Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

7/22/2019
10:30 AM
50%
50%

Ex-NSA Contractor Gets 9 Years for Retaining Defense Data

Law enforcement recovered two decades' worth of stolen material from the home and car of former government contractor Harold Martin.

A US district judge has sentenced former government contractor Harold Thomas Martin, III, to nine years in federal prison and three years of supervised release for the "willful retention of national defense information," the Department of Justice reported today.

Between Dec. 1993 and Aug. 2016, Martin was employed by at least seven private companies and assigned as a contractor to "a number of government agencies," according to his plea agreement. Each agency required Martin to receive and hold a security clearance; at various times he had clearances up to Top Secret and Sensitive Compartmented Information, meaning unauthorized disclosure could cause "exceptionally grave damage" to US national security. Martin's role gave him access to government systems, programs, and data in secure locations.

Martin, who also worked as an NSA contractor, admitted to stealing and retaining US government property from secure locations and computer systems, in both physical and digital form, starting in the late 1990s and continuing through Aug. 2016. Information was marked to indicate it was property of the US and contained highly classified data including Top Secret/SCI information. He kept at least 50 terabytes of stolen files and classified data in his home and car, despite knowing he was not authorized to do so, and despite knowing knowing removal of this information could compromise national security and aid adversaries.

At his sentencing, officials noted crimes like these require the government to treat the stolen data as compromised, which could result in changing or eliminating national security programs. Martin's actions also cost time and resources in investigating the consequences of the theft.

"This sentence, which is one of the longest ever imposed in this type of case, should serve as a warning that we will find and prosecute government employees and contractors who flagrantly violate their duty to protect classified materials," said US Attorney Robert K Hur in a statement.

Read more details here.

 

Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions, and service providers in the Business Hall. Click for information on the conference and to register.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
tdsan
50%
50%
tdsan,
User Rank: Ninja
7/27/2019 | 5:00:27 PM
Re: Equity
I agree the only problem I have is the laws are not consistent across the board and people are often prosecuted unfairly because of the Judge's inherent bias. Yes this contractor should get time, but what about the law enforcement officials and government agencies that broke the law with the following:
  • StingRay - illegal remote cell phone tracking tool
  • Prism - dragnet government surveillance system, violates the laws across the globe
  • Pegasys - hacking software used to hack cell phones
  • Facia - cell phone triangulation tool
  • Optic Nerve - yahoo messenger used tool to capture video images
  • Boundless Informant - using tools to extract metadata from various devices
  • XkeyScore - interception data tool that queries information about user data (phone, email, texts, etc)

The problem I have with all of this is that people are constantly breaking the law and no one has been prosecuted, so how can an official be so hard on the public but they are constantly violating the rights of people across the globe, it is just amazing that these things go on and everybody turns a blind-eye.

I don't know anymore.

T
rcash
50%
50%
rcash,
User Rank: Strategist
7/24/2019 | 10:41:24 AM
Equity
So there is little doubt of wrong doing here, but my quesiton is how this can be effectively prosecuted while other significantly more egregious harms (such as having a private vulnerable email server in a closet) are passed over. Crime is crime, and no one should be above the law, to borrow a phrase.
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
7/23/2019 | 9:05:10 AM
Re: Wow, so who prosecutes the Federal Government
Done - this is far off post subject not funny. 
tdsan
50%
50%
tdsan,
User Rank: Ninja
7/22/2019 | 4:01:55 PM
Re: Wow, so who prosecutes the Federal Government

Let's back up for a minute, this person was a  NSA contractor who was prosecuted, clear and evident. But what happened to the other situations I named in the message before. For example, William "Bill" Binney (ThinThread), he worked for NSA for almost 30 years, he developed an application called ThinThread, they did not use the application during the 911 attacks. He informed them that of the controls they were taking off, this action of removing the controls would affect the lives of people everywhere in America and beyond. He informed his executive staff members, management, he followed proper protocol. Instead of the group, talking to him and giving him the respect he deserves, they put him in-front of a gun when he tried to tell them that the controls that were in place to protect the rights of American citizens (they continued to violate the law).

