NSA Contractor Indicted Over Mammoth Theft of Classified Data (reuters.com) 156
Dustin Volz, reporting for Reuters: A former National Security Agency contractor was indicted on Wednesday by a federal grand jury on charges he willfully retained national defense information, in what U.S. officials have said may have been the largest heist of classified government information in history. The indictment alleges that Harold Thomas Martin, 52, spent up to 20 years stealing highly sensitive government material from the U.S. intelligence community related to national defense, collecting a trove of secrets he hoarded at his home in Glen Burnie, Maryland. The government has not said what, if anything, Martin did with the stolen data. Martin faces 20 criminal counts, each punishable by up to 10 years in prison, the Justice Department said. "For as long as two decades, Harold Martin flagrantly abused the trust placed in him by the government," said U.S. Attorney Rod Rosenstein.
Re:Good reason... (Score:5, Insightful)
... not to out-source critical shit to contractors.
But you want to be able to hire and fire them easily, on the whims of the budget, right? And to show efficiency with as tiny a staff as possible, right? And to obfuscate responsibility if something goes wrong, right? If your assistant commits treason on your watch, you're to blame because you should have picked up on it, at least. But a contractor? Who takes the fall for contracting the contractor? Fingers point everywhere but nobody's directly responsible for what a contractor does (except when he does something good, you can take credit).
Out-sourcing. Your stepping-stone to success in management.
Re: (Score:2, Interesting)
The contractor arrangement is occurring for several reasons. Of course, because the government allows it. But also many young professionals in the DC area are doing it intentionally in order to make more money. You can get a higher salary if you're a "contractor" to the NSA than you would being hired straight to the NSA. Ignoring things like benefits, the government just doesn't pay enough for security personnel. Hell, last time I looked the NSA was offering *up to* $104,000 for a job that required 5 years
Re: Good reason... (Score:1)
Mostly accurate. However, quite a few (most?) contractors work for large companies that do offer benefits. You don't have to go out on your own.
But otherwise, yeah. In technical agencies it's very common for government employees to sit beside a contractor doing the same job for twice the pay. As you can imagine that is somewhat demoralizing.
Re: (Score:1)
Contractors also have to actually work, which nearly all government civilians don't have to do. I know, since I have been both.
Re: (Score:3)
Assume 50 TB over 50 working weeks a year and that's 1TB a week, divided over 20 years gives you an average of 5GB a week. That's well within the realm of feasibility, even if the bulk of his data collection came within the last 10 years and he was relying on thumb drives, SD cards, or the like.
Took? (Score:4, Interesting)
That is assuming he did it uniformly over a 20 year period, which is possible, but unlikely.
You would think they would have not only network but physical safeguards in place to prevent this. I see this as more damning of the NSA security procedure than anything else. Regardless of how you slice it, it is a massive amount of data to be able to go "unnoticed" for 20 years!
"Unnamed U.S. officials told the Washington Post this week that Martin allegedly took more than 75 percent of the hacking tools belonging to the NSA's tailored access operations, the agency's elite hacking unit."
Took? They don't have it anymore? Unnamed US officials could have better used the term "copied" I think (though not totally wrong I suppose).
Somehow I finished that sentence with, When reached for comment Martin said "the other 25% of the hacking tools were rubbish!" :p
Re:Took? (Score:4, Interesting)
Sometimes when someone has worked in a certain area for 20 years, they are given more responsibility. Maybe this guy was suppose to be the safeguard? Not saying that is right way to handle sensitive information but I don't have the details.
Took is a completely acceptable term. He took the data with him. It doesn't say "stole" which would really cause a pedantic shit storm here on /.
Re: (Score:2)
Aldrich Ames and Robert Hanssen come to mind.
Re: (Score:2)
Nope... he was doing it for 20 years, which brings that average down to 250 MB/day. That's still A LOT of information for 20 years ago, when hard drives were still measured in MB. The fact that he was able to keep going for so long is dumbfounding to me. Most places have random inspections, you'd think over the course of 20 years, he'd have been busted a few times.
Re: (Score:2)
Re: (Score:2)
Ya got me. Still, even in 2007, 100GB/week is feasible. And the amount he could bring home grew exponentially with the capacity of flash memory, so he could have been doing 1TB/week no problem the last year or so (hell, 1TB/day is feasible to a single stick if he's sitting in the server room doing drive images and such as a routine part of his job).
