This article is from the source 'nytimes' and was first published or seen
on .
It last changed over 40 days ago and won't be checked again for changes.
N.S.A. Contractor Arrested in Possible New Theft of Secrets
N.S.A. Contractor Arrested in Possible New Theft of Secrets
(35 minutes later)
WASHINGTON — The F.B.I. secretly arrested a National Security Agency contractor in recent weeks and is investigating whether he stole and disclosed highly classified computer code developed to hack into the networks of foreign governments, according to several senior law enforcement and intelligence officials.
WASHINGTON — The F.B.I. secretly arrested a former National Security Agency contractor in August and, according to law enforcement officials, is investigating whether he stole and disclosed highly classified computer code developed by the agency to hack into the networks of foreign governments.
The arrest raises the embarrassing prospect that for the second time in three years, an insider has managed to steal highly damaging secret information from the N.S.A. In 2013, Edward J. Snowden, who was also a contractor for the agency, took a vast trove of documents that were later passed to journalists, exposing N.S.A. surveillance programs in the United States and abroad.
The arrest raises the embarrassing prospect that for the second time in three years, a contractor for the consulting company Booz Allen Hamilton managed to steal highly damaging secret information while working for the N.S.A. In 2013, Edward J. Snowden, who was also a Booz Allen contractor, took a vast trove of documents from the agency that were later passed to journalists, exposing surveillance programs in the United States and abroad.
The contractor was identified as Harold T. Martin III, 51, of Glen Burnie, Md., according to a criminal complaint filed in late August. He was charged with theft of government property, and unauthorized removal or retention of classified documents. During an F.B.I. raid of his house, agents seized documents and digital information stored on electronic devices. A large percentage of the materials found in his house and car contained highly classified information.
The contractor was identified as Harold T. Martin III of Glen Burnie, Md., according to a criminal complaint filed in late August and unsealed Wednesday. Mr. Martin, who at the time of his arrest was working as a contractor for the Defense Department after leaving the N.S.A., was charged with theft of government property and the unauthorized removal or retention of classified documents.
At the time, F.B.I. agents interviewed Mr. Martin, and he initially denied having taken the documents and digital files. The agency later said he had stated that he knew he was not authorized to have the materials. According to the complaint, he told the agency that “he knew what he had done was wrong and that he should not have done it because he knew it was unauthorized.”
Mr. Martin, 51, was arrested during an F.B.I. raid on his home on Aug. 27. A neighbor, Murray Bennett, said in a telephone interview on Wednesday that two dozen F.B.I. agents wearing military-style uniforms and armed with long guns stormed the house, and later escorted Mr. Martin out in handcuffs.
In a brief statement issued on Wednesday, lawyers for Mr. Martin said: “We have not seen any evidence. But what we know is that Hal Martin loves his family and his country. There is no evidence that he intended to betray his country.”
According to court documents, the F.B.I. discovered thousands of pages of documents and dozens of computers or other electronic devices at his home and in his car, a large amount of it classified. The digital media contained “many terabytes of information,” according to the documents. They also discovered classified documents that had been posted online, including computer code, officials said.
The information believed stolen by Mr. Martin — who like Mr. Snowden worked for the consulting firm Booz Allen Hamilton, which is responsible for building and operating many of the agency’s most sensitive cyberoperations — appears to be different in nature from Mr. Snowden’s theft.
But more than a month later, the authorities cannot say with certainty whether Mr. Martin leaked the information, passed them on to a third party or whether he simply downloaded them.
Mr. Martin is suspected of taking the highly classified computer code developed by the agency to break into computer systems of adversaries like Russia, China, Iran and North Korea. Two officials said that some of the information the contractor is suspected of taking was dated.
When F.B.I. agents interviewed Mr. Martin after the raid, he initially denied having taken the documents and digital files, according to the complaint. But he later told the authorities that he knew he was not authorized to have the materials. He told the agents, according to the complaint, that “he knew what he had done was wrong and that he should not have done it because he knew it was unauthorized.”
Officials said Mr. Martin did not fit any of the usual profiles of an “insider threat,” and it is unclear whether he had political motives, as Mr. Snowden did when he exposed programs that he said violated the privacy of American citizens.
The Justice Department unsealed the complaint — which was filed in United States District Court in Baltimore — after The New York Times notified the government it intended to publish a story about Mr. Martin.
An administration official said the case had been handled secretively not in order “to keep this guy from becoming another N.S.A. martyr,” but because it was a continuing law enforcement case and the hope was that Mr. Martin would cooperate. The official said investigators suspected that Mr. Martin might have taken the material before Mr. Snowden’s actions became public.
In a brief statement issued Wednesday, lawyers for Mr. Martin said: “We have not seen any evidence. But what we know is that Hal Martin loves his family and his country. There is no evidence that he intended to betray his country.”
