Normal Topic NSA Polygraph Neither Detected Nor Deterred Nghia Hoang Pho's Security Violations (Read 1765 times)
Paste Member Name in Quick Reply Box George W. Maschke
Global Moderator

Make-believe science yields
make-believe security.

Posts: 5815
Location: The Hague, The Netherlands
Joined: Sep 29th, 2000
NSA Polygraph Neither Detected Nor Deterred Nghia Hoang Pho's Security Violations
Dec 2nd, 2017 at 2:41pm
Mark & QuoteQuote Print Post  
National Security Agency employee Nghia Hoang Pho, who worked in one of NSA's most sensitive units, Tailored Access Operations, on Friday, 1 December 2017 pleaded guilty to violating the Espionage Act by removing classified material to his home from 2010 to March 2015. It's likely that Pho faced a polygraph screening "test" during this period, and polygraph screening typically includes questions about mishandling classified information.

As in the case of NSA contractor Harold Martin, it appear that the polygraph neither detected nor deterred Pho's unauthorized removal of classified information.

Ellen Nakashima reports for the Washington Post:


By Ellen Nakashima December 1 at 7:05 PM

A National Security Agency employee who worked at home without authorization on sensitive hacking tools pleaded guilty Friday to violating the Espionage Act — a security breach that the agency was tipped off to by Israeli cyberspies.

Federal prosecutors said they will seek an eight-year sentence for Nghia Hoang Pho, 67, of Ellicott City, Md., for willful detention of national defense information.

Pho’s case is noteworthy not only because it is one of several significant breaches at the NSA but also because he was using anti-virus software from a Russian firm on his computer — software the agency never deployed on its computers for fear it could enable Russian government spying.

The U.S. government and Congress this year have moved to ban the use of Kaspersky Lab anti-virus products from federal government computers.

Pho, a naturalized citizen, worked as a developer in Tailored Access Operations (TAO), the agency’s elite hacking unit, which gathers intelligence by penetrating the computers of foreign governments and other targets overseas. The unit is now called Computer Network Operations.

He held various clearances, and former officials said he had no malicious intent in working on the tools at home. But the breach violated protocols and conditions for holding a security clearance. According to a court document, from 2010 to March 2015, Pho removed classified material in hard copy and digital form.

“The facts supporting this criminal charge and guilty plea display a total disregard of the defendant’s oath and promise to protect our nation’s national security,” said Stephen M. Schenning, acting U.S. attorney in Maryland. “Such conduct cannot and will not be tolerated.”

Anti-virus software detects malicious code on a system by scanning its contents and can serve as a platform for digital espionage. U.S. officials have said that Kaspersky Lab, by virtue of being located in Moscow, is subject to Russian surveillance.

In a remarkable spy-vs.-spy twist, Israeli government hackers who had compromised Kaspersky’s network detected hacking-tool signatures that they recognized as the NSA’s. They alerted the agency, which began an investigation code-named Red Magic.

The hunt quickly led to Pho, who was removed from his position in 2015.

In a November report on the incident, Kaspersky Lab said its software had “inadvertently” retrieved the NSA tools because they were contained in a larger file that had NSA code in it that the firm classifies as malicious.

“We deleted those files,” the report said, because they were not needed to improve customer security and because of concerns regarding the handling of potentially classified materials.

Last fall, the Justice Department charged another TAO employee, a contractor named Harold T. Martin III, who had taken classified tools and other material home over several years. Martin was indicted in February on charges of violating the Espionage Act. He has pleaded not guilty.

The breaches are compounded by the August 2016 release online of a cache of sensitive NSA hacking tools that are similar to those Martin took. The trove was published by a mysterious group calling itself the Shadow Brokers. Investigators suspect the Russian government is behind that release but have not obtained proof.

The agency’s loss of control over its sensitive hacking tools has caused great concern at its Fort Meade headquarters, at the Pentagon and in Congress.
The scope of harm in Pho’s case is “not theoretical,” said Gordon B. Johnson, special agent in charge of the FBI’s Baltimore field office. “It denotes another attack on the bedrock secrecy and discipline required” of those holding security clearances, he said. Pho is scheduled to be sentenced in April in U.S. district court in Baltimore.

George W. Maschke
Tel/SMS: 1-202-810-2105 (Please use Signal Private Messenger or WhatsApp to text or call.)
Wire: @ap_org
PGP Public Key: 316A947C
PGP Public Key (offline): 2BF4374B
Personal Statement: "Too Hot of a Potato"
Back to top
IP Logged
Bookmarks: Digg Facebook Google Google+ Linked in reddit StumbleUpon Twitter Yahoo
NSA Polygraph Neither Detected Nor Deterred Nghia Hoang Pho's Security Violations

Please type the characters that appear in the image. The characters must be typed in the same order, and they are case-sensitive.
Open Preview Preview

You can resize the textbox by dragging the right or bottom border.
Insert Hyperlink Insert FTP Link Insert Image Insert E-mail Insert Media Insert Table Insert Table Row Insert Table Column Insert Horizontal Rule Insert Teletype Insert Code Insert Quote Edited Superscript Subscript Insert List /me - my name Insert Marquee Insert Timestamp No Parse
Bold Italicized Underline Insert Strikethrough Highlight
Insert Preformatted Text Left Align Centered Right Align

Max 200000 characters. Remaining characters:
Text size: pt
More Smilies
View All Smilies
Collapse additional features Collapse/Expand additional features Smiley Wink Cheesy Grin Angry Sad Shocked Cool Huh Roll Eyes Tongue Embarrassed Lips Sealed Undecided Kiss Cry
Attachments More Attachments Allowed file types: txt doc docx psd pdf bmp jpe jpg jpeg gif png swf zip rar tar gz 7z odt ods mp3 mp4 wav avi mov 3gp html maff pgp gpg
Maximum Attachment size: 500000 KB
Attachment 1: