Written by Patrick Howell O'Neill

Former National Security Agency employee Nghia H. Pho pleaded guilty in federal court on Friday to one count of removal and retention of national defense information.

Pho worked for NSA’s Tailored Access Operations (TAO), the agency’s offensive hacking unit, the Justice Department said. The classified documents the former NSA software developer illegally took home between 2010 and 2015 were reportedly stolen by Russian intelligence.

Pho’s relationship with the NSA had yet to be publicly identified before Friday. An October story for the Wall Street Journal noted that an employee had sensitive NSA material on a personal computer, which was then allegedly stolen by Russian intelligence via the Kaspersky antivirus software installed on the machine. Pho was identified as that individual on Friday.

“In connection with his employment, Pho held various security clearances and had access to national defense and classified information,” according to the Justice Department. “Pho also worked on highly classified, specialized projects.”

Prosecutors agreed to ask for no more than an eight-year prison sentence.

Pho, 67, was born in Vietnam, but is a U.S. citizen.

The case marks the third instance in the past two years in which a NSA employee has been charged with mishandling classified information. In October 2016, it was revealed that an NSA contractor, Harold Martin, had approximately 50 terabytes worth of classified data in his Maryland home. Earlier this year, another contractor, Reality Winner, was arrested after leaking a classified report on Russian hacking aimed at the 2016 election.

Further exacerbating the issue is the trove of NSA tools that were leaked to the public by a mysterious unidentified hacking group known as the Shadow Brokers. The group, still at the center of an expansive federal counterintelligence investigation, dumped sophisticated tools used by the agency for a number of different operations. The NSA code has been co-opted into various ransomware attacks that crippled hospitals, pharmaceutical firms and shipping companies, among others.

The case also adds another chapter to the federal government’s ongoing battle with Moscow-based cybersecurity Kaspersky Lab. After the Wall Street Journal story, Kaspersky published results of an internal investigation, claiming Pho had a personal computer overwhelmed with malware.

The company has denied it actively helped Russian intelligence obtain any classified NSA material.

Pho remains free until sentencing, but his passport has been revoked.

You can read the full details below:

Greg Otto contributed to this report.