The official said that at the moment it did not look like an espionage case, but added the caveat that it is a continuing investigation. At the same time, the official said that investigators think Mr. Martin is not politically motivated — “not like a Snowden or someone who believes that what we were doing was illegal and wanted to publicize that.”
If true, the allegations against Mr. Martin are a setback for the Obama administration, which has sustained a series of disclosures of classified information. Along with Mr. Snowden’s revelations, the antisecrecy group WikiLeaks in 2010 disclosed hundreds of thousands of documents from the State and Defense Departments. In the aftermath of the Snowden disclosures, the administration took steps to put measures in place to prevent the unauthorized disclosures of classified information.
Motivation is one of many unanswered questions about the case. It is not clear when and how the authorities first learned the contractor’s identity, when they believe he began taking information, or whether he passed it to people outside the government. It is also not known whether he is believed to be responsible for a leak of classified N.S.A. code attributed to a group calling itself the Shadow Brokers, or whether he had any role in a series of leaks of N.S.A. intercepts involving Japan, Germany and other countries that WikiLeaks has published since last year.
Josh Earnest, the White House press secretary, defended the Obama administration’s procedures for protecting national security information, arguing on Wednesday that since Mr. Snowden’s disclosures, agencies have tightened their security measures. He cited the creation of a task force that sets and monitors security requirements for agencies that handle classified information, and an overhaul of the government’s background check process, including adding more frequent updates.
The administration has also slashed the number of employees that have access to classified information, Mr. Earnest said, reducing it by 17 percent in the past couple of years.
“The president’s got a lot of confidence that the vast majority of people who serve this country in the national security arena, particularly our professionals in the intelligence community, are genuine American patriots,” Mr. Earnest said.
Another administration official said that investigators suspected that Mr. Martin began taking the material before Mr. Snowden’s actions became public, adding that reforms put into place after Mr. Snowden’s theft would not have stopped Mr. Martin.
“This is something that has its origins certainly before Snowden came on the scene, so many of the forms that have been in place since 2013 wouldn’t be relevant to stopping what happened,” the official said.
The information believed to have been stolen by Mr. Martin appears to be different in nature from Mr. Snowden’s theft, which included documents that described the depth and breathe of the N.S.A.’s surveillance.
Mr. Martin is suspected of taking the highly classified computer code developed by the agency to break into computer systems of adversaries like Russia, China, Iran and North Korea, some of it outdated.
Several officials said that at the moment it did not look like a traditional espionage case, but the F.B.I. has not ruled anything out.
Mr. Martin does not fit any of the usual profiles of an “insider threat,” and one administration official said that investigators thought that he was not politically motivated — “not like a Snowden or someone who believes that what we were doing was illegal and wanted to publicize that.”
Mr. Martin, a Navy veteran, had degrees in economics and information systems and has been working for a decade on a Ph.D. in computer science. Neighbors described him as cordial and helpful but knew little about his work.
Law enforcement officials said that the F.B.I. was investigating the possibility that he had collected the files with no intention of passing them along. That by itself would represent a serious security vulnerability, but it would put Mr. Martin in the company of countless other senior Washington officials who have been caught taking classified information home. One of the officials described Mr. Martin as a hoarder.
Samuel R. Berger, a former national security adviser, stole classified documents from the National Archives and hid them under a construction trailer. Alberto R. Gonzales took home documents about the nation’s warrantless wiretapping program home with him while he was attorney general. As C.I.A. director, John M. Deutch kept classified information on his home computer.
Law enforcement officials are also looking into whether Mr. Martin was able to pass the information on, but are also entertaining a theory that he took it with that intention and then did not follow through.
But there are many unanswered questions about Mr. Martin’s case, including when and how the authorities learned this identity, and when they believe he began taking information. It is also not known if the case has any connection to the leak of classified N.S.A. code in August attributed to a group calling itself the Shadow Brokers, or whether he had any role in a series of leaks of N.S.A. intercepts involving Japan, Germany and other countries that WikiLeaks has published since last year.
“We’re struggling to figure him out,” the official said, speaking on the condition of anonymity because no indictment has been publicly released.
“We’re struggling to figure him out,” the official said, speaking on the condition of anonymity because no indictment has been publicly released.
Mr. Martin was charged in United States District Court in Baltimore. The government is allowed to charge people and bring them before a court in secret. That happens most often when defendants are cooperating or negotiating plea deals, or out of fear for their safety. But the secrecy could also indicate that the Justice Department requested it while analyzing the evidence, and that defense lawyers agreed.
For the N.S.A., which spent two years and hundreds of millions, if not billions of dollars repairing the damage done by Mr. Snowden, a second insider leaking the agency’s information would be devastating. The agency’s director, Adm. Michael Rogers, who previously ran the Navy’s Fleet Cyber Command, was brought in to restore the agency’s credibility, open it to more scrutiny and fix the problems that allowed Mr. Snowden to sweep up hundreds of thousands of documents.
