Nghia Hoang Pho, former NSA developer, sentenced for willful retention of classified material

Nghia Hoang Pho, a former software developer for the U.S. National Security Agency, was sentenced Tuesday in connection with removing classified material from NSA headquarters in Fort Meade, Maryland.

Pho was ordered to spend 5.5 years behind bars during a hearing held in Baltimore federal court, capping off a curious case that raised questions about possible ties existing between the former NSA employee and leaks of the agency’s highly capable hacking tools.

A naturalized immigrant from Vietnam, Pho was hired by the NSA in 2006 and employed through 2015 as a developer for its Tailored Access Operations (TAO) division, a specialized unit responsible for conducting offensive cyber-operations in support of the agency’s international eavesdropping efforts.

The Department of Justice announced last year that a search of Pho’s residence uncovered roughly five years’ worth of hard copies and digital versions of classified material — including national defense information categorized as Top Secret — that he was not authorized to possess outside of his workplace.

Pho’s attorneys claimed that he had no malicious goal in bringing his material home from work, but the government said his conduct resulted in the compromise of critical material.

“Pho’s intentional, reckless and illegal retention of highly classified information over the course of almost five years placed at risk our intelligence community’s capabilities and methods, rendering some of them unusable,” said John C. Demers, assistant attorney general for national security.

“As a result of his actions, Pho compromised some of our country’s most closely held types of intelligence, and forced NSA to abandon important initiatives to protect itself and its operational capabilities, at great economic and operational cost,” U.S. Attorney Robert Hur said in a statement Tuesday.

The Wall Street Journal first reported last year that Russian state-sponsored hackers were able to steal NSA material by hacking into the home computer of a U.S. government employee who had installed anti-virus software developed by Kaspersky Lab, a Moscow headquartered security firm, and The Washington Post subsequently reported that the NSA employee had worked for TAO through 2015.

Hacking tools allegedly developed by the TAO were leaked online in 2016 and 2017 by a person or persons using the name “Shadow Brokers,” and some of those tools were subsequently repurposed and incorporated into viruses including the debilitating WannaCry worm that crippled computers in over 150 countries last year.