News Kaspersky offers timeline for NSA document breach

Moral of the story: If you are developing malware and don't want it sent to the antivirus lab for analysis, you should PROBABLY disable the "send malware samples back for analysis" option.

 

Why would you as a CEO order the immediate deletion of the source code?

 

As pretty much everyone in the security industry expected all along.

Because it comes under "**** we do NOT want to deal with", and as evidenced by the news flurry they weren't fast enough.

 

Other moral of the story - If you're contracted by the NSA, and have access to sensitive information, don't use keygen apps to try and pirate software. WTF!

 

And more importantly: don't download yet-to-be-deployed malware toolkits and their documentation onto your home machine!

 

I wonder where this ranks on a scale of 'fired' to 'Snowden'?

 

Definitely. That was a hilarious WTF in there.

 

Expect many of those people working in IT security and in National Security bodies be like this: lone wolfs believing they can do many risky actions and nothing happens or being totally unaware of risks.
Some links:
https://www.wired.com/2012/07/ff_kaspersky/
https://www.kaspersky.com/blog/internal-investigation-preliminary-results/19894/
https://www.theregister.co.uk/2017/10/25/kaspersky_nsa_keygen_backdoor_office/

These stories tell Karspersky happened to expose some NSA operations hacking nuclear plants in Iran, when he analyzed some nasty virus that really were NSA cyber-weapons, some years ago. They also tell how how near is he to Putin's government and how he failed to acknowledge some cyber attacks to Putin's opponents.

It is told there Symantec didn't have those double standards.