Prosecutors Say Contractor Stole 50 Terabytes of NSA Data

An NSA contractor siphoned off dozens of hard drives' worth of data from government computers over two decades, prosecutors will allege on Friday. From a ZDNet report: The contractor, Harold T. Martin III, is also accused of stealing thousands of highly classified documents, computers, and other storage devices during his tenure at the agency. It's not known exactly what Martin allegedly stole, but a report from The New York Times on Wednesday suggests that the recently-leaked hacking tools used by the agency to conduct surveillance were among the stolen cache of files. Prosecutors will on Friday charge Martin with violating the Espionage Act. If convicted, he could face ten years in prison on each count. The charges, news of which was first reported by The Washington Post, outline a far deeper case than first thought, compared to the felony theft and a lesser misdemeanor charge of removal and retention of classified information revealed in an unsealed indictment last month.

Are you sure?

Are you sure it's not the Russian spies who did it? They seem to be responsible for just about everything lately...

Re: Are you sure?

Russian spies, Chinese spies, Israeli spies, patriotic American whistleblowers, American thieves with unknown motivations, careless NSA operatives, five-eyes allies (and all their Russian spies, Chinese spies etc), they all have access. Don't worry though, your data is safe with us.

Re:Are you sure?

[K.+S.+Kyosuke]

Ssssh, his real name is Garold Timofeyevich Martinov...

Oh brother

[Noryungi]

First there was Snowden, now this.

50TB of data stolen? OK, so they caught the guy, but, if he had been a bit less greedy, perhaps he would have gotten away with it.

Seriously, how can anyone trust the NSA to do the right thing (respect human rights, rule of law, due process, yadda yadda yadda) after these two... ahem... "incidents" is beyond me. Is everyone asleep at the wheel at Fort Meade?

And here is something even more disturbing: if a contractor can do this, what makes you think other people at NSA can't do this, for, you know... "fun" and profit?

Quis custodiet ipsos custodes?

Re:Oh brother

[MachineShedFred]

He should have moved all that classified data through a private email server, then it would just be considered careless with no charges brought forward.

Re:Oh brother

[Kierthos]

Well, he supposedly did this over the course of 20 years. However....

That actually means the problem is worse. How, over the course of 20 years, did no one notice this? I mean, let's say he had two week's vacation every year, he's still absconding with 50 Gigs of data a week for 20 years. (On average, and assuming that the 50 Terabyte estimate is accurate.)

Okay, sure you can get a cheap USB drive that has 128 or 256 Gigs of space on it, but 20 years ago? A shitload of ZIP disks? Physically removing the hard drives?

And the sad thing is, probably half the people who should have caught this have already retired.

Re:Oh brother

[Kierthos]

I mean, most likely, as larger storage media became commercially available, he probably stepped up his game. I can't imagine how you could sneak 50 ZIP disks in and out of an NSA facility weekly and not get caught much sooner.

Re:Oh brother

[HBI]

It's not a casino, no one is wearing pocketless clothes.

Re:Oh brother

[PopeRatzo]

I can't imagine how you could sneak 50 ZIP disks in and out of an NSA facility weekly and not get caught much sooner.

He smuggled Bernoulli disks hidden out of the NSA in his rectum. And before you say it, yes it nearly killed him.

Re:Oh brother

[TykeClone]

There was no intent!

Re:Oh brother

[king+neckbeard]

It's probably because the NSA has likely had a 'vacuum everything up' approach for its entire existence. If they've always got more data than they can sort through, it's going to be easy to sneak something out. The NSA probably scoops up that much data in a day.

Re:Oh brother

[Narcocide]

That's the whole problem here. It should have been apparent to everyone, a long time ago already now, that all of the NSA's fear-mongering self justifications are transparently obviously the excuses of the actual villains they claim to be protecting us from, and the NSA was only ever about creating excuses and situations for these types of breaches to take place. Anyone who thinks otherwise is hopelessly naive and probably unwittingly being victimized daily by identity harvesters.

Re:Oh brother

[bongey]

Guy on the internet thinks classified leaks is a new problem. News at 11. https://en.wikipedia.org/wiki/...

Re:Oh brother

[Xenographic]

> He smuggled Bernoulli disks hidden out of the NSA in his rectum. And before you say it, yes it nearly killed him.

Someone should send them a tip to check out Mr. Goatse as a potential accomplice.

