NSA logo

The US Department of Justice (DOJ) has formally charged a former NSA employee for taking classified documents home. The man, Nghia Hoang Pho, 67, of Ellicott City, Maryland, pleaded guilty today, according to court documents released by the DOJ.

Pho worked for the National Security Agency's (NSA) Tailored Access Operations (TAO) since April 2006. The DOJ says that Pho started taking documents home starting somewhere in 2010 and up until March 2015, when he was caught.

Pho's the employee at the heart of the Kaspersky saga

According to anonymous sources from the investigation who spoke with New York Times reporters, Pho is the NSA employee at the heart of the recent Kaspersky saga.

According to Kaspersky's side of the events, some of the files Pho took home were offensive cyber-weapons that triggered detections for malicious activity on Pho's home computer.

Kaspersky admits that the files were automatically uploaded to its servers for further analysis, a standard procedure for antivirus vendors, but they were later deleted when the company realized they were classified material.

The US government didn't see it that way and accused the Russian antivirus vendor of conspiring with Russian intelligence to actively search computers for classified material on purpose. US officials then banned the use of Kaspersky products on US government computers.

Pho is the last in a long string of NSA leaks

Pho's sentencing hearing is scheduled for April 6, 2018. He risks a maximum prison sentence of up to ten years, but according to the Times, prosecutors agreed as part of his plea deal not to ask for more than eight years, if found guilty.

Pho is the third NSA employee who faces legal charges for taking NSA documents home after the infamous Edward Snowden incident. The other two are Harold Martin, charged in 2016, and Reality Winner, charged this year for leaking files to a news outlet.

Besides employees taking files home, the NSA also suffered other breaches. The Agency recently exposed sensitive files via a misconfigured Amazon S3 server, and nobody would forget how a hacking group known as The Shadow Brokers leaked NSA cyber-weapons that are now weaponized and employed by regular malware on a daily basis.