NSA employee who brought hacking tools home sentenced to 66 months in prison
Nghia Hoang Pho, a 68-year-old former National Security Agency employee who worked in the NSA's Tailored Access Operations (TAO) division, was sentenced today to 66 months in prison for willful, unauthorized removal and retention of classified documents and material from his workplace—material that included hacking tools that were likely part of the code dumped by the individual or group known as Shadowbrokers in the summer of 2016.
Pho, a naturalized US citizen from Vietnam and a resident of Ellicott City, Maryland, had pleaded guilty to bringing home materials after being caught in a sweep by the NSA following the Shadowbrokers leaks. He will face three years of supervised release after serving his sentence. His attorney had requested home detention.
In a letter sent to the court in March, former NSA Director Admiral Mike Rogers told Judge George Russell that the materials removed from the NSA by Pho "had significant negative impacts on the NSA mission, the NSA workforce, and the Intelligence Community as a whole." The materials Pho removed, Rogers wrote, included:
[S]ome of NSA's most sophisticated, hard-to-achieve, and important techniques of collecting [signals intelligence] from sophisticated targets of the NSA, including collection that is crucial to decision makers when answering some of the Nation's highest-priority questions... Techniques of the kind Mr. Pho was entrusted to protect, yet removed from secure space, are force multipliers, allowing for intelligence collection in a multitude of environments around the globe and spanning a wide range of security topics. Compromise of one technique can place many opportunities for intelligence collection and national security insight at risk.
Previously: Former NSA Employee Nghia Pho Pleads Guilty to Willful Retention of National Defense Information
Related: "The Shadow Brokers" Claim to Have Hacked NSA
The Shadow Brokers Identify Hundreds of Targets Allegedly Hacked by the NSA
Former NSA Contractor May Have Stolen 75% of TAO's Elite Hacking Tools
Former NSA Contractor Harold Martin Indicted
Related Stories
A group is claiming that they hacked the NSA and obtained advanced malware and hacking tools (such as Stuxnet):
A mysterious hacker or hackers going by the name "The Shadow Brokers" claims to have hacked a group linked to the NSA and dumped a bunch of its hacking tools. In a bizarre twist, the hackers are also asking for 1 million bitcoin (around $568 million) in an auction to release more files.
"Attention government sponsors of cyber warfare and those who profit from it!!!!" the hackers wrote in a manifesto posted on Pastebin, on GitHub, and on a dedicated Tumblr. "How much you pay for enemies cyber weapons? [...] We find cyber weapons made by creators of stuxnet, duqu, flame."
The hackers referred to their victims as the Equation Group, a codename for a government hacking group widely believed to be the NSA.
Also at Computerworld:
The whole episode screams elaborate SCAM, but maybe it is legit as Twitter chatter by some security experts seem to lean toward believing it. On the flipside, it doesn't appear as if many trust it enough yet to have coughed up bitcoins. Other hackers are suggesting the auction is made up of really old vulnerabilities; this is partially based on the "free" files being offered by Shadow Broker as proof of hacking the Equation Group. Or it could be a mix, old and new, to keep everyone off-balance. Another oddity, pointed out in a Pwn All The Things tweet, is that the "free sample" file size is actually larger than the auction file size.
Yet security pro Matt Suiche dived into the free files offered by Shadow Broker, then took to Medium to say, "Most of the code appears to be batch scripts and poorly coded Python scripts. Nonetheless, this appears to be legitimate code." Suiche said the main targets in the dump he reviewed "appeared to be Fortigate, TopSec, Cisco and Juniper firewalls." He described some of the codenamed-exploits such as Eligible Bachelor, Extra Bacon and Banana Glee. The latter, he pointed out, is "particularly interesting because it allows references to the JETPLOW explanation from the 2014 NSA's Tailored Access Operations (TAO) catalog."
The Shadow Brokers are back, and they have a treat for you:
"TheShadowBrokers is having special trick or treat for Amerikanskis tonight," said the Monday morning post, which was signed by the same encryption key used in the August posts. "Many missions into your networks is/was coming from these ip addresses." Monday's leak came as former NSA contractor Harold Thomas Martin III remains in federal custody on charges that he hoarded an astounding 50 terabytes of data in his suburban Maryland home. Much of the data included highly classified information such as the names of US intelligence officers and highly sensitive methods behind intelligence operations. Martin came to the attention of investigators looking into the Shadow Brokers' August leak. Anonymous people with knowledge of the investigation say they don't know what connection, if any, Martin has to the group or the leaks.