Re:Oh brother

[SumDog]

And you know what, we have no idea if this guy even is the ShadowBrokeer. All the "evidence" is totally classified for national security purposes. This guy might totally be railroaded. Hell, this guy may not even exist! This might be a whole media campaign just to keep the fear going. We really have no fucking idea.

Re:Oh brother

[WhiplashII]

No, he should be fine. I hear Hillary! is representing him.

Re:Oh brother

[rtb61]

Did if for twenty years, without getting caught. Than that data was going from one supposedly secure location to another actually secure location. For that period of time without getting busted, very likely a corporate spy and at a guess they were paid by their own corporation to steal that information from the US government for analysis by the multi-national corporation executive team and that corporation was using additional contractors to cover up any accidental exposure, so they are very likely looking for more than one player, over that time probably at least five, with direct executive involvement in those actions (there had to be real motivation to keep on taking that risk over that extended period of time, something like a tax haven retirement package). Likely this could get a lot bigger, especially if those executives individually choose to on sell certain information for personal advantage. Stealing the hardware, well, I suppose just because he could, he thought he was protected and he is a jackass.

Re:Oh brother

[Robert+Goatse]

You rang? lol

Re:Oh brother

[sudon't]

First there was Snowden, now this.

50TB of data stolen? OK, so they caught the guy, but, if he had been a bit less greedy, perhaps he would have gotten away with it.

He's nothing like Snowden. I heard on the radio that this guy was some kind of obsessive hoarder, hence the massive amount of stuff. He never shared any data with anybody, he just "wanted it". Could be bullshit from his lawyer, but then again, we all know people who are like this, to one degree or another.

The same government that wants backdoors

[ebunga]

The NSA... the agency responsible for keeping government secrets actually secret... can't keep its own systems secured. This same government wants unfettered access to all encrypted systems, and already has the ability to tap any phone anywhere in the US from the comfort of their living room sofa. Not scary at all. Nope.

Re:The same government that wants backdoors

[tlhIngan]

The NSA... the agency responsible for keeping government secrets actually secret... can't keep its own systems secured. This same government wants unfettered access to all encrypted systems, and already has the ability to tap any phone anywhere in the US from the comfort of their living room sofa. Not scary at all. Nope.

We don't know this.

We don't know how he got access to the files - perhaps he was authorized to? Remember, Snowden's files were everything he had a legal right to access in the course of his employment.

So if he was gathering the data he had access to, well, there's not much anyone could do to restrict him - there are legitimate reasons why he might be doing the things he did.

Plus, he could gather stuff off stolen computers too - despite the well learned nature of most of the NSA employees (it's a geek fest, effectively), they still do really stupid security things including leaving their computers unsecured and all that.

Hell, the NSA IT department must be hell to work for - try to implement any sort of security and you'll have people wanting your badge because they're smarter and more educated than you and know way more about security and to reverse whatever change it was. (You know the folks - they all brag about how much smarter they are than you and will never do anything stupid...).

Quis custodiet ipsos custodes?

[nospam007]

Apparently tons of people, if the last years is any indication.

50 Terabytes per 20 Years

[Kunedog]

That's around 700 kbs. He probably just left a telnet session open on an older, slower machine, "collecting" (NOT searching or tapping) the internet in case of terrorism.

15 Second Explanation.

[PessimysticRaven]

NSA: Well, we can't get Snowden, but it would sure be swell if we could get SOMEONE.
Martin: *Waves* Hi! I'm still living in the States!
NSA: Yes, you'll do nicely.

So what are these CISSP "cyberwarriors" doing?

I sometimes attend IT-related conferences, a few in the infosec space. And inevitably a few people from government contractors and agencies show up (on the taxpayers' dime) and rail against encryption, Apple, Snowden, or anything that makes operating the surveillance state difficult for them.

But between Snowden, the Russians, this guy, and OPM, what's left to steal? Why are we paying these assholes -- especially the ones working for contractors who've sucked on the federal tit for decades -- six-figure salaries to sit around Northern Virginia and shit on the Bill of Rights all day long?

This entire thing's a joke. They spy on us, and then can't secure the shit they uncover. Read Congress's recent report on the OPM debacle to see how fucked we are.

Re:So what are these CISSP "cyberwarriors" doing?

[swb]

What I don't get is why joining the NSA isn't something like getting a really well paid job combined with being in the military.

Pay them really well, so well they would have to think 3 times about not joining. Like 4x a similar pay rate that you'd find in a top-tier city for an equivalent job. Make working conditions really nice -- free high-end restaurant quality dining on premises with a room service option for people who wanted to work through a meal hour, super nice office spaces, the whole experience more "hotel" than "government office".

