Recent news provides details on the identify of the latest insider removing data from the National Security Agency (NSA) – joining other insiders who have made the news over the past few years.

A former NSA employee just admitted that he illegally took classified documents from the NSA. Mr. Nghia Hoang Pho was charged in secret earlier, but the charges were unsealed and the defendant’s identify just released.

The Department of Justice disclosed the following:

  • Beginning in April 2006, Pho was employed as a Tailored Access Operations (TAO) developer for the NSA. The TAO involved operations and intelligence collection to gather data from target or foreign automated information systems or networks.
  • Pho held various security clearances and had access to national defense and classified information.
  • According to the plea agreement, beginning in 2010 and continuing through March 2015, Pho removed and retained U.S. government documents and writings that contained national defense information, including information classified as Top Secret and Sensitive Compartmented Information.  This material was in both hardcopy and digital form.

Making the breach worse, the classified documents are believed to have subsequently been stolen from his home computer by hackers working for Russian intelligence.

Indications are that Russia stole the data on Pho’s computer by compromising the Kaspersky antivirus software on the computer. Because antivirus software has deep and far-reaching permissions, Russian intelligence used its hooks into Kaspersky to lift files. Kaspersky has repeatedly denied any association with the Russian government.

In this breach, some of the data stolen was in digital form. One way to prevent unauthorized download of critical data – whether to a local computer or portable storage drive – is to use employee monitoring software to detect and alert on such activities.

NSA Data Leak: More Exposure of Classified Data
Top Most-Sold Information on the DarkNet
Data Security, Insider Threat and More: An Interview with a FDIC Employee
Gartner Predictions for 2018 and Beyond: Analyzing the Research Report
How Government Agencies Can Shift from Reactive to Proactive Insider Threat Defense

Insider Threat Detection