News media has hit the ground running reporting on cybersecurity, cybercrime and fake news. Media notifications about Russian operatives or which politician said this is becoming an everyday thing. With so many sources telling the public what to do and who to trust and how to protect themselves, valuable news stories can get lost in the shuffle, especially when Kellyanne Conway reminds us all of the imaginary Bowling Green Massacre.
After news broke in August that a former NSA contractor made what is said to be the largest cybersecurity breach in U.S. history (yes, even outdoing Snowden himself) it almost seems that politicians are trying to deflect the public's attention from serious security issues. The question remains: what was Martin's reason for stealing government data, and does the current administration have a cybersecurity plan in place to keep this from happening again?
Harold T. Martin III: Another Snowden?
In late August 2016, the FBI infiltrated Martin's quiet neighborhood and circled his home, waiting for the opportune moment to pounce. And pounce they did. The FBI took siege of Martin's home and found top secret documents and digital government data saved to multiple devices.
Now, some six months' later, officials have learned that the disgraced NSA contractor stole more than 50 terabytes of "highly sensitive data," according to Ars Technica. The 50 stolen terabytes include "more than 75 percent of the hacking tools belonging to the Tailored Access Operations (TAO)."
After leaving active duty in the Navy in 1992, Martin worked several tech jobs with government contractors before joining the NSA in 2012. It was while employed with the NSA that Martin worked with the TAO. TAO "makes and deploys software used to penetrate foreign targets' computer networks for foreign espionage purposes," as summarized by The Washington Post.
As reported by CNN, Martin had secretly squirreled away classified information dating from 1996 to 2016. This means that for twenty years, Martin was able to gain private access to state secrets and somehow store them privately in his home. Some of the information included documents "'regarding specific operational plans against a known enemy of the United States and its allies.' That document was not only classified but marked need-to-know only, and Martin should not have been privy to that information, prosecutors said."
How was Martin caught lifting highly-sensitive documents? Did he get sloppy? Martin was not caught until officials at TAO rudely learned that another long-time employee had stolen TAO's hacking tools without prior authorization. If officials had not caught that employee, Martin could have continued to steal information unbeknownst to his employers.
Since late August, Martin has been detained. When his lawyers made a request for bail, a U.S. District Judge rejected the request, citing that Martin posed a flight risk. Martin's lawyers have stressed that their client brought top-secret information home with him merely because he was trying to improve at his job. Though it does not appear that Martin sold any of the government's top-secret documents, the fact that he was able to get his hands on the information and store it on his private devices just a few years after Snowden's massive breach tells American citizens that the NSA needs to get tighter control on their cybersecurity. If they can't do it, who can?
Having a cybersecurity plan in place will protect you, your business and your clientele. Visit CyberPolicy today to find a plan that will fit your needs.