from the always-get-your-access-tools-tailored dept.
Days after the Washington Post reported on the hoarding of Tailored Access Operations tools by Harold T. Martin III, a federal grand jury has indicted the former NSA contractor:
A federal grand jury has indicted a former National Security Agency contractor on 20 counts of willful retention of national defense information.
According to prosecutors, Harold "Hal" Martin took a slew of highly classified documents out of secure facilities and kept them at his home and in his car. Earlier this week, the Washington Post reported that among those materials, Martin is alleged to have taken 75 percent of the hacking tools that were part of the Tailored Access Operations, an elite hacking unit within NSA.
The indictment outlines 20 specific documents that he is accused of having taken, including "a March 2014 NSA leadership briefing outlining the development and future plans for a specific NSA organization."
Previously: NSA Contractor Harold Martin III Arrested
NSA Contractor Accused of "Stealing" Terabytes of Information, Charged Under Espionage Act
The Shadow Brokers Identify Hundreds of Targets Allegedly Hacked by the NSA
Related Stories
A federal contractor was arrested in August for unlawful retention of classified documents:
A federal contractor suspected of leaking powerful National Security Agency hacking tools has been arrested and charged with stealing classified information from the U.S. government, according to court records and a law enforcement official familiar with the case. Harold Thomas Martin III, 51, who worked for Booz Allen Hamilton, was charged with theft of government property and unauthorized removal and retention of classified materials, authorities said. He was arrested in August after investigators searched his home in Glen Burnie, Md., and found documents and digital information stored on various devices that contained highly classified information, authorities said. The breadth of the damage Martin is alleged to have caused was not immediately clear, though officials alleged some of the documents he took home "could be expected to cause exceptionally grave damage to the national security of the United States." Investigators are probing whether Martin was responsible for an apparent leak that led to a cache of NSA hacking tools appearing online in August, according to an official familiar with the case.
From the US DoJ release:
A criminal complaint has been filed charging Harold Thomas Martin III, age 51, of Glen Burnie, Maryland, with theft of government property and unauthorized removal and retention of classified materials by a government employee or contractor. According to the affidavit filed in support of the criminal complaint, Martin was a contractor with the federal government and had a top secret national security clearance. Martin was arrested late on August 27, 2016. The complaint was filed on August 29, 2016, and unsealed today.
Also at The New York Times , NBC, PBS, the Baltimore Sun .
Federal prosecutors have charged former NSA contractor Harold T. Martin III under the Espionage Act:
Harold T. Martin III is expected to appear at a federal courthouse in Baltimore on Friday for a hearing to consider whether he should remain in U.S. custody, as prosecutors announced in a court filing that they plan to file Espionage Act charges against him.
The FBI is investigating whether Martin may have transferred six bankers boxes' worth of paper documents and 50,000 gigabytes of electronic materials to anyone else, according to documents filed Thursday. So far, investigators said they have not found any connection to a foreign power. Martin's public defenders, James Wyda and Deborah Boardman, have said that he presents no flight risk and that "there's no evidence he intended to betray his country."
Martin, a former Navy reservist, has been in federal custody since late August. That's when FBI agents executed search warrants at his suburban Maryland home, uncovering what they describe as "overwhelming" proof he mishandled classified information. Among the materials they found: the personal information of government employees and a top-secret document "regarding specific operational plans against a known enemy of the United States and its allies," according to the court filing.
The trove of information reportedly includes hacking tools that were recently offered for sale by a group that calls itself The Shadow Brokers.
12-page court filing: United States of America v. Harold T. Martin, III
Previously:
NSA Contractor Harold Martin III Arrested
Probe of Leaked U.S. NSA Hacking Tools Examines Operative's ‘Mistake’
The Shadow Brokers are back, and they have a treat for you:
"TheShadowBrokers is having special trick or treat for Amerikanskis tonight," said the Monday morning post, which was signed by the same encryption key used in the August posts. "Many missions into your networks is/was coming from these ip addresses." Monday's leak came as former NSA contractor Harold Thomas Martin III remains in federal custody on charges that he hoarded an astounding 50 terabytes of data in his suburban Maryland home. Much of the data included highly classified information such as the names of US intelligence officers and highly sensitive methods behind intelligence operations. Martin came to the attention of investigators looking into the Shadow Brokers' August leak. Anonymous people with knowledge of the investigation say they don't know what connection, if any, Martin has to the group or the leaks.