But then also kick in the military part -- you join up for a minimum 5 year commitment, you live on campus, your travel off-campus is limited and controlled and there's the understanding that you ARE being watched closely, but do it in an unobtrusive manner, not in a police state manner. But make the housing and lifestyle options more like a country club kind of atmosphere, single family houses, lots of recreational options, private schools for the kids, and lots of activities for spouses and kids, too. Make them stay but make staying so easy they want to stay.

Sure, the whole thing would be expensive, but you'd have a much better chance of containing your secrets. And chances are, buying their loyalty would go a long way to helping and keep the security more velvet glove than rubber glove.

The current thing with all the contractors is a mess and it's a miracle that actual government employees have any loyalty at all.

Re:So what are these CISSP "cyberwarriors" doing?

[SumDog]

There is an increasing amount of evidence that Snowden still works for the CIA. He's the only one including this guy and Manning, who hasn't been caught (which just feels super suspicious .. that combined with him criticizing Russia on Twitter .. while in Russia .. supposedly).

I don't think the Snowden story is real. I think it's most likely propaganda. And if that's fake, who is to say there is any legitimacy to this story either?

We live in 1984, just less totalitarian and more Brave New World (with all the good parts gone). We think we're free and have free media, but it's all propaganda. Want to prove it? Right now you think I'm a crazy conspiracy theorist nutbag. See: totally works. All dissenting opinions are made by tin foil hatters.

Re:So what are these CISSP "cyberwarriors" doing?

[WallyL]

Is the budget situation not already so?

The NSA complaining about stolen data?

[epyT-R]

Talk about rich irony deposits..

dilbert

[cadeon]

http://dilbert.com/strip/2013-...

500 Million Pages

[neoRUR]

It wasn't 50 Terabytes of data, it was drives that were capable of storing 50 Terabytes of data or 500 million pages of documents. By extrapolation, 50 terabytes can hold 500 million pages. SO they are charging him with the max. It doesn't mean there was that much info, there could be 1 document on the drive. He had like a dozen drives. But he had stuff sitting in plain site in his car, so didn't look like he cared to protect it. Not sure why it took so long to catch him.

You should assume any computer newer than 2009...

Or ~2013 for AMD (Although the old AMD hardware is still 'fresh' on the market until next year.)

AM3/C32/G34 are all pre-SEE but anything LGA11xx or LGA2011+ on the Intel side has had signed management engine firmware since Sandy Bridge. Given the list of countries involved in R&D for it, you should assume Israel, the US, and potentially many of their allies have known exploits if not custom tools to gain remote access to any x86 computer hardware newer than that point. Basically all modern motherboards have integrated ethernet, and if the bios/me firmware has the support necessary to initialize it, they can infiltrate/exfiltrate data below the operating system level. While there haven't been any documented cases of it, there is no way to be sure that is because the software is and will remain secure, rather than that they haven't had a reason yet, or the people targetted have not been paranoid enough to record all traffic entering/leaving their network to discover and document this form of attack.

Keep that in mind the next time you are buying new x86 hardware (and many/most of the modern ARM boards/phones/etc as well!) Our entire hardware ecosystem has been backdoored in under 10 years after all the work done during the 90s (white and blackhat) to try to discredit and/or block it.

they allowed it

[bigtreeman]

NSA should be charged for allowing it to continue for 2 decades

Stolen Wrong Verb

[Luthair]

Does the NSA still have those files? Then they weren't stolen, they were copied.

Which NSA employees also face prosecution?

[hawguy]

Who at the NSA will also face prosecution for such poor access controls that a *contractor* (not even a full employee) could steal 50TB of "highly classified documents" unnoticed?

I have full admin rights to every system at my employer, and even with those admin rights, I could not steal data unnoticed. A few times a month I trip an alarm in my normal work and have to justify my actions to our compliance group.

And we don't even store classified documents, just run of the mill business documents for our customers.

Re:Which NSA employees also face prosecution?