[...] According to analyses from researchers here and here, Monday's dump contains 352 distinct IP addresses and 306 domain names that purportedly have been hacked by the NSA. The timestamps included in the leak indicate that the servers were targeted between August 22, 2000 and August 18, 2010. The addresses include 32 .edu domains and nine .gov domains. In all, the targets were located in 49 countries, with the top 10 being China, Japan, Korea, Spain, Germany, India, Taiwan, Mexico, Italy, and Russia. Vitali Kremez, a senior intelligence analyst at security firm Flashpoint, also provides useful analysis here. [...] Other purported NSA tools discussed in Monday's dump have names including DEWDROP, INCISION, JACKLADDER, ORANGUTAN, PATCHICILLIN, RETICULUM, SIDETRACK, AND STOCSURGEON. Little is immediately known about the tools, but the specter that they may be implants or exploits belonging to the NSA is understandably generating intrigue in both security and intelligence circles.
Previously:
"The Shadow Brokers" Claim to Have Hacked NSA
NSA 'Shadow Brokers' Hack Shows SpyWar With Kremlin is Turning Hot
Cisco Begins Patching an NSA Exploit Released by the Shadow Brokers
Probe of Leaked U.S. NSA Hacking Tools Examines Operative's 'Mistake'
NSA Contractor Harold Martin III Arrested
NSA Contractor Accused of "Stealing" Terabytes of Information, Charged Under Espionage Act
On Monday, The Washington Post reported one of the most stunning breaches of security ever. A former NSA contractor, the paper said, stole more than 50 terabytes of highly sensitive data. According to one source, that includes more than 75 percent of the hacking tools belonging to the Tailored Access Operations. TAO is an elite hacking unit that develops and deploys some of the world's most sophisticated software exploits.
Attorneys representing Harold T. Martin III have previously portrayed the former NSA contractor as a patriot who took NSA materials home so that he could become better at his job. Meanwhile, investigators who have combed through his home in Glen Burnie, Maryland, remain concerned that he passed the weaponized hacking tools to enemies. The theft came to light during the investigation of a series of NSA-developed exploits that were mysteriously published online by a group calling itself Shadow Brokers.
[...] An unnamed US official told the paper that Martin allegedly hoarded more than 75 percent of the TAO's library of hacking tools. It's hard to envision a scenario under which a theft of that much classified material by a single individual would be possible.
Source:
Days after the Washington Post reported on the hoarding of Tailored Access Operations tools by Harold T. Martin III, a federal grand jury has indicted the former NSA contractor:
A federal grand jury has indicted a former National Security Agency contractor on 20 counts of willful retention of national defense information.
According to prosecutors, Harold "Hal" Martin took a slew of highly classified documents out of secure facilities and kept them at his home and in his car. Earlier this week, the Washington Post reported that among those materials, Martin is alleged to have taken 75 percent of the hacking tools that were part of the Tailored Access Operations, an elite hacking unit within NSA.
The indictment outlines 20 specific documents that he is accused of having taken, including "a March 2014 NSA leadership briefing outlining the development and future plans for a specific NSA organization."
Previously: NSA Contractor Harold Martin III Arrested
NSA Contractor Accused of "Stealing" Terabytes of Information, Charged Under Espionage Act
The Shadow Brokers Identify Hundreds of Targets Allegedly Hacked by the NSA
A former National Security Agency employee who worked at Tailored Access Operations has pleaded guilty to willful retention of national defense information, the same charge Harold T. Martin III faces:
A former National Security Agency employee admitted on Friday that he had illegally taken from the agency classified documents believed to have subsequently been stolen from his home computer by hackers working for Russian intelligence.
Nghia H. Pho, 67, of Ellicott City, Md., pleaded guilty to one count of willful retention of national defense information, an offense that carries a possible 10-year sentence. Prosecutors agreed not to seek more than eight years, however, and Mr. Pho's attorney, Robert C. Bonsib, will be free to ask for a more lenient sentence. He remains free while awaiting sentencing on April 6.