Re: (Score:3, Insightful)
You can't see how someone, over a 20 year period, was able to gather 50TB of data? 2.5TB of material per year is insignificant to the amount of data people such as him have access to.
Re: (Score:3)
Re: (Score:1)
Assuming the NSA uses tapes for backups (common in some places), all the guy had to do is pocket a few backup tapes every week and he'd hit that quota very quickly.
Tape capacity ranges from 200GB to about 6TB, I believe, and they are much easier to steal than hard drives.
Re: (Score:2)
Re: (Score:1)
But only villains use encryption, remember? Why would the NSA do that? They're the good guys!
Re: (Score:1)
(Yes, I meant this sarcastically.)
Re: (Score:2)
20 years ago 2.5TB was not insignificant.
Re: (Score:2)
Nevermind that. Does anyone know where he's being held? Because we need to send him his shirt. [zazzle.com]
Re:I don't buy it (Score:5, Funny)
"They said he stole 50+ TB of data from the NSA.
I'm not sure how this is possible?"
Read again, he also stole a mammoth to transport the stuff.
Re: (Score:2)
I heard "mammoth" is just NSA slang for gigaabyte .
The mammoth DNA has been sequenced - 4 billion base pairs, each pair is two bits. 1GB.
So this guy simply made "offsite backups" of one mammoth per day, on average.
Re: (Score:2)
Let's say ... two eyes at around 4k.pixel square each and 20 frames per second is around 231,928.234*10^9 bytes/day for the eyes. What is sound? About 1MB/minute (I don't do music, so that's a wild guess.) for 1.5*10^9 bytes/ day. All other sensory and thought data - let's round it up to 250TB/day. Even if you assume JPEG-ish or MPEG-ish lossy compression for the visual infor
Re: (Score:3)
Re: (Score:2)
The next question for the NSA is was it networked and on what OS?
How do Tailored Access Operations set their tools up? As the first sign of any network in the wild do they activate and become mission ready?
Mission ready on any network in the wild? Was some distant server of interest to the NSA contacted from not a NSA staging server?
Did another nation, admin or a person then
Re: (Score:1)
Not just the secret ones. Many overt US law enforcement agencies are dishonest. Look at all the police abuse where the story ends with "we investigated ourselves and found no wrongdoing."
Re: (Score:2)
This would have been way worse than anything Snowden or Manning released. He discovered that they ordered anchovies for the pizza served at a staff party.
In other news (Score:2, Informative)
Museum of Natural History contractor indicted over theft of classified mammoth data
Re: (Score:2)
One assumes that in a fit of enthusiasm to do a good job he took home a copy of anything interesting to look at later. One also assumes he will be executed for his trouble. Frankly if I were you I would not worry about stealing pens from the bastards that own your company, or doing a good job either. Just my 2 cents worth.
the NSA should put him on the payroll (Score:5, Insightful)
Re: (Score:2)
RTFA
"Martin was employed as a private contractor by at least seven different companies, working for several government agencies beginning in 1993 after serving in the U.S. Navy for four years, according to the indictment. "
Re:the NSA should put him on the payroll (Score:5, Insightful)
This. Fuck, they should give him a nice cushy pension and his own private island for giving them the methods he used to steal said information over those 20 years.
Unless the method he used was to exploit bureaucratic inertia and dysfunction. It's only worth paying people for information you plan to do something about. If you don't plan to do something about it, the next best choice would be to make an example of people who expose your incompetence.
Re: (Score:3)
I think it's more a question of trust [slashdot.org]. If you've worked on classified programs you know there's a trade-off between security practices and getting the job done in a sensible fashion. Part of obtaining a clearance depends on assessments of character. Of course mistakes will be made. Given the number of clearances and issues one might think the bureaucrats are actually doing a decent job.
Re: (Score:2)
Re: (Score:2)
Definitely a paraphrase. There is a distinction between "what you know you don't know" and "what you don't know you don't know."
I can point to what I know I don't know. For instance, I know I don't know how to speak Korean. If I don't know I don't know something I can't even.
Double standard (Score:2, Insightful)
But Hillary did nothing wrong.