[AHuxley]

re "A few times a month I trip an alarm in my normal work and have to justify my actions to our compliance group."
Internally the NSA don't have an alarm for that. Nobody could do any gov work if "alarms" or encryption got installed at that level and had to be cleared every few hours.
Everything is decrypted and reduced to plain text. Thats the mission to decrypt and read, sort and index. The select humans allowed in to read and search the material are the "security".
The idea is to allow the NSA workers to dig deep into all the raw data and find the gems that every other branch of the US gov and mil missed due to a lack of skill or clearance.
That information is then passed back in such a way to be "plausible" in any other US computer system when tasked or actioned.
East Germany faced such a walk out of all their spies in the West as raw data in the 1950's. They fixed it by splitting the data up so no one person could ever see all the data lists alone again. A complex buddy and the need for senior staff to be present if such data was requested stopped walk outs
The GCHQ faced the issue of a cleared person with access to photocopier without a counter and daily uncounted paper refills. The ability to just copy secret vault material was limited only by the size of a folder to carry paperwork home in everyday. The GCHQ fixed the issue by securing the hardware and been more staff aware.
In the digital age the NSA has to trust its staff, contractors and people the contractors offer as trusted or who other agencies pass as trusted.
The skilled staff ratio to material gathered is just getting so complex, jargon packed or in need of translation that a lot of contractors have to be ready to look. Its all plain text to help that work flow of a global collect it all policy. Then add in the sorting of the domestic collection.
The fix is to encrypt internally and only trust tested NSA staff again. That would remove the contractors funding and they have political friends to get their access and contracts back.
So the NSA stays open for business. Does the CIA leak? What are they doing with the same level of gathering thats different and still secure over the same decades?

Re:Which NSA employees also face prosecution?

[hawguy]

re "A few times a month I trip an alarm in my normal work and have to justify my actions to our compliance group."

Internally the NSA don't have an alarm for that. Nobody could do any gov work if "alarms" or encryption got installed at that level and had to be cleared every few hours.

Why not? If private companies are expected to have access controls and adequate auditing for sensitive data and face fines for data breaches, then why isn't the NSA held to the same standard when they have access to much more sensitive data? if a private company has a breach, it can face multi-million dollar fines. What's the punishment when the NSA (who has access to far more data than many people prefer) loses that data because they can't be bothered to secure it out of "convenience". When a hospital has a data breach and your medical records are available for download, would you accept "Well, we could never do any medica work if we had any access controls or auditing for access to your medical data." At least in the case of a hospital, they have a good excuse - it literally is a matter of life-and-death - if the ER doctor can't pull up your medical records, you may die while waiting for treatment. But convenience and expediency is not excuse, even for a hospital.

Everything is decrypted and reduced to plain text. Thats the mission to decrypt and read, sort and index. The select humans allowed in to read and search the material are the "security".

So the NSA *requires* invasive access to all sorts of personal data, but they can't protect it at all? Every employee with some sort of clearance needs access to everything with no access controls at all?

Somehow that seems unlikely, and is not the level of care most people expect for such databases.

A random contractor should not be allowed to walk out with 50TB worth of data.

The select humans allowed in to read and search the material are the "security".

Note that there are about 5 million people with some sort of security clearance, 1.4M have a "top secret" clearance, so how select is that group? The NSA is estimated to have 40 - 50 thousand employees (the exact number is, ironically, secret), if even just half of them have access to data, that's not a very select group of employees, and there are guaranteed to be more leaks.

The idea is to allow the NSA workers to dig deep into all the raw data and find the gems that every other branch of the US gov and mil missed due to a lack of skill or clearance.

East Germany faced such a walk out of all their spies in the West as raw data in the 1950's. They fixed it by splitting the data up so no one person could ever see all the data lists alone again. A complex buddy and the need for senior staff to be present if such data was requested stopped walk outs

The GCHQ faced the issue of a cleared person with access to photocopier without a counter and daily uncounted paper refills. The ability to just copy secret vault material was limited only by the size of a folder to carry paperwork home in everyday. The GCHQ fixed the issue by securing the hardware and been more staff aware.

In the digital age the NSA has to trust its staff, contractors and people the contractors offer as trusted or who other agencies pass as trusted.

So this problem was solved 50 years ago, yet the NSA can't manage to solve it with modern computer systems?

The skilled staff ratio to material gathered is just getting so complex, jargon packed or in need of translation that a lot of contractors have to be ready to look. Its all plain text to help that work flow of a global collect it all policy. Then add in the sorting of the domestic collection.

That's a common criticism of the NSA -- they already have a haystack of data and can't find the needles they are looking for.

Re:Which NSA employees also face prosecution?

