Nghia Hoang Pho, 68, of Ellicott City, Maryland—who worked as a developer with Tailored Access Operations (TAO) hacking group at the NSA since April 2006—held various security clearances and had access to national defense and classified information.
The personal Windows computer on which Pho stored the classified documents and tools was running Kaspersky antivirus software, which was then allegedly used, one way or another, by Russian hackers to steal the documents in 2015.
Though Kaspersky Lab consistently denied any direct involvement in helping Russian intelligence agencies to pilfer sensitive secrets, the United States government banned federal agencies from using Kaspersky antivirus software over spying fears.
In response, Kaspersky Labs conducted an internal investigation and revealed that the NSA worker's computer had already been infected with Mokes backdoor, also known as Smoke Loader—an information-stealing backdoor Trojan—which came pre-installed with a pirated version of Microsoft Office software.
Pho was caught and arrested in 2015 following the Shadow Brokers leaks of several Equation Group hacking tools, but neither the NSA nor the DOJ has made any statements that directly link Pho to the Shadow Brokers leaks.
However, taking classified documents at home is a clear violation of known security procedures—and in this process, Pho eventually exposed the top-secret information to Russian spies.
"Pho removed and retained U.S. government property, including documents and writings that contained national defense information classified as Top Secret and SCI," Pho's Plea agreement reads. "This material was in both hard copy and digital form, and was kept in a number of locations in Pho's residence in Maryland."
"As a result of his actions, Pho compromised some of our country's most closely held types of intelligence, and forced NSA to abandon important initiatives to protect itself and its operational capabilities, at great economic and operational cost," said US Attorney Robert Hur.
Pho was pleaded guilty in a U.S. district court in Baltimore in October 2017. Now, almost after a year, Pho sentenced on Tuesday to 66 months in prison to one count of willful removal and retention of national defense information.
Pho will also be required to undergo 3 years of supervised release after completing his 5-and-a-half years prison sentence.
Last month, another ex-NSA contractor, Reality Winner, was sentenced to 5 years and three months in prison for leaking a classified report on Russian hacking of the 2016 United States presidential election to an online news outlet last year.