Data Loss Prevention (DLP)

Former US Contractor Indicted in Theft of Classified Material

Harold Martin Accused of Stealing from Intelligence Agencies
Former US Contractor Indicted in Theft of Classified Material

A 52-year-old former U.S. Navy officer and longtime government contractor who allegedly hoarded an enormous stash of classified data in his house and car was indicted by a federal grand jury on Feb. 8, the Justice Department says.

See Also: The Top 10 Biggest & Boldest Insider Threats

Harold Thomas Martin III of Glen Burnie, Md., was charged in U.S. District Court in Maryland on 20 counts of theft of classified material from the National Security Agency, the Central Intelligence Agency, the U.S. Cyber Command and the National Reconnaissance Office. He faces up to 10 years in prison on each count.

Martin's arrest in August, when he allegedly admitted to taking classified information related to U.S. government spying, marked another remarkable breach of damaging national security information just three years after leaks from former NSA contractor Edward Snowden, who also worked for Booz Allen Hamilton.

Martin is accused of taking documents from around 1996 through last year. When he was arrested Aug. 27, Martin was working for the consultancy Booz Allen Hamilton and was a Ph.D. student at the University of Maryland.

Although Snowden passed thousands of documents to the media in an effort to raise awareness about U.S. government surveillance, Martin isn't - at least yet - accused of passing documents to other parties.

Deep Access

Martin worked for at least seven government contractors after he left active duty in the Navy in 1992. The indictment says he worked on "a number of highly classified, specialized projects," which included access to information classified as secret, top secret and sensitive compartmented information.

Although he had a security clearance, Martin was prohibited from removing documents from secure locations.

The U.S. government had previously described Martin's alleged theft as "breathtaking" and that it encompassed "irreplaceable classified information." The indictment provides description of 20 documents Martin is accused of stealing, providing specific backing for the government's previous claims.

One document generated by the NSA was an "anti-terrorism operational document concerning extremely sensitive U.S. planning and operations regarding global terrorists."

Another from the NRO contained details on the launch of an intelligence collection satellite and an "unacknowledged ground station." Several documents taken from the U.S. Cyber Command described details of operations, as well as gaps in U.S. military capabilities.

When law enforcement agents visited his residence, they allegedly found documents marked secret and top secret in his house. Investigators also say they found documents in his storage sheds and a Chevrolet Caprice, which was regularly parked in his driveway.

More than 50 terabytes of information stored on dozens of computers and other storage devices were seized, prosecutors say. Six bankers' boxes worth of documents were also removed.

The Shadow Brokers

Martin's arrest came less than two weeks after a group calling itself The Shadow Brokers tried to auction a batch of software vulnerability exploits and tools.

The naming convention of the tools bore a strong resemblance to ones mentioned in documents leaked by Snowden. The Intercept later found a strong technical clue that linked The Shadow Brokers' tools with those of U.S. spy agencies. Firewall vendors, including Cisco, were caught by the revelation of software vulnerabilities in their products.

But the indictment does not connect Martin with The Shadow Brokers, nor accuse him of passing the documents to foreign governments. The Shadow Brokers, which offered a sampling of its tools and tried to auction what it claimed to be a larger batch, said in January it was giving up.

The poor grammar in The Shadow Brokers' public posts led to suspicions a native English speaker - and possibly a disgruntled member of the U.S. intelligence community - was intentionally making comical mistakes (see Report: Shadow Brokers Leaks Trace to NSA Insider).

About the Author

Jeremy Kirk

Jeremy Kirk

Executive Editor, Security and Technology, ISMG

Kirk was executive editor for security and technology for Information Security Media Group. Reporting from Sydney, Australia, he created "The Ransomware Files" podcast, which tells the harrowing stories of IT pros who have fought back against ransomware.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.