Published on July 16th, 2019 📆 | 5199 Views ⚑0
NSA curbs spying after security breach
The National Security Agency shut down expensive and vital operations as a result of top secret information being spirited out of its headquarters by a fired NSA computer engineer who claims he took the sensitive records home to work on bolstering his performance review, according to a report submitted to a federal court.
Admiral Mike Rogers disclosed the far-reaching fallout in connection with the upcoming sentencing of Nghia Pho, 70, who pleaded guilty last December to taking highly classified information from the NSA from 2010 to 2015, when the FBI raided his Ellicott City, Md., home and hauled away a large volume of material.
Story Continued Below
“The fact that such a tremendous volume of highly classified, sophisticated collection tools was removed from secure space and left unprotected, especially in digital form on devices connected to the Internet, left the NSA with no choice but to abandon certain important initiatives, at great economic and operational cost,” Rogers wrote to U.S. District Court Judge George Russell, who is scheduled to sentence Pho in Baltimore on Tuesday.
Pho worked for the NSA’s Tailored Access Operations division, which designs efforts to compromise computer systems to gather information about terrorism, national security threats and foreign government intentions. Some of the hacking tools designed and maintained by Pho’s unit were published in 2016 by an obscure group known as the Shadowbrokers.
It’s unclear how — if at all — Pho’s case may be connected to the Shadowbrokers disclosures, which began more than a year after Pho’s home was searched by the FBI. What is clear is that the disclosure and a later release of data on secret CIA technology led to a massive search for potential leakers and others who might have contributed to the breaches.
Experts called Rogers’ letter unusual and surprising, even though it did not link Pho’s case to the Shadowbrokers’ release or any other specific disclosure.
“The letter from Rogers is actually quite extraordinary in its candor, both about the nature of signals intelligence … and the consequences when it’s not secured,” said Steven Aftergood, who tracks classified information policy for the Federation of American Scientists. “This looks like a letter he wrote himself. … It has all the hallmarks of deeply felt sincerity.”
Berkeley computer science and security researcher Nick Weaver said Rogers’ comment about the steps taken to mitigate the mishandling of the classified information gives hints of what was involved.
“That suggests it was specifically hacking tools. … That sentence is actually a big deal,” Weaver said. “NSA’s response suggests that because of the possibility of compromise they had to redo a lot of platforms to prevent attribution [to the NSA.] That is interesting, although it could very well just be out of an abundance of caution.”
There’s no indication in public court filings that Pho intentionally disclosed any classified information to anyone. Rogers’ public submission does not even assert that the materials Pho took home definitely made their way from there to unauthorized individuals. However, the NSA chief says the agency had to assume the programs were compromised and act accordingly.
“Once the government loses positive control over classified material, the government must often treat the material as compromised and take remedial actions as dictated by the particular circumstances,” Rogers wrote. Simply cataloging the material Pho took was “tremendously expensive and diverted critical resources,” the NSA head said.
Prosecutors are asking the judge to sentence Pho to eight years in prison, which would be the longest known sentence in a case involving unauthorized possession of classified information without an allegation of passing it on.
“For a period of at least five years, the defendant admitted to a lengthy history of compromising some of the nation’s most closely held types of intelligence,” prosecutors wrote in their public submission Tuesday. “The defendant’s criminal conduct demonstrated an extraordinary disrespect for national security.“
Prosecutors also submitted a classified filing to Russell that is not available to the public. At least part of Monday’s sentencing hearing is expected to be conducted behind closed doors.
Pho’s attorney Robert Bonsib is asking the judge to impose no prison time, but “a substantial period of home confinement.” The defense attorney stressed that Pho had no plan to disclose the information he took home.
“He had no contact with foreign nationals and did not seek to disclose or make available the information that he had to the news media, advocacy groups or anyone else,” Bonsib wrote.
In a letter to the judge, Pho — a naturalized immigrant from Vietnam — said language barriers and limited social skills left him struggling to get good performance reviews at the NSA. He said he took the records home with the hope of crafting a review that would bring a raise that could boost his income once he retired.
“I did handle the information with care,” Pho wrote. “I do not distribute it to the public or internet, I do not intend to harm the United States, the country accepts and gives our family to live in freedom, the country that is a base homeland for my children. … I feel sad and how silly I am, just because to increase my retirement a little amount of money, I created a mess and get in trouble for me and my family.”
Pho’s defense compares his case to that of David Petraeus, the retired Army general and CIA director who pleaded guilty in 2015 to a misdemeanor charge of mishandling classified information, after admitting that he gave top secret information to an Army reservist who was his girlfriend, stored it without authorization at his residence, and lied to FBI investigators. He was ultimately sentenced to two years probation and a $100,000 fine.
Pho’s lawyer also invoked the case of former CIA Director John Deutch who had agreed to plead guilty to a misdemeanor charge for keeping classified information on a home computer, but was pardoned by President Bill Clinton.
“Mr. Pho has worked hard over the years. He has contributed to assisting the United States with respect … to national security matters. He was not, however, fortunate enough to have the title of ‘General’ or ‘Director’ when he was brought before the Court for mishandling classified information,” Bonsib wrote.
Former FBI Director James Comey confirmed in his recent book, “A Higher Loyalty,” that he argued that Petraeus should face a felony charge — in part because leniency would fuel claims of a double standard with similar cases.
Since President Donald Trump took office and publicly called for a crackdown on leaks, at least two other individuals have been sentenced for illegal retention of classified information.
In March 2017, National Geospatial Intelligence Agency employee Mohan Nirala was sentenced to a year and a day in prison for having two sets of classified documents at his Maryland home. He said he was preparing a discrimination complaint against his employer.
And in June of this year, former defense contractor Weldon Marshall was sentenced to 41 months in prison for taking secret information while serving the Navy and military contractors in Afghanistan.
Pho faces a maximum possible sentence of 10 years in prison. Prosecutors and the defense agreed that sentencing guidelines call for a term of between 78 and 97 months.
The eight-year sentence prosecutors are seeking for Pho is substantially more severe than one they agreed to earlier this year for Reality Winner, an NSA contractor accused of intentionally disclosing a top secret report to the media. Last month, a federal judge in Augusta, Ga., agreed to the term of five years and three months for Winner, 26.
Prosecutors are still pressing a criminal prosecution of a NSA contractor Hal Martin, who was arrested in 2016 following a raid on his Maryland home. Prosecutors said Martin, who also worked with the Tailored Access Operations unit later folded into NSA’s Computer Network Operations team, had a massive quantity of classified information in his home and vehicle that he had gathered in various sensitive jobs over two decades.
Martin’s lawyers have acknowledged he took the documents but said he suffers from psychological disorders, including compulsive “hoarding.” After plea negotiations broke down, Martin moved last year to plead guilty to one of the 10 felony charges he faces. A judge has ordered a series of sealed proceedings over the past nine months but it appears the plea was never entered.
The new court filings provide few additional details on Pho’s work, but an honorary mention award he won in 2007 from then-NSA Director Keith Alexander touts Pho’s work on “computer network exploitation.”
Rogers’ letter is dated March 5, but it was filed in court on Tuesday. It appears the filing of the letter was delayed because Pho’s sentencing was repeatedly postponed.