Security Market Segment LS
Saturday, 02 December 2017 09:00

Third NSA worker pleads guilty to taking secrets home Featured


A Vietnamese American man has pleaded guilty to taking NSA files back home and retaining them there in violation of the rules under which he worked.

Nghia Hoang Pho, 67, of Ellicot City, Maryland, entered a guilty plea on 1 December to the charge of taking national defence information home from 2010 to 2015 and retaining it at his residence.

Pho, a member of the NSA's Tailored Access Operations group, admitted he had kept the information at his residence both in digital form and hard copy formats. He worked as a contractor for the NSA from 2006 onwards.

He faces a maximum term of 10 years in jail and will be sentenced on 6 April 2018.

Pho's guilty plea means that the identity of the unnamed software developer who was arrested in 2015 for stealing NSA files has now been revealed.

After the leaks by NSA contractor Edward Snowden in 2013, three people are known to have been involved in removing NSA material from the agency.

One, Harold Martin, was arrested last year after having taken a massive trove of NSA data home.

Pho is now known to be the second; at the time he was identified in the media as an unnamed software developer, who was said to be a Vietnamese American. He was taken into custody in 2015 after taking hacking tools home. The New York Times claimed this year that date from an NSA worker's PC had leaked to hackers in Russia; this worker is now said to be Pho.

The third person, a woman named Reality Winner, was arrested after leaking a single NSA document to The Intercept this year.

The leak of NSA files to the group known as the Shadow Brokers, which came to light when the latter made the files openly available  in August last year, has been alleged to have been from Pho's computer.

A report from Kaspersky Lab in October said Pho had the company's anti-virus software running on his PC, but appeared to have turned it off in order to run a key generator so he could install a pirated copy of Microsoft Office; had the A-V not been turned off, it would not have allowed the key generator to be run.

Later, when he turned the anti-virus back on, it had run a scan on his computer, and since Kaspersky Security Network was running, it had submitted samples of suspected NSA malware code present on his machine to Kaspersky's servers for analysis. Like any A-V solution, the software uploads suspicious files to a server for later analysis and when it encountered the NSA files on Pho's machine, it did the same.

How the Russians obtained these exploits has never been made clear with allegations in the media that after they reached Kaspersky's Moscow offices, they were handed over to government hackers. Kaspersky has denied handing over any files.

Pho's plea also puts paid to theories being floated that the person who leaked NSA files to the Shadow Brokers was a man of Russian origin. As iTWire has pointed out, this theory was floated by former Washington Post employee Brian Krebs.


You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer


QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.



iTWire can help you promote your company, services, and products.


Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments