Former NSA employee sentenced to 66 months for taking home classified info

Nghia Pho was sentenced to 66 months in prison for taking home highly classified NSA hacking tools between 2010 and 2015.
NSA National Security Agency
(CyberScoop / Chris Bing)

Former National Security Agency employee Nghia H. Pho was sentenced to 66 months in prison Tuesday for taking home highly classified NSA hacking tools between 2010 and 2015.

Pho pleaded guilty in December to one count of removal and retention of national defense information. The government was seeking a sentence of 96 months. Pho appeared Tuesday in U.S. District Court for the District of Maryland for the sentencing.

The sentence the government pushed for was based off what it categorized as irreparable harm to national security. Last week, a letter written to the court by former NSA Director Mike Rogers characterized Pho’s actions as having a “significant negative impact” on the agency.

“The fact that such a tremendous volume of highly classified, sophisticated collection tools was removed from secure space and left unprotected, especially in digital form on devices connected to the Internet, left the NSA with no choice but to abandon certain important initiatives, at great economic and operational cost,” Rogers wrote in a letter obtained by Politico.


The government argued for an eight-year sentence to set a deterrent to anyone who may consider similar actions to Pho’s.

“These bad actors need to know there is a stiff price to pay,” said Thomas Windom, assistant U.S. attorney for the District of Maryland.

Pho’s defense was seeking a much smaller sentence, with the possibility of home confinement. Pho a number of family members and friends serve as character witnesses, describing Pho as a devoted family man who has been very active in his community and church.

The defense also noted the difference between the government’s requested penalty and that which was given to former CIA director David Petraeus for a similar crime. In 2015, Petraeus avoided jail time — sentenced to two years probation and $100,000 fine — for leaking classified military information to a biographer with whom he was having an affair.

The case marks the third instance in the past three years in which a NSA employee or contractor had been charged with mishandling classified information. In October 2016, it was revealed that an NSA contractor, Harold Martin, had approximately 50 terabytes worth of classified data in his Maryland home. It was reported in January that Martin would plead guilty, but no plea has been entered.


Another contractor, Reality Winner, was arrested after leaking a classified report on Russian hacking aimed at the 2016 election. Winner was sentenced in August to more than five years in prison.

Pho’s case was made public last October, when a Wall Street Journal story stated that Russian state-backed hackers stole tools from Pho after he put the tools on a personal computer.

Further exacerbating the case is the trove of NSA tools that were leaked to the public by a mysterious unidentified hacking group known as the Shadow Brokers.  The group, still being investigated by the government, dumped sophisticated code that had been used by the agency for a number of different operations.

Those tools have been co-opted into various ransomware attacks that crippled hospitals, pharmaceutical firms, shipping companies and other businesses since being publicly dumped.

It is unknown if Pho’s case is in any way related to the trove of tools leaked by the Shadow Brokers.


“My office and federal investigators will continue to investigate and prosecute these types of offenses in order to make sure that classified information and our national security are properly safeguarded,” said Robert Hur, the U.S. Attorney for the District of Maryland.

Correction, 9/25/18: This story has been corrected to state that the connection of Pho’s case to the Shadow Brokers is unclear.

Greg Otto

Written by Greg Otto

Greg Otto is Editor-in-Chief of CyberScoop, overseeing all editorial content for the website. Greg has led cybersecurity coverage that has won various awards, including accolades from the Society of Professional Journalists and the American Society of Business Publication Editors. Prior to joining Scoop News Group, Greg worked for the Washington Business Journal, U.S. News & World Report and WTOP Radio. He has a degree in broadcast journalism from Temple University.

Latest Podcasts