Mr. Pho had been charged in secret, though some news reports had given a limited description of the case. Officials unsealed the charges on Friday, resolving the long-running mystery of the defendant's identity.
Mr. Pho, who worked as a software developer for the N.S.A., was born in Vietnam but is a naturalized United States citizen. Prosecutors withheld from the public many details of his government work and of the criminal case against him, which is linked to a continuing investigation of Russian hacking.
Related: "The Shadow Brokers" Claim to Have Hacked NSA
The Shadow Brokers Identify Hundreds of Targets Allegedly Hacked by the NSA
Former NSA Contractor May Have Stolen 75% of TAO's Elite Hacking Tools
NSA Had NFI About Opsec: 2016 Audit Found Laughably Bad Security
Reality Winner NSA Leak Details Revealed by Court Transcript
(Score: 2, Insightful) by Anonymous Coward on Thursday September 27 2018, @05:06PM (17 children)
Important people like Hillary or Petraeus got nothing or slapped on the wrist for their intelligence failings.
5.5 years in prison for this peon though. But on the other hand if you choose to work for a criminal organization like the NSA, getting fucked in the ass could be what you deserve.
(Score: 3, Interesting) by ikanreed on Thursday September 27 2018, @05:48PM (3 children)
Do you know the definition of the word "willful"? Because that's sure in the summary, and sure the explicit reason given for dismissal in one of the cases you described.
I'm all for holding leaders to a higher standard than workers rather than the other way around, but you have to know you're full of shit with that comparison.
(Score: 0) by Anonymous Coward on Thursday September 27 2018, @05:57PM (1 child)
So all he has to do is say "I didn't know it was illegal" and he gets off like he was a high-profile "public servant"?
(Score: 4, Informative) by ikanreed on Thursday September 27 2018, @06:19PM
No, if he had carried files that he reasonably thought didn't contain classified materials and some small, mostly irrelevant classified materials got mixed in unintentionally.
That's pretty much the standard, you know, this tiny itty bitty thing that the legal profession calls "mens rea." You know, intending to do something you ought to know you shouldn't. Ignorance of the law isn't an excuse, but ignorance of circumstance is.
What galls me about this whole thing is that I genuinely believe a perfunctory prison sentence for her violating transparency laws was fairly appropriate(and would have set great precedent for the openly corrupt bastards we have now), but you fucks are so dead set on chasing the your own tail of making every goddamn thing a national security military-worshiping bullshit, government accountability fell off the table as a factor pretty much immediately.
I'm not a lawyer, but I actually read these laws when the case came up, and willful is strewn throughout them, to make accidental transport of classified material not a crime.
(Score: 0) by Anonymous Coward on Friday September 28 2018, @12:02AM
This stuff should be leaked anyway. I'd like to see every single one of the NSA's secrets uncovered. Fuck that corrupt, anti-constitutional organization.
(Score: 4, Interesting) by Thexalon on Thursday September 27 2018, @06:28PM (1 child)
In case you hadn't noticed, being powerful has equaled a get-out-of-jail-free card for a very long time. For instance, it's been an unwritten law since at least 1974 (thanks to Gerald Ford) that no former president will ever be prosecuted for a crime, especially a crime committed while in office. And yes, Bill Clinton's immunity also likely extends to Hillary.
Think about it for about 10 seconds, and the reason is obvious: If Hillary Clinton were locked up for anything, Donald Trump probably would be too sooner or later. Trump doesn't want to be locked up, so he's not going to lock up Clinton, no matter what she's done.
In the words of George Carlin: It's a big club, and you ain't in it. And no, I ain't in it either.
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 0) by Anonymous Coward on Thursday September 27 2018, @06:41PM
While there is plenty of truth to the rich and powerful club that isn't quite the whole story. Read ikanreed's comments for a more objective assessment.
(Score: 2) by DeathMonkey on Thursday September 27 2018, @06:33PM (10 children)
Important people like Hillary or Petraeus got nothing or slapped on the wrist for their intelligence failings.
Yep, that tends to happen when you don't actually break any laws.
