Slashdot Mirror
NSA Contractor Indicted Over Mammoth Theft of Classified Data (reuters.com)
Dustin Volz, reporting for Reuters: A former National Security Agency contractor was indicted on Wednesday by a federal grand jury on charges he willfully retained national defense information, in what U.S. officials have said may have been the largest heist of classified government information in history. The indictment alleges that Harold Thomas Martin, 52, spent up to 20 years stealing highly sensitive government material from the U.S. intelligence community related to national defense, collecting a trove of secrets he hoarded at his home in Glen Burnie, Maryland. The government has not said what, if anything, Martin did with the stolen data. Martin faces 20 criminal counts, each punishable by up to 10 years in prison, the Justice Department said. "For as long as two decades, Harold Martin flagrantly abused the trust placed in him by the government," said U.S. Attorney Rod Rosenstein.
Museum of Natural History contractor indicted over theft of classified mammoth data
if he's THAT good for THAT long
But Hillary did nothing wrong.
~ People that think they are better than anyone else for any reason are the cause of all the strife in the world.
Assume 50 TB over 50 working weeks a year and that's 1TB a week, divided over 20 years gives you an average of 5GB a week. That's well within the realm of feasibility, even if the bulk of his data collection came within the last 10 years and he was relying on thumb drives, SD cards, or the like.
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
Why is the trust that the government placed in the contractor worth more than the trust that the citizens of the U.S. have placed in the government? It works both ways, guys.
You can't see how someone, over a 20 year period, was able to gather 50TB of data? 2.5TB of material per year is insignificant to the amount of data people such as him have access to.
We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
That and as someone else said somewhere else, it's the National Security Agency and not the Secure National Agency.
I'm sure they'll fry him for this. Unless he was keeping the data on his secure private server (hidden in the closet under a pile of sweatsocks), then it's cool.
Holy shit aren't those things extinct?
Didn't have time to read the full description... but, wow!
They've already got mammoths cloned from ancient DNA, and they're training them to steal classified data? What CAN'T the NSA do?
For as long as two decades, Harold Martin flagrantly abused the trust placed in him by the government
Sucks when it happens to you doesn't it government!
Assuming the NSA uses tapes for backups (common in some places), all the guy had to do is pocket a few backup tapes every week and he'd hit that quota very quickly.
Tape capacity ranges from 200GB to about 6TB, I believe, and they are much easier to steal than hard drives.
"For as long as two decades, Harold Martin flagrantly abused the trust placed in him by the government"
Kind of like how the Government has flagrantly abused the trust placed in them by the average citizen?
He just copied it.
That is assuming he did it uniformly over a 20 year period, which is possible, but unlikely.
You would think they would have not only network but physical safeguards in place to prevent this. I see this as more damning of the NSA security procedure than anything else. Regardless of how you slice it, it is a massive amount of data to be able to go "unnoticed" for 20 years!
"Unnamed U.S. officials told the Washington Post this week that Martin allegedly took more than 75 percent of the hacking tools belonging to the NSA's tailored access operations, the agency's elite hacking unit."
Took? They don't have it anymore? Unnamed US officials could have better used the term "copied" I think (though not totally wrong I suppose).
Somehow I finished that sentence with, When reached for comment Martin said "the other 25% of the hacking tools were rubbish!" :p
...then why wasn't he caught sooner? Especially with the amount of data he was absconding with?
Governmental bureaucracy in action, again, most likely.
Dream as if you'll live forever.
Live as if you'll die tomorrow.
~Anonymous~
So far nothing has said that he has sold this information to 3rd parties. Lets hold off on assumptions until the details are provided, shall we?
If he didn't give or sell the information away ('hoarded"), then it sounds to me like he was simply lazy about proper security procedures, rather than criminal. I know lots of people that take work home with them and it sounds like that is what he did.
Yes, it was a potential problem, yes it was a violation of the rules. But I bet his boss was simply more concerned with results than with security and created a culture of "get it done and don't talk to me about problems." The boss was probably too stupid to realize that 'problems' included national security leaks.
excitingthingstodo.blogspot.com
... backup tapes.
Those are so easy to walk off with.
