NSA leak: with contractors like these, who needs Russians?

[CountDeMoney]

They're talking 10 bankers' boxes of material, and over 50 terabytes of data.

Kinda puts a shitty little "c" on an email so someone doesn't have to carry two devices in perspective.

ForeignPolicy.com
The Cable
Prosecutors Detail What May Be NSA's Worst-Ever Security Breach
by Elias Groll

http://foreignpolicy.com/2016/10/20/prosecutors-detail-what-may-be-nsas-worst-ever-security-breach/?wp_login_redirect=0

When the FBI announced earlier this month it had arrested NSA contractor Harold Martin, it was clear the American signals intelligence agency had suffered a huge breach of internal security. But no one imagined the staggering amount of information Martin allegedly amassed in his suburban Maryland home: a digital archive that may reach 500 million pages, much of it secret.

In a 12-page filing on Thursday, federal prosecutors presented their most detailed accounting so far of the classified material Martin allegedly accumulated over a two-decade career in government. It includes "specific operational plans against a known enemy of the United States" distributed on a "need to know basis" and "notes describing the NSA's classified computer infrastructure" and operations.

If convicted for his actions, Martin's home archive may constitute the largest archive of mishandled classified information in U.S. history. Prosecutors revealed on Thursday that they plan to charge him under the Espionage Act. Prosecutors are likely to seek a stiff prison sentence, but it remains unclear which specific charges Martin will face.

"The sheer volume of the programs he could compromise is staggering," said Dave Aitel, a former NSA research scientist and the CEO of Immunity, Inc., a computer security company.

Prosecutors are still wondering why Martin allegedly did it. They have offered no evidence that he had shared, or planned to share, the material with others, such as a foreign intelligence agency. Yet he allegedly had a stash of guns and advanced encryption tools, and communicated online in different languages, including Russian. Investigators found hand-written notes explaining the basics of cyber tradecraft on the back of top-secret printouts just lying around Martin's car.

"At this point, I'm sure the people at Ft. Meade are hoping he offers his full cooperation so they can do proper damage control. The sooner the better," said Aitel.

During his time at the NSA, Martin reportedly worked with the agency's most elite hackers, a unit known as Tailored Access Operations and charged with penetrating the most difficult targets.

Following the disclosure of a huge quantity of classified material by Edward Snowden 2013, the U.S. government has spent billions of dollars to clamp down on what it calls "insider threats." If true, Martin's theft of classified information would represent a black eye on the intelligence community's efforts to prevent such leaks.

According to prosecutors, the classified materials found at Martin's home date from 1996 to 2016. Several documents marked Top Secret/Sensitive Compartmented Information — which designates some of the government's most closely held information — were found lying openly in Martin's home and the backseat and trunk of his car. The raid on his home netted six bankers' boxes worth of physical material, and a number of computers, thumb drives, and external hard drives.

Investigators are still going over that material, and it remains unclear what portion of Martin's digital storage devices contain government secrets. Prosecutors say their investigation has so far revealed an "astonishing quantity" of classified material in Martin's possession and that they expect to discover additional secrets.

Thursday's filing makes clear that prosecutors are still puzzling over Martin's motive. The former Booz Allen Hamilton contractor has been described as a loner and a hoarder who brought classified material home for his own edification. Enrolled in a PhD program in computer security, Martin may have been using NSA materials for research purposes.

But Thursday's filing indicates that prosecutors are looking hard at whether Martin attempted to disseminate any of the information he brought home, though they have so far presented no evidence that he did.

Most intriguingly, the search of Martin's car turned up a printed email chain marked "top secret" with the former contractor's notes on the back. "The handwritten notes also include descriptions of the most basic concepts associated with classified operations, as if the notes were intended for an audience outside of the Intelligence Community unfamiliar with the details of its operations," prosecutors said in their filing. 

The notes, Aitel said, may indicate that Martin "intended to release that information to someone not familiar with cyber operations, such as, perhaps, another country's intelligence service."

According to the New York Times, the material found at Martin's home includes NSA hacking tools that turned up for sale online two months ago. An unidentified hacking group calling itself the Shadow Brokers released the NSA code online this summer to establish the credibility of another file allegedly containing additional NSA cyberweapons. The Shadow Brokers demanded several million dollars in exchange for the file, but have not found a buyer so far.

Investigators have reportedly not found any evidence so far to indicate that Martin served as the source of the Shadow Brokers dump.

The search of Martin's home also turned up ten firearms, including an AR-15 rifle and a shotgun with a flash suppressor. FBI agents seized the weapons at the request of Martin's wife, who was unaware of the number of weapons at their shared home. Prosecutors said she feared her husband might kill himself with the one of the weapons.

