Slashdot Mirror
NSA Contractor Indicted Over Mammoth Theft of Classified Data (reuters.com)
Dustin Volz, reporting for Reuters: A former National Security Agency contractor was indicted on Wednesday by a federal grand jury on charges he willfully retained national defense information, in what U.S. officials have said may have been the largest heist of classified government information in history. The indictment alleges that Harold Thomas Martin, 52, spent up to 20 years stealing highly sensitive government material from the U.S. intelligence community related to national defense, collecting a trove of secrets he hoarded at his home in Glen Burnie, Maryland. The government has not said what, if anything, Martin did with the stolen data. Martin faces 20 criminal counts, each punishable by up to 10 years in prison, the Justice Department said. "For as long as two decades, Harold Martin flagrantly abused the trust placed in him by the government," said U.S. Attorney Rod Rosenstein.
if he's THAT good for THAT long
Why is the trust that the government placed in the contractor worth more than the trust that the citizens of the U.S. have placed in the government? It works both ways, guys.
You can't see how someone, over a 20 year period, was able to gather 50TB of data? 2.5TB of material per year is insignificant to the amount of data people such as him have access to.
We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
Didn't have time to read the full description... but, wow!
They've already got mammoths cloned from ancient DNA, and they're training them to steal classified data? What CAN'T the NSA do?
For as long as two decades, Harold Martin flagrantly abused the trust placed in him by the government
Sucks when it happens to you doesn't it government!
IANAL, but in terms of the law as written, you're correct that intent doesn't matter. In terms of how the law has been applied, it does - and this matters to some degree, because the U.S. is part of the English legal tradition, rather than the French/Napoleonic (with the exception of Louisiana state law).
More specifically, if you look back over the case law for this, people generally get prosecuted if:
A) They get caught lying to the investigators
B) Had the intent to steal, whether for profit or ideology
To date, no one has been prosecuted without one of those two, or without prosecutors alleging one of those two. When I was in the military, I saw several cases where someone screwed up and put classified material on a system that wasn't rated for it, including email. Investigations were conducted, servers were purged, and those responsible got a slap on the wrist and a note in their file for committing a security violation (if you get enough of those, you lose your clearance). This is why Comey said what he did - cases like Clinton's result in administrative punishment at most, and the worst penalty was loss of clearance and thus job (which didn't apply anymore for her because she was no longer Secretary of State).
In the case of this guy, likely the Prosecutors feel they have enough evidence to allege that he was trying to sell the data, probably based on his pattern of conduct, and probably also because those selfsame tools showed up for sale on the internet.
That is assuming he did it uniformly over a 20 year period, which is possible, but unlikely.
You would think they would have not only network but physical safeguards in place to prevent this. I see this as more damning of the NSA security procedure than anything else. Regardless of how you slice it, it is a massive amount of data to be able to go "unnoticed" for 20 years!
"Unnamed U.S. officials told the Washington Post this week that Martin allegedly took more than 75 percent of the hacking tools belonging to the NSA's tailored access operations, the agency's elite hacking unit."
Took? They don't have it anymore? Unnamed US officials could have better used the term "copied" I think (though not totally wrong I suppose).
Somehow I finished that sentence with, When reached for comment Martin said "the other 25% of the hacking tools were rubbish!" :p
... backup tapes.
Those are so easy to walk off with.
I'm retired IT, and many times when I was assisting on another site, I saw backup tapes and EHD, some old, laying around in plain site, some in drawers where tools and connectors were stored, so yeah.
It little behooves the best of us to comment on the rest of us.
That guy purposefully destroyed evidence after a 2012 interview with the FBI. I imagine that is what led to the jail sentence.
... not to out-source critical shit to contractors.
But you want to be able to hire and fire them easily, on the whims of the budget, right? And to show efficiency with as tiny a staff as possible, right? And to obfuscate responsibility if something goes wrong, right? If your assistant commits treason on your watch, you're to blame because you should have picked up on it, at least. But a contractor? Who takes the fall for contracting the contractor? Fingers point everywhere but nobody's directly responsible for what a contractor does (except when he does something good, you can take credit).
Out-sourcing. Your stepping-stone to success in management.
Take it easy, Charlie, I've got an Angle...
"They said he stole 50+ TB of data from the NSA.
I'm not sure how this is possible?"
Read again, he also stole a mammoth to transport the stuff.
And using bleach bit to permanently delete emails wasn't destroying evidence? Even though it was a fools errand because it existed on recipient computers is beside the point. There was a clear intent there to conceal. So yes there is a very big double standard. A Navy guy in Portsmouth VA was convicted and all he did was connect his tablet to receive emails in the field. No intent, no destroying evidence, just mishandling. I can recount an airman getting an article 15 for leaving a safe unlocked. The safe was in a secure facility designed to allow and store classified information. Basically a safe inside a vault. Career ruined over a simple lapse.