On Monday, The Washington Post reported one of the most stunning breaches of security ever. A former NSA contractor, the paper said, stole more than 50 terabytes of highly sensitive data. According to one source, that includes more than 75 percent of the hacking tools belonging to the Tailored Access Operations. TAO is an elite hacking unit that develops and deploys some of the world's most sophisticated software exploits.
Attorneys representing Harold T. Martin III have previously portrayed the former NSA contractor as a patriot who took NSA materials home so that he could become better at his job. Meanwhile, investigators who have combed through his home in Glen Burnie, Maryland, remain concerned that he passed the weaponized hacking tools to enemies. The theft came to light during the investigation of a series of NSA-developed exploits that were mysteriously published online by a group calling itself Shadow Brokers.
[...] An unnamed US official told the paper that Martin allegedly hoarded more than 75 percent of the TAO's library of hacking tools. It's hard to envision a scenario under which a theft of that much classified material by a single individual would be possible.
Source:
Related Stories
NSA employee who brought hacking tools home sentenced to 66 months in prison
Nghia Hoang Pho, a 68-year-old former National Security Agency employee who worked in the NSA's Tailored Access Operations (TAO) division, was sentenced today to 66 months in prison for willful, unauthorized removal and retention of classified documents and material from his workplace—material that included hacking tools that were likely part of the code dumped by the individual or group known as Shadowbrokers in the summer of 2016.
Pho, a naturalized US citizen from Vietnam and a resident of Ellicott City, Maryland, had pleaded guilty to bringing home materials after being caught in a sweep by the NSA following the Shadowbrokers leaks. He will face three years of supervised release after serving his sentence. His attorney had requested home detention.
In a letter sent to the court in March, former NSA Director Admiral Mike Rogers told Judge George Russell that the materials removed from the NSA by Pho "had significant negative impacts on the NSA mission, the NSA workforce, and the Intelligence Community as a whole." The materials Pho removed, Rogers wrote, included:
[S]ome of NSA's most sophisticated, hard-to-achieve, and important techniques of collecting [signals intelligence] from sophisticated targets of the NSA, including collection that is crucial to decision makers when answering some of the Nation's highest-priority questions... Techniques of the kind Mr. Pho was entrusted to protect, yet removed from secure space, are force multipliers, allowing for intelligence collection in a multitude of environments around the globe and spanning a wide range of security topics. Compromise of one technique can place many opportunities for intelligence collection and national security insight at risk.
Previously: Former NSA Employee Nghia Pho Pleads Guilty to Willful Retention of National Defense Information
Related: "The Shadow Brokers" Claim to Have Hacked NSA
The Shadow Brokers Identify Hundreds of Targets Allegedly Hacked by the NSA
Former NSA Contractor May Have Stolen 75% of TAO's Elite Hacking Tools
Former NSA Contractor Harold Martin Indicted
NSA-created cyber tool spawns global ransomware attacks
From Politico via Edward Snowden via Vinay Gupta:
Leaked alleged NSA hacking tools appear to be behind a massive cyberattack disrupting hospitals and companies across Europe, Asia and the U.S., with Russia among the hardest-hit countries.
The unique malware causing the attacks - which has spread to tens of thousands of companies in 99 countries, according to the cyber firm Avast - have forced some hospitals to stop admitting new patients with serious medical conditions and driven other companies to shut down their networks, leaving valuable files unavailable.
The source of the world-wide digital assault seems to be a version of an apparent NSA-created hacking tool that was dumped online in April by a group calling itself the Shadow Brokers. The tool, a type of ransomware, locks up a company's networks and holds files and data hostage until a fee is paid. Researchers said the malware is exploiting a Microsoft software flaw.
