.
Though it’s somewhat astonishing that someone with his position and training would cause such a basic breach, Pho brought classified data and paper documents to his home between 2010 and 2015.
“In connection with his employment, Pho held various security clearances and had access to national defense and classified information. Pho also worked on highly classified, specialized projects,” the DoJ said in a statement on Friday.
Pho stands out among recent NSA leak culprits in that he specifically worked as a developer for TAO, which would have brought him into contact with a diverse array of sensitive NSA data, systems, and materials.
The case documents don’t give much indication of what types of data and materials Pho took and left on his personal computer.
The frantic investigation into valuable NSA tools stolen by Russian spies indicates that Pho may have exposed more than just resume materials.
This story is about the NSA employee who had installed Kaspersky anti-virus on their home computer, which was then allegedly compromised by Russian operatives.
In a number of presentations I have given about the NSA TAO tools stolen by the Shadow Brokers, I hypothesized the agency was hesitant to publicly comment on the Kaspersky link because of the embarrassment it would cause the NSA. Why one of the NSA’s top TAO operatives thought it was safe to use Kaspersky anti-virus, a product created by a Russian company, is extremely curious. It really makes me wonder what he knows that the rest of us do not.
Disclaimer: I work for McAfee, a Kaspersky competitor.