[...] According to analyses from researchers here and here, Monday's dump contains 352 distinct IP addresses and 306 domain names that purportedly have been hacked by the NSA. The timestamps included in the leak indicate that the servers were targeted between August 22, 2000 and August 18, 2010. The addresses include 32 .edu domains and nine .gov domains. In all, the targets were located in 49 countries, with the top 10 being China, Japan, Korea, Spain, Germany, India, Taiwan, Mexico, Italy, and Russia. Vitali Kremez, a senior intelligence analyst at security firm Flashpoint, also provides useful analysis here. [...] Other purported NSA tools discussed in Monday's dump have names including DEWDROP, INCISION, JACKLADDER, ORANGUTAN, PATCHICILLIN, RETICULUM, SIDETRACK, AND STOCSURGEON. Little is immediately known about the tools, but the specter that they may be implants or exploits belonging to the NSA is understandably generating intrigue in both security and intelligence circles.
Previously:
"The Shadow Brokers" Claim to Have Hacked NSA
NSA 'Shadow Brokers' Hack Shows SpyWar With Kremlin is Turning Hot
Cisco Begins Patching an NSA Exploit Released by the Shadow Brokers
Probe of Leaked U.S. NSA Hacking Tools Examines Operative's 'Mistake'
NSA Contractor Harold Martin III Arrested
NSA Contractor Accused of "Stealing" Terabytes of Information, Charged Under Espionage Act
On Monday, The Washington Post reported one of the most stunning breaches of security ever. A former NSA contractor, the paper said, stole more than 50 terabytes of highly sensitive data. According to one source, that includes more than 75 percent of the hacking tools belonging to the Tailored Access Operations. TAO is an elite hacking unit that develops and deploys some of the world's most sophisticated software exploits.
Attorneys representing Harold T. Martin III have previously portrayed the former NSA contractor as a patriot who took NSA materials home so that he could become better at his job. Meanwhile, investigators who have combed through his home in Glen Burnie, Maryland, remain concerned that he passed the weaponized hacking tools to enemies. The theft came to light during the investigation of a series of NSA-developed exploits that were mysteriously published online by a group calling itself Shadow Brokers.
[...] An unnamed US official told the paper that Martin allegedly hoarded more than 75 percent of the TAO's library of hacking tools. It's hard to envision a scenario under which a theft of that much classified material by a single individual would be possible.
Source:
According to unverifiable sources, an NSA contractor stored classified data and hacking tools on his home computer, which were made available to Russian hackers through the contractor's use of Kaspersky Lab anti-virus software:
Russian government-backed hackers stole highly classified U.S. cyber secrets in 2015 from the National Security Agency after a contractor put information on his home computer, two newspapers reported on Thursday.
As reported first by The Wall Street Journal, citing unidentified sources, the theft included information on penetrating foreign computer networks and protecting against cyber attacks and is likely to be viewed as one of the most significant security breaches to date.
In a later story, The Washington Post said the employee had worked at the NSA's Tailored Access Operations unit for elite hackers before he was fired in 2015.
[...] Citing unidentified sources, both the Journal and the Post also reported that the contractor used antivirus software from Moscow-based Kaspersky Lab, the company whose products were banned from U.S. government networks last month because of suspicions they help the Kremlin conduct espionage.
A former National Security Agency employee who worked at Tailored Access Operations has pleaded guilty to willful retention of national defense information, the same charge Harold T. Martin III faces:
A former National Security Agency employee admitted on Friday that he had illegally taken from the agency classified documents believed to have subsequently been stolen from his home computer by hackers working for Russian intelligence.
Nghia H. Pho, 67, of Ellicott City, Md., pleaded guilty to one count of willful retention of national defense information, an offense that carries a possible 10-year sentence. Prosecutors agreed not to seek more than eight years, however, and Mr. Pho's attorney, Robert C. Bonsib, will be free to ask for a more lenient sentence. He remains free while awaiting sentencing on April 6.