Re: (Score:3, Interesting)
This wasn't mishandling, it was theft. Mrs. Clinton didn't "steal" her emails. Mrs. Clinton did as 2 of her predecessors in her job did with a personal email server, but I don't see anyone demanding the arrest of Secretary Powell or Rice. This guy obviously had no such role models in his immediate work environment, or they'd have been arrested as well.
Re: (Score:2)
Re: Double standard (Score:1)
Re: (Score:2)
Intro level of politics? First Lady for 8 years, U.S. Senator, Secretary of State. Maybe you need to redefine your definition of "intro." And no one knows if Dr. Rice and Secretary Powell transmitted classified information, they weren't investigated nor did they turn their HDDs over to the FBI.
Re: (Score:1)
Re: (Score:2)
Which previous SoS to Clinton had a private email server that they used to conduct all State business?
Re: (Score:2)
Read my post, both Rice and Powell. And no SoS conducted ALL business on a single server, they used both state department and private servers; subject matter they "expected" to be classified was on the department servers, those they felt wouldn't be classified were on the private servers. Additionally, Powell gave her advice on use of phones and email (it's in the investigation files released by the FBI). The SoS's used private servers because the state department servers were old, not updated, slow, and th
Re: Double standard (Score:3)
I'm, sorry but that's simply incorrect.
Re: (Score:2)
If that's true, it's only because you were deliberately avoiding looking.
Re: (Score:2)
Re: (Score:2)
You don't see the conflict between "... both failed to turn over non-classified emails ..." and your statement "... neither Powell nor Rice stored classified information from other agencies/departments ..." because if the alleged non-classified material was never turned over no one knows if any of it would have been marked classified in hindsight like in Clinton's case. Remember, none of the materials on the Clinton server were marked classified at the time they landed there, only in retrospect were any of
Re: (Score:2)
Remember, none of the materials on the Clinton server were marked classified at the time they landed there, only in retrospect were any of them deemed classified at the lowest level.
That's not [politico.com] true [politifact.com]; she got materials that were marked classified, she got stuff that was Top Secret at the time of sending (even if it wasn't marked properly, she should have known it was as part of her duties), and only some of the stuff was retroactively classified.
Certainly, some of it is political
Re: (Score:2)
Looking over past cases, the intent to mishandle is the dividing point between prosecution and no prosecution. (I can't find any distinction based on what the mishandler intended to do with the data.)
Re:Double standard (Score:5, Informative)
More specifically, if you look back over the case law for this, people generally get prosecuted if:
A) They get caught lying to the investigators
B) Had the intent to steal, whether for profit or ideology
To date, no one has been prosecuted without one of those two, or without prosecutors alleging one of those two. When I was in the military, I saw several cases where someone screwed up and put classified material on a system that wasn't rated for it, including email. Investigations were conducted, servers were purged, and those responsible got a slap on the wrist and a note in their file for committing a security violation (if you get enough of those, you lose your clearance). This is why Comey said what he did - cases like Clinton's result in administrative punishment at most, and the worst penalty was loss of clearance and thus job (which didn't apply anymore for her because she was no longer Secretary of State).
In the case of this guy, likely the Prosecutors feel they have enough evidence to allege that he was trying to sell the data, probably based on his pattern of conduct, and probably also because those selfsame tools showed up for sale on the internet.
Re: (Score:1)
So what about the guy who took a couple of cell phone pictures inside a nuclear submarine? He never showed them to anybody that we know of, it was more of a personal photo album on his cell phone... There was no profit or ideology problem here... Don't know if he lied to investigators, but that's not what got him sent to jail as far as I can tell.
Re:Double standard (Score:4, Informative)
Re:Double standard (Score:5, Insightful)
Re: (Score:1)
And using bleach bit to permanently delete emails wasn't destroying evidence? Even though it was a fools errand because it existed on recipient computers is beside the point. There was a clear intent there to conceal. So yes there is a very big double standard. A Navy guy in Portsmouth VA was convicted and all he did was connect his tablet to receive emails in the field. No intent, no destroying evidence, just mishandling. I can recount an airman getting an article 15 for leaving a safe unlocked. The safe was in a secure facility designed to allow and store classified information. Basically a safe inside a vault. Career ruined over a simple lapse.
