National Security Administration (NSA) facility
© Gary Cameron / ReutersFILE PHOTO: An entrance into the National Security Administration (NSA) facility in Fort Meade, Maryland, U.S.
A former employee of the National Security Agency (NSA) was sentenced to 66 months in prison and three years of probation over keeping top-secret files at his Maryland home. But that's just one part of a bigger story.

Nghia Hoang Pho, 68, was sentenced on Tuesday in Baltimore, Maryland by US District Judge George L. Russell, III, the Department of Justice announced. It took nearly a year for Pho to be sentenced, since he pleaded guilty to one count of "willful retention of classified national defense information" in October 2017.

According to the DOJ, the Vietnam-born Pho worked as a developer at the NSA's Tailored Access Operations (TAO) since April 2006. Starting in 2010 and through March 2015, Pho "removed and retained US government property, including documents and writings that contained national defense information classified as Top Secret and SCI" or sensitive compartmented information, and kept them at his Ellicott City, Maryland home.

"Pho knew that he was not authorized to remove the material or store it at his home," his plea agreement said.

Here is where things get interesting. According to US Attorney Robert K. Hur, Pho's actions "compromised some of our country's most closely held types of intelligence, and forced NSA to abandon important initiatives to protect itself and its operational capabilities, at great economic and operational cost."

Yet Pho pleaded guilty only to keeping the documents at his home, not letting them fall into the hands of a third party - and Hur's quote is the only bit in the DOJ release to even hint at such a possibility.

Enter the Russians. Original charges against Pho said he had installed security software on his home computer made by the Russian tech firm Kaspersky Lab. Unnamed DOJ officials then told the media that the government believed Russian hackers - who else? - exploited the antivirus software to steal the top secret NSA files. Kaspersky software was quickly banned from all US government computers based on that suspicion.

The company denied the accusations it was being used as a conduit for Russian government hackers, going so far as to offer its source code to the US government for inspection. However, Kaspersky admitted they had, in fact, found NSA malware on an unidentified user's computer and dated the discovery to September 2014.