One or more anti-virus companies may have been hacked prior to WannaCrypt infecting 75000 Microsoft Windows computers in 99 countries. First, anti-virus software like Avast fails to make HTTP connections. Second, five million of ransomware emails are rapidly sent. Although many centralized email servers were able to stem the onslaught, many instances of anti-virus software had outdated virus definitions and were defenseless against the attack. Indeed, successful attacks were above 1%. Of these, more than 1% have already paid the ransom. Although various governments have rules (or laws) against paying ransom, it is possible that ransoms have been paid to regain access to some systems.
Also, file scrambling ransomware has similarities to REAMDE by Neal Stephenson. Although the book is extremely badly written, its scenarios (offline and online) seem to come true with forceful regularity.
Further sources: BBC (and here), Russia Today, DailyFail, Telegraph, Guardian.
Telefónica reportedly affected. NHS failed to patch computers which affected US hospitals in 2016. 16 divisions of the UK's NHS taken offline with aid of NSA Fuzzbunch exploit. The fun of a public blockchain is that ransom payments of £415,000 have been confirmed. Cancellation of heart surgery confirmed. Doctors unable to check allergies or prescribe medication. Patient access to emergency treatment denied in part due to hospital telephone exchange being offline.
It also appears that one of the affected parties refused to answer a Freedom of Information request in Nov 2016 about cyber-security due to impact on crime detection. Similar parties provided responses to the same request.
A former National Security Agency employee who worked at Tailored Access Operations has pleaded guilty to willful retention of national defense information, the same charge Harold T. Martin III faces:
A former National Security Agency employee admitted on Friday that he had illegally taken from the agency classified documents believed to have subsequently been stolen from his home computer by hackers working for Russian intelligence.
Nghia H. Pho, 67, of Ellicott City, Md., pleaded guilty to one count of willful retention of national defense information, an offense that carries a possible 10-year sentence. Prosecutors agreed not to seek more than eight years, however, and Mr. Pho's attorney, Robert C. Bonsib, will be free to ask for a more lenient sentence. He remains free while awaiting sentencing on April 6.
Mr. Pho had been charged in secret, though some news reports had given a limited description of the case. Officials unsealed the charges on Friday, resolving the long-running mystery of the defendant's identity.
Mr. Pho, who worked as a software developer for the N.S.A., was born in Vietnam but is a naturalized United States citizen. Prosecutors withheld from the public many details of his government work and of the criminal case against him, which is linked to a continuing investigation of Russian hacking.
Related: "The Shadow Brokers" Claim to Have Hacked NSA
The Shadow Brokers Identify Hundreds of Targets Allegedly Hacked by the NSA
Former NSA Contractor May Have Stolen 75% of TAO's Elite Hacking Tools
NSA Had NFI About Opsec: 2016 Audit Found Laughably Bad Security
Reality Winner NSA Leak Details Revealed by Court Transcript
Ex-NSA Contractor Who Stole Top Secret Documents Is Sentenced To 9 Years In Prison
A former National Security Agency contractor who pleaded guilty to stealing vast troves of classified material over the course of two decades has been sentenced to nine years in prison.
Harold Martin III, 54, apologized before U.S. District Judge Richard Bennett handed down the sentence on Friday.
"My methods were wrong, illegal and highly questionable," Martin told the court in Baltimore, according to The Associated Press.
Earlier this year, he pleaded guilty to "willful retention of national defense information," a crime that carries a punishment of anywhere from no jail time to a maximum prison sentence of 10 years. His plea agreement called for a sentence of nine years in prison.
Previously: NSA Contractor Harold Martin III Arrested
NSA Contractor Accused of "Stealing" Terabytes of Information, Charged Under Espionage Act
The Shadow Brokers Identify Hundreds of Targets Allegedly Hacked by the NSA
Former NSA Contractor May Have Stolen 75% of TAO's Elite Hacking Tools
Former NSA Contractor Harold Martin Indicted
Days after the Washington Post reported on the hoarding of Tailored Access Operations tools by Harold T. Martin III, a federal grand jury has indicted the former NSA contractor:
A federal grand jury has indicted a former National Security Agency contractor on 20 counts of willful retention of national defense information.
