Mediaboss Marketing

Foreign Policy (blog)

NSA Contractor Could Face 200 Years in Prison for Massive Breach Foreign Policy (blog) Prosecutors allege Harold T. Martin III stole a huge trove of classified documents, which he stored at his home in Maryland, while working as a contractor to the NSA and other intelligence agencies. While the full scope of Martin's collection of top ... Ex-NSA contractor stole secrets for nearly two decades, feds sayFox News Ex-NSA Contractor Accused Of Taking Classified Information Is IndictedNPR NSA contractor indicted for stealing more than 50TB of government ...The Verge Politico -PC Magazine -Wall Street Journal -Reuters all 94 news articles »

See original here:
NSA Contractor Could Face 200 Years in Prison for Massive Breach - Foreign Policy (blog)

[JURIST] A former National Security Agency (NSA) [official website] contractor was indicted [indictment, PDF] on Wednesday by a federal grand jury on charges that he willfully retained national defense information. US officials are stating [press release] that the theft by Harold Thomas Martin may have been the largest heist of classified government information in history. Martin allegedly spent over 20 years stealing highly sensitive government material [CNN report] related to national defense. It is unclear what, if anything, Martin did with all the stolen data. Martin now faces 20 criminal counts, each of which is punishable by up to 10 years in prison. Martin worked for Booz Allen Hamilton Holding Corp, which also employed Edward Snowden. Martin was employed as a private contractor for at least seven different companies, beginning in 1993. His positions dealing with government computer systems, gave him various security clearances that routinely provided him access to top-secret information. The indictment alleges Martin stole documents from US Cyber Command, the CIA, the NSA and the National Reconnaissance Office [official websites]. Martin's initial appearance in the US District Court for the District of Maryland is scheduled for next Tuesday.

Governments around the world have re-examined their data privacy laws in the wake of a myriad of data leaks, including the Edward Snowden [JURIST backgrounder] leaks. National governments around the world have attempted [JURIST op-ed] to gain control over data transferred within their borders. On Tuesday the US House approved [JURIST report] a measure that would updat US privacy laws in regards to e-mails and cloud storage. In October 2015 the European Court of Justice ruled [JURIST report] that EU user data transferred to the US was not sufficiently protected. In June 2015 a court in The Hague struck down [JURIST report] a Dutch law that allowed the government to retain telephone and Internet data of Dutch citizens for up to 12 months in an effort to combat terrorism and organized crime.

View original post here:
Former NSA contractor indicted in theft of classified government information - JURIST

In 2010, Thomas Drake, a former senior employee at the National Security Agency, was charged with espionage for speaking to a reporter from the Baltimore Sun about a bloated, dysfunctional intelligence program he believed would violate Americans privacy. The case against him eventually fell apart, and he pled guilty to a single misdemeanor, but his career in the NSA was over.

Though Drake was largely vindicated, the central question he raised about technology and privacy has never been resolved. Almost seven years have passed now, but Pat Eddington, a former CIA analyst, is still trying to prove that Drake was right.

While working for Rep. Rush Holt, D-N.J., Eddington had the unique opportunity to comb through still-classified documents that outline the history of two competing NSA programs known as ThinThread and Trailblazer. Hes seen an unredacted version of the Pentagon inspector generals 2004 audit of the NSAs failures during that time, and has filed Freedom of Information Act requests.

In January, Eddington decided to take those efforts a step further by suing the Department of Defense to obtain the material, he tells The Intercept. Those documents completely vindicate those who advocated for ThinThread at personal risk, says Eddington.

The controversy dates back to 1996, whenEd Loomis, then a computer systems designer for the NSA, along with his team worked to move the NSAs collection capabilities from the analog to the digital world. The shift would allow the NSA to scoop up internet packets, stringing them together into legible communications, and automating a process to instantly decide which communications were most interesting, while masking anything from Americans. The prototype, called GrandMaster, would need to ingest vast amounts of data, but only spit out what was most valuable, deleting or encrypting everything else.

Then in the fall of 2001,four passenger airliners were hijacked by terrorists as part of a suicide plot against Washington, D.C., and New York City. The U.S. intelligence community faced a disturbing wakeup call: its vast collection systems had failed to prevent the attacks.

Yet, in response, the NSA simply started collecting more data.

