NSA Contractor Over 20 Years Stole More Than 50 Terabytes Of Gov't Data
Harold Martin, now in custody, is a risk to himself and others if freed from custody, a US prosecutor warns in a detailed filing in the case.
October 21, 2016
When law enforcement officials stumbled upon a cache of firearms while executing a search warrant on the premises of Harold Martin, the National Security Agency (NSA) contractor recently arrested for stealing classified information, his very distraught wife asked for the weapons to be removed from her home.
She was afraid that he would use them to kill himself if he "thought it was all over," US Attorney Rod Rosenstein said in a pretrial motion that paints a troubling if somewhat incomplete picture of the man behind what could arguably be the biggest-ever case of insider theft.
Rosenstein's motion, filed in the US District Court for the District of Maryland this week, urges the court not to release Martin from pretrial custody. It uses his wife's concerns of self-inflicted harm and a litany of other reasons as a basis for the request.
The 12-page legal brief alleges that in the 20 years between 1996 and 2016 that Martin worked with government, he stole a staggering 50 terabytes of data in digital form and an additional six banker's boxes full of printed documents.
It is unclear why Martin’s alleged theft of classified as well as unclassified data over such an extended period of time was never spotted. The apparent fact that he was able to continue illegally accessing data even after Snowden's data theft prompted a government-wide security overhaul, also is sure to raise new alarms about the effectiveness of that overhaul.
A lot of the data he allegedly stole was marked Secret or Top Secret and at least some of it is what the government considers as information of national defense and national security import.
For instance, one of the classified documents allegedly in Martin's possession was marked "Top Secret/Sensitive Compartmented Information" ("TS/SCI") and pertained to specific operational plans against a known US enemy, Rosenstein said. Martin's cache of stolen data is also believed to have included information on top-secret hacking tools developed by US intelligence agencies, the New York Times reported this week, citing unnamed sources.
The staggering volume of data that was allegedly found in Martin's possession would appear to make his theft even bigger than Edward Snowden's heist.
"The Defendant was in possession of an astonishing quantity of marked classified documents which he was not entitled to possess," Rosestein noted in somewhat of an understatement. "Many of the marked documents were lying openly in his home office or stored in the backseat and trunk of his vehicle."
Martin regularly carried highly sensitive data in his vehicle and routinely parked it in his driveway because he didn’t have an enclosed garage, the filing revealed.
Even the 50,000 gigabytes of digital information that he is believed to have stolen could be a conservative estimate, Rosenstein’s legal brief said, noting that each gigabyte offers enough space for storing 10,000 pages of text and images.
The legal document shows that Martin's alleged illegal behavior began in 1996 when he abused his access to classified information while serving in the US Naval Reserves. Between then and his arrest on August 27, Martin worked at several government agencies including the National Security Agency, as an employee for seven different private contractors.
With his security clearance, Martin worked on highly classified and specialized projects and signed numerous non-disclosure agreements acknowledging the sensitive nature of his work and his commitment not to abuse his access to sensitive data.
"The Defendant's decades of criminal behavior were in flagrant violation of his many promises and oaths, as well as the law," Rosenstein said.
The motion called attention to Martin's enrollment in a Ph.D program in information security at the time of his arrest, and of his several advanced degrees and expertise in areas like encryption, anonymization, and secure-communication. Such skills would make it easy for Martin to access and transmit information to others that he may have stored online, Rosenstein said in arguing against Martin's release from custody.
"As a trusted insider, the Defendant was able to defeat myriad, expensive controls placed on that information," and he has the skill to transfer all of the stolen information electronically and make it available to others if he was given access to the Internet, the prosecuting attorney noted.
The motion does not make clear what Martin's motives might have been. But it makes clear that there's enough evidence to suggest that Martin either illegally shared or planned to share the data with others.
For example, the 10 firearms recovered from his home included an "AR-style tactical rifle and a pistol-grip shotgun with a flash suppressor."
In addition, he had a loaded handgun in his car in violation of state law. If Martin had stolen it for his own edification as claimed, there would have been little reason to "arm himself as though he ere trafficking in dangerous contraband," Rosenstein argued.
Similarly, a printed email chain marked "Top Secret" recovered from Martin's car had handwritten notes on the back of the document describing classified technical operations and appear intended "for an audience outside of the Intelligence Community."
'Prime Target'
The extensive publicity the case has received guarantees that every foreign counterintelligence agency knows Martin has access to highly sensitive data either hidden in physical locations, cyberspace, or stored in his head, the filing said.
"This makes the Defendant a prime target, and his release would seriously endanger the safety of the country and potentially even the Defendant himself," Rosenstein said.
Related stories
About the Author
You May Also Like
DevSecOps/AWS
Oct 17, 2024Social Engineering: New Tricks, New Threats, New Defenses
Oct 23, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024Simplify Data Security with Automation
Oct 31, 2024