Um, nice try. From what I recall Hillary directed the deletion of what she no longer needed well before any investigation. She had every right to do so, as they were deemed personal. The fact that the dumb tech didn't do his job in a timely manner, but somehow delayed it until there was an investigation is out of her control. There was no intent to conceal. I'm sure she regrets the original order.
I can't find your source for the navy guy. Link please?
Your second source is completely unsourced and has
Re: (Score:1)
Re: (Score:2)
Apparently she gave appropriate orders and didn't follow up to see that they were carried about well. I have drawn one conclusion from this mess: I will NEVER give any IT person anything based on Clinton's recommendation.
Re: (Score:2)
I couldn't find a link for that Portsmouth guy in a quick google search but I did find this one for someone in California. Mishandling classified information is definitely something that gets prosecuted even just for negligence.
Re: (Score:2)
Re: (Score:2)
It was clear that the submarine guy was taking the pictures knowing this was against the rules, meaning an intent to steal. What the perp intended to do with the classified material, or actually did, doesn't seem to affect the prosecution much.
Let's review just what she told us ... (Score:3)
> More specifically, if you look back over the case law for this, people generally get prosecuted if:
> A) They get caught lying to the investigators
So what do you call this? [youtube.com] Not to mention destroying items under subpoena. Here's the full hearing [youtube.com] if you want more context.
> This is why Comey said what he did - cases like Clinton's result in administrative punishment at most, and the worst penalty was loss of clearance and thus job (which didn't apply anymore for her because she was no longer Secret
And we want it this way! (Score:2)
More to the point: refusing to prosecute unless A or B is met is genuinely good for national security. If people know their mistakes are forgivable they're going to be much more inclined to cooperate with investigators to help seal the breach. If people think they're looking at 10-to-20 for their carelessness, they're far more likely to lawyer up.
Re: (Score:2)
Abused Trust (Score:5, Insightful)
Re: (Score:1)
I placed MY trust in THIS contractor to do the RIGHT thing.... LEAK THE DAMN SECRETS so I can see and control what the government is doing against US, against OTHERS and against HUMANITY and just plain STUPIDITY.
But NO, he was apparently a hoarder mental case, so we will have to wait for another PATRIOT to STAND UP and DUMP THEIR OWN COLLECTION.
Snowden, Manning, and this guy are just the start... there are more patriots out there that haven't dumped or been rolled up yet...
Private Server! (Score:1)
I'm sure they'll fry him for this. Unless he was keeping the data on his secure private server (hidden in the closet under a pile of sweatsocks), then it's cool.
Why steal a Mammoth???? (Score:1)
Holy shit aren't those things extinct?
Amazing! (Score:5, Funny)
Didn't have time to read the full description... but, wow!
They've already got mammoths cloned from ancient DNA, and they're training them to steal classified data? What CAN'T the NSA do?
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
KKK has been founded by the democrats.
That was a long time ago, and times and people change.
Most of the people say that current day living is worse than two generations ago, so if there is any undoing, they are not exactly undoing the progress.
Only in an overly-romanticized version of the 50s and 60s. If you were white (and the right type of white), Christian, and straight, then you were ok as long as you toed the line. If you were anything else, and there were quite a few of them, or a woman who sought something higher than being a bored housewife, life was substantially worse than it is today.
Poor poor abused trust (Score:5, Funny)
For as long as two decades, Harold Martin flagrantly abused the trust placed in him by the government
Sucks when it happens to you doesn't it government!
Re: (Score:2)
You're making a big assumption about which country I am in / a citizen of.
Interesting quote... (Score:1)
Kind of like how the Government has flagrantly abused the trust placed in them by the average citizen?
He didn't steal the data, they still have it (Score:3)
Re: (Score:3)
Well, they are secrets, which are only valuable if not shared. I mean, if I publish the information to drain your bank account (usernames, passwords, etc.) you still have them. But they are now devoid of value to you.
Re: (Score:2)
On the contrary, one can make the opposite argument about copyrighted material: I say it becomes more valuable to society as a whole (as opposed to any particular entity in it) the more it gets shared.
