Nmedia - Fotolia

Ex-NSA employee pleads guilty to removing classified data

The former NSA employee reportedly responsible for exposing classified data to Russian government hackers pleaded guilty and faces a maximum of 10 years in prison.

An ex-NSA employee pleaded guilty Friday to illegally removing classified government data from the agency and storing it at his home over a period of five years.

Nghia Hoang Pho, 67, pleaded guilty to the charge of willful retention of national defense information in connection with a major NSA leak. As an NSA employee, Pho worked in the agency's Tailored Access Operations (TAO) from 2006 to 2016. According to the U.S. Department of Justice, he had "various security clearances" and worked on "highly classified, specialized projects" for TAO, which is the agency's hacking and cyber-intelligence unit.

Anonymous government officials in several news outlets claim Pho is the NSA employee who reportedly brought home classified materials and hacking tools from the agency in 2015, which were then stolen by state-sponsored Russian hackers. The news reports also claim Pho's computer had Kaspersky Lab antivirus software on it, which government officials had previously claimed was used by Russian hackers to search for U.S. government data.

Last month Kaspersky admitted that it uploaded classified government materials along with Equation Group malware from a user's system in 2014 following routine antivirus scans that were initially set off by an active backdoor Trojan on the computer. The company said it deleted the uploaded government data, which included classified materials, after CEO Eugene Kaspersky was informed of the situation.

The court documents and DoJ statement do not mention Kaspersky, nor do they reference any third-party intrusion or hack of Pho's home computer.

The New York Times reported that anonymous government officials said Pho took the classified data home so he could rewrite his resume. However, according the Justice Department, Pho removed and retained U.S. government documents starting in 2010 through March of 2015.

The plea agreement is dated Oct. 11, which is about a week after The Wall Street Journal first reported an NSA leak that had exposed government data to Russia hackers. It's unclear when Pho was arrested and when his tenure with the TAO group came to an end. According to the information against Pho, he was first charged in March of 2015. However, the plea agreement says Pho was an NSA employee "continuing through in or about 2016."

Pho is scheduled to be sentenced on April 6. He faces a maximum of 10 years in prison. 

Dig Deeper on Security operations and management