Fraud Management & Cybercrime , Governance & Risk Management , Incident & Breach Response
NSA Contractor's Alleged Theft 'Breathtaking'
Judge Orders Harold T. Martin III To Be Jailed Until Trial(This story has been updated.)
See Also: Gartner Guide for Digital Forensics and Incident Response
A former National Security Agency contractor accused of pilfering mass quantities of highly classified information will remain in jail until his trial.
U.S. Federal Magistrate A. David Copperthite in Baltimore granted on Oct. 21 a request from government prosecutors that Harold T. Martin III be detained until his trial because he poses a flight risk. Government lawyers feared that the highly classified information he allegedly collected - and knows - might leak and pose a risk to national security if he were freed.
Authorities arrested Martin, an unassuming contractor for consultancy Booz Allen Hamilton and a Ph.D. student, at his Glen Burnie, Md., home on Aug. 27.
In arguing for Martin's continued detention, prosecutors in their motion said that "every foreign counterintelligence professional and nongovernmental actor" would know that Martin has access to highly classified information and that "he has demonstrated absolutely no interest in protecting it. This makes the defendant a prime target, and his release would seriously endanger the safety of the country and potentially even the defendant himself."
But Martin's public defenders, James Wyda and Deborah L. Boardman, argued in their response that he is neither a potential danger nor a flight risk.
'Breathtaking' Theft
Prosecutors filed a 12-page document on Oct. 20 that added further detail to their allegations against Martin, who is accused of one of the largest-ever breaches of classified material. Martin is a former naval officer who worked for seven government contractors, the last of which, Booz Allen Hamilton, fired him following his arrest.
Investigators allege they found documents marked "top secret" and "secret" within his house, storage sheds and a Chevrolet Caprice, which was regularly parked in his driveway. The material comprised "irreplaceable classified information," the document reads.
Martin engaged in "a course of felonious conduct that is breathtaking in its longevity and scale," prosecutors say. He is believed to have taken documents that dated as far back as 1996, when he first gained access to classified information with the U.S. Naval Reserves.
Investigators confiscated six full banker's boxes of documents plus 50TB of data stored on a variety of computers and other digital storage devices. It is unclear how much of that data is classified information.
Insider Threat Concerns
Although the intelligence community has taken steps to enact better controls around classified information after the leaks of former NSA contractor Edward Snowden, Martin "was able to defeat expensive controls intended to protect the removal of top-secret information." That casts doubt on those controls, although security experts often say insiders are the hardest adversaries to defend against.
"The case of Harold Martin also made clear that security measures at NSA, and other U.S. agencies, were not as strict and tight as outsiders would have expected. Even for someone without a strong ideological or financial drive like Martin, it was apparently not that difficult to regularly walk out with top secret documents," according to Electrospaces.net, a national security blog.
Potential Shadow Brokers Link
Less than two weeks prior to Martin's arrest, a batch of tools and exploits believed to have been developed by the NSA was released by a group calling itself the Shadow Brokers. The group later set up an auction for other related data.
The document does not indicate if prosecutors believe Martin has a link to the Shadow Brokers. But The New York Times, citing anonymous government officials, reported investigators said Martin's cache of data contained the same information the Shadow Brokers released. Investigators have not, however, found evidence that he leaked or sold the tools to the Shadow Brokers, it reported.
The Shadow Brokers has continued to make public statements since Martin's arrest, writes Matt Tait, a former information security specialist for U.K. intelligence agency GCHQ who is now CEO of Capital Alpha Security, a security consultancy in the U.K.
"So [Martin] may be Shadow Brokers' source, but he is not the sum total of the Shadow Brokers group," he writes.
So he may be ShadowBrokers' source, but he is not the sum total of the ShadowBrokers group.
— Pwn All the Things (@pwnallthethings) October 20, 2016
Espionage Act Offenses
Martin has been charged in federal court in Maryland with the theft of government property and unauthorized removal and retention of classified materials by a government employee or contractor. He has not been indicted yet, but prosecutors say they also plan to add violations of the Espionage Act.
Information in the filing indicates why charges under that act are being considered. A search of Martin's car allegedly turned up a printed email chain that was marked top secret. Notes on the back of the document describe the NSA's classified computer infrastructure.
"The handwritten notes also include descriptions of the most basic concepts associated with classified operations, as if the notes were intended for an audience outside of the intelligence community unfamiliar with the details of its operations," it reads.
Martin allegedly communicated online in Russian and other languages, used encryption software and various cloud storage apps.
Prosecutors say he also possessed "a sophisticated software tool which runs without being installed on a computer and provides anonymous internet access, leaving no digital footprint on the machine." That line may be a reference to the Tails operating system, which runs off a portable drive and is designed to provide strong privacy protections for users.
Martin initially denied taking classified information but later admitted to it, allegedly saying he knew he it was unauthorized and wrong, the FBI says. That course of events suggests Martin might plead guilty to related charges.
Tait's analysis: "Don't think this trial will be very long. And he's a madman if he doesn't take a plea deal with such overwhelming evidence."
(Executive Editor Eric Chabrow contributed to this story.)