FBI arrests former NSA contractor over theft of code used to hack foreign government networks

The FBI secretly arrested an NSA contractor and is investigating whether he stole and disclosed highly classified computer codes developed to hack into the networks of foreign governments.
The FBI secretly arrested an NSA contractor and is investigating whether he stole and disclosed highly classified computer codes developed to hack into the networks of foreign governments.PHOTO: NATIONAL SECURITY AGENCY

WASHINGTON (NYTIMES) - The FBI secretly arrested a former National Security Agency contractor in August and, according to law enforcement officials, is investigating whether he stole and disclosed highly classified computer code developed by the agency to hack into the networks of foreign governments.

The arrest raises the embarrassing prospect that for the second time in three years, a contractor for the consulting company Booz Allen Hamilton managed to steal highly damaging secret information while working for the NSA.

In 2013, Edward J. Snowden, who was also a Booz Allen contractor, took a vast trove of documents from the agency that were later passed to journalists, exposing surveillance programmes in the United States and abroad.

The contractor was identified as Harold T. Martin III of Glen Burnie, Maryland, according to a criminal complaint filed in late August and unsealed on Wednesday (Oct 5). Martin, who at the time of his arrest was working as a contractor for the Defence Department after leaving the NSA, was charged with theft of government property and the unauthorised removal or retention of classified documents.

Martin, 51, was arrested during an FBI raid on his home on Aug 27. A neighbour, Mr Murray Bennett, said in a telephone interview on Wednesday that two dozen FBI agents wearing military-style uniforms and armed with long guns stormed the house and later escorted Martin out in handcuffs.

According to court documents, the FBI discovered thousands of pages of documents and dozens of computers or other electronic devices at his home and in his car, a large amount of it classified. The digital media contained "many terabytes of information," according to the documents.

They also discovered classified documents that had been posted online, including computer code, officials said.

But more than a month later, the authorities cannot say with certainty whether Martin leaked the information, passed it on to a third party or simply downloaded it.

When FBI agents interviewed Martin after the raid, he initially denied having taken the documents and digital files, according to the complaint. But he later told the authorities that he knew he was not authorised to have the materials.

He told the agents, according to the complaint, that "he knew what he had done was wrong and that he should not have done it because he knew it was unauthorised".

The Justice Department unsealed the complaint - which was filed in US District Court in Baltimore - after The New York Times notified the government it intended to publish a story about Martin.

In a brief statement issued on Wednesday, lawyers for Martin said: "We have not seen any evidence. But what we know is that Hal Martin loves his family and his country. There is no evidence that he intended to betray his country."

If true, the allegations against Martin are a setback for the Obama administration, which has sustained a series of disclosures of classified information.

Along with Snowden's revelations, the anti-secrecy group WikiLeaks in 2010 disclosed hundreds of thousands of documents from the State and Defence departments. In the aftermath of the Snowden disclosures, the administration took steps to put measures in place to prevent the unauthorised disclosures of classified information.

Mr Josh Earnest, the White House press secretary, defended the Obama administration's procedures for protecting national security information, arguing on Wednesday that since Snowden's disclosures, agencies have tightened their security measures.

He cited the creation of a task force that sets and monitors security requirements for agencies that handle classified information, and an overhaul of the government's background check process, including adding more frequent updates.

The administration has also slashed the number of employees that have access to classified information, Mr Earnest said, reducing it by 17 per cent in the past couple of years.

"The president's got a lot of confidence that the vast majority of people who serve this country in the national security arena, particularly our professionals in the intelligence community, are genuine American patriots," Mr Earnest said.

Another administration official said that investigators suspected that Martin began taking the material before Snowden's actions became public, adding that reforms put into place after Snowden's theft would not have stopped Martin.

"This is something that has its origins certainly before Snowden came on the scene, so many of the forms that have been in place since 2013 wouldn't be relevant to stopping what happened," the official said.

The information believed to have been stolen by Martin appears to be different in nature from Snowden's theft, which included documents that described the depth and breadth of the NSA's surveillance.

Martin is suspected of taking the highly classified computer code developed by the agency to break into computer systems of adversaries like Russia, China, Iran and North Korea, some of it outdated.

Several officials said that at the moment it did not look like a traditional espionage case, but the FBI has not ruled anything out.

Martin does not fit any of the usual profiles of an "insider threat", and one administration official said that investigators thought that he was not politically motivated - "not like a Snowden or someone who believes that what we were doing was illegal and wanted to publicise that."

Martin, a Navy veteran, has degrees in economics and information systems and has been working for a decade on a PhD in computer science. Neighbours described him as cordial and helpful, but knew little about his work.

Law enforcement officials said that the FBI was investigating the possibility that he had collected the files with no intention of passing them along. That by itself would represent a serious security vulnerability, but it would put Martin in the company of countless other senior Washington officials who have been caught taking classified information home.

Mr Samuel R. Berger, a former national security adviser, stole classified documents from the National Archives and hid them under a construction trailer. Mr Alberto R. Gonzales took home documents about the nation's warrantless wiretapping programme home with him while he was attorney general. As CIA director, Mr John M. Deutch kept classified information on his home computer.

One of the officials described Martin as a hoarder.

Law enforcement officials are also looking into whether Martin was able to pass the information on, but are also entertaining a theory that he took it with that intention and then did not follow through.

But there are many unanswered questions about Martin's case, including when and how the authorities learned this identity, and when they believe he began taking information. It is also not known if the case has any connection to the leak of classified NSA code in August attributed to a group calling itself the Shadow Brokers, or whether he had any role in a series of leaks of NSA intercepts involving Japan, Germany and other countries that WikiLeaks has published since last year.

"We're struggling to figure him out," the official said, speaking on the condition of anonymity because no indictment has been publicly released.

For the NSA, which spent two years and hundreds of millions, if not billions, of dollars repairing the damage done by Snowden, a second insider leaking the agency's information would be devastating.

The agency's director, Admiral Michael Rogers, who previously ran the Navy's Fleet Cyber Command, was brought in to restore the agency's credibility, open it to more scrutiny and fix the problems that allowed Snowden to sweep up hundreds of thousands of documents.

It is also problematic for Booz Allen, which has built much of its business on providing highly technical services to the NSA and other intelligence agencies.

When the company "learned of the arrest of one of its employees by the FBI", Booz Allen said in a statement on Wednesday, "we immediately reached out to the authorities to offer our total cooperation in their investigation, and we fired the employee. We continue to cooperate fully with the government on its investigation into this serious matter."