Now the other examples I used was basically saying how can this US Atty say something like this with a pompus attitude when they have been violating the rights of American Citizens even now (Illegal Drag Net Surveillance Programs like XKeyScore, Prism, etc.). Is he going to jail because he knows along with Congress that they have been violating the rights of American Citizens, yours and mine?

Don't get me wrong, when the person is wrong and they have violated the rights of Ameircan citizens, then yes, send them to jail. But the Feds are violating the rigths of US citizens right now using the Fisa courts to force companies like Quest, Microsoft, Google, Yahoo, AWS and others by issuing warrants (not one time have they not issued a warrant) under the auspices of National Security. So when are the Feds going to be accountable for their own actions, when are individuals from Congress going to be prosecuted (they were the one's who authorized its purchase and use). When are the deaths of innocent civilans going to be brought to court?

So who is prosecuting the people using mass surveillance to attack and thwart peaceful groups like "Black Lives Matter", "Indian Groups", "Unarmed Black People". When are they going to use the laws to prosecute the "KKK" and "Nazi followers" and the hate groups that are associated with millions of deaths.

So think about that and the other items I mentioned in the passage before. If you are going to do it to one person, then everyone needs to be accountable; if the balance of law is for all people then those same people should be prosecuted as well (General Alexander, Clapper, everyone involved and those who did not do anything about it, foreign and domestic).

T
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
7/22/2019 | 3:32:45 PM
Re: Wow, so who prosecutes the Federal Government
Are you saying he is innocent?  Or wrongly prosecuted?  Because theft of owned propietary data is still theft and there are laws against that - alot of them.  Break one and you have a problem.   This scum kept at it for years and 50 terabytes is huge.  He deserved jail time indeed.    AND this does not strike me as a human rights issue at all.  Not a political one.  Theft of data pure and simple.  High grade security data too.  
tdsan
50%
50%
tdsan,
User Rank: Ninja
7/22/2019 | 1:44:27 PM
Wow, so who prosecutes the Federal Government

"This sentence, which is one of the longest ever imposed in this type of case, should serve as a warning that we will find and prosecute government employees and contractors who flagrantly violate their duty to protect classified materials," said US Attorney Robert K Hur in a statement.

Interesting that they say this with Prism, XKeyscore, Facia, Informant and other programs that are violating the rights of individuals all across the globe (congress approved this when the budget goes above 3 million dollars, so they knew about it). In America, the federal government has been violating the rights of American Citizens (1st - 5th Amendment rights) from the beginning of time,

I am not sure that I should be surprised but this is amazing he would say something like this. They are taking the lives of innocent personnel around the world when they go after terrorists; what happens to accountability and the value we put on human life. Look at what happened to William Binney (ThinThread), Thomas Drake (TrailBlazer), Kirk Wiebe (Trailblazer and Thinthread) and Edward Snowden (Prism, Xkeystore), they were indicted under the Espionage act and one they are still after (Mr. Snowden).

I have been saying this for years, when are we going to start looking at the injustices that have been going on for years and when is someone going to say, we have been violating human rights and citizens who have nothing to do with terrorist acts (I am not even going to mention what is going on in the US with Indians and African Americans). It is astounding that this continues to happen and we continue to show a blind eye, we see this in our own back yard.

T
The Cold Truth about Cyber Insurance
Chris Kennedy, CISO & VP Customer Success, AttackIQ,  11/7/2019
Black Hat Q&A: Hacking a '90s Sports Car
Black Hat Staff, ,  11/7/2019
The State of Email Security and Protection
Mike Flouton, Vice President of Email Security at Barracuda Networks,  11/5/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprise
Assessing Cybersecurity Risk in Today's Enterprise
Security leaders are struggling to understand their organizations risk exposure. While many are confident in their security strategies and processes, theyre also more concerned than ever about getting breached. Download this report today and get insights on how today's enterprises assess and perceive the risks they face in 2019!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18881
PUBLISHED: 2019-11-12
WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in the dashboard user profile.
CVE-2019-18882
PUBLISHED: 2019-11-12
WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled.
CVE-2019-18873
PUBLISHED: 2019-11-12
FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the pa...
CVE-2019-18874
PUBLISHED: 2019-11-12
psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.
CVE-2019-18862
PUBLISHED: 2019-11-11
maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.