According to prosecutors, Harold "Hal" Martin took a slew of highly classified documents out of secure facilities and kept them at his home and in his car. Earlier this week, the Washington Post reported that among those materials, Martin is alleged to have taken 75 percent of the hacking tools that were part of the Tailored Access Operations, an elite hacking unit within NSA.
The indictment outlines 20 specific documents that he is accused of having taken, including "a March 2014 NSA leadership briefing outlining the development and future plans for a specific NSA organization."
Previously: NSA Contractor Harold Martin III Arrested
NSA Contractor Accused of "Stealing" Terabytes of Information, Charged Under Espionage Act
The Shadow Brokers Identify Hundreds of Targets Allegedly Hacked by the NSA
(Score: 0) by Anonymous Coward on Tuesday February 07 2017, @03:58PM
Circle of trust, right? See that whole thing about making sure users only have rights and accesses they need and not sharing logins and passwords.... that applies only to everyone else. To the authorities that are supposed to be security - they don't have to obey the same plebian rules, since they have to get things done.
(Score: 4, Informative) by driverless on Wednesday February 08 2017, @01:49AM
Didn't we do this one a couple of months ago? The govt is telling us that he may possibly have stolen XYZ, allegedly killed Jimmy Hoffa, and is rumoured to have caused the GFC. If you look at what he actually, provably did, it's that he took some stuff home that he shouldn't have while in all other aspects being a patriotic citizen. Since it looks like the govt is going to have a tough time throwing the book at him as they'd like to, every month or two we get another planted story telling us that he's secretly Doctor Doom, Lex Luthor, and Galactus rolled into one. With all claims prefixed by "allegedly", "apparently", and "may have", sourced to "unnamed officials".
(Score: 5, Insightful) by Anonymous Coward on Tuesday February 07 2017, @04:04PM
This is a real life example of why backdoored encryption is VERY bad idea.
Imagine they had mandated by law that everyone had to use backdoored encryption. The NSA would likely be one of the parties with the master key. Imagine this guy had sold that master key. Now anyone can use the government access to decrypt anything encrypted by law abiding citizens.
(Score: 2) by dyingtolive on Tuesday February 07 2017, @04:15PM
The teenage-nihilist-in-his-thirties part of me that just wants to watch the world burn would be okay with that, actually.
The slightly more mature part of me cringes at the idea though.
Don't blame me, I voted for moose wang!
(Score: 2) by istartedi on Tuesday February 07 2017, @08:35PM
That's because teenage nihilists usually have a negative net worth. Mature adults
usually have some assets.
Appended to the end of comments you post. Max: 120 chars.
(Score: 3, Interesting) by bob_super on Tuesday February 07 2017, @09:44PM
Isn't it wonderful how people are tamed by the idea that they have something to lose (tangible or not)?
(Score: 3, Interesting) by edIII on Tuesday February 07 2017, @09:49PM
Assets are not what make you beholding and slaved to those above.
You were speaking about DEBT.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 1) by istartedi on Wednesday February 08 2017, @12:43AM
Huh? First, I didn't mean to imply that assets make you "beholding
and slaved to those above". I see how you might infer that though--people
who have something to lose are "invested in the system". If the country
"goes sour" they may look at what the alternatives are and feel trapped.
Debt is literally the exact opposite of what I said; but I think I can see
how you might have made that inference also--some people have illusory
assets like a house that they actually owe a lot of money on. I think it's hyperbolic
and diminishing the problem of real slaves to use the word "slavery" outright;
but the phrase "debt slave" and "wage slave" is what you're talking about
and it's a real thing.
That's not what I was talking about though. If you have no assets recorded
in a database, if you're living paycheck-to-paycheck or heavily in debt then "watching
it all burn" is appealing. Your debts would be wiped out. OTOH, if you have assets
recorded in databases, then you want those databases to be secure. I wasn't speaking
so much to the social issues of how we feel about the economic system, more to
the consequences of losing data integrity to those at different positions within that system.
