NSA Employee Pleads Guilty to Willful Retention of National Defense Information

(DOJ, 1 DEC 2017) Nghia Hoang Pho, 67, of Ellicott City, Maryland, pleaded guilty today to willful retention of national defense information.

Acting Assistant Attorney General for National Security Dana J. Boente, Acting U.S. Attorney Stephen M. Schenning for the District of Maryland and Special Agent in Charge Gordon B. Johnson of the FBI’s Baltimore Field Office made the announcement.

According to his plea agreement, beginning in April 2006, Pho was employed as a Tailored Access Operations (TAO) developer for the National Security Agency (NSA). The NSA’s TAO involved operations and intelligence collection to gather data from target or foreign automated information systems or networks and also involved actions taken to prevent, detect, and respond to unauthorized activity within Department of Defense information systems and computer networks, for the United States and its allies.

In connection with his employment, Pho held various security clearances and had access to national defense and classified information. Pho also worked on highly classified, specialized projects. According to the plea agreement, beginning in 2010 and continuing through March 2015, Pho removed and retained U.S. government documents and writings that contained national defense information, including information classified as Top Secret and Sensitive Compartmented Information. This material was in both hard copy and digital form, and was retained in Pho’s residence in Maryland.

U.S District Judge George L. Russell has scheduled sentencing for April 6, 2018 at 10 a.m.

Pho faces a maximum sentence of 10 years in prison. The maximum statutory sentence is prescribed by Congress and is provided here for informational purposes. If convicted of any offense, the sentencing of the defendant will be determined by the court based on the advisory Sentencing Guidelines and other statutory factors.

Acting Assistant Attorney General Boente and Acting U.S. Attorney Stephen M. Schenning commended the FBI and the NSA for their work in the investigation. This case is being prosecuted by national security prosecutors in the District of Maryland and the Counterintelligence and Export Control Section of the Justice Department’s National Security Division.

Download Pho Information

Download Pho Plea Agreement

Ellicott City man, former NSA employee pleads guilty to taking classified information home (Baltimore Sun)

An Ellicott City man and former employee of the National Security Agency pleaded guilty Friday in federal court in Baltimore to removing classified documents and bringing them home — the latest in a series of similar breaches at the spy agency to be publicly revealed.

Nghia Hoang Pho, 67, removed the documents over a period of five years ending in 2015, according to a plea agreement made public by the Justice Department. The material is reportedly believed to have been stolen from his computer by Russian hackers exploiting his personal antivirus software.

Pho took the documents home to help him write his resume but hackers are believed to have accessed them through antivirus software made by Kaspersky Lab, The New York Times reported Friday based on interviews with unnamed government officials.

The alleged hack had been previously reported by the Times, The Wall Street Journal and others, but the employee’s identity had not previously been revealed.

The Trump administration ordered federal agencies in September to remove the Kaspersky software from its computers, and Congress has held several hearings on the company.

Kaspersky executives have repeatedly denied allegations that the company is working with Russian intelligence.

Pho pleaded guilty to one count of willful retention of national defense information, which prosecutors said carries a maximum sentence of 10 years in prison. . . (read more)

Nghia Hoang Pho, former NSA employee, pleads guilty to retaining top-secret intelligence (Washington Times)

A former employee of the U.S. National Security Agency’s elite hacking team has pleaded guilty in connection with mishandling top-secret documents reportedly stolen afterwards by Russian hackers.

Nghia Hoang Pho, 67, pleaded guilty in a Baltimore federal court Friday to a single count of willfully retaining national defense information in violation of federal law, the Department of Justice announced afterwards.

Pho was hired in 2006 as a developer for the NSA’s Tailored Access Operations (TAO) team, and from 2010 through 2015 he brought home both hard copies and digital versions of sensitive documents containing closely held secrets, the Justice Department said in a statement. . . . (read more)


A SERIES OF leaks has rocked the National Security Agency over the past few years, resulting in digital spy tools strewn across the web that have caused real damage both inside and outside the agency. Many of the breaches have been relatively simple to carry out, often by contractors like the whistleblower Edward Snowden, who employed just a USB drive and some chutzpah. But the most recently revealed breach, which resulted in state secrets reportedly being stolen by Russian spies, was caused by an NSA employee who pleaded guilty Friday to bringing classified information to his home, exposing it in the process. And all, reportedly, to update his resume.