The NSA sent out a bid to multiple defense contractors, seeking a program that could collect and analyze communications from phones and the internet. Science Applications Internal Corporation, or SAIC, won the contract, known as Trailblazer. Meanwhile, internally, NSA employees were developing a similar, less costly alternative called ThinThread, a follow-on to GrandMaster. ThinThread would collect online communications, sort them, and mask data belonging to Americans.

Those involved in ThinThread argue that their approach was better than a collect-it-all approach taken by NSA.

Bulk collection kills people, says Bill Binney, a former NSA analyst, who rose to be a senior technical official with a dream of automating the agencys espionage. You collect everything, dump it on the analyst, and they cant see the threat coming, cant stop it, he says.

Binney built a back-end system a processor that would draw on data collected by ThinThread, analyze it, look at whether or not the traffic was involves American citizens, and pass on what was valuable for foreign intelligence.

Bulk acquisition doesnt work, agrees Kirk Wiebe, a former NSA senior analyst, who was trying to help convince NSA of ThinThreads value at the time.

The analysts are drowning in data, and Binney and Wiebe believe ThinThread would have solved the problem by helping the NSA sort through the deluge automatically while protecting privacy using encryption.

But Binney and Wiebe say advocates of ThinThread hit every possible bureaucratic roadblock on the way, sitting in dozens of meetings with lawyers and lawmakers. In the meantime, Gen. Michael Hayden, the director of the NSA at the time, said he decided to fund an outside contract for a larger effort, focused on gathering all communications, not just those over the internet, as ThinThread was designed to do.

Additionally, while ThinThread masked American communications, Haydens legal and technical advisors were concerned the collection itself would be a problem. Some of Haydens senior officials at the NSA came from SAIC, the company that won contract to design a proof of concept for Trailblazer.

A tiny group of people at NSA had developed a capability for next to no money at all to give the government an unprecedented level of access to any number of foreign terrorists, Eddington says. Instead that system was shut down in favor of an SAIC boondoggle that cost taxpayers, by my last count, close to a billion dollars.

He argues the contract, and the incestuous relationship between the NSA chief and the contractor never received the scrutiny it deserved. It was clearly an ethical problem, Loomis said.

Ultimately, however, the NSA went with Trailblazer. Hayden rejected the ThinThread proposal because the intelligence communitys lawyers were concerned it wouldnt work on a global scale, and that it would vacuum up too much American data. Hayden has continued dismissing concerns years later as the grumblings of disgruntled employees. Hayden told PBS Frontline ThinThread was not the answer to the problems we were facing, with regard to the volume, variety and velocity of modern communications.

In 2002, Wiebe, Binney, Loomis, Drake, and Diane Roark, a Republican staffer on the House Intelligence Committee who had been advocating for ThinThread, united to complain to the Defense Departments inspector general, arguing that ThinThread, while still a prototype, would be the best surveillance system. The oversight body completed its report in 2004, which included major concerns about Trailblazer.

We talked about going for the nuclear option, Wiebe said, referring to discussions at the time about contacting the press.

But Drake went it alone, however, never telling his colleagues what he planned to do. Stories about the disagreements started showing up in news headlines based on leaks. The Bush administration in 2007 sent the FBI after the whistleblowers, raiding each of the whistleblowers homes who raised complaints to the Pentagon inspector general. Drake faced espionage charges after speaking to a reporter from the Baltimore Sun about the alleged mismanagement and waste in the NSA.

Though Drake wasnt sent to prison, he lost his career in government, and now works at an Apple store. The question of whether ThinThread would have provided a better capability than Trailblazer was never resolved.

While ThinThread never made it to production, some of the analytic elements, minus the privacy protections, made it into Fort Meade as part of a massive surveillance program now known as Stellar Wind.

But there may be a way to settle the debate. The watchdog agency tasked with oversight of the Department of Defense completed a full investigation into the battle between ThinThread and the Trailblazer. The Pentagon inspector general published a heavily redacted version of that investigation in 2011; that report is now the only public record available, aside from the account of the whistleblowers who exposed it.

Despite everything thats come out about its surveillance programs, the NSA still wont release the full ThinThread investigation. I dont really know what theyre trying to hide, said Loomis.

Loomis says he thinks those redactions were more for the sake of Haydens reputation than protecting real classified information. He eventually documented the saga in a self-published book called NSAs Transformation: An Executive Branch Black Eye.

