Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

7/22/2019
10:30 AM
50%
50%

Ex-NSA Contractor Gets 9 Years for Retaining Defense Data

Law enforcement recovered two decades' worth of stolen material from the home and car of former government contractor Harold Martin.

A US district judge has sentenced former government contractor Harold Thomas Martin, III, to nine years in federal prison and three years of supervised release for the "willful retention of national defense information," the Department of Justice reported today.

Between Dec. 1993 and Aug. 2016, Martin was employed by at least seven private companies and assigned as a contractor to "a number of government agencies," according to his plea agreement. Each agency required Martin to receive and hold a security clearance; at various times he had clearances up to Top Secret and Sensitive Compartmented Information, meaning unauthorized disclosure could cause "exceptionally grave damage" to US national security. Martin's role gave him access to government systems, programs, and data in secure locations.

Martin, who also worked as an NSA contractor, admitted to stealing and retaining US government property from secure locations and computer systems, in both physical and digital form, starting in the late 1990s and continuing through Aug. 2016. Information was marked to indicate it was property of the US and contained highly classified data including Top Secret/SCI information. He kept at least 50 terabytes of stolen files and classified data in his home and car, despite knowing he was not authorized to do so, and despite knowing knowing removal of this information could compromise national security and aid adversaries.

At his sentencing, officials noted crimes like these require the government to treat the stolen data as compromised, which could result in changing or eliminating national security programs. Martin's actions also cost time and resources in investigating the consequences of the theft.

"This sentence, which is one of the longest ever imposed in this type of case, should serve as a warning that we will find and prosecute government employees and contractors who flagrantly violate their duty to protect classified materials," said US Attorney Robert K Hur in a statement.

Read more details here.

 

Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions, and service providers in the Business Hall. Click for information on the conference and to register.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
tdsan
50%
50%
tdsan,
User Rank: Ninja
7/27/2019 | 5:00:27 PM
Re: Equity
I agree the only problem I have is the laws are not consistent across the board and people are often prosecuted unfairly because of the Judge's inherent bias. Yes this contractor should get time, but what about the law enforcement officials and government agencies that broke the law with the following:
  • StingRay - illegal remote cell phone tracking tool
  • Prism - dragnet government surveillance system, violates the laws across the globe
  • Pegasys - hacking software used to hack cell phones
  • Facia - cell phone triangulation tool
  • Optic Nerve - yahoo messenger used tool to capture video images
  • Boundless Informant - using tools to extract metadata from various devices
  • XkeyScore - interception data tool that queries information about user data (phone, email, texts, etc)

The problem I have with all of this is that people are constantly breaking the law and no one has been prosecuted, so how can an official be so hard on the public but they are constantly violating the rights of people across the globe, it is just amazing that these things go on and everybody turns a blind-eye.

I don't know anymore.

T
rcash
50%
50%
rcash,
User Rank: Strategist
7/24/2019 | 10:41:24 AM
Equity
So there is little doubt of wrong doing here, but my quesiton is how this can be effectively prosecuted while other significantly more egregious harms (such as having a private vulnerable email server in a closet) are passed over. Crime is crime, and no one should be above the law, to borrow a phrase.
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
7/23/2019 | 9:05:10 AM
Re: Wow, so who prosecutes the Federal Government
Done - this is far off post subject not funny. 
tdsan
50%
50%
tdsan,
User Rank: Ninja
7/22/2019 | 4:01:55 PM
Re: Wow, so who prosecutes the Federal Government

Let's back up for a minute, this person was a  NSA contractor who was prosecuted, clear and evident. But what happened to the other situations I named in the message before. For example, William "Bill" Binney (ThinThread), he worked for NSA for almost 30 years, he developed an application called ThinThread, they did not use the application during the 911 attacks. He informed them that of the controls they were taking off, this action of removing the controls would affect the lives of people everywhere in America and beyond. He informed his executive staff members, management, he followed proper protocol. Instead of the group, talking to him and giving him the respect he deserves, they put him in-front of a gun when he tried to tell them that the controls that were in place to protect the rights of American citizens (they continued to violate the law).

Now the other examples I used was basically saying how can this US Atty say something like this with a pompus attitude when they have been violating the rights of American Citizens even now (Illegal Drag Net Surveillance Programs like XKeyScore, Prism, etc.). Is he going to jail because he knows along with Congress that they have been violating the rights of American Citizens, yours and mine?

