Nghia Hoang Pho took the files - which included NSA malware tools - home to work on them in the hope, he says, of winning promotion. However, the files were apprehended by the anti-virus software the 68-year-old NSA employee was running on his home PC, and exfiltrated back to Kaspersky Lab's base for analysis.
Pho was the source of
claims back in October 2017 that Kaspersky's anti-virus software network had been used to identify and exfiltrate NSA malware. That malware was
identified as Equation Group malware - a family of nation state malware believed to have been created by the NSA.
Kaspersky claims its software was not doing anything that every other anti-virus software package doesn't also do - uploading suspicious files identified during routine PC anti-virus scans for analysis by security specialists back at base.