Appended to the end of comments you post. Max: 120 chars.
(Score: 0) by Anonymous Coward on Wednesday February 08 2017, @03:57AM
ediii doesn't care what you meant
your words triggered him
so he had to get his generic rant out
(Score: 2) by sgleysti on Tuesday February 07 2017, @06:28PM
This sounds like the plot for a science fiction novel. Does anyone know if such a novel has been written? I would gladly buy a (used) copy.
(Score: 0) by Anonymous Coward on Tuesday February 07 2017, @06:29PM
That is why physical access to the backdoor is requiered. (Device in hand)
Backdoooring thru the internet is bad ... unless the "internet" is proprietary network
extending into your bedroom, toilet ... like maybe those dead-end networks with a
gazillion users (your big enduser serving isps) ... then you are using
"their" device anway ... or rather renting it
(Score: 5, Insightful) by Grishnakh on Tuesday February 07 2017, @04:30PM
This guy never stole any hacking tools. I am 100% sure that the NSA still has all their hacking tools, and has not lost use of them whatsoever. If this guy did indeed make unauthorized copies as alleged, that's all he did: he made copies. The tools are still there.
Unauthorized copying is not stealing, no matter how much some people try to insist that it is. This will never change.
(Score: 0) by Anonymous Coward on Tuesday February 07 2017, @05:19PM
You're playing football on a baseball field.
The problem isn't about piracy. The problem is what the recipient can do with that copy. The right people will be able to reverse engineer how the tools work to circumvent security systems.
(Score: 0) by Anonymous Coward on Tuesday February 07 2017, @05:30PM
reverse engineer what? the tools are INTENDED to circumvent security systems. do you need to "reverse engineer" winamp to listen to an mp3?
(Score: 2, Funny) by Anonymous Coward on Tuesday February 07 2017, @05:46PM
If your copy of winamp came from the NSA, and you're listening to 'DJ Ayatollah - Death to the Great Satan America.mp3' on endless repeat, you might want to be very, very careful about it phoning home.
(Score: 0) by Anonymous Coward on Tuesday February 07 2017, @07:09PM
Dr. Phil!
(Score: 0) by Anonymous Coward on Tuesday February 07 2017, @06:03PM
Well, it is a stolen copy- how about that. You use copy as a noun, but the contractor copied as a verb: he 'duplicated' things. NSA contractors are not to take things out of the office. So any exact copy now residing anywhere the original is not- is theft. Theft of a copy at least.
How about Identity Theft. Is not the original person still walking around, whilst ill-doers act up in their name?
If I duplicated your entire home, family members, bank accounts, memories, and did with them as I will... would you not consider mimicking & tarnishing of your life the 'theft' of your life? Or would you just shrug and say "well that's not the real me".
It's because OF the copied item's capabilities & 'brand association' that it's mere existence is defined by the word STOLEN. A stolen copy.
(Score: 4, Touché) by Grishnakh on Tuesday February 07 2017, @08:44PM
Hey, if you can figure out how to make a duplicate of my bank account, and then spend that money, while my own bank account is unchanged, let me know. I wouldn't be upset about that at all.
And if you can figure out how to duplicate family members, that'd be a real feat too. I wonder if my girlfriend would mind if I had a duplicate of her? A duplicate of myself would be great too: I have more projects than I have time to complete. Two of me could get more stuff done around the house (and keep the girlfriend and her clone satisfied as well...).
(Score: 1, Touché) by Anonymous Coward on Tuesday February 07 2017, @06:07PM
I'm often stuck looking for an everyday example of someone being pedantic. Usually I have to refer to people who insisted that 2001 was the start of the millennium. Now I can also use this narrow-minded view of the word steal. But, keep in mind that, historically, when absolutely everyone uses a word to mean a thing the word didn't originally mean, the word meaning changes. No one throws the pedants a party for being right.
