Security Experts:

NSA Contractor Arrested for Theft of Classified Material

The Department of Justice announced on Wednesday that a government contractor resident in Maryland with a top secret national security clearance was arrested in late August. According to the complaint unsealed today, a search of his home and car found "property of the United States." More specifically, this included "six classified documents obtained from sensitive intelligence and produced by a government agency in 2014." 

The accused, Harold T. Martin III, worked for Booz Allen Hamilton for the NSA -- similar to the relationship between Edward Snowden and the NSA.  However, the DoJ mentions neither the government agency concerned nor the contractor's place of work.

Martin's former employer, however, did comment on the announcement of the arrest.

“When Booz Allen learned of the arrest of one of its employees by the FBI, we immediately reached out to the authorities to offer our total cooperation in their investigation, and we fired the employee,” the consulting firm said in a statement. 

“We continue to cooperate fully with the government on its investigation into this serious matter. Booz Allen is a 102-year-old company, and the alleged conduct does not reflect our core values. Our employees continue to support critical client missions with dedication and excellence each day. Their professionalism, values and ethics are what define our firm,” the statement added.

However, while Snowden stole a large quantity of classified documents, Martin appears to be suspected (according to The New York Times) "of taking the highly classified computer code developed by the agency to break into computer systems of adversaries like Russia, China, Iran and North Korea. Two officials said that some of the information the contractor is suspected of taking was dated."

One of the officials also said that Martin may have taken the material before Snowden's documents were made public. That would mean that the material has been in his possession for at least three years, even though the 'six classified documents' were only produced in 2014. Either the theft from the agency continued over a long period of time, or there is some discrepancy between the NYT report and the DoJ announcement.

The DoJ announcement makes no mention of computer code, but seems to imply the theft of documents. "These documents were produced through sensitive government sources, methods, and capabilities, which are critical to a wide variety of national security issues. The disclosure of the documents would reveal those sensitive sources, methods, and capabilities." That would make the theft similar to Snowden. 

The Times, however, writes "the official said that investigators think Mr. Martin is not politically motivated - 'not like a Snowden or someone who believes that what we were doing was illegal and wanted to publicize that'." The NYT also says that it is unknown whether the stolen code is the same as that leaked by the Shadow Brokers in August, less than a fortnight before Martin was arrested.

The DoJ announcement states that Martin has been charged with "theft of government property and unauthorized removal and retention of classified materials by a government employee or contractor." It adds that if convicted, "Martin faces a maximum sentence of one year in prison for the unauthorized removal and retention of classified materials, and ten years in prison for theft of government property." So far there is no indication of the seriousness that has sometimes applied through the Espionage Act for similar information thefts -- but that could be added later.

John Carlin, Assistant Attorney General for National Security at the Department of Justice, commented briefly on the news today at the Cambridge Cyber Summit, hosted by The Aspen Institute, CNBC and MIT. When asked about the arrest by CNBC's Andrew Ross Sorkin, he said, "We have made an arrest of an individual who's involved in taking classified information. And what I think it points out for the private sector and others more generally is this problem of insider threat."

He would not be drawn on the specifics of this arrest, but returned to the insider threat. "Is there a problem with those who would exploit people with inside access to try to obtain information? That problem has been with us as long as the creation of these agencies." What's different now, he continued, is that while it used to be necessary to use a fleet of trucks to take away the data, now you can just use a thumb drive "take a much vaster quantity of information than you could before." 

Martin was arrested on August 27, 2016, and made an initial appearance in court on August 29, 2016. He remains detained.

*Additional reporting by Mike Lennon

view counter
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.