Ex-NSA worker stole classified data, related to Kaspersky incident

News by Robert Abel

A former NSA employee pleaded guilty to taking classified national defence information that was later stolen by Russian spies.

A former NSA employee pleaded guilty to taking classified national defence information that was later stolen by Russian spies.

Authorities said between 2010 and 2015, Nghia Hoang Pho, 67, of Ellicott City, Maryland removed and retained US government documents and writing that contained national defence information, including information classified as Top Secret and Sensitive Compartmented Information, according to a DOJ press release.

Pho had worked for the NSA as a tailored access operations (TAO) software developer and was involved in operations that gathered data from specific targets, foreign automated information systems or networks.

Anonymous government officials told The New York Times Pho took the documents to help "rewrite his resume" and had installed them onto a computer using Kaspersky Lab antivirus software, the same security software believed to have been exploited by Russian hackers to steal the documents.

It's unclear whether or not anyone at Kaspersky Lab was aware of the theft, though the company has acknowledged finding and removing NSA hacking software on one customer's computer adding the material was subsequently destroyed.

This information has come to light as investigators look to trace the source of the NSA security breach which led to the Shadow Brokers releasing the agency's hacking tools. Pho is one of three NSA workers to be charged in the past two years with mishandling classified records.

Last year, NSA contractor, Harold T Martin III, was arrested after FBI agents found about 50 terabytes of data and documents that he had taken from the NSA. and other agencies over 20 years. In addition, NSA contract linguist Reality Winner, was arrested in June and charged with providing a single NSA document to The Intercept

A courtroom official described the charges against Pho as “super-sealed” before the hearing emphasising the sensitivity of the incident. Pho faces a maximum sentence of 10 years in prison but as a condition of the plea, the prosecutor agreed not to seek more than eight years while Pho's attorney is asking for a six year maximum. 


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews

Interview - Everyone has an Achilles heel: The new security paradigm

How can we defend networks now that the perimeter has all but disappeared?
Brought to you in partnership with ExtraHop