A former NSA contractor was indicted by a federal grand jury on charges of stealing elite cyberweapons and sensitive...
government data over the course of 20 years.
According to the U.S. Department of Justice (DOJ) indictment, Harold Thomas Martin worked as a contractor for seven different companies during those 20 years. Each company, including Booz Allen Hamilton Holding Corp where former NSA contractor and whistleblower Edward Snowden also worked, was tasked with projects through the U.S. Department of Defense and the National Security Agency (NSA).
"Martin held security clearances up to top secret and sensitive compartmented information at various times, and worked on a number of highly classified, specialized projects where he had access to government computer systems, programs and information, including classified information," federal prosecutors wrote in a statement. "Over his many years of holding a security clearance, Martin received training regarding classified information and his duty to protect classified materials from unauthorized disclosure."
Leo Taddeo, CSO for Cryptzone, said it shouldn't be surprising that an NSA contractor could steal data for 20 years without anyone knowing.
"One of the challenges of protecting digital assets is that the owner doesn't always know he was robbed. That's not the case with say, a TV or a car. If those items are stolen, the victim notices the empty parking space or blank spot on the wall pretty quickly and calls the police," Taddeo told SearchSecuirty via email. "Digital evidence can be copied and 'stolen' without the owner ever knowing unless very specific safeguards are in place and regularly monitored."
Martin was arrested in October 2016 and law enforcement reportedly seized 50 TB of federal data from his home in Glen Burnie, Md. This data, which officials said could amount to the largest theft of classified federal information in history, included documents from U.S. Cyber Command, the CIA and cyberweapons from the NSA's elite hacking team -- the Office of Tailored Access Operations (TAO) -- all stolen while Martin was an NSA contractor.
The DOJ's indictment charged Martin on 20 criminal counts, each of which could carry a maximum penalty of 10 years in prison. Federal officials have not commented on what Martin did with the stolen data, but former TAO agents confirmed NSA-made cyberweapons were leaked in a dark web auction by a group called the Shadow Brokers. It is still unclear what, if any, connection there is between Martin, the Shadow Brokers and the advanced persistent threat group, the Equation Group, which has been associated with using TAO exploits in the wild.
Willy Leichter, vice president of marketing at CipherCloud, based in San Jose, Calif., said insider threats are an issue for all enterprises.
"This latest news reinforces an unfortunate truth -- security has traditionally focused on securing the perimeter, but internal controls are often sorely lacking," Leichter told SearchSecurity. "Now that network perimeters are disappearing with cloud and mobile technology, it's forcing many organizations to look more carefully at their internal controls to classify and protect sensitive data."
Taddeo noted that recent NIST guidelines put in place following the OPM breach, which was blamed on an attack that used credentials stolen from a federal contractor, could help mitigate future issues like this.
"The new NIST guidelines are intended to ensure federal contractors, like Martin's employer, Booz Allen, have the proper safeguards in place," Taddeo said. "These security controls will help, but not guarantee, that this type of theft does not happen in the future."
Learn more about why mitigating insider threats remains a major concern.
Find out why the Shadow Brokers cancelled the auction of NSA cyberweapons.
Get info on how to address the Equation Group vulnerabilities.