Ex-NSA worker pleads guilty to taking data involved in Russian hack
The NSA hasn’t been having the best week when it comes to security, but it’s getting at least some closure. A former employee, now known as Nghia Pho, has pleaded guilty to bringing home classified data that was later stolen in a hack linked to Russian intelligence. Pho is expected to face prison time when he’s sentenced on April 6th, but prosecutors have capped the maximum penalty to 8 years (versus the typical 10) and are open to calls for a lighter sentence given the non-malicious nature of the case.
Pho took a mix of digital and physical info home between 2010 and 2015. According to New York Times sources, he was using it to rewrite his resume — this was intentional, but not spiteful. The Russian hackers reportedly exploited the Kaspersky antivirus software on his PC to take data, but it’s not clear that Kaspersky was aware of what happened. The company previously acknowledged that it briefly held some NSA data, but there’s no word on whether or not it held that data.
The plea is only going to help so much when the NSA has bigger fish to fry, such as the Shadow Brokers leaks (there’s no indication that Pho is connected). It does show that the agency is racing to crack down on the multiple leaks it has suffered over recent months and years, however. The effort might also serve as a warning shot to NSA staff that may be tempted to leave with data, even if it’s for innocuous reasons.