Investigators also found advanced encryption and anonymization tools, which someone with Martin's skill could use to shield his internet activities and communication.

Thursday's filing came in support of a government request to keep Martin in jail ahead of his trial. They argue that Martin constitutes a serious flight risk, and that foreign intelligence agencies could reap huge benefit from Martin's knowledge. Prosecutors alleged in their filing that Martin has "communicated online with others in languages other than English, including in Russian."

Defense lawyers for Martin argued in a separate filing Thursday that prosecutors had concocted "fantastical scenarios" to keep their client behind bars. Martin does not posses a valid passport, served in the United States Navy, and has a wife and home in Maryland, his lawyers James Wyda and Deborah Boardman noted.

"There is no evidence he intended to betray his country," they wrote.

On Friday, Martin will appear in a Baltimore federal court for a detention hearing.

More from the NY Times--

Some people who know Mr. Martin favor a psychological motive for taking the documents home — one that echoes what he is himself telling investigators: a drive to distinguish himself and prove that his computer knowledge was equal to that of the N.S.A.'s top operators.

"He always thought of himself like a James Bond-type person, wanting to save the world from computer evil," said a person who knows him well but would not speak about him on the record for fear of being pulled into the criminal case.

http://www.nytimes.com/2016/10/20/us/harold-martin-nsa.html?_r=0

[CountDeMoney]

The New York Times
U.S.
N.S.A. Appears to Have Missed 'Big Red Flags' in Suspect's Behavior

By SCOTT SHANE and JO BECKER
OCT. 29, 2016

WASHINGTON — Year after year, both in his messy personal life and his brazen theft of classified documents from the National Security Agency, Harold T. Martin III put to the test the government's costly system for protecting secrets.

And year after year, the system failed.

Mr. Martin got and kept a top-secret security clearance despite a record that included drinking problems, a drunken-driving arrest, two divorces, unpaid tax bills, a charge of computer harassment and a bizarre episode in which he posed as a police officer in a traffic dispute. Under clearance rules, such events should have triggered closer scrutiny by the security agencies where he worked as a contractor.

Yet even after extensive leaks by Pfc. Bradley Manning in 2010 and Edward Snowden in 2013 prompted new layers of safeguards, Mr. Martin was able to walk out of the N.S.A. with highly classified material, adding it to the jumbled piles in his house, shed and car.

A federal judge in Baltimore ruled on Friday that Mr. Martin, 51, must remain jailed on charges of stealing government documents and mishandling classified information over two decades. Prosecutors say they will add new charges under the Espionage Act. Mr. Martin, whose arrest in August was disclosed by The New York Times this month, has admitted to taking the material but denies giving secrets to anyone else.

His actions, which prosecutors described in court as "breathtaking," have already cast a harsh light on the government's ability to police the 3.1 million employees and 900,000 contractors who hold clearances — or even the much smaller number who work inside the most closely guarded programs, as Mr. Martin did. His case appears to show serious breakdowns in personnel evaluation, technology designed to detect leaks and the basic job of inspecting people leaving secure buildings.

Dennis C. Blair, a former director of national intelligence, said he was "shocked" that Mr. Martin managed to remove classified material in bulk as recently as this year, in part because the government has spent tens of millions of dollars since 2010 on measures to prevent unauthorized activity or downloads.

"If there are breakdowns in your security system, as there clearly were with Snowden and this guy, you have to look at whatever went wrong and fix it," Mr. Blair said.

Some intelligence officials sounded a defensive note. William R. Evanina, the government's top counterintelligence official, said it may be infeasible to prevent every breach at an agency like the N.S.A., with 35,000 employees.

"I don't think it's possible," Mr. Evanina said. He credited the government with doing "an amazing job" in tightening security and called the N.S.A. "one of the leaders." Despite such efforts, he said, "if someone is intent on stealing classified data, it's very hard to stop them."

But a look at Mr. Martin's past raises a question: Did his erratic behavior ever prompt a review of his top secret clearance, which allowed him to work on some of the nation's most sensitive intelligence operations over two decades at eight contractors? His record of personal and legal troubles reads like it might have been drawn from the official list of factors that can be used to deny a clearance.

In 2000, the State of Maryland put an $8,997 lien on Mr. Martin's property for unpaid taxes that he would not pay off till 2014, a sign of chronic financial difficulties. In 2003, he was charged with misdemeanor computer harassment, a result of pestering a woman with unwanted messages. The charge was eventually dismissed.

Mr. Martin has a history of "binge drinking on a monthly basis," Judge Richard D. Bennett of Federal District Court said in a detention hearing on Friday. Alcoholism does not automatically block a security clearance, officials say, but the person must acknowledge the issue and seek treatment.

