Security Market Segment LS
Wednesday, 26 September 2018 07:52

Ex-NSA hacker gets 5½ years for taking exploits home

Ex-NSA hacker gets 5½ years for taking exploits home Pixabay

A former member of the NSA's elite Tailored Access Operations unit has been sentenced to 5½ years in jail, followed by three years of supervised release, for what the US Justice Department has characterised as "willfull retention of classified national defence information".

Vietnamese American Nghia Hoang Pho, 70, of Ellicot City, Maryland, entered a guilty plea on 1 December 2017 to the charge of taking national defence information home from 2010 to 2015 and retaining it at his residence.

Prosecutors had sought a jail term of at least eight years for Pho, while his own counsel had request no jail time, but a long period of home confinement. Pho has claimed he took the classified material home so he could craft a review that would bring a pay hike which would increase his income when he retired.

There had been hints after Pho's arrest that he may be the source who unwittingly leaked NSA exploits to a group known as Shadow Brokers which exposed them on the Web.

No connection was shown between Pho and the Shadow Brokers, but there has been at least one media report that claimed exploits from Pho's PC had been exfiltrated by Russian hackers who then released them, either through the Shadow Brokers or by themselves under the same name.

The NSA exploits are claimed to have leaked to the Russians through Pho's use of Kaspersky Lab's anti-virus software; like any A-V solution, the software uploads suspicious files to a server for later analysis and when it encountered the NSA files on this man's machine, it did the same.

How the Russians obtained these exploits is a mystery though the obvious implication has been that after they reached Kaspersky's Moscow offices, they were handed over to government hackers. Kaspersky has denied any involvement.

One more ex-NSA man, Harold Martin, is yet to be sentenced after being arrested for a similar offence as Pho: taking NSA data home. Martin pleaded guilty to the charge of illegal retention of information relating to US national security in January.

Announcing Pho's sentence, Assistant Attorney-General for National Security John Demers said: "Pho’s intentional, reckless and illegal retention of highly classified information over the course of almost five years placed at risk our intelligence community’s capabilities and methods, rendering some of them unusable.

“Today’s sentence reaffirms the expectations that the government places on those who have sworn to safeguard our nation’s secrets."

US Attorney for the District of Maryland Robert Hur said: “Removing and retaining such highly classified material displays a total disregard of Pho’s oath and promise to protect our nation’s national security.

“As a result of his actions, Pho compromised some of our country’s most closely held types of intelligence, and forced NSA to abandon important initiatives to protect itself and its operational capabilities, at great economic and operational cost.”

Special Agent in Charge Gordon Johnson of the FBI’s Baltimore Field Office said: “The privilege of working for the US Intelligence Community requires strict adherence to laws governing the lawful secrecy of its work.

“We cannot have a functioning Intelligence Community without the protection of sources and methods, and taking classified information and placing it in a vulnerable setting has profound and often disastrous consequences.

"This case is a clarion call to all security clearance holders to follow the law and policy regarding classified information storage. The FBI will leave no stone unturned to investigate those who compromise or mishandle classified information.”


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments