Federal prosecutors have charged former NSA contractor Harold T. Martin III under the Espionage Act:
Harold T. Martin III is expected to appear at a federal courthouse in Baltimore on Friday for a hearing to consider whether he should remain in U.S. custody, as prosecutors announced in a court filing that they plan to file Espionage Act charges against him.
The FBI is investigating whether Martin may have transferred six bankers boxes' worth of paper documents and 50,000 gigabytes of electronic materials to anyone else, according to documents filed Thursday. So far, investigators said they have not found any connection to a foreign power. Martin's public defenders, James Wyda and Deborah Boardman, have said that he presents no flight risk and that "there's no evidence he intended to betray his country."
Martin, a former Navy reservist, has been in federal custody since late August. That's when FBI agents executed search warrants at his suburban Maryland home, uncovering what they describe as "overwhelming" proof he mishandled classified information. Among the materials they found: the personal information of government employees and a top-secret document "regarding specific operational plans against a known enemy of the United States and its allies," according to the court filing.
The trove of information reportedly includes hacking tools that were recently offered for sale by a group that calls itself The Shadow Brokers.
12-page court filing: United States of America v. Harold T. Martin, III
Previously:
NSA Contractor Harold Martin III Arrested
Probe of Leaked U.S. NSA Hacking Tools Examines Operative's ‘Mistake’
Related Stories
Arthur T Knackerbracket has found the following story:
The tools, which enable hackers to exploit software flaws in computer and communications systems from vendors such as Cisco Systems and Fortinet Inc, were dumped onto public websites last month by a group calling itself Shadow Brokers.
The public release of the tools coincided with U.S. officials saying they had concluded that Russia or its proxies were responsible for hacking political party organizations in the run-up to the Nov. 8 presidential election. On Thursday, lawmakers accused Russia of being responsible.
Various explanations have been floated by officials in Washington as to how the tools were stolen. Some feared it was the work of a leaker similar to former agency contractor Edward Snowden, while others suspected the Russians might have hacked into NSA headquarters in Fort Meade, Maryland.
But officials heading the FBI-led investigation now discount both of those scenarios, the people said in separate interviews.
NSA officials have told investigators that an employee or contractor made the mistake about three years ago during an operation that used the tools, the people said.
That person acknowledged the error shortly afterward, they said. But the NSA did not inform the companies of the danger when it first discovered the exposure of the tools, the sources said. Since the public release of the tools, the companies involved have issued patches in the systems to protect them.
Investigators have not ruled out the possibility that the former NSA person, who has since departed the agency for other reasons, left the tools exposed deliberately. Another possibility, two of the sources said, is that more than one person at the headquarters or a remote location made similar mistakes or compounded each other's missteps.
Representatives of the NSA, the Federal Bureau of Investigation and the office of the Director of National Intelligence all declined to comment.
A federal contractor was arrested in August for unlawful retention of classified documents:
A federal contractor suspected of leaking powerful National Security Agency hacking tools has been arrested and charged with stealing classified information from the U.S. government, according to court records and a law enforcement official familiar with the case. Harold Thomas Martin III, 51, who worked for Booz Allen Hamilton, was charged with theft of government property and unauthorized removal and retention of classified materials, authorities said. He was arrested in August after investigators searched his home in Glen Burnie, Md., and found documents and digital information stored on various devices that contained highly classified information, authorities said. The breadth of the damage Martin is alleged to have caused was not immediately clear, though officials alleged some of the documents he took home "could be expected to cause exceptionally grave damage to the national security of the United States." Investigators are probing whether Martin was responsible for an apparent leak that led to a cache of NSA hacking tools appearing online in August, according to an official familiar with the case.
From the US DoJ release:
A criminal complaint has been filed charging Harold Thomas Martin III, age 51, of Glen Burnie, Maryland, with theft of government property and unauthorized removal and retention of classified materials by a government employee or contractor. According to the affidavit filed in support of the criminal complaint, Martin was a contractor with the federal government and had a top secret national security clearance. Martin was arrested late on August 27, 2016. The complaint was filed on August 29, 2016, and unsealed today.
Also at The New York Times , NBC, PBS, the Baltimore Sun .
NSA-created cyber tool spawns global ransomware attacks
From Politico via Edward Snowden via Vinay Gupta:
Leaked alleged NSA hacking tools appear to be behind a massive cyberattack disrupting hospitals and companies across Europe, Asia and the U.S., with Russia among the hardest-hit countries.
The unique malware causing the attacks - which has spread to tens of thousands of companies in 99 countries, according to the cyber firm Avast - have forced some hospitals to stop admitting new patients with serious medical conditions and driven other companies to shut down their networks, leaving valuable files unavailable.
The source of the world-wide digital assault seems to be a version of an apparent NSA-created hacking tool that was dumped online in April by a group calling itself the Shadow Brokers. The tool, a type of ransomware, locks up a company's networks and holds files and data hostage until a fee is paid. Researchers said the malware is exploiting a Microsoft software flaw.
One or more anti-virus companies may have been hacked prior to WannaCrypt infecting 75000 Microsoft Windows computers in 99 countries. First, anti-virus software like Avast fails to make HTTP connections. Second, five million of ransomware emails are rapidly sent. Although many centralized email servers were able to stem the onslaught, many instances of anti-virus software had outdated virus definitions and were defenseless against the attack. Indeed, successful attacks were above 1%. Of these, more than 1% have already paid the ransom. Although various governments have rules (or laws) against paying ransom, it is possible that ransoms have been paid to regain access to some systems.
Also, file scrambling ransomware has similarities to REAMDE by Neal Stephenson. Although the book is extremely badly written, its scenarios (offline and online) seem to come true with forceful regularity.
Further sources: BBC (and here), Russia Today, DailyFail, Telegraph, Guardian.
Telefónica reportedly affected. NHS failed to patch computers which affected US hospitals in 2016. 16 divisions of the UK's NHS taken offline with aid of NSA Fuzzbunch exploit. The fun of a public blockchain is that ransom payments of £415,000 have been confirmed. Cancellation of heart surgery confirmed. Doctors unable to check allergies or prescribe medication. Patient access to emergency treatment denied in part due to hospital telephone exchange being offline.
It also appears that one of the affected parties refused to answer a Freedom of Information request in Nov 2016 about cyber-security due to impact on crime detection. Similar parties provided responses to the same request.
The Shadow Brokers are back, and they have a treat for you:
"TheShadowBrokers is having special trick or treat for Amerikanskis tonight," said the Monday morning post, which was signed by the same encryption key used in the August posts. "Many missions into your networks is/was coming from these ip addresses." Monday's leak came as former NSA contractor Harold Thomas Martin III remains in federal custody on charges that he hoarded an astounding 50 terabytes of data in his suburban Maryland home. Much of the data included highly classified information such as the names of US intelligence officers and highly sensitive methods behind intelligence operations. Martin came to the attention of investigators looking into the Shadow Brokers' August leak. Anonymous people with knowledge of the investigation say they don't know what connection, if any, Martin has to the group or the leaks.
[...] According to analyses from researchers here and here, Monday's dump contains 352 distinct IP addresses and 306 domain names that purportedly have been hacked by the NSA. The timestamps included in the leak indicate that the servers were targeted between August 22, 2000 and August 18, 2010. The addresses include 32 .edu domains and nine .gov domains. In all, the targets were located in 49 countries, with the top 10 being China, Japan, Korea, Spain, Germany, India, Taiwan, Mexico, Italy, and Russia. Vitali Kremez, a senior intelligence analyst at security firm Flashpoint, also provides useful analysis here. [...] Other purported NSA tools discussed in Monday's dump have names including DEWDROP, INCISION, JACKLADDER, ORANGUTAN, PATCHICILLIN, RETICULUM, SIDETRACK, AND STOCSURGEON. Little is immediately known about the tools, but the specter that they may be implants or exploits belonging to the NSA is understandably generating intrigue in both security and intelligence circles.
Previously:
"The Shadow Brokers" Claim to Have Hacked NSA
NSA 'Shadow Brokers' Hack Shows SpyWar With Kremlin is Turning Hot
Cisco Begins Patching an NSA Exploit Released by the Shadow Brokers
Probe of Leaked U.S. NSA Hacking Tools Examines Operative's 'Mistake'
NSA Contractor Harold Martin III Arrested
NSA Contractor Accused of "Stealing" Terabytes of Information, Charged Under Espionage Act
Ex-NSA Contractor Who Stole Top Secret Documents Is Sentenced To 9 Years In Prison
A former National Security Agency contractor who pleaded guilty to stealing vast troves of classified material over the course of two decades has been sentenced to nine years in prison.
Harold Martin III, 54, apologized before U.S. District Judge Richard Bennett handed down the sentence on Friday.
"My methods were wrong, illegal and highly questionable," Martin told the court in Baltimore, according to The Associated Press.
Earlier this year, he pleaded guilty to "willful retention of national defense information," a crime that carries a punishment of anywhere from no jail time to a maximum prison sentence of 10 years. His plea agreement called for a sentence of nine years in prison.
Previously: NSA Contractor Harold Martin III Arrested
NSA Contractor Accused of "Stealing" Terabytes of Information, Charged Under Espionage Act
The Shadow Brokers Identify Hundreds of Targets Allegedly Hacked by the NSA
Former NSA Contractor May Have Stolen 75% of TAO's Elite Hacking Tools
Former NSA Contractor Harold Martin Indicted
Days after the Washington Post reported on the hoarding of Tailored Access Operations tools by Harold T. Martin III, a federal grand jury has indicted the former NSA contractor:
A federal grand jury has indicted a former National Security Agency contractor on 20 counts of willful retention of national defense information.
According to prosecutors, Harold "Hal" Martin took a slew of highly classified documents out of secure facilities and kept them at his home and in his car. Earlier this week, the Washington Post reported that among those materials, Martin is alleged to have taken 75 percent of the hacking tools that were part of the Tailored Access Operations, an elite hacking unit within NSA.
The indictment outlines 20 specific documents that he is accused of having taken, including "a March 2014 NSA leadership briefing outlining the development and future plans for a specific NSA organization."
Previously: NSA Contractor Harold Martin III Arrested
NSA Contractor Accused of "Stealing" Terabytes of Information, Charged Under Espionage Act
The Shadow Brokers Identify Hundreds of Targets Allegedly Hacked by the NSA
(Score: -1, Flamebait) by Anonymous Coward on Friday October 21 2016, @12:54PM
Sounds like he would make a great presidential candidate!
(Score: 2, Flamebait) by isostatic on Friday October 21 2016, @01:57PM
Only if he's a sex offender too
(Score: 1, Flamebait) by Runaway1956 on Friday October 21 2016, @02:03PM
So, which offensive sex acts would qualify him the most? Necrophilia? Bestiality? Surely you wouldn't have us accept some mundane kiddy diddling.
“I have become friends with many school shooters” - Tampon Tim Walz
(Score: -1, Offtopic) by Anonymous Coward on Friday October 21 2016, @02:31PM
he could fuck dead underage goats
(Score: 1, Insightful) by Anonymous Coward on Friday October 21 2016, @03:15PM
Indoctrinating children in to the magic sky fairy club. For some reason Americans love that form of child molestation.
(Score: 0, Funny) by Anonymous Coward on Friday October 21 2016, @03:23PM
In fairness, many of the club's members actually frown on fairies. I think they prefer to refer to their magic sky fairy as a magic sky wizard.
(Score: -1, Offtopic) by Anonymous Coward on Friday October 21 2016, @05:43PM
He's still a magic sky guy in a dress.
(Score: 3, Funny) by mhajicek on Friday October 21 2016, @07:12PM
I once met him. He wasn't white and fluffy. He just had sideburns.
The spacelike surfaces of time foliations can have a cusp at the surface of discontinuity. - P. Hajicek
(Score: 4, Insightful) by Anonymous Coward on Friday October 21 2016, @01:15PM
(Score: 1, Informative) by Anonymous Coward on Friday October 21 2016, @01:31PM
Why is stealing in quotes? This seems to suggest the submitter and/or editor does not think this constitutes stealing.
(Score: 4, Informative) by The Mighty Buzzard on Friday October 21 2016, @01:50PM
Dunno why takyon did it but I would have because you can't by definition steal something and also leave it in the place that you found it. Same as copyright infringement is not theft, this is not theft.
Words have meanings. They are not open to reinterpretation to suit whoever decides another definition would suit them better.
My rights don't end where your fear begins.
(Score: 3, Informative) by tangomargarine on Friday October 21 2016, @02:27PM
But he took boxes of papers. We're talking physical stealing *in addition to* the data.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 2) by The Mighty Buzzard on Friday October 21 2016, @03:10PM
That's fine then. I've no objection to calling that stealing unless they were copies he made as with the digital files.
My rights don't end where your fear begins.
(Score: 0, Flamebait) by Anonymous Coward on Friday October 21 2016, @02:53PM
By definition, stealing means taking that which does not belong to you without permission of the owner.
So "copyright infringement" and downloading confidential data both qualify as stealing.
It's the Napster/Torrent crowd that worked on redefining what "stealing" meant in the Internet age. Sorry, the original definition is still perfectly suitable.
(Score: 2) by The Mighty Buzzard on Friday October 21 2016, @03:10PM
You may want to look up the definition of taking then. If something remains right where it was, you have not taken it.
My rights don't end where your fear begins.
(Score: 0) by Anonymous Coward on Friday October 21 2016, @04:31PM
In general I agree with your statement that digital "theft" as described by RIAA/MPAA is not theft as such. However, classified information is a bit different by nature of what it entails.
To make a purely hypothetical example, imagine there was a flaw with Windows 10 where if you plug in a USB stick with a special program on it, you could bypass security and grab everything in the Documents folder of all users. If this information gets out, everybody will fix the flaw which would deprive the NSA the ability to use this flaw.
So in this case, the person has taken the (intellectual) property and has deprived the original owners of its usage... so it is actually literal theft.