Mr. Pho had been charged in secret, though some news reports had given a limited description of the case. Officials unsealed the charges on Friday, resolving the long-running mystery of the defendant's identity.
Mr. Pho, who worked as a software developer for the N.S.A., was born in Vietnam but is a naturalized United States citizen. Prosecutors withheld from the public many details of his government work and of the criminal case against him, which is linked to a continuing investigation of Russian hacking.
Related: "The Shadow Brokers" Claim to Have Hacked NSA
The Shadow Brokers Identify Hundreds of Targets Allegedly Hacked by the NSA
Former NSA Contractor May Have Stolen 75% of TAO's Elite Hacking Tools
NSA Had NFI About Opsec: 2016 Audit Found Laughably Bad Security
Reality Winner NSA Leak Details Revealed by Court Transcript
NSA employee who brought hacking tools home sentenced to 66 months in prison
Nghia Hoang Pho, a 68-year-old former National Security Agency employee who worked in the NSA's Tailored Access Operations (TAO) division, was sentenced today to 66 months in prison for willful, unauthorized removal and retention of classified documents and material from his workplace—material that included hacking tools that were likely part of the code dumped by the individual or group known as Shadowbrokers in the summer of 2016.
Pho, a naturalized US citizen from Vietnam and a resident of Ellicott City, Maryland, had pleaded guilty to bringing home materials after being caught in a sweep by the NSA following the Shadowbrokers leaks. He will face three years of supervised release after serving his sentence. His attorney had requested home detention.
In a letter sent to the court in March, former NSA Director Admiral Mike Rogers told Judge George Russell that the materials removed from the NSA by Pho "had significant negative impacts on the NSA mission, the NSA workforce, and the Intelligence Community as a whole." The materials Pho removed, Rogers wrote, included:
[S]ome of NSA's most sophisticated, hard-to-achieve, and important techniques of collecting [signals intelligence] from sophisticated targets of the NSA, including collection that is crucial to decision makers when answering some of the Nation's highest-priority questions... Techniques of the kind Mr. Pho was entrusted to protect, yet removed from secure space, are force multipliers, allowing for intelligence collection in a multitude of environments around the globe and spanning a wide range of security topics. Compromise of one technique can place many opportunities for intelligence collection and national security insight at risk.
Previously: Former NSA Employee Nghia Pho Pleads Guilty to Willful Retention of National Defense Information
Related: "The Shadow Brokers" Claim to Have Hacked NSA
The Shadow Brokers Identify Hundreds of Targets Allegedly Hacked by the NSA
Former NSA Contractor May Have Stolen 75% of TAO's Elite Hacking Tools
Former NSA Contractor Harold Martin Indicted
Ex-NSA Contractor Who Stole Top Secret Documents Is Sentenced To 9 Years In Prison
A former National Security Agency contractor who pleaded guilty to stealing vast troves of classified material over the course of two decades has been sentenced to nine years in prison.
Harold Martin III, 54, apologized before U.S. District Judge Richard Bennett handed down the sentence on Friday.
"My methods were wrong, illegal and highly questionable," Martin told the court in Baltimore, according to The Associated Press.
Earlier this year, he pleaded guilty to "willful retention of national defense information," a crime that carries a punishment of anywhere from no jail time to a maximum prison sentence of 10 years. His plea agreement called for a sentence of nine years in prison.
Previously: NSA Contractor Harold Martin III Arrested
NSA Contractor Accused of "Stealing" Terabytes of Information, Charged Under Espionage Act
The Shadow Brokers Identify Hundreds of Targets Allegedly Hacked by the NSA
Former NSA Contractor May Have Stolen 75% of TAO's Elite Hacking Tools
Former NSA Contractor Harold Martin Indicted
(Score: 2, Troll) by ikanreed on Friday February 10 2017, @08:04PM
And I'm gonna go ahead and defend it, even though the election is over. The difference between this guy and a certain presidential candidate is intent. The things he brought out of designated areas were things he knew ahead of time to be classified materials.
This is a substantive difference in mens rea.
(Score: 0) by Anonymous Coward on Friday February 10 2017, @08:35PM
As long as this man did anything to hurt the NSA, he is a hero, law be damned.
America is not just a police state. It is a national prison.
