Ex-NSA employee gets 5.5 years in prison for taking home classified info

A US judge sentenced today a former employee at the National Security Agency to five and a half years in prison for taking classified NSA materials home.

The ex-NSA employee is Nghia Hoang Pho, a 68-year-old man from Ellicott City, Maryland, who worked at the NSA as a member of the Tailored Access Operations (TAO) group, the NSA's hacking unit, since April 2006.

Also: California governor signs country's first IoT security law CNET

According to court documents, US investigators said that Pho started taking classified NSA material, such as documents and hacking tools, home beginning 2010 and up to March 2015, when he was caught.

He was subsequentially charged and he pleaded guilty last December. Prosecutors asked for 96 months, the maximum sentence for his charge of willful retention of national defense information, but today, a Maryland judge decided on a shorter 66-month prison sentence, followed by three years of supervised release.

"Pho's intentional, reckless and illegal retention of highly classified information over the course of almost five years placed at risk our intelligence community's capabilities and methods, rendering some of them unusable," said Assistant Attorney General Demers.

Also: Why the NSA's cyber-weapons leak undermines institutional trust TechRepublic

While the US government never confirmed it, several articles in US media last year claimed that Pho is the NSA employee who took parts of the NSA's hacking arsenal home, tools that were later stolen by Russian intelligence agents via the Kaspersky antivirus installed on Pho's home computer.

Kaspersky denied all US media reports, and in an investigation of its own, the company claimed that Pho's computer was littered with all sorts of malware, which could have very easily been used to steal the very same files.

However, the US government acted on its theory that the Kaspersky Lab company might have been compromised by Russian intelligence agents, and banned its software from government networks, a decision that was followed by bans and recommendations to ditch Kaspersky software in the UK, the Netherlands, and many other places.

Also: Worries arise about security of new WebAuthn protocol

According to a CBS Baltimore reporter who was present in court, Pho said he took top-secret documents and files home so he could do extra work and get a promotion.

Last month, another former NSA employee, Reality Winner, was sentenced to five years in prison for leaking NSA top-secret documents to The Intercept, an online news site.

These are 2018's biggest hacks, leaks, and data breaches

Previous and related coverage:

What is malware? Everything you need to know

Cyber attacks and malware are one of the biggest threats on the internet. Learn about the different types of malware - and how to avoid falling victim to attacks.

Security 101: Here's how to keep your data private, step by step

This simple advice will help to protect you against hackers and government surveillance.

VPN services 2018: The ultimate guide to protecting your data on the internet

Whether you're in the office or on the road, a VPN is still one of the best ways to protect yourself on the big, bad internet.

FBI solves mystery surrounding 15-year-old Fruitfly Mac malware

Fruitfly malware author used port scanning with weak or no passwords to identify potential victims.

Meet Torii, a new IoT botnet far more sophisticated than Mirai variants

The evolving IoT botnet is able to compromise an impressive array of architectures.

Teenage Apple hacker avoids jail for 'hacky hack hack' attack

The self-proclaimed Apple fan stole roughly 90GB of confidential data from the iPad and iPhone maker.

Related stories:

• NSA says searches of Americans' data spiked in 2017
• Pennsylvania Senate Democrats paid $700,000 to recover from ransomware attack
• Man gets two years in prison for sabotaging US Army servers with 'logic bomb'
• What technical skills is NSA looking for?
• Why the 'fixed' Windows EternalBlue exploit won't die
• Remove yourself from people search sites and erase your online presence
• Google secretly logs users into Chrome whenever they log into a Google site
• Python is a hit with hackers, report finds
• Data firm leaks 48 million user profiles it scraped from Facebook, LinkedIn, others
• Port of San Diego suffers cyber-attack, second port in a week after Barcelona