And, since these are criminal charges you are alleging, we do actually get to claim innocent until proven guilty. (Which is a distinctly different standard of evidence compared to, say, deciding if you want vote to give a guy a promotion)
(Score: 4, Informative) by Snotnose on Thursday September 27 2018, @06:40PM (9 children)
You've never held a security clearance, have you? Those of us who have at some point can't understand why HRC didn't get locked up for her transgressions.
It seems like more and more I'm not voting for someone, I'm voting against someone else. I couldn't stomach either HRC nor Trump, so I went for Gary Johnson. Now I'm in the middle of this Duncan Hunter kerfluffle and I'm gonna have to vote for his opponent just because ol Dunc is either grossly stupid, grossly incompetent, or grossly corrupt. Kid ruined his dad's reputation, that's for sure.
When the dust settled America realized it was saved by a porn star.
(Score: 2) by DeathMonkey on Thursday September 27 2018, @07:57PM (6 children)
Holding a security clearance makes you an expert on federal law?
No, I think the FBI is the relevant expert here and they said they couldn't deomnstrate intent, which is required by the law, not your little certification.
(Score: 2) by Snotnose on Thursday September 27 2018, @08:20PM (1 child)
No, the FBI didn't want to interfere with a presidential election weeks before election day. Comey clearly thought she should be prosecuted but decided not to.
Had that server been found 18 months earlier I have no doubt HRC would have ended up in jail. Well, that's not true. I like to think so, but there is a part of me that says "nope, too powerful, never happen".
When the dust settled America realized it was saved by a porn star.
(Score: 2) by bzipitidoo on Friday September 28 2018, @10:35AM
Are you kidding? Comey most certainly did interfere with the election by making grave accusations against HRC a few days before the election.
Anyway, this whole discussion about government security sounds naive. Every low level worker with a security clearance is keenly aware that the government has the power to put their ass in jail. That threat gets implied on a near daily basis. Mistakes and failures could be construed as treason. Someone else's mistakes and failures can be pinned on them. If too much is asked of them, expectations are too high, and they've been handed an impossible task, the eventual failure includes the risk that in as part of being forced to take the fall, they'll be jailed. It makes for a nervous work environment. And so, one of the top priorities of most any government intelligence worker is Cover Your Ass. As part of CYA, one thing they like to do is slap security restrictions on everything, treat basic scientific knowledge as national secrets.
And, oh yes, they want to keep a tight grip on everything. They like to keep computers inside. Carrying a disc or a flash drive out is a big no-no. A rather weird restriction is that you are not to use encryption on any computers assigned to you, not without prior authorization. If you're sending encrypted traffic over the network, how would they know whether it's sensitive info? So, the simplest solution is that you're not allowed to use encryption at all. Not sure how they've squared that with the recent move to https everywhere. Yeah, the paranoia level can get pretty high. If it was possible, they'd make you remove and check your brain into storage at the exit, when you went home for the night.
For an example of how ridiculous it can get, there's a scene in the movie Hidden Figures, which is set in the 1950s during the times of the Red Scare, in which one of the workers is accused of being a spy for the Commies. She was denied some info she needed to do some work that was asked of her, and found the info out anyway. It's pretty obvious the accusation was motivated by the desire of another worker to cover his ass (he was responsible for keeping the info secret), and he probably wouldn't have minded if she'd been fired or even jailed. Fortunately for her, the boss was more interested in accomplishing things, and wasn't about to encourage any Communist witch hunts on his watch.
(Score: 2, Insightful) by Anonymous Coward on Thursday September 27 2018, @08:29PM (3 children)
no, if you held a clearance you would know all of the training that those of us with clearances have to go through, and would know of the similar instances in which we've seen the book thrown at coworkers for much more benign offenses. You would know how untruthful Clinton was during the entire investigation and after because there is absolutely no earthly way she didn't know what she was doing was extremely wrong. Sure, you can look up a law... but do you know the details about clearances and classification? Do you know what it's like working in those environments and what safeguards are in place? Do you know how those affect those laws? I doubt it.
(Score: 0) by Anonymous Coward on Thursday September 27 2018, @08:43PM (2 children)
DeathMonkey's world is so simple: "Trump is Hitler, Democrats give a shit about me, and Hillary ought to have been queen."
