Ex-NSA Contractor to Serve 9 Years for Hoarding Classified Information

A former National Security Agency contractor will serve nine years in prison plus three years of supervised release for stealing an enormous trove of highly classified defense and intelligence information over a span of two decades.

Harold T. Martin III, a Navy veteran who at one time worked for the NSA’s Tailored Access Operations hacking unit, was sentenced Friday after pleading guilty in March to a single count of willful retention of national defense information. The decision brings an end to one of the largest and more bizarre thefts of government secrets in the country’s history.

Clad in a striped prison shirt, Martin listened quietly as Assistant U.S. Attorney Zachary Myers underscored the seriousness of his offense and Judge Richard Bennett stressed the danger the stolen information would present if it fell into the wrong hands. After his defense team and estranged wife spoke to the role mental illness played in his behavior, Martin delivered a lengthy personal statement, offering apologies and anecdotes to dozens of friends, family members, government officials and nameless groups.

“I offer a flag of truce ... I’m very sorry for what has happened,” he said during the hearing at the Edward A. Garmatz U.S. District Courthouse in Baltimore. “My methods were wrong, illegal and highly questionable.”

On August 2016, FBI investigators uncovered multiple digital storage devices and thousands of documents scattered around Martin’s home in the Baltimore suburbs. The stash, which amounted to some 50 terabytes of sensitive national security data and six bankers boxes of physical documents, included information on the country’s offensive cyber capabilities, intelligence collection tactics and foreign cyber threats, as well as a detailed description of the NSA’s communications architecture. 

According to court documents, Martin stole secret and top secret information from at least four agencies—the NSA, CIA, U.S. Cyber Command and National Reconnaissance Office—in a breach federal prosecutors characterized “breathtaking in its longevity and scale.” Martin started walking off with the classified documents in 1996 while serving in the Naval Reserves, and his behavior continued across 20 years and seven different government contracting jobs. At the time of his arrest, he was employed by Booz Allen Hamilton and working toward a Ph.D. in information security management. 

Martin’s nine-year sentence is the longest ever imposed for stealing government secrets, U.S. Attorney Robert Hur said in March. The government originally charged him with 20 similar counts, each of which could’ve put him in prison for up to 10 years but prosecutors dropped 19 of the charges as part of the plea agreement. The nearly three years Martin has spent in custody will count toward his sentence.

At the time of Martin’s arrest in August 2016, the government believed he was feeding information to the Shadow Brokers, the notorious hacking group that dumped a trove of NSA cyber weapons onto the internet earlier that summer. Many intelligence officials saw the leak as more damaging than the Edward Snowden leaks in 2013, and the world is still dealing with its repercussions today. 

According to prosecutors, Martin had been communicating with individuals online in Russian and attempting to mask his digital tracks though anonymized internet connections and other technical tools. That said, given his digital security expertise, Martin’s use of such tools probably wouldn’t raise eyebrows outside the context of the case.

In August 2016, Martin also reached out to the Russian cybersecurity firm Kaspersky Lab on Twitter requesting a meeting and referencing time-sensitive information. The messages were sent less than an hour before the Shadow Brokers dumped their first trove of data. The cryptic communications, first reported by Politico, prompted Kaspersky to notify the NSA, which ultimately led the FBI to obtain a search warrant for Martin’s property. 

However, over the course of the trial, the Shadow Brokers theory faded. The defense argued there was no evidence Martin shared the information he possessed with anyone, and the government never disclosed a definitive connection between Martin and the group, at least publicly. The Shadow Brokers also continued to leak information while Martin was in prison, indicating that he himself did not operate the account. The group’s identity remains a mystery today, though many suspect it’s linked to Russia. 

During Friday’s hearing, federal prosecutors wouldn’t comment further on any connections to the Shadow Brokers, and Martin’s defense team stressed that the Twitter communications never implied any transmission of information.

Throughout the case, Martin’s defense team argued his behavior was fueled by “mental illness, not treason or greed.” He had a history of hoarding and found it difficult to build interpersonal relationships, Federal Public Defender James Wyda told the court, and the stolen documents eventually became “a part of his identity.” Indeed when investigators searched his property, they found documents and drives strewn not only across his home office and garage, but also piled in the backseat of his car and in a backyard shed. 

Wyda described Martin as a committed, if eccentric, civil servant who was deeply devoted to the mission of the intelligence community. His behavior began in an effort to improve his performance at work, Wyda said, but eventually “it became … an obsession.” 

“If we’re going to keep our information secure … the NSA, CIA and [other agencies] need to be attuned to the impact of mental health,” he said. “You need to be attuned to the people who are breaking in front of you.”

The Martin case came amid a spate of high-profile leaks of classified NSA information. Three years earlier, another Booz Allen Hamilton contractor, Edward Snowden, released teams of documents on the agency’s expansive surveillance operations. In June 2017, Reality Winner was arrested for leaking an internal NSA report on Russian interference in the 2016 election to journalists at The Intercept, and in September, an NSA software developer named Nghia Pho was sentenced to five and a half years in prison for taking home highly classified documents to catch up on work.

The string of leaks shines a spotlight on the NSA’s long-standing trouble with weeding out insider threats. While the agency declined to comment on Martin’s case, a spokesperson said the NSA routinely reviews its network, physical and personnel security, and makes improvements whenever a compromise is discovered.

“Any organization that has sensitive data faces insider threat risk,” the spokesperson said in an email to Nextgov. “While the risk can never be completely eliminated, NSA and the intelligence community, as well as industry partners, have enhanced security postures to mitigate these threats.”

A recent NSA inspector general report found the agency has yet to implement three specific procedures for protecting against insider threats. As the country comes under increasing attack, Martin advised the NSA and other intelligence agencies to direct more of their attention inward.

“Your worst enemy, after the usual suspects, is some of our own,” he said during the hearing. “Loose lips sink ships, then as now.”