(Score: 0) by Anonymous Coward on Friday February 10 2017, @08:40PM
Still think Hillary didn't know what 'C' stood for, huh?
(Score: 4, Informative) by ikanreed on Friday February 10 2017, @08:46PM
Oh yes, she should have had omniscience and known that (C) was going to come later.
Sorry if these extreme complexities exceed you. I know it's hard.
(Score: 3, Insightful) by Anonymous Coward on Friday February 10 2017, @09:02PM
Only she's used (C) on documents herself and signed off on them. She received at least 22,000 during her time as Secretary of State. This is all apparent in the Wikileaks dumps from prior to the election. You know, the same leaks they blamed on Russian hackers despite the fact that we're reading about the actual internal sources now.
But of course, there's no way she lied about the emails. Or where they came from. Or what all the money foreign governments were pumping into her foundation was actually for.
Keep on believing everything you hear on CNN, they wouldn't misinform you.
(Score: 1, Interesting) by Anonymous Coward on Friday February 10 2017, @11:01PM
This is all apparent in the Wikileaks dumps from prior to the election. You know, the same leaks they blamed on Russian hackers
No its not. No emails from her server were ever released by wikileaks. They were released by the state department in response to FOIA requests.
As of today there have been exactly zero emails leaked from her server. There have been a ton of emails leaked from Podesta's gmail account and the state department's computers were thoroughly hacked. [cnn.com] But so far there is no evidence that clinton's email server was ever successfully hacked.
(Score: 0) by Anonymous Coward on Saturday February 11 2017, @12:18AM
Clinton emailed Podesta and the DNC, emails from her server were therefore leaked in both those leaks, as well as Cablegate. Her server itself didn't have to be hacked for there to be leaked emails that are demonstrably sent to and received by her. Here's a link to the classified emails I referred to:
https://wikileaks.org/plusd/?qproject[]=cg&q=&qfdestination=Secretary+of+State&qfoclass=CONFIDENTIAL&qtfrom=2009-01-10&qsort=tdesc#result [wikileaks.org]
But yeah, she didn't know what (C) meant and there's definitely not a trove of digitally signed evidence stating otherwise.
Your check from Correct the Record is in the mail.
(Score: 0) by Anonymous Coward on Saturday February 11 2017, @12:31AM
You've linked to a search for "cablegate" which has nothing to do with clinton email.
https://en.wikipedia.org/wiki/United_States_diplomatic_cables_leak [wikipedia.org]
Citing random crap just proves you have no understanding of what you are talking about.
(Score: 1, Insightful) by Anonymous Coward on Saturday February 11 2017, @12:46AM
Yeah, Hillary Clinton had nothing to do with the State Department spying on the UN, that's why her name was attached to emails ordering the surveillance of UN officials. Can you dislodge your head from her gigantic ass for a second and recognize that, despite her and the media's willingness to paint her as your retarded grandma who doesn't understand email, that she just might have had a reason for running a private email server from her bathroom, and that reason may have had something to do with large sums of cash donated by the Saudis and Qatari and demonstrable collusion with both the DNC and mainstream media?
(Score: 1, Informative) by Anonymous Coward on Saturday February 11 2017, @02:48AM
Whatever dude. You're just indulging in suspicion bias. Clinton is presumed guilty because she's clinton, no further proof needed.
And that's pretty much all the email 'scandal' boils down to. There is smoke, so there must be fire - but don't pay attention to that guy with a smoke machine behind the curtain...
(Score: 2, Informative) by Anonymous Coward on Friday February 10 2017, @10:55PM
> Still think Hillary didn't know what 'C' stood for, huh?
The (C) markings were on her own call schedules.
Call schedules are routinely declassified after the phone call is made, because duh the call itself wasn't classified so the fact it happened isn't classified either.
The (C) markings were left on the schedules in error after they had been declassified (and all the other classified markings were properly removed).
In other words, the emails were not actually classified at the time they were sent via unclass email.
You can see the two documents yourself, as published by the government - if it were still classified it would not be legal for the government to publish it because simply "leaking" does not declassifify a document.