For the N.S.A., which spent two years and hundreds of millions, if not billions, of dollars repairing the damage done by Mr. Snowden, a second insider leaking the agency’s information would be a devastating blow. The agency’s director, Adm. Michael Rogers, who previously ran the Navy’s Fleet Cyber Command, was brought in to restore the agency’s credibility, open it to more scrutiny and fix the problems that allowed Mr. Snowden to sweep up hundreds of thousands of documents.
It is also problematic for Booz Allen, which has built much of its business on providing highly technical services to the N.S.A. and other intelligence agencies.
It is also a potential setback for the Obama administration, which has sustained a series of huge disclosures of classified information. Along with Mr. Snowden’s revelations, the antisecrecy group WikiLeaks in 2010 disclosed hundreds of thousands of State and Defense Department documents.
When the company “learned of the arrest of one of its employees by the FBI,” Booz Allen said in a statement on Wednesday, “we immediately reached out to the authorities to offer our total cooperation in their investigation, and we fired the employee. We continue to cooperate fully with the government on its investigation into this serious matter.”
In response to those leaks, the administration has said it will crack down on the disclosures of classified information and that it has pursued more leak cases than all previous administrations combined.
The administration has prosecuted eight people for disclosing classified information to the news media, compared with three under all previous administrations. But the crackdown has sometimes backfired. Mr. Snowden, for example, has said he was inspired by the example of two previous leakers, Thomas Drake and Chelsea Manning, who claimed to have made disclosures to reveal government wrongdoing. The latest leak suggests again that the unprecedented string of prosecutions has not deterred all leaks.
Two former agency officials said that even as the Media Leaks Task Force, as the Snowden cleanup operation was called, was underway, there were rumors that a second insider was harvesting the agency’s most secret data. But many inside the agency thought the leaks were leftovers from the Snowden episode. Some C.I.A. officials, meanwhile, quietly speculated that the N.S.A. had a “mole,” which many inside the N.S.A. doubted.
It is also potentially devastating for Booz Allen, which has built much of its business on providing highly technical services to the N.S.A. and other intelligence agencies.
A spokesman for Booz Allen declined to comment on Wednesday.
As investigators look into Mr. Martin’s case, it is almost certain that they will focus on whether the contractor was behind a leak in August that exposed a collection of electronic tools used by the N.S.A. to break into networks around the world. That material, released by a group calling itself the Shadow Brokers, was thought by outside experts to have been obtained by hacking rather than from an insider. Now, in light of the arrest, that assumption may have to be revised. The code released by the Shadow Brokers was dated from 2013, meaning that it almost certainly has been overtaken by more recent code.
At the time of the Shadow Brokers release, many experts speculated that an N.S.A. operator had accidentally left some of the code on a computer server in a foreign nation — such servers are often used to hide the connection to the agency and to facilitate network break-ins — and that the code had been obtained by Russia.
Mr. Snowden, in exile in Russia, wrote on Twitter that “circumstantial evidence and conventional wisdom indicates Russian responsibility” for publishing the code. He interpreted it as a warning shot to the American government in case it was thinking of imposing sanctions against Russia in the cybertheft of documents from the Democratic National Committee.
At the time, the agency would not even return phone calls inquiring about the leak of the code, and froze out former employees with deep contacts in the agency. But in recent days officials said it was not clear that Russia was involved.
Bruce Schneier, an author on information security and fellow at Harvard’s Kennedy School, has tracked post-Snowden leaks from the N.S.A. and speculated about their possible source. But he had not heard that the government had identified any leaker.
Mr. Schneier noted that the agency has aggressively recruited in recent years at gatherings of young, tech-savvy programmers, including those who specialize in hacking. But officials have worried that the innovative free spirits they need to penetrate foreign computer systems may also include at least a few who are motivated by Mr. Snowden’s example. The current suspect, however, does not appear to fit that profile.
“I wouldn’t call it an epidemic,” Mr. Schneier said. “But there’s a handful of leaks that clearly did not come from Snowden.” He said events in recent years might both encourage and intimidate would-be leakers.
“On one side, there’s the inspiration of Snowden,” he said. “On the other, there’s the counterbalancing force of an agency coming down on you like a ton of bricks. Snowden is in exile. Manning is in prison.”
The tension between secrecy and public scrutiny at the nation’s biggest intelligence agency goes back decades. But since Mr. Snowden’s disclosures, and the rise of a sister military organization, United States Cyber Command, also led by Admiral Rogers, there has been a determined effort to speak more openly about the agency, its mission and the future of cyberconflict.
While the agency previously saw a few memos made public — in 2003, a linguist with its British equivalent was arrested after leaking to the news media a single N.S.A. memo calling for a “surge” of intercepts at the United Nations — it had not experienced a mass leak until Mr. Snowden’s disclosures. He used an inexpensive bit of software to sweep up data in the agency’s Hawaii networks, undetected. At the time, officials said that would not have been possible at Fort Meade, where data is far more protected. That claim will now come under far more scrutiny.