Don't get me wrong, when the person is wrong and they have violated the rights of Ameircan citizens, then yes, send them to jail. But the Feds are violating the rigths of US citizens right now using the Fisa courts to force companies like Quest, Microsoft, Google, Yahoo, AWS and others by issuing warrants (not one time have they not issued a warrant) under the auspices of National Security. So when are the Feds going to be accountable for their own actions, when are individuals from Congress going to be prosecuted (they were the one's who authorized its purchase and use). When are the deaths of innocent civilans going to be brought to court?

So who is prosecuting the people using mass surveillance to attack and thwart peaceful groups like "Black Lives Matter", "Indian Groups", "Unarmed Black People". When are they going to use the laws to prosecute the "KKK" and "Nazi followers" and the hate groups that are associated with millions of deaths.

So think about that and the other items I mentioned in the passage before. If you are going to do it to one person, then everyone needs to be accountable; if the balance of law is for all people then those same people should be prosecuted as well (General Alexander, Clapper, everyone involved and those who did not do anything about it, foreign and domestic).

T
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
7/22/2019 | 3:32:45 PM
Re: Wow, so who prosecutes the Federal Government
Are you saying he is innocent?  Or wrongly prosecuted?  Because theft of owned propietary data is still theft and there are laws against that - alot of them.  Break one and you have a problem.   This scum kept at it for years and 50 terabytes is huge.  He deserved jail time indeed.    AND this does not strike me as a human rights issue at all.  Not a political one.  Theft of data pure and simple.  High grade security data too.  
tdsan
50%
50%
tdsan,
User Rank: Ninja
7/22/2019 | 1:44:27 PM
Wow, so who prosecutes the Federal Government

"This sentence, which is one of the longest ever imposed in this type of case, should serve as a warning that we will find and prosecute government employees and contractors who flagrantly violate their duty to protect classified materials," said US Attorney Robert K Hur in a statement.

Interesting that they say this with Prism, XKeyscore, Facia, Informant and other programs that are violating the rights of individuals all across the globe (congress approved this when the budget goes above 3 million dollars, so they knew about it). In America, the federal government has been violating the rights of American Citizens (1st - 5th Amendment rights) from the beginning of time,

I am not sure that I should be surprised but this is amazing he would say something like this. They are taking the lives of innocent personnel around the world when they go after terrorists; what happens to accountability and the value we put on human life. Look at what happened to William Binney (ThinThread), Thomas Drake (TrailBlazer), Kirk Wiebe (Trailblazer and Thinthread) and Edward Snowden (Prism, Xkeystore), they were indicted under the Espionage act and one they are still after (Mr. Snowden).

I have been saying this for years, when are we going to start looking at the injustices that have been going on for years and when is someone going to say, we have been violating human rights and citizens who have nothing to do with terrorist acts (I am not even going to mention what is going on in the US with Indians and African Americans). It is astounding that this continues to happen and we continue to show a blind eye, we see this in our own back yard.

T
The Mainframe Is Seeing a Resurgence. Is Security Keeping Pace?
Ray Overby, Co-Founder & President at Key Resources, Inc.,  8/15/2019
GitHub Named in Capital One Breach Lawsuit
Dark Reading Staff 8/14/2019
The Flaw in Vulnerability Management: It's Time to Get Real
Jim Souders, Chief Executive Officer at Adaptiva,  8/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15296
PUBLISHED: 2019-08-21
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The faad_resetbits function in libfaad/bits.c is affected by a buffer overflow vulnerability. The number of bits to be read is determined by ld->buffer_size - words*4, cast to uint32. If ld->buffer_size - words*4 is ne...
CVE-2019-15292
PUBLISHED: 2019-08-21
An issue was discovered in the Linux kernel before 5.0.9. There is a use-after-free in atalk_proc_exit, related to net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and net/appletalk/sysctl_net_atalk.c.
CVE-2019-15293
PUBLISHED: 2019-08-21
An issue was discovered in ACDSee Photo Studio Standard 22.1 Build 1159. There is a User Mode Write AV starting at IDE_ACDStd!IEP_ShowPlugInDialog+0x000000000023d060.
CVE-2019-5034
PUBLISHED: 2019-08-20
An exploitable information disclosure vulnerability exists in the Weave Legacy Pairing functionality of Nest Cam IQ Indoor version 4620002. A set of specially crafted weave packets can cause an out of bounds read, resulting in information disclosure. An attacker can send packets to trigger this vuln...
CVE-2019-5035
PUBLISHED: 2019-08-20
An exploitable information disclosure vulnerability exists in the Weave PASE pairing functionality of the Nest Cam IQ Indoor, version 4620002. A set of specially crafted weave packets can brute force a pairing code, resulting in greater Weave access and potentially full device control. An attacker c...