The Justice Department Friday announced that Nghia Hoang Pho, a 67-year-old from Ellicott City, Maryland, has admitted to willful retention of national defense information. He’ll face up to 10 years in prison, but is free until his sentencing in early April. Pho is a naturalized United States citizen originally from Vietnam. Pho illegally mishandled classified information in spite of being an agent in the NSA’s elite Tailored Access Operations foreign hacking group (now called Computer Network Operations) from 2006 to 2016. Though it’s somewhat astonishing that someone with his position and training would cause such a basic breach, Pho brought classified data and paper documents to his home between 2010 and 2015. The New York Times, which originally reported on Pho’s case before his identity was known, notes that he seems to have been charged in March 2015. . . . (read more)

Ex-U.S. NSA employee pleads guilty to taking classified documents (Reuters)

A former U.S. National Security Agency employee pleaded guilty on Friday to illegally taking classified information outside the spy agency that an intelligence official said was later stolen from his home computer by Russian hackers.

Nghia Hoang Pho, who worked in the NSA’s elite hacking unit, retained U.S. government documents containing top-secret national defense information between 2010 and March 2015, the Justice Department said.

Pho, a 67-year-old U.S. citizen born in Vietnam, faces up to 10 years in prison. He is not being held by authorities as he awaits his sentencing, which is scheduled for April 6, 2018, in U.S. District Court in Baltimore. . . . (read more)

Former N.S.A. Employee Pleads Guilty to Taking Classified Information (New York Times)

. . . Prosecutors said that from 2010 until March 2015, Mr. Pho began removing classified documents and writings. He kept those materials, some in digital form, at his home in Maryland, according to prosecutors.

It appears he was charged in March 2015.

Mr. Pho is one of three N.S.A. workers to be charged in the past two years with mishandling classified information, a dismal record for an agency that is responsible for some of the government’s most carefully guarded secrets.

he leaks have come to light as investigators scramble to trace the source of an even worse breach of N.S.A. security: the public release of the agency’s hacking tools by a still-unidentified group calling itself the Shadow Brokers. Some of those tools have been subsequently used for “ransomware” attacks that shut down or disrupted businesses, hospitals, railways and other enterprises around the world this year.

Government officials, who would speak of the classified details of the case only on condition of anonymity, said that Mr. Pho took the classified documents home to help him rewrite his resume. But he had installed on his home computer antivirus software made by Kaspersky Lab, a top Russian software company, and Russian hackers are believed to have exploited the software to steal the documents, the officials said. . . . . (read more)

NSA employee who worked on hacking tools at home pleads guilty to spy charge (Washington Post)

A National Security Agency employee who worked at home without authorization on sensitive hacking tools pleaded guilty Friday to violating the Espionage Act — a security breach that the agency was tipped off to by Israeli cyberspies.

Federal prosecutors said they will seek an eight-year sentence for Nghia Hoang Pho, 67, of Ellicott City, Md., for willful detention of national defense information.

Pho’s case is noteworthy not only because it is one of several significant breaches at the NSA but also because he was using anti-virus software from a Russian firm on his computer — software the agency never deployed on its computers for fear it could enable Russian government spying.

The U.S. government and Congress this year have moved to ban the use of Kaspersky Lab anti-virus products from federal government computers.

Pho, a naturalized citizen, worked as a developer in Tailored Access Operations (TAO), the agency’s elite hacking unit, which gathers intelligence by penetrating the computers of foreign governments and other targets overseas. The unit is now called Computer Network Operations.

He held various clearances, and former officials said he had no malicious intent in working on the tools at home. But the breach violated protocols and conditions for holding a security clearance. According to a court document, from 2010 to March 2015, Pho removed classified material in hard copy and digital form. . . . (read more)

Threats are Out There