Drake told The Intercept in an email that efforts to uncover the Pentagon inspector generals ThinThread investigation were a large part of his defense. Since then, the Office of Special Counsel concluded last March that the Department of Justice may have destroyed evidence that might have helped exonerate him.

In the meantime, however, hope is fading that the entire story of ThinThread will emerge from behind the government door of secrecy. Weve been trying for 15 or 16 years now to bring the U.S. government the technical solution to save lives, but they fight us left and right, said Wiebe.

Eddington says the ThinThread controversy demonstrates the lack of oversight of the intelligence community. The mentality that gave us this system is still in place, he says. We could see this become de facto permanent, he said.

Follow this link:
Former CIA Analyst Sues Defense Department to Vindicate NSA Whistleblowers - The Intercept

A former NSA contractor was indicted by a federal grand jury on charges of stealing elite cyberweapons and sensitive government data over the course of 20 years.

According to the U.S. Department of Justice (DoJ) indictment, Harold Thomas Martin worked as a contractor for seven different companies during those 20 years. Each company, including Booz Allen Hamilton Holding Corp where former NSA contractor and whistleblower Edward Snowden also worked, was tasked with projects through the U.S. Department of Defense and the National Security Agency (NSA).

"Martin held security clearances up to top secret and sensitive compartmented information at various times, and worked on a number of highly classified, specialized projects where he had access to government computer systems, programs and information, including classified information," federal prosecutors wrote in a statement. "Over his many years of holding a security clearance, Martin received training regarding classified information and his duty to protect classified materials from unauthorized disclosure."

Leo Taddeo, CSO for Cryptzone, said it shouldn't be surprising that an NSA contractor could steal data for 20 years without anyone knowing.

"One of the challenges of protecting digital assets is that the owner doesn't always know he wasrobbed.That's not the case with say, a TV or a car.If those items are stolen, the victim notices the empty parking space or blank spot on the wall pretty quickly and calls the police," Taddeo told SearchSecuirty via email."Digital evidence can be copied and 'stolen' without the owner ever knowing unless very specific safeguards are in place and regularly monitored."

Martin was arrested in October 2016 and law enforcement reportedly seized 50 TB of federal data from his home in Glen Burnie, Md. This data, which officials said could amount to the largest theft of classified federal information in history, included documents from U.S. Cyber Command, the CIA and cyberweapons from the NSA's elite hacking team -- the Office of Tailored Access Operations (TAO) -- all stolen while Martin was an NSA contractor.

The DoJ's indictment charged Martin on 20 criminal counts, each of which could carry a maximum penalty of 10 years in prison. Federal officials have not commented on what Martin did with the stolen data, but former TAO agents confirmed NSA-made cyberweapons were leaked in a dark web auction by a group called the Shadow Brokers. It is still unclear what, if any, connection there is between Martin, the Shadow Brokers and the advanced persistent threat group, the Equation Group, which has been associated with using TAO exploits in the wild.

Willy Leichter, vice president of marketing for CipherCloud, based in San Jose, Calif. said insider threats are an issue for all enterprises.

"This latest news reinforces an unfortunate truth -- security has traditionally focused on securing the perimeter, but internal controls are often sorely lacking," Leichter told SearchSecurity. "Now that network perimeters are disappearing with cloud and mobile technology, it's forcing many organizations to look more carefully at their internal controls to classify and protect sensitive data."

Taddeo noted that recent NIST guidelines put in place following the OPM breach, which was blamed on an attack that used credentials stolen from a federal contractor, could help mitigate future issues like this.

"The new NIST guidelines are intended to ensure federal contractors, like Martin's employer, Booz Allen, have the proper safeguards in place," Taddeo said. "These security controls will help, but not guarantee, that this type of theft does not happen in the future."

Learn more about why mitigating insider threats remains a major concern.

Find out why the Shadow Brokers cancelled the auction of NSA cyberweapons.

Get info on how to address the Equation Group vulnerabilities.

See the rest here:
NSA contractor indicted for stealing elite cyberweapons over 20 years - TechTarget

MSNBC

New Russia revelations pose new problems for Trump's NSA MSNBC Michael Flynn, Donald Trump's National Security Advisor, has maintained close ties to Moscow in recent years, even getting paid by the Kremlin's propaganda outlet. It therefore caused quite a stir a month ago, when the Washington Post noted that Flynn ... and more »

Go here to see the original:
New Russia revelations pose new problems for Trump's NSA - MSNBC