NSA staffer takes top-secret hacking tools home ‘to study’, gets 66 months

Taking work-related documents home to study might get you a promotion and pay raise at some jobs, but not when your employer is the National Security Agency (NSA) – and most certainly not when those materials are classified.

Former NSA employee Nghia Hoang Pho, 68 – a naturalized US citizen who was originally from Vietnam but who’d been living in Ellicott City, Maryland – was sentenced last week to 66 months in prison plus three years of supervised release for willful retention of classified national defense information.

According to the Department of Justice (DOJ), Pho removed “massive troves” of highly classified national defense information without authorization and kept it at his home.

Pho worked as a developer in the NSA’s hacking group, otherwise known as Tailored Access Operations (TAO). He was due to retire in a few years, and as he said in a letter to the judge, he wanted to do so at a higher pay grade so as to increase his pension payments.

Pho says that he took home the classified hacking software tools and documents – which he stashed in various places around his house – in order to get a better performance review. He felt that he needed a boost, given that his English was shaky and he had limited social skills: impediments that kept him from properly learning about the hacking tools that were part of his job.

So between 2010 and 2015, Pho brought home the top-secret information.

The DOJ didn’t explicitly tie Pho’s crime to the Shadow Brokers having gotten their hacking hands on the TAO’s exploits and tools – tools that the self-styled hacking group put up for head-scratching and largely laughed-at auctions in 2016 – but the timing matches up. The Feds aren’t saying anything about that though, undoubtedly for very good reason: the compromised material has nullified years of signals intelligence as it is.

Ars Technica quoted from a letter sent to the court in March from former NSA Director Admiral Mike Rogers, who told Judge George Russell that the removed materials “had significant negative impacts on the NSA mission, the NSA workforce, and the Intelligence Community as a whole.” He said that the materials that Pho removed included (link added):

Some of NSA’s most sophisticated, hard-to-achieve, and important techniques of collecting [signals intelligence] from sophisticated targets of the NSA, including collection that is crucial to decision makers when answering some of the Nation’s highest-priority questions… Techniques of the kind Mr. Pho was entrusted to protect, yet removed from secure space, are force multipliers, allowing for intelligence collection in a multitude of environments around the globe and spanning a wide range of security topics. Compromise of one technique can place many opportunities for intelligence collection and national security insight at risk.

Rogers told the court that the NSA “was left with no choice but to abandon certain important initiatives, at great economic and operational costs.”

We expect better from NSA agents who have sworn to protect national security, US Attorney for the District of Maryland Robert K. Hur said in the DOJ’s press release:

Removing and retaining such highly classified material displays a total disregard of Pho’s oath and promise to protect our nation’s national security. As a result of his actions, Pho compromised some of our country’s most closely held types of intelligence, and forced NSA to abandon important initiatives to protect itself and its operational capabilities, at great economic and operational cost.

Articles You May Like

GitHub Repositories Hit by Password-Stealing Commits Disguised as Dependabot Contributions
Phishing, Smishing Surge Targets US Postal Service
Update on Naked Security
Regulators close investigation into Blue Origin’s New Shepard anomaly
APIs: Unveiling the Silent Killer of Cyber Security Risk Across Industries

Leave a Reply

Your email address will not be published. Required fields are marked *