Here are the two call schedules in question:
https://foia.state.gov/searchapp/DOCUMENTS/HRCEmail_NovWeb/267/DOC_0C05791537/C05791537.pdf [state.gov]
https://foia.state.gov/searchapp/DOCUMENTS/HRCEmail_Jan29thWeb/O-2015-08637HCE10/DOC_0C05796118/C05796118.pdf [state.gov]
(Score: 0) by Anonymous Coward on Saturday February 11 2017, @12:21AM
http://www.foxnews.com/politics/2015/08/21/information-in-dozens-clinton-emails-was-born-classified-report-says.html?intcmp=hpbt2 [foxnews.com]
'The report says that the State Department identified the emails as containing "foreign government information" when it retroactively classified them upon their release earlier this year. However, the regulations say that such information, defined as having been provided orally or in writing to U.S. officials by their foreign counterparts in confidence, must be "presumed" classified, regardless of whether it is initially marked that way.'
(Score: 0) by Anonymous Coward on Saturday February 11 2017, @12:25AM
Simply quoting from a news article without making your own statement is an act of intellectual cowardice.
If you have a point, make it explicitly so that people can engage with it.
(Score: 0) by Anonymous Coward on Saturday February 11 2017, @12:48AM
My point is that for every other lesser member of our government, there are things that are "born classified", that is they are considered to be classified even if they are not marked as such. If anyone but Hillary Clinton had been responsible for the communication of that information outside of official government channels they would have been held up on treason charges. It's only because it's Hillary that this "I didn't know it was classified" nonsense is allowed to pass muster.
(Score: 1, Informative) by Anonymous Coward on Saturday February 11 2017, @02:45AM
So lets first acknowledge you've completely moved the goalposts from an argument about whether or not the "(C)" marking was important.
Ok? Good.
Now pay attention to what fox has done - they've mashed up multiple separate points in order to make them look related.
The biggest give away is that fox explicitly says "That number represents scores of individual emails that have already been made public"
If they contained classified information they would not have been made public.
Either Fox doesn't have any domain knowledge about classification and is just doing the same crap you've been doing - mixing together a whole bunch of stuff without really understanding any of it. OR they do know how classification works and are deliberately misleading the reader.
Either way, the article you cited and specifically the paragraph you pulled out does not support your premise.
(Score: 3, Funny) by Dunbal on Friday February 10 2017, @08:43PM
He just needs to change his name to Hillary Clinton and he'll be let off with a warning.
(Score: 0) by Anonymous Coward on Friday February 10 2017, @09:26PM
Sure why not? Worked for Chelsea Manning right?
(Score: 0) by Anonymous Coward on Friday February 10 2017, @09:29PM
I'm sure Chelsea is kicking herself for not thinking of "I didn't know those were classified" first. I'm sure the same standard of justice would have been applied.
(Score: 1, Funny) by Anonymous Coward on Friday February 10 2017, @11:34PM
FTFY
(Score: 0) by Anonymous Coward on Friday February 10 2017, @11:45PM
Not for long.
(Score: 0) by Anonymous Coward on Friday February 10 2017, @11:58PM
Chelsea Manning was figuratively and literally emasculated his then her first night in military prison.
If only to make an example out of her for future whistleblowers (about what kind of whistle they'll be blowing when they get caught.)
(Score: 0) by Anonymous Coward on Saturday February 11 2017, @08:32AM
what's not to love about corruption
(Score: 3, Touché) by c0lo on Saturday February 11 2017, @06:16AM
Actually, if you think a bit... while still attached it's hard (impossible?) to actually kick yourself in the nuts... I mean... without detaching either the kicking foot or the nuts from the body.
Now that the separation of the balls was carried out, she could theoretically keep them for as long as she lives to kick them at her leisure.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 1) by Ethanol-fueled on Saturday February 11 2017, @03:40AM
That is pants-on-head retarded and would have been ripped apart in court.
There are briefings, refresher security training on a regular basis, seeing warnings everytime the computer is logged onto, seeing "TOP SECRET" on everything you see and read, having to go through a thick steel door designed to withstand x man-hours of trying to force it open just to perform your daily duties, etc.
What did save Manning, though, was being a tranny. You can bet your ass that Obama would have let him rot in torture had Manning not been transgendered. The queers are one of the largest demographic supporters of the Democratic party and Obama could not risk alienating them.