I'm retired IT, and many times when I was assisting on another site, I saw backup tapes and EHD, some old, laying around in plain site, some in drawers where tools and connectors were stored, so yeah.
It little behooves the best of us to comment on the rest of us.
"Genetically muslims are largely of Negro ancestry."
Science taught us, that _all_ humans are largely of Negro ancestry, including your racist ass.
This would have been way worse than anything Snowden or Manning released. He discovered that they ordered anchovies for the pizza served at a staff party.
"That's the way to do it" - Punch
Nevermind that. Does anyone know where he's being held? Because we need to send him his shirt.
Naw. He'll change his gender identity and get a presidential pardon.
That's how it works.
A/C has demonstrated a mastery of pseudoscience. If you continually insist on citing scientific facts, how can it ever succeed in its quest to transmute lead into gold?
... not to out-source critical shit to contractors.
But you want to be able to hire and fire them easily, on the whims of the budget, right? And to show efficiency with as tiny a staff as possible, right? And to obfuscate responsibility if something goes wrong, right? If your assistant commits treason on your watch, you're to blame because you should have picked up on it, at least. But a contractor? Who takes the fall for contracting the contractor? Fingers point everywhere but nobody's directly responsible for what a contractor does (except when he does something good, you can take credit).
Out-sourcing. Your stepping-stone to success in management.
Take it easy, Charlie, I've got an Angle...
Not just the secret ones. Many overt US law enforcement agencies are dishonest. Look at all the police abuse where the story ends with "we investigated ourselves and found no wrongdoing."
"They said he stole 50+ TB of data from the NSA.
I'm not sure how this is possible?"
Read again, he also stole a mammoth to transport the stuff.
Ya got me. Still, even in 2007, 100GB/week is feasible. And the amount he could bring home grew exponentially with the capacity of flash memory, so he could have been doing 1TB/week no problem the last year or so (hell, 1TB/day is feasible to a single stick if he's sitting in the server room doing drive images and such as a routine part of his job).
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
...but was the information marked classified?
20 years ago 2.5TB was not insignificant.
Besides the glaring issue of Islam not being a race or ethnicity as has been pointed out, you have also failed to demonstrate the relevance of the "Negro ancestry", or show any connection between genetic defects arising from inbreeding and "barbarism" or terrorism.
That's ~5GB a day over one year. So he managed to dig up and exfiltrate a DVD's worth of information, on top of his normal duties, every day?
Nope... he was doing it for 20 years, which brings that average down to 250 MB/day. That's still A LOT of information for 20 years ago, when hard drives were still measured in MB. The fact that he was able to keep going for so long is dumbfounding to me. Most places have random inspections, you'd think over the course of 20 years, he'd have been busted a few times.
> More specifically, if you look back over the case law for this, people generally get prosecuted if:
> A) They get caught lying to the investigators
So what do you call this? Not to mention destroying items under subpoena. Here's the full hearing if you want more context.
> This is why Comey said what he did - cases like Clinton's result in administrative punishment at most, and the worst penalty was loss of clearance and thus job (which didn't apply anymore for her because she was no longer Secretary of State).
There's also the fact that Obama's AG, Loretta Lynch, would have had to prosecute a presidential candidate. It's not like this server was some accidental thing or that she was ignorant of the Presidential Records Act. Here's where I discuss her email with Colin Powell on how to cheat the oversight. The original email is here (click 'view original PDF'). And here's a transcription of it for anyone who hates PDFs. Some typos are in the original, but compare with the PDF if you want to be sure I didn't add any:
The contractor arrangement is occurring for several reasons. Of course, because the government allows it. But also many young professionals in the DC area are doing it intentionally in order to make more money. You can get a higher salary if you're a "contractor" to the NSA than you would being hired straight to the NSA. Ignoring things like benefits, the government just doesn't pay enough for security personnel. Hell, last time I looked the NSA was offering *up to* $104,000 for a job that required 5 years experience and a master's degree for software engineering (and probably requires a security clearance as well, which typically adds value to an individual....especially if you hire them when they already have the required clearance. In some cases the value can be up to $15,000-30,000, so employers can give you a $10,000 'bonus' simply for already being cleared and still come out ahead compared to hiring someone who isn't cleared at all).