(Score: 3, Touché) by PartTimeZombie on Thursday September 27 2018, @09:16PM (1 child)
If you're going to post that sort of flamebait nonsense, the least you could do is log on.
(Score: 2, Informative) by Azuma Hazuki on Thursday September 27 2018, @10:24PM
Butbutbut then you might DOX HIM!!!!111one! At least, that seemed to be the concern last time *I* asked one of these anonymous jerkoffs to find his or her gonads and put a username behind their bullshit...
I am "that girl" your mother warned you about...
(Score: 1, Informative) by Anonymous Coward on Thursday September 27 2018, @08:20PM
I would like a bit of public commentary on why his supervisor, the security desk personnel, etc aren't being fired, censured, or criminally prosecuted for letting this happen. Just based on the details of the story I have read/heard, it sounds very possible he was tacitly being allowed to do this in order to get more work done than he could in the normal clocked in workday, and that someone higher up was allowing it to help benefit their own career over the safety and security of one of the most pivotal and politically dangerous of our security arms.
I know for a fact the big semiconductor companies checked every person's documents and belongings both on entering and exiting the building for exactly these kind of situations, and that was for personnel without direct access to the companies highly secure documentation or resources.
(Score: 2, Informative) by Anonymous Coward on Thursday September 27 2018, @08:32PM
Are you sure you've had a clearance? You don't talk like somebody who has. Usually the "standard" punishment for mishandling of classified information would have been to have her clearances stripped, and possibly being disallowed to work on future work in the government (the exact level of this disbarring is debatable). The main time prison gets thrown about is when a person is actively giving or selling these secrets around, not merely for (blatant) mishandling.
Admittedly there is a strong argument for throwing her in jail for evading transparency laws (*cough* Trump *cough*), but that's different than her mishandling of classified information.
(Score: 3, Informative) by goodie on Thursday September 27 2018, @05:09PM
Yeah, considering the current President, not much of a risk there that this info was used to answer high priority questions. Seems that answers depend more on whether the current president has had a bowel movement on a given day...
(Score: 2) by MichaelDavidCrawford on Thursday September 27 2018, @05:32PM (2 children)
- les to CERT
The NSA really does do defensive work like SELinux.
Discovering an exploit then keeping it secret leaves us vulnerable to the Soviets
Yes I Have No Bananas. [gofundme.com]
(Score: 0) by Anonymous Coward on Thursday September 27 2018, @08:15PM (1 child)
was a summer intern's project, based off an internal framework the NSA had used for commercial unixes or BSD, if I remember correctly.
Calling it an NSA project would imply far more manpower and focus than was really put into it when originally released.
(Score: 2) by MichaelDavidCrawford on Thursday September 27 2018, @08:46PM
-rity that the NSA really does have a completely unclassified division.
That division's work is detailed by James Bamford in "The Puzzle Palace".
Yes I Have No Bananas. [gofundme.com]
(Score: 1, Funny) by Anonymous Coward on Thursday September 27 2018, @05:43PM (1 child)
with all the intelligence collected for national security what us left for the average man?
with an environment without a meaningful morsel of intelligent left, the average man struggles to not forget to swallow and droll all over the place and the normally simple task of changing a light bulb requires a degree...
(Score: 0) by Anonymous Coward on Thursday September 27 2018, @10:13PM
you know, that might be a plausible explanation for the state of the country these days
the working class must unite and challenge control of intelligence!
(Score: 3, Insightful) by Bot on Thursday September 27 2018, @06:23PM (2 children)
1. do not hire Italians
2. do not hire Vietcongs
Account abandoned.
(Score: 5, Touché) by Thexalon on Thursday September 27 2018, @06:33PM (1 child)
Yeah, because when I think of Italians and Vietnamese, the first names that come to mind are "Rosenberg [wikipedia.org]", "Ames [wikipedia.org]", and "Hanssen [wikipedia.org]".
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 2) by Bot on Sunday September 30 2018, @07:45AM
3. do not hire commies
Account abandoned.
(Score: 0) by Anonymous Coward on Friday September 28 2018, @05:48AM
The more you tighten your grip, Tarkin, the more star systems will slip through your fingers. -- Leia Organa
Maybe we could organize crowd funding for the gentleman for leveling the playing field?