A Vietnamese American man has pleaded guilty to taking NSA files back home and retaining them there in violation of the rules under which he worked.
Nghia Hoang Pho, 67, of Ellicot City, Maryland, entered a guilty plea on 1 December to the charge of taking national defence information home from 2010 to 2015 and retaining it at his residence.
Pho, a member of the NSA's Tailored Access Operations group, admitted he had kept the information at his residence both in digital form and hard copy formats. He worked as a contractor for the NSA from 2006 onwards.
He faces a maximum term of 10 years in jail and will be sentenced on 6 April 2018.
{loadposition sam08}Pho's guilty plea means that the identity of the unnamed software developer who was arrested in 2015 for stealing NSA files has now been revealed.
After the leaks by NSA contractor Edward Snowden in 2013, three people were known to have been involving in removing NSA material from the agency.
One, Harold Martin, was arrested last year after having taken a massive trove of NSA data home.
Pho is now known to be the second; at the time he was identified in the media as an unnamed software developer, who was said to be a Vietnamese American. He was taken into custody in 2015 after taking hacking tools home and reportedly having them leak from his PC to hackers in Russia.
The third person, a woman named Reality Winner, was arrested after leaking a single NSA document to The Intercept this year.
The leak of NSA files to the group known as the Shadow Brokers, which came to light when the latter made the files openly available in August last year, has been alleged to have been from Pho's computer.
A report from Kaspersky Lab in October said Pho had the company's anti-virus software running on his PC, but appeared to have turned it off in order to run the a key generator, which otherwise would have been detected and stopped by the anti-virus software.
Later, when he turned the anti-virus back on, it had run a scan on his computer, and since Kaspersky Security Network was running, it had submitted samples of suspected NSA malware code present on his machine to Kaspersky's servers for analysis. Like any A-V solution, the software uploads suspicious files to a server for later analysis and when it encountered the NSA files on Pho's machine, it did the same.
How the Russians obtained these exploits has never been made clear with allegations in the media that after they reached Kaspersky's Moscow offices, they were handed over to government hackers. Kaspersky has denied handing over any files.
Pho's plea also puts paid to theories being floated that the person who leaked NSA files to the Shadow Brokers was a man of Russian origin. As iTWire has pointed out, this theory was floated by former Washington Post employee Brian Krebs.