Re: (Score:2)
Back in the early years of the century, Baen Books tried offering good electronic copies of a selection of their books free, with no restrictions on copying and redistribution. They found that was a great way to boost sales, both of the books distributed freely and the other books the author wrote.
If it was truly flagrant... (Score:2)
...then why wasn't he caught sooner? Especially with the amount of data he was absconding with?
Governmental bureaucracy in action, again, most likely.
Re: (Score:2)
Classified information isn't really all that well protected from insider threats. The security around it is largely based on trusting the people handling the data. That data is supposed to reside on an air gaped network but there are plenty of other ways for stuff to leak, such as printers, writable and removable media like CD's, DVD's, and usb sticks. Basically there is too much classified information and too many people who need access on a regular basis for it to be well and properly secured. No doubt we
Sounds like bad bosses. (Score:2)
If he didn't give or sell the information away ('hoarded"), then it sounds to me like he was simply lazy about proper security procedures, rather than criminal. I know lots of people that take work home with them and it sounds like that is what he did.
Yes, it was a potential problem, yes it was a violation of the rules. But I bet his boss was simply more concerned with results than with security and created a culture of "get it done and don't talk to me about problems." The boss was probably too stupid
My money is on ... (Score:5, Interesting)
... backup tapes.
Those are so easy to walk off with.
I'm retired IT, and many times when I was assisting on another site, I saw backup tapes and EHD, some old, laying around in plain site, some in drawers where tools and connectors were stored, so yeah.
Re: (Score:2)
My money is on.... ... backup tapes.
So you still backup all of your Bitcoins to tape? Dude, just put it in the cloud! ;-)
Re: (Score:3)
Dropbox would be the best choice according to this anecdotal evidence provided by long-time /. reader, CaptainDork ( 3678879 ) [slashdot.org]:
I was working on a manager's (boss's son) machine because he had lost a photo for a legal matter.
I searched for *.jpg on his hard drive and came up with lots of photos, including a Dropbox folder with iPhone pictures and videos of him and his wife doing the, you know, uh, you know ... ... fuck it we're all adults here so, I'll come right out and say they were "doing it," if you ge
Re: (Score:1)
The ironic thing is that anything LTO-4 and newer come with AES encryption built into the tape drive. Set a password, make sure it is kept by important people, and forget about it. That way, if tapes go missing or fall out of the Iron Mountain van, it isn't good, but it doesn't mean disaster.
Re: (Score:2)
until AES can be broken and then I have access to a few TB of your critical data (PII rarely changes)
Re: (Score:2)
... make sure it is kept by important people ...
Sounds like this person was "important enough."
Manning was "important enough," right?
Snowden was "important enough," amirite?
Re: (Score:1)
That's a HR/legal problem, not a tech problem. Securing tapes with encryption is IT's job. Which people are authorized tends to fall to management.
Re: (Score:2)
Reread the trigger here:
Set a password, make sure it is kept by important people , and forget about it.
You're saying the issue is:
- HR problem
- Legal problem
- Not tech problem
- IT's job
- Falls to management
You can appreciate why I did not feel informed.
Please try again.
Re: (Score:2)
You weren't IT for the NSA, were you? It should not be easy to walk off with classified backup tapes.
Re: (Score:2)
I think it would be easy.
Manning went in with a Lady Gaga CD, erased the contents, copied shit on there and walked out. He had elevated privileges above his actual need.
Snowden got his hands on shit and went to Russia.
The gubmint is clueless and sloppy as fuck.
Yes... (Score:2)
...but was the information marked classified?
He should charge them (Score:1)
For off-site data backup storage.
Much more fun, same words. (Score:1)
Re: (Score:2)
So far nothing has said that he has sold this information to 3rd parties. Lets hold off on assumptions until the details are provided, shall we?
Re: (Score:2, Informative)
"Genetically muslims are largely of Negro ancestry."
Science taught us, that _all_ humans are largely of Negro ancestry, including your racist ass.
Re: (Score:3)
Re: (Score:2)
Besides the glaring issue of Islam not being a race or ethnicity as has been pointed out, you have also failed to demonstrate the relevance of the "Negro ancestry", or show any connection between genetic defects arising from inbreeding and "barbarism" or terrorism.
Re: (Score:2, Funny)
Naw. He'll change his gender identity and get a presidential pardon.
That's how it works.