[AHuxley]

Re "You said they already only allow a select group of people have access to the data and that's their security model, now you say that the way to fix the problem is to only allow access to trusted staff? Who is this "select group" if it's not "trusted staff"? A select group of untrusted staff?"
Thats the big question. Encrypt and tell all the workers they are not trusted at any level and all have to get permission/keys everyday?
That breaks down that esprit de corps, comradery or respect and excellence. Taking orders/tasks from a contractor alters gov/mil staffs outlook on their job. Staff start to wonder if they are been demoted, blocked or have done something wrong, been reported, face downsizing, replacement by a contractor, a hunt for a someone and they are caught up in it. Their work suffers, rumours spread fast in communities.
Trust the gov workers but never the contractors? Some contractors are more trusted who have to see the networks as part of their contract? A new layer of tasks and workers to look after and track.
All that while global and domestic collection builds up 24/7. The US has done a lot of testing on how to work with its staff.
How to trust them, educate them, track them, reward them, know if they have been in contact with anyone, or to test them with fake files or unexpected chat downs/encounters in the community or while on holiday. If not self reported, thats an issue.
Thats what kept the NSA safe for so many decades. Thats the methods the US told its other 5 eye members to try with their own staff.
That all fails when rushed in contractors get equal access and need to work with all material.
Re "A random contractor should not be allowed to walk out with 50TB worth of data."
That is just random files floating around the networks so staff can cross reference and search. Plain text, sorted, indexed so future generations of staff next week, month or decade can look back and draw results. Internal tracking of such data flows would slow the networks and allow spies to track if they are been investigated by self searching their own logs. Any changes and they know they are under suspicion.
That could endanger decades of discovery or placing of fake material and allow escape.
The FBI tried that and found internal spies would look if any action was been taken surrounding their work or teams. Bureaucracy expects a file to be created somewhere and that can be searched for given equal or greater access. A strange new team with project access but no contact could be new security.
The change was a flood of contractors and staff growth. New missions, different contractors who could alter things, give orders and had a more easy path to support and advancement. Yet the same security system of trust the staff, work the data stayed in place as it had always worked so well until it did not.
Any attempts to secure things away from the contractors invokes political support and seen as anti-capitalist or budget envy. Contractors are clearing other contractors just to bring in skills and keep up with the global/domestic work load. The final security that worked was to walk the life of all applicants. Talk to all friends, teachers, extended family and look in local paper documents, paper court records, interest in books, magazines, friends of friends and get a good profile of everything.
That is now digital. The person exists and the federal/state computer says the grew up in a fly over state, passed their exams really good and another agency totally trusts them. The polygraph tester passed them after a chat down and internet log search to see if they looked up "polygraph". None of their self submitted friends are been tracked by any state or federal task force or police database...
That final real world aspect to decades of great security is now not working in a rush to find skills, languages, foreign thinking.
The UK did rushed interviews in the 1930's-40-50's to get Russian and German skills. A lot of interesting people got invited in and moved up the ranks.
Collection at any cost is becoming the only mission.

You are so wrong. Re:Oh brother

[waynemcdougall]

No.

FIRST was this (and who knows what else). THEN there was Snowdon. This is important.

One of the arguments in favour of Snowdon being an honourable whistleblower was this:

If he was malicious, he would have quietly stilen the data and sold it to the highest bidder. Like this guy did. And Snowdon didn't.

One of the (many) arguments in favour of Snowdon is that if he could *so easily* collect that information undetected, then other, malicious people could be doing so. And so it turns out. Snowdon alerted us to the weaknesses of the NSA security practices (amongst many other nobler services).

Vindication. Again. It tastes sweet. But not as sweet as a pardon.

It's their job, isn't it?

[Xenographic]

> It seems everybody who works for the NSA these days is stealing data illicitly.

To be fair, isn't that their job?

How can you steal data which does not exist?

[WillAffleckUW]

It would be illegal to spy on Americans in their own country, therefore such data can't exist.

Qui custode custodi?

It's OK, he's a Hillary contributor!

Just concerned that she wasn't getting enough data from the NSA, as she always complains in her emails....

Re:Why does NSA

[Anne+Thwacks]

You need at least 5TB of data to get one A4 page of any interest to anyone - and that probably means a little league supporter.

The bigger question...

[fgouget]

The bigger question is: what did he do with all this data?
Stash it in his basement? As insurance for something?
Use it for blackmail?
Sell it to foreign spies?
Leak select items to the press?

He certainly did not publish it wholesale or we would have heard about it.

He reportedly stole NSA Hacking Tools

[Macdude]

According to reports he stole NSA Hacking Tools, so does that mean the NSA has sent details on the exploits their tools use to the various Software Developers so that they can fix their code?