Federal prosecutors are gearing up to indict a former NSA contractor whose alleged of stealing more than 50 terabytes of highly sensitive material, as early as this week. According to sources near the case, the stolen data includes more than 75 percent of hacking tools belonging to the NSA’s Tailored Access Operations (TAO) unit. TAO is an elite hacking unit that develops and deploys some of the most sophisticated exploits against foreign targets for espionage purposes.
Attorneys representing Harold T. Martin III have portrayed the former NSA contractor as a patriot who took sensitive NSA materials home to improve in his work. However, investigators who have tirelessly combed through Martin’s home in Maryland remain concerned that he may have passed the weaponized hacking tools to possible enemies. Martin’s theft only came to light after the NSA conducted an internal investigation after a group calling itself Shadow Brokers, mysteriously published a series of NSA-developed exploits online.
The investigation unearthed a crime spanning more than a year back, following a prior breach at the TAO when a longtime employee took tools without authorization. Agents have theorized that Martin could have provided the tools to the person or group responsible for the leak. The latter theory being that the Shadow Brokers specifically targeted Martin, stealing the information after gaining access to his system.
In a complaint unsealed in October, 52-year-old Martin was charged with felony theft of government property and unauthorized removal and retention of classified material. On Monday, the Washington Post reported that federal prosecutors will likely file charges against Martin for “violating the Espionage Act by ‘willfully’ retaining information that relates to the national defense, including classified data such as NSA hacking tools and operational plans against ‘a known enemy’ of the United States.”
Prosecutors said such charges, if run consecutively, could amount to a sentence as high as 30 years to life in prison.
An unnamed US official told the post that Martin allegedly hoarded more than 75 percent of the TAO’s library of hacking tools. It is hard to grasp that a single individual could have stolen that much classified material at one time.
When Shadow Brokers made their debut in October, the group published hundreds of classified TAO-developed exploits, including one that had exploited a critical vulnerability, for years, in a widely sold firewall made by Cisco Systems. Just last month, the operator or group behind Shadow Brokers said it was shutting down, dumping 61 Windows-formatted binary files alongside their departure.
If Martin took more than 75 percent of the TAO’s library, this would be a record-breaking breach of security. It remains unknown if Martin is somehow tied to Shadow Brokers, or was simply a compulsive hoarder working alone, however, the event underscores some vital security faults inside the NSA.