Harold Thomas Martin III, the former National Security Agency contractor charged with hoarding more than 50 terabytes of sensitive data at his Maryland home, has pleaded guilty to one felony count of willful retention of National Defense information. In return, federal prosecutors agreed to drop 19 existing charges and seek a sentence of nine years in prison.
The plea provides an anticlimactic and unsettling end to one chapter in an ongoing saga over how the NSA—the world’s foremost spy and hacking agency—protects its vast arsenal of weaponized exploits. When the charges against Martin first became public in late 2016, the NSA was still reeling from the leak of highly classified NSA exploits two months earlier by a mysterious group calling itself the Shadow Brokers. Martin first came to investigators’ attention as they searched for the source of the Shadow Brokers leak. The hope at the time was investigators had found the culprit.
As it turned out, the Shadow Brokers published a series of increasingly vexing follow-on leaks that continued into 2017, well after Martin’s arrest in August 2016. Speaking in deliberately exaggerated broken English published in Internet dispatches, the Shadow Brokers publicly taunted the NSA and made veiled references to top-secret exploits.
In early 2017, NSA officials became so concerned about the messages that they notified Microsoft of a critical Windows flaw to prevent it from being exploited as a zeroday. Even after the patch, the group dumped several highly virulent exploits, some of which were snapped up by third-party hackers who repurposed them to create worms that shut down computers all over the world.
Thursday’s plea confirms that the world is no closer to solving a mystery surrounding one of the most damaging leaks in NSA history. According to Cyberscoop, defense attorneys at Thursday’s hearing portrayed Martin as a patriotic contractor who mishandled classified materials out of mental illness, not ill intent. Federal prosecutors and intelligence officers have never explicitly said Martin’s hoarding played no role in the Shadow Brokers leaks, but the relatively lenient sentence and the dropping of 19 counts suggests the hoarding did not. But ultimately, the world will never know.
And that leaves the very real possibility that the person or people behind the Shadow Brokers’ leaks remain at large and free to carry out similar acts in the future. What’s more, Thursday’s plea means the world will never know how Martin managed to sneak unspeakable volumes of data out of one of the world’s most secretive agencies and what, if anything, the NSA has done since then to prevent similar heists in the future.
Jake Williams, a former NSA hacker who is now a founder of the firm Rendition Infosec, told Ars:
I think it’s a best case for the government. They need this to go away, and they definitely don’t want a trial. The fact that they dropped a huge number of the charges and he’ll only serve 9 years seems to indicate that they don’t think he’s involved with the Shadow Brokers. It’s also possible the government can’t effectively make that case, either because they lack the evidence or can’t present it without causing further damage.
In a later series of Tweets Williams aired more troubling thoughts about the Martin leaks. Some of the tweets noted that prosectors allege the hoarding continued through 2016, three years after leaks from Edward Snowden put NSA and Department of Defense officials on high alert for workers who brought home classified materials.
“As much as it pains me to say this, I think DoD was asleep at the wheel, even after the Snowden case – and criminally so,” Wiliams wrote. “And now let me ask the hard question: how many more Martin’s are there? There are almost certainly more, and they’re probably more malicious than Martin.”
As much as it pains me to say this, I think DoD was asleep at the wheel, even after the Snowden case – and criminally so. And now let me ask the hard question: how many more Martin’s are there? There are almost certainly more, and they’re probably more malicious than Martin. 9/9
— Jake Williams (@MalwareJake) March 28, 2019
Martin is scheduled to be sentenced in July.