The Department of Justice announced Tuesday that a former National Security Agency employee had been sentenced to five and a half years in prison for the "willful retention of classified national defense information."
Nghia Hoang Pho worked as a developer in the NSA Office of Tailored Access Operations beginning in April 2006. The Justice Department previously described the role as involving "operations and intelligence collection to gather data from target or foreign automated information systems or networks and also involved actions taken to prevent, detect, and respond to unauthorized activity within Department of Defense information systems and computer networks, for the United States and its allies."
Pho was found to have removed volumes of electronic and hard copy information from his place of employment and brought it home, in direct contravention of NSA policy. In his plea agreement, Pho said he was aware he lacked authorization to remove the sensitive defense documents.
John C. Demers, assistant attorney general for national security, announced the sentence. "Pho’s intentional, reckless and illegal retention of highly classified information over the course of almost five years placed at risk our intelligence community’s capabilities and methods, rendering some of them unusable," Demers said.
Robert K. Hur, Maryland's U.S. attorney, said that "[r]emoving and retaining such highly classified material displays a total disregard of Pho’s oath and promise to protect our nation’s national security."
The story first made headlines in October 2017, when the Chicago Tribune reported Russian-linked Kaspersky had accessed NSA files through what they believed to be a Vietnamese national’s computer. Author and former CIA employee Christopher Burgess reported Pho was targeted because of the investigation into Russia's targeting of the NSA. "Pho, now identified, apparently came to the attention of the NSA through the investigation into Russian targeting of the NSA. His laptop, having been compromised by Kaspersky, actually demonstrated to the NSA that they had a security leak, and the subsequent internal damage investigation may have identified Pho and his unique access to specific offensive malware," Burgess wrote.
Pho's case is an indication of the extent to which foreign intelligence operations have sought to both develop cooperating assets in the United States and exploit unsuspecting individuals.
Pho previously held several clearances, including top secret and top secret/sensitive compartmented information. Pho is a naturalized U.S. citizen and resident of Ellicott City, Maryland.