And if you're going to rely on a dictionary definition for your argument, make sure it's true for all cases. According to Merriam-Webster, this can still be defined as stealing:
https://www.merriam-webster.com/dictionary/steal [merriam-webster.com]
Definition of steal
stoleplay \ˈstōl\; stolenplay \ˈstō-lən\; stealing
...
transitive verb
...
2c : to take surreptitiously or without permission (steal a kiss)
...
(Score: 1, Flamebait) by Arik on Tuesday February 07 2017, @08:01PM
If laughter is the best medicine, who are the best doctors?
(Score: 0, Insightful) by Anonymous Coward on Tuesday February 07 2017, @09:46PM
If you're asserting that precision and common sense are mutually exclusive, then I disagree with your premise. My comment was that one can focus on a facet of word meaning unnecessarily, and miss the entire point of an (attempted) discussion.
I am willing to risk the theoretical (but vanishingly small) possibility of a world where communication accidentally becomes impossible as you describe, rather than embrace people who intentionally choose to prevent communication. Particularly those who lord such obstinacy as "intelligence". In fact, there's a word to describe precisely that: https://www.merriam-webster.com/dictionary/pedant [merriam-webster.com]
Definition of pedant
...
2b : one who is unimaginative or who unduly emphasizes minutiae in the presentation or use of knowledge
(Score: 2, Insightful) by Anonymous Coward on Tuesday February 07 2017, @07:16PM
Actually he did. You have to think "outside the box". "Stole" is a different concept here. If you own a specialized software tool and its IP, you're the only one who has it and has the power to do whatever you need done with it. If someone copies it, they too now have that power.
The problem is not the software being copied- it's the theft of the unique power it gives.
(Score: 3, Funny) by istartedi on Tuesday February 07 2017, @08:41PM
Next to a tombstone in the rhetorical grave yard, the soil stirs. An eerie shiver runs down your spine. A cold wind blows. With a moan of desolation the black dirt over the grave cracks open and the gnarled hand of this semantic ghoul rises. Like a snake it darts for your ankles, coils, and grabs. It threatens to pull you in. You whack it with a shovel and run like hell.
Appended to the end of comments you post. Max: 120 chars.
(Score: 1, Informative) by Anonymous Coward on Tuesday February 07 2017, @11:30PM
Unauthorized copying is not stealing, no matter how much some people try to insist that it is.
Okay, so I thought you were wrong in this specific case, but actually you (and I, for that matter) are wrong in the general case. Even unauthorized copying movies is "stealing":
(transitive) To take illegally, or without the owner's permission, something owned by someone else. [wiktionary.org] Did he take it? Yes. Did he have the owner's permission? No.
To take or appropriate without right or leave and with intent to keep or make use of wrongfully [merriam-webster.com]. Did he take it? Yes. Did he intend to keep or make use of it wrongfully? Yes.
You are probably trying to argue that it isn't theft [merriam-webster.com] or larceny [merriam-webster.com]. This is a much stronger case (although I'd argue by definition of a secret, it loses value if it's well known so in his particular case it still is larceny). However, no matter how you look at it, he did steal.
(Score: 1, Insightful) by Anonymous Coward on Tuesday February 07 2017, @07:12PM
Spies ... even less competent than the rest of the government, because there's no oversight.
(Score: 0) by Anonymous Coward on Wednesday February 08 2017, @04:34AM
Maybe its not them, maybe its management like every other industry. Them MBAs sure like to outsource and sub-contract out! Accountability Ninja 101...
(Score: 4, Insightful) by donkeyhotay on Tuesday February 07 2017, @07:44PM
"NSA contractor".
And there you have it. If the data and software is so super sensitive, why are you using contractors?
