Harold T. Martin III, who worked in the NSA’s Tailored Access Operations hacking unit, admitted his guilt more than two years after his arrest in what may be the biggest breach of classified information in history. FBI agents who swarmed his modest home south of Baltimore in 2016 found stacks of documents and electronic storage devices stashed in his car, home and even a garden shed.
But investigators never found evidence that Martin, who was working on a doctorate at the time of his arrest, had shared the stolen secrets with anyone else. His lawyers, James Wyda and Deborah Boardman, have argued that he was simply a hoarder who started taking work home and could not stop. Acquaintances described him as an eccentric with an active fantasy life who may have gotten carried away.
Martin pleaded guilty to one count of willful retention of defense information. Judge Richard D. Bennett said he would approve and impose the prescribed sentence, which was negotiated between prosecutors and defense lawyers. Sentencing was set for July.
Poring over the piles of material they found in their searches, investigators were astonished to discover that for 20 years, Martin, known as Hal, had been carrying classified material out of the NSA and other security agencies where he had worked. At the time of his arrest, he was working for Booz Allen Hamilton — the same intelligence contractor that had employed Edward Snowden, who flew to Hong Kong in 2013 and gave journalists a large trove of NSA documents.
Along with the Snowden and Martin cases, another NSA worker, Nghia Pho, was sentenced in September to 5 1/2 years in prison after taking home secret material describing the agency’s hacking tools. Intelligence officials believe the tools and related documents were then stolen from Pho’s home computer by Russian hackers. A young NSA linguist named Reality Winner was sentenced in August to five years and three months for leaking a classified document on Russian election hacking to The Intercept, an online publication.
But perhaps the most damaging breach of all was discovered around the time of Martin’s arrest in August 2016, when a mysterious group calling itself the Shadow Brokers announced an online auction of a long list of software exploits the NSA used to break into foreign computer networks. The Shadow Brokers eventually made the stolen cyberweapons public, and other countries and criminal groups began using them for hacking and theft around the world.
FBI investigators focused on Martin after getting a tip from Kaspersky Lab, a Russian cybersecurity company. Two Kaspersky employees had gotten cryptic messages from Martin — calling himself “HAL999999999” — via Twitter that seemed to be offering secrets, as Politico first reported in January. The assistance was a bit ironic, because U.S. intelligence officials sometimes accused Kaspersky of being too close to Russian intelligence, charges the company denied.
“Shelf life, three weeks,” Martin wrote in one of his cryptic texts, seeming to suggest that he was offering material on a time-limited basis.
But shortly after sending the messages, he blocked on Twitter the two Kaspersky employees he had just contacted, so they could not respond.
The FBI quickly linked the HAL999999999 Twitter account to Martin, and agents were soon swarming his modest house in Glen Burnie, a Baltimore suburb. The search turned up a staggering total of 50 terabytes of government data, a virtual library’s worth, much of it classified at a high level.
Investigators at first believed Martin might be the Shadow Brokers, who had posted their first announcement of their auction of NSA hacking tools a half-hour after Martin blocked the two Kaspersky workers on Twitter. They found the same NSA exploits in Martin’s vast collection of stolen material.
But the Shadow Brokers continued to post taunting manifestoes and stolen software for months after Martin was jailed. It appears the investigators eventually concluded that Martin was not the source of the Shadow Brokers’ material, at least not wittingly.
Government officials have never charged anyone in the Shadow Brokers breach, and speculation has centered on two possible perpetrators: Russian intelligence or disgruntled NSA insiders. If FBI and NSA security officers have made progress in solving the case, they have not said anything about it in public.
According to court filings, Martin first agreed to plead guilty in January 2018. But negotiations subsequently fell apart, and the plea came more than a year after it was first expected. Martin has been incarcerated since his arrest.
This article originally appeared in The New York Times.