(Score: 2) by mhajicek on Friday October 21 2016, @07:08PM
There is a USB stick commercially available for $20 that lets you completely pwn any windows box that isn't using full drive encryption. Linus Tech Tips reviewed it.
The spacelike surfaces of time foliations can have a cusp at the surface of discontinuity. - P. Hajicek
(Score: 0) by Anonymous Coward on Friday October 21 2016, @03:21PM
Following your reasoning, photographing someone == kidnapping.
Copying -- making a duplicate but leaving the original intact -- is not stealing.
(Score: 4, Funny) by EvilSS on Friday October 21 2016, @05:18PM
(Score: 2, Insightful) by Anonymous Coward on Friday October 21 2016, @06:00PM
and a jury of insufferable pedants
(Score: 0) by Anonymous Coward on Saturday October 22 2016, @01:59AM
If taking a copy of ip is not stealing how was the "original" in a place to start with.
Internet logic.
(Score: 2) by The Mighty Buzzard on Saturday October 22 2016, @02:24AM
Much like military intelligence.
My rights don't end where your fear begins.
(Score: 2, Touché) by Anonymous Coward on Friday October 21 2016, @01:59PM
(Score: 1, Funny) by Anonymous Coward on Friday October 21 2016, @02:22PM
Yes, but you have to remember to wipe it with a cloth. If they find any dust on the thing, you're in deep trouble!
(Score: 2, Redundant) by wonkey_monkey on Friday October 21 2016, @03:21PM
Does the person who owns it still have it? Then it's (arguably) not stealing.
systemd is Roko's Basilisk
(Score: 0) by Anonymous Coward on Saturday October 22 2016, @07:46AM
(Score: 2) by Username on Friday October 21 2016, @06:07PM
You would think their security would be a little more wound up after Snowden. I’m surprised they just let the guy walk out of the building with six banker boxes of paper and 48TB of data which is about 30ish some tapes or drives.
(Score: 1) by tftp on Saturday October 22 2016, @05:33AM
I’m surprised they just let the guy walk out of the building with six banker boxes of paper and 48TB of data
A lot of stuff enters and leaves a large office building every single day. It's like an airport... the passengers empty their pockets, and the TSA checks their water bottles with a magnifying glass. At the same time the gates in the back of the fence are wide open, and in come huge trucks loaded with jet fuel, oil, food, airplane parts and tools, flight plans and maps, desks and chairs, rolls of carpet and cans of paint, sacks of concrete and sheets of glass... is it humanly possible to inspect all that volume of goods? It is not. But like the proverbial drunk who lost his keys, the TSA keeps looking under the streetlight because it is easier to search there.
(Score: 2) by Username on Saturday October 22 2016, @08:06PM
Well, I’d think, if were going with the TSA analogy, a guy carrying an ak-47 through the front door of an airport would be easy to spot. Pretty much begs the questions, what are you doing with that ak? Similar to a guy carrying banker boxes through NSA check points all the way out to his car.
(Score: 1) by tftp on Saturday October 22 2016, @09:36PM
Similar to a guy carrying banker boxes through NSA check points all the way out to his car.
Pray tell, why would he need to steal the bankers boxes themselves? A pack of twelve costs only $40 [staples.com]. What he needed is papers that go inside. Papers are not magnetic; they are light and thin. How many sheets could the perpetrator carry under his jacket, day after day after day? Fifty? A hundred? It won't take long to fill those boxes, especially if he also left the building for lunch, and for doctor's appointments, and for other reasons...
It's also possible that some of these papers he printed himself, at home, from a USB Flash disk or a DVD. Again, it would require a search to find those on him. He wouldn't be searched without a serious suspicion.
(Score: 3, Insightful) by Zz9zZ on Friday October 21 2016, @06:42PM
I don't this man's specific motives, but when the government is so screwed up and run by gigantic corporations; well you will have defectors. Either he didn't care about screwing over his own country because they are so terrible, or he saw a potential to make some money which was greater than his loyalty.
Perhaps if we didn't have such fucked up secrets to hide then the people would actually be proud of their country and not want to sell it out. Our "leaders" are just so stupid, but it is the worst kind of stupid. They are actually very capable and "smart", but they choose to use their abilities in the stupidest ways while thinking themselves clever.
~Tilting at windmills~
(Score: 0) by Anonymous Coward on Friday October 21 2016, @09:26PM
I read somewhere that he copied/stole stuff because he was a plain 'ol digital-packrat. Always collecting stuff because of some perceived value and it made him feel better.
Not letting him off the hook mind you, it's just that he had this stuff for soooo long and did nothing with it, has no motivations for selling the stuff or gaining advantages. Just plain stupid for collecting such material is about it.
(Score: 2) by Zz9zZ on Tuesday October 25 2016, @04:42AM
Interesting, I wonder if he had more motivation than simple hoarding syndrome.
~Tilting at windmills~