NSA Employee Pleads Guilty To Stealing Classified Information

A former National Security Agency employee admitted on Friday 1st December, that he had illegally taken from the agency classified documents believed to have subsequently been stolen from his home computer by hackers working for Russian intelligence.

Nghia Pho, 67, has pleaded guilty to one count of willful retention of national defense information, an offense that carries a possible 10-year sentence. Prosecutors agreed not to seek more than eight years, however, and Mr. Pho’s attorney, Robert C. Bonsib, will be free to ask for a more lenient sentence. He remains free while awaiting sentencing on April 6.

Mr. Pho had been charged in secret, though some news reports had given a limited description of the case. Officials unsealed the charges on Friday, resolving the long-running mystery of the defendant’s identity.

Although the documents don't make it clear exactly what specific classified data and records were taken, beyond hard copy and digital files stored in Pho's residence, several earlier reports have pointed to hacking tools developed for offensive operations launched by the NSA, such as targeting foreign networks and systems for conducting surveillance.

Mr. Pho, who worked as a software developer for the NSA, was born in Vietnam but is a naturalised United States citizen. Prosecutors withheld from the public many details of his government work and of the criminal case against him, which is linked to a continuing investigation of Russian hacking. But in court documents, prosecutors did disclose that he worked from 2006 to 2016 for the NSA’s “Tailored Access Operations.” The unit, whose name has now been changed to Computer Network Operations, is the NSA’s fastest-growing component. 

Its hackers break into foreign computer networks to gather intelligence, often leaving behind software implants that continue to collect documents and other data and forward it to the agency for months or years.

Prosecutors said that from 2010 until March 2015, Mr. Pho began removing classified documents and writings. He kept those materials, some in digital form, at his home in Maryland, according to prosecutors. It appears he was charged in March 2015.

Mr. Pho is one of three NSA workers to be charged in the past two years with mishandling classified information, a dismal record for an agency that is responsible for some of the government’s most carefully guarded secrets.

The leaks have come to light as investigators scramble to trace the source of an even worse breach of NSA security: the public release of the agency’s hacking tools by a still-unidentified group calling itself the Shadow Brokers. Some of those tools have been subsequently used for “ransomware” attacks that shut down or disrupted businesses, hospitals, railways and other enterprises around the world this year.

Government officials, who would speak of the classified details of the case only on condition of anonymity, said that Mr. Pho took the classified documents home to help him rewrite his resume. 

But he had installed on his home computer antivirus software made by Kaspersky Lab, a top Russian software company, and Russian hackers are believed to have exploited the software to steal the documents, the officials said. It is not clear whether anyone at Kaspersky Lab was aware of the document theft. The company has acknowledged finding NSA hacking software on a customer’s computer and removing it, but says the material was subsequently destroyed. It has denied that it works with Russian intelligence.

The sensitivity of the case was evident on Friday, when one courtroom official described the charges against Mr. Pho as “super-sealed” before the hearing. The aggressive hacking of American targets by the Russian government, including the Democratic National Committee during last year’s election campaign, is a high-priority concern for the United States, and forensic information from Mr. Pho’s computer might provide useful clues.

In addition to Mr. Pho, an NSA contractor, Harold T. Martin III, was arrested last year after FBI agents found some 50 terabytes of data and documents that he had taken from the NSA and other agencies over 20 years. The material was stuffed into a garden shed and car, among other places, and investigators have considered the possibility that the Shadow Brokers might have obtained the hacking tools from Mr. Martin, who had also worked at one point for agency’s Tailored Access Operations.

A contract linguist who worked for the NSA in Georgia, Reality Winner, was arrested in June and charged with providing a single NSA document to the online publication The Intercept. Both Mr. Martin and Ms. Winner are being held awaiting trial.

New York Times:     ZDNet

You Might Also Read:

The US National Security Agency Is On The Ropes:

Russian Spies Used Kaspersky Anti-V To Hack NSA:

UK National Cyber Security Centre Has Not Certified Kaspersky:

We Are In A New Era Of Espionage:

Cyberspies: The Secret History of Surveillance, Hacking And Digital Espionage:

 


 

 

« Paying For The UK’s Cyber War With Russia
British Police Lose Phone & Web Search Powers »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Cyber Technology Institute - De Montfort University

Cyber Technology Institute - De Montfort University

The Cyber Technology Institute provides training and high quality research and consultancy services in the fields of cyber security, software engineering and digital forensics.

CyberPolicy

CyberPolicy

CyberPolicy is a cyber protection solution for small businesses. It combines three important components against cyber threats - Cyber Plan, Cybersecurity and Cyber Insurance.

Enosys Solutions

Enosys Solutions

Enosys Solutions is an IT security specialist with a skilled professional services team and 24x7 security operations centre servicing corporate and public sector organisations across Australia.

Vulcan Cyber

Vulcan Cyber

At Vulcan, we’re modernizing the way enterprises reduce their cyber risk. From detection to resolution, we automate and orchestrate the vulnerability remediation process dynamically and at scale.

Vumetric Cybersecurity

Vumetric Cybersecurity

Vumetric is an ISO9001 certified company offering penetration testing, IT security audits and specialized cybersecurity services.

Stairwell

Stairwell

Stairwell is building a new approach to cybersecurity around a vision that all security teams should be able to determine what’s good, what’s bad, and why.

SilverSky

SilverSky

SilverSky offers a comprehensive suite of products and services that deliver unprecedented simplicity and expertise for compliance and cybersecurity programs.

US Army Cyber Command (ARCYBER)

US Army Cyber Command (ARCYBER)

US Army’s Cyber Command (ARCYBER) is engaged in the real-world cyberspace fight today, against near-peer adversaries, ISIS, and other global cyber threats.

Periculus

Periculus

Periculus makes managing digital risk simple. Its integrated platform offers access to purchase cyber insurance and cyber security solutions uniquely tailored to fit the needs of every business.

KT Secure

KT Secure

KTSecure’s mission is to provide proven and productive cyber security solutions and managed services, backed by our highly qualified and passionate team of experts.

MoogleLabs

MoogleLabs

MoogleLabs leverage AI/ML, Blockchain, DevOps, and Data Science to come up with the best solutions for diverse businesses.

Advent One

Advent One

Advent One are recognised for solving intricate dilemmas, not only making technology work but building foundations that customers can grow upon in an effective and secure way.

Quartz Network

Quartz Network

Quartz Network is a curated community for change-makers, up-and-comers, and professionals who are ready to grow, adapt, and thrive.

Ping Identity

Ping Identity

At Ping Identity, we believe in making digital experiences both secure and seamless for all users, without compromise. That’s digital freedom.

NexusTek

NexusTek

NexusTek is a managed IT services provider with a comprehensive portfolio comprised of end-user services, cloud, infrastructure, cyber security, and IT consulting.

Mediatech

Mediatech

Mediatech, specialized in managed Cybersecurity and Cloud services, a single point of contact for your company's IT and infrastructure.