In 2006, Mr. Martin was charged with driving under the influence. In 2008, he cut off another driver and in the ensuing argument, announced that he was a police officer, according to two acquaintances who did not want to be named speaking critically of him. When it turned out the other driver was an off-duty state trooper, Mr. Martin fled. The local police charged him in the incident, but the record of the episode was later expunged.

"Those are all big red flags, and reasons why you wouldn't get a clearance," said Ross Schulman, a cybersecurity expert at the Open Technology Institute at New America, a Washington research group. "What seems clear in this case is that they dropped the ball in choosing who to allow access to their material and computers in the first place."

The year after the episode of police impersonation, Mr. Martin was hired by the contractor Booz Allen Hamilton, for whom he would work at the N.S.A. for the next six years before being moved in 2015 to a Pentagon job involving offensive cyberwarfare.

A routine five-year renewal of his security clearance in 2012 should have covered all his legal tangles and the breakup of his two marriages, in the late 1990s and 2010. Such reviews include a polygraph test, in which a standard question asks about mishandling of classified information. If such a question was asked, Mr. Martin appears to have passed the polygraph.

In recent years, intelligence agencies have begun to bolster the five-year reviews with "continuous evaluation," said Mr. Evanina, the counterintelligence chief. That means public databases showing criminal or civil cases, unpaid debts and divorces should all be scanned constantly for the names of clearance-holders, he said.

In a major upgrade to the security system after the transfer of military and diplomatic files by the former Army private now known as Chelsea Manning to WikiLeaks in 2010, the N.S.A. and other agencies installed specialized software to detect unusual conduct on agency networks or large downloads of secret data. Agencies also cracked down on removable storage devices like CDs and thumb drives, literally gluing drives shut or disabling the software required to use them.

But one former senior intelligence official suggested that Mr. Martin might have dodged those safeguards because he was assigned to Tailored Access Operations, the N.S.A. hacking unit. Because the unit develops malware to break into foreign computer networks and steal secrets, its machines are segregated from N.S.A.'s main network to avoid the possibility that a rogue program could get loose and do damage.

In the separate network, the electronic alarms that sound for unusual downloads may not operate and the ban on thumb drives does not always apply, said the official, who spoke on the condition of anonymity because the investigation is continuing. "By the nature of the work he's in, you have to carve that out so as not to do harm to your own system," he said.

The last chance to stop someone from carrying off secrets is at the gates to N.S.A. facilities. Mr. Martin's lawyer, James Wyda, said in court that "there was nothing sophisticated Mr. Martin did to remove this information" from the agency. But before the lawyer could elaborate, prosecutors abruptly objected, evidently concerned about the message that security is lax.

Only the most intrusive search would detect papers or a small drive hidden under clothing, and officials fear that universal searches would be impractical and send a message of mistrust.

"You don't want to create a Stasi-like atmosphere," said Michael V. Hayden, a former N.S.A. and C.I.A. director, referring to the East German secret police. Instead, N.S.A. guards carry out random searches, which sometimes included the director, he said.

Several former N.S.A. workers said that if Mr. Martin was ever caught with a few classified pages, he might have pleaded absent-mindedness and escaped punishment. But F.B.I. agents who took 50 terabytes of data from his house found it on disks, hard drives and thumb drives. Had security guards found any of those leaving the agency, it would have set off an investigation, Mr. Martin's former colleagues said.

The N.S.A. is now conducting an internal review to track everything Mr. Martin took to its source to understand the breaches, officials said. But the case has reinforced how technology that makes it easy to store and move huge volumes of data can threaten security, Mr. Hayden said.

As more details on the case emerged last week — including prosecutors' assertion that the documents Mr. Martin took contain the names of some intelligence officers who worked undercover — Booz Allen Hamilton announced that it had hired the former F.B.I. director Robert S. Mueller III to review its security and management practices. For Booz Allen, Mr. Martin's arrest was a second devastating blow: Mr. Snowden was also an employee when he took hundreds of thousands of N.S.A. documents in 2013.

Senator Dianne Feinstein, the vice chairwoman of the Senate Intelligence Committee, said she expected the committee to examine the incident, both to review whether recent security upgrades at N.S.A. are sufficient and consider further improvements.

In court on Friday, Judge Bennett concluded that Mr. Martin posed too much of a flight risk to release before trial. Though there is no proof so far that Mr. Martin passed the secrets he took to others, "the harm has already occurred," the judge said, "in terms of the loss of confidence on the part of the public" in the intelligence agencies.

[The Brain]

two divorces

Shocking. How did he get to handle sensitive information?

[CountDeMoney]

two divorces

Shocking. How did he get to handle sensitive information?

Obviously he couldn't.  Twice.

[Phillip V]

The government and private sector will need to spend billions more dollars on Insider Threat programs.