Mystery of NSA leak lingers in US as stolen document case winds up

WASHINGTON (AP) – Federal agents descended on the suburban Maryland house in the United States (US) with the flash and bang of a stun grenade, blocked off the street and spent hours questioning the homeowner about a theft of government documents that prosecutors would later describe as “breathtaking” in its scale.

The suspect, Harold Martin, was a contractor for the National Security Agency (NSA). His arrest followed news of a devastating disclosure of government hacking tools by a mysterious internet group calling itself the Shadow Brokers. It seemed to some that the US might have found another Edward Snowden, who also had been a contractor for the agency.

“You’re a bad man. There’s no way around that,” one law enforcement official conducting the raid told Martin, court papers said. “You’re a bad man.”

Later this month, about three years after that raid, the case against Martin is scheduled to be resolved in Baltimore’s federal court. But the identity of the Shadow Brokers, and whoever was responsible for a leak with extraordinary national security implications, will remain a public mystery even as the case concludes.

Authorities have established that Martin walked off with thousands of pages of secret documents over a two-decade career in national security, most recently with the NSA, whose headquarters is about 15 miles from his home in Glen Burnie, Maryland. He pleaded guilty to a single count of wilful retention of national defence information and faces a nine-year prison sentence under a plea deal.

The sign outside the National Security Administration campus in Fort Meade, Maryland. – AP

Investigators found in his home and car detailed descrip-tion of computer infrastructure and classified technical opera-tions in a raid that took place two weeks after the Shadow Brokers surfaced online to advertise the sale of some of the NSA’s closely guarded hacking tools.

Yet authorities have never publicly linked Martin or anyone else to the Shadow Brokers and the US has not announced whether it suspects government insiders, Russian intelligence or someone else entirely.

The question is important because the US believes North Korea and Russia relied on the stolen tools, which provide the means to exploit software vulnerabilities in critical infrastructure, in unleashing punishing global cyberattacks on businesses, hospitals and cities.

The release, which occurred while the NSA was already under scrutiny because of Snowden’s 2013 disclosures, raised questions about the government’s ability to maintain secrets .

“It was extraordinarily dama-ging, probably more damaging than Snowden,” cybersecurity expert Bruce Schneier said of the Shadow Brokers leaks. “Those tools were a lot of money to design and create.”

Yet none of that is likely to be mentioned at Martin’s July 17 sentencing. The hearing instead will turn on dramatically different depictions of the enigmatic Martin, a Navy veteran, longtime government contractor — most recently at Booz Allen Hamilton — and doctoral candidate at the time of his arrest.

Prosecutors allege Martin jeopardised national security by bringing home reams of classified information even as, they say, he once castigated colleagues as “clowns” for lax security measures. Soon after his arrest, they cast aspersions on his character and motives, citing a binge-drinking habit, his arsenal of unregistered weapons and online communication in Russian and other languages.

The agents who searched his house that August 2016 afternoon found a trove of documents in his car, home and a dusty, unlocked shed. The 50 terabytes of information from 1996 to 2016 included personal details of government employees and “Top Secret” email chains, handwritten notes describing the NSA’s classified computer infrastructure, and descriptions of classified technical operations.

Defence lawyers paint him as a compulsive hoarder whose quirky tendencies may have led him astray but who never betrayed his country.

“What began as an effort by Martin to be good at his job, to be better at his job, to be as good as he could be, to see the whole picture at his job, became something more complicated than that,” public defender James Wyda said at a 2016 detention hearing. “It became a compulsion.

“This was not Spycraft behaviour,” he added. “This is not how a Russian spy or something like that would ever conduct business.”

It’s unclear how Martin came to the FBI’s attention, but a redacted court order from a judge suggests agents may have been looking for a Shadow Brokers link when they obtained search warrants for his Twitter account and property before the raid.

The December 2018 ruling from US District Judge Richard Bennett notes that the FBI was investigating the online disclosure of stolen government property. It cites a Twitter message from an account allegedly belonging to Martin — @HAL_999999999 — that requested a meeting with someone whose name is blacked out and stated “shelf life, three weeks”.

In a likely reference to the Shadow Brokers disclosures, investigators said tweets from Martin’s account were sent hours before stolen government records were advertised and posted online. Investigators also alleged that Martin would have had access to the same classified information as what appeared online.