Compared to the private sector in the same area, salaries seem to be at least $120,000+ for the same requirements (5 years + masters). With that level of experience it's not uncommon to reach $130,000-140,000 for software engineers who have specialized in system security in the DC area.
Now, with contracting, you have to go even higher because you're on the hook for your own benefits. So that person who would make $120k full-time in the private sector is probably somewhere up to $170k or higher. Now they contract themselves to the US government, which would have only paid them $100k to start with, but they have the $170k price tag based on the private sector, and they pocket the $20k difference (less taxes). So you do the same work (government work, which is infamous for being slow-paced and secure), have less risk compared to real contract/freelance work, and get more money.
In DC you're almost guaranteed to have better benefits and more in-pocket cash if you're a "contractor". Most of these "contractor" types don't actually freelance or work anywhere else, they're just gaming the system because they know the NSA and other three letter agencies will play along.
For off-site data backup storage.
Maybe 50 tb isn't that much compared to the monsoons of data the NSA is collecting from all of us with no idea what to do with it?
I worked in a highly secure shop and we never once had a random inspection in the four years I was there. Part of the reason is those kinds of inspections increase the number of people who have access to the data. Presumably trusted people, but still...
More to the point: refusing to prosecute unless A or B is met is genuinely good for national security. If people know their mistakes are forgivable they're going to be much more inclined to cooperate with investigators to help seal the breach. If people think they're looking at 10-to-20 for their carelessness, they're far more likely to lawyer up.
Mostly accurate. However, quite a few (most?) contractors work for large companies that do offer benefits. You don't have to go out on your own.
But otherwise, yeah. In technical agencies it's very common for government employees to sit beside a contractor doing the same job for twice the pay. As you can imagine that is somewhat demoralizing.
AC don't worry about size. With modern compression and consumer storage in the terabyte (TB) and gigs amount is not the issues.
The next question for the NSA is was it networked and on what OS?
How do Tailored Access Operations set their tools up? As the first sign of any network in the wild do they activate and become mission ready?
Mission ready on any network in the wild? Was some distant server of interest to the NSA contacted from not a NSA staging server?
Did another nation, admin or a person then have the skills to see code try to alter their server and follow it home only to discover its not some protected staging server this time?
Did anyone in the wild follow activated NSA tools back and extract data from a network the NSA was not aware of?
Was cloud AV used? Did AV see something and report back to some company?
Think of the most modern consumer grade OS that indexes and then shares search results with a brand unless privacy settings are altered?
Domestic spying is now "Benign Information Gathering"
Contractors also have to actually work, which nearly all government civilians don't have to do. I know, since I have been both.
I heard "mammoth" is just NSA slang for gigaabyte .
The mammoth DNA has been sequenced - 4 billion base pairs, each pair is two bits. 1GB.
So this guy simply made "offsite backups" of one mammoth per day, on average.
...and if the NSA had any mind for security, those tapes would be encrypted, giving the contractor NO USEFUL DATA WHATSOEVER. Now whose fault is it?
But only villains use encryption, remember? Why would the NSA do that? They're the good guys!
(Yes, I meant this sarcastically.)
Let's say ... two eyes at around 4k.pixel square each and 20 frames per second is around 231,928.234*10^9 bytes/day for the eyes. What is sound? About 1MB/minute (I don't do music, so that's a wild guess.) for 1.5*10^9 bytes/ day. All other sensory and thought data - let's round it up to 250TB/day. Even if you assume JPEG-ish or MPEG-ish lossy compression for the visual information, you're probably still up at several TB/ day.
There's more going on in that mammoth than you'd think.
Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
Awww, why couldn't that say NSA Contractor Indicted Over Theft of Classified Mammoth Data ?
KKK has been founded by the democrats.
That was a long time ago, and times and people change.
Most of the people say that current day living is worse than two generations ago, so if there is any undoing, they are not exactly undoing the progress.
Only in an overly-romanticized version of the 50s and 60s. If you were white (and the right type of white), Christian, and straight, then you were ok as long as you toed the line. If you were anything else, and there were quite a few of them, or a woman who sought something higher than being a bored housewife, life was substantially worse than it is today.