(Score: 2) by Grishnakh on Tuesday February 07 2017, @08:47PM
Because the federal government hiring and employment system is so broken. If they only allowed federal employees to do the work, they wouldn't be allowed to pay them anywhere near what the private sector pays, so either the jobs would go unfilled, or they'd have to hire incompetents. So they contract it out, and contractors do it for normal (for the industry/job) salaries while some contracting company gets a big cut on top for doing almost nothing.
There appears to be no way to fix this problem.
(Score: 2) by c0lo on Wednesday February 08 2017, @03:59AM
Suggestion: close down NSA, all its problem solved.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by Grishnakh on Wednesday February 08 2017, @03:25PM
WTF? This is the stupidest post I've seen all day. The problem I'm talking about is Federal hiring, not the NSA. The Federal hiring problem spans the entire government. Closing the NSA, or any agency, isn't going to magically make the Federal government adopt sensible hiring and personnel-management practices. It's a problem endemic to the government, and government in general as it's not just the US federal government, it's state and local governments too and foreign ones as well.
(Score: 0) by Anonymous Coward on Wednesday February 08 2017, @11:55PM
Oh, wow. The US govt is the model for the entire world, eh? I wonder how other countries are dealing with it?
(Score: 0) by Anonymous Coward on Wednesday February 08 2017, @03:52AM
And there you have it. If the data and software is so super sensitive, why are you using contractors?
Because, when it comes to trustworthiness, there is functionally no difference.
They all get the same background checks through the same agency.
You are indulging in a correspondence bias. [wikipedia.org]
There are a lot of contractors in government work, so it is unsurprising that the handful that have been caught doing something naughty were contractors.
Let's say there are 1,000 contractors working for the NSA (a very conservative guess) and 2 or 3 (Snowden, this guy and one more for good measure) have walked out with secrets. That leaves 997 who have not, or 99.7% who have obeyed the rules as much as any NSA employee. Furthermore there have been employees like Robert Stephan Lipka [cnn.com] who have done worse.
(Score: 2) by esperto123 on Tuesday February 07 2017, @08:03PM
Because it was not theft, it was a copy! He didn't remove a single item, so nobody could had notice something missing, and unless you monitor every packet in your local network, someone with high privilage access can copy anything at anytime and get away.
(Score: 3, Informative) by butthurt on Tuesday February 07 2017, @08:24PM
He didn't remove a single item [...]
According to the article, a prosecutor is alleging that he did:
Myers said Martin took “many thousands of pages” of classified material as well as 50 terabytes of digital data, much of which has “special handling caveats.”
Of course it's not proven.
(Score: 3, Interesting) by Yog-Yogguth on Wednesday February 08 2017, @01:21AM
Anyone else have the gut feeling that this guy is only being used as a scapegoat/excuse, or nothing but a plain diversion, or some kind of honey trap?
Poor guy if he's telling the truth (being stupid is really easy, but that said this guy was hoarding stupid), or maybe a very lucky guy if he's a scapegoat with a deal where his maximum security isolation takes place on some lovely tropical island, babes, drink, and all expenses included :3
If that wasn't enough this is from WaPo/BezoPress which is funded by the CIA (adds a whole new layer with the potential NSA CIA rivalry/war), the dead tree equivalent of CNN which means it's not to be trusted, and it's reporting about the NSA, which specializes in spying and deception by technical means and shouldn't really have been trusted even before Snowden revealed that they're incredibly untrustworthy and which is one of many (all?) organizations that is not to be trusted either even if they say the sky is blue and you've checked and the sky where you are actually happens to be blue right when they said it (and it's never the same color everywhere at the same time...).
By this point I get the feeling as if I had accidentally and unobtrusively without noticing read a +2 Blessed Spellbook of Levitation since it all feels so incredibly airy and soft and there's so little "there" actually there anywhere :)
Bite harder Ouroboros, bite! tails.boum.org/ linux USB CD secure desktop IRC *crypt tor (not endorsements (XKeyScore))