Former NSA Contractor Stole 50,000 Gigabytes of Data

NYT’s/WASHINGTON — Investigators pursuing what they believe to be the largest case of mishandling classified documents in United States history have found that the huge trove of stolen documents in the possession of a National Security Agency contractor included top-secret N.S.A. hacking tools that two months ago were offered for sale on the internet.

The criminal complaint filed September 13, 2016 is here.

They have been hunting for electronic clues that could link those cybertools — computer code posted online for auction by an anonymous group calling itself the Shadow Brokers — to the home computers of the contractor, Harold T. Martin III, who was arrested in late August on charges of theft of government property and mishandling of classified information.

Harold T. Martin III and his wife Deborah Shaw in an undated photo. Credit Deborah Shaw

But so far, the investigators have been frustrated in their attempt to prove that Mr. Martin deliberately leaked or sold the hacking tools to the Shadow Brokers or, alternatively, that someone hacked into his computer or otherwise took them without his knowledge. While they have found some forensic clues that he might be the source, the evidence is not conclusive, according to a dozen officials who have been involved in or have been briefed on the investigation.

All spoke on condition of anonymity because they were not authorized to discuss it publicly.

An anonymous hacker group, calling itself the Shadow Brokers, announced in August a sale of computer codes stolen from the National Security Agency.

Mr. Martin, an enigmatic loner who according to acquaintances frequently expressed his excitement about his role in the growing realm of cyberwarfare, has insisted that he got in the habit of taking material home so he could improve his skills and be better at his job, according to these officials. He has explained how he took the classified material but denied having knowingly passed it to anyone else.

 

“As a contractor, he gets to see a slice of the overall picture,” said one person familiar with the exchanges, summarizing Mr. Martin’s explanation. “He wanted to see the overall picture so that he could be more effective.”

Mr. Martin’s home in Glen Burnie, Md., with car parked outside. Credit Nate Pesce for The New York Times

The material the F.B.I. found in his possession added up to “many terabytes” of information, according to court papers, which would make it by far the largest unauthorized leak of classified material from the classified sector. That volume dwarfs the hundreds of thousands of N.S.A. documents taken by Edward J. Snowden in 2013 and exceeds even the more voluminous Panama Papers, leaked records of offshore companies obtained by a German newspaper in 2015, which totaled 2.6 terabytes. One terabyte of data is equal to the contents of about one million books.

Image result for harold t martin nsa  NBCNews

F.B.I. agents on the case, advised by N.S.A. technical experts, do not believe Mr. Martin is fully cooperating, the officials say. He has spoken mainly through his lawyers, James Wyda and Deborah Boardman of the federal public defender’s office in Baltimore. They declined to comment before a detention hearing set for Friday in federal court.

Investigators discovered the hacking tools, consisting of computer code and instructions on how to use it, in the thousands of pages and dozens of computers and data storage devices that the F.B.I. seized during an Aug. 27 raid on Mr. Martin’s modest house in suburban Glen Burnie, Md. More secret material was found in a shed in his yard and in his car, officials said.

The search came after the Shadow Brokers leak set off a panicked hunt at the N.S.A. Mr. Martin attracted the F.B.I.’s attention by posting something on the internet that was brought to the attention of the N.S.A. Whatever it was — officials are not saying exactly what — it finally set off an alarm.

The release of the N.S.A.’s hacking tools, even though they dated to 2013, is extraordinarily damaging, said Dave Aitel, a former agency employee who now runs Immunity Inc., an information security company.

“The damage from this release is huge, both to our ability to protect ourselves on the internet and our ability to provide intelligence to policy makers and the military,” Mr. Aitel said.

The N.S.A.’s hacking into other countries’ networks can be for defensive purposes: By identifying rivals’ own hacking methods, the agency can recognize and defend against them, he said. And other countries, with some of the N.S.A.’s tools now in hand, can study past hacks and identify the attacker as the N.S.A., learn how to block similar intrusions, or even decide to retaliate, Mr. Aitel said.

Mr. Martin, 51, a Navy veteran who was completing a Ph.D. in information systems at the University of Maryland, Baltimore County, has worked for several of the contracting companies that help staff the nation’s security establishment. After stints at the Computer Sciences Corporation and Tenacity Solutions, where he was assigned to the Office of the Director of National Intelligence, he joined Booz Allen Hamilton in 2009. He worked on that firm’s N.S.A. contract until 2015, when he was moved to a different Pentagon contract in the area of offensive cyberwarfare.

He has long held a high-level clearance and for a time worked with the N.S.A.’s premier hacking unit, called Tailored Access Operations, which breaks into the computer networks of foreign countries and which developed the hacking tools later obtained by the Shadow Brokers. According to one person briefed on the investigation, Mr. Martin was able to obtain some of the hacking tools by accessing a digital library of such material at the N.S.A.

theshadowbrokers @shadowbrokerss

@cyberwar@guardian@VICE@mashable@wired@kaspersky@symantec Equation Group – Cyber Weapon Auction http://pastebin.com/NDTU5kJQ 

Posted in Citizens Duty, Cyber War, Department of Homeland Security, DOJ, DC and inside the Beltway, FBI, Military, NSA Spying, Russia, Terror, The Denise Simon Experience, U.S. Constitution, Whistleblower.

Denise Simon