The federal probe that in 2016 ensnared a former NSA contractor accused of pilfering some of the U.S. government’s most sensitive hacking tools was reportedly initiated due to a tip from an unlikely ally: A Russian cybersecurity firm that’s drawn the fury of the Obama and Trump administrations.
Kaspersky Lab, a Moscow-based company, emerged Wednesday as the very strange bedfellow that helped the FBI catch Harold T. Martin III, according to sources familiar with the investigation who spoke to Politico. Recent U.S. administrations have accused Kaspersky Lab of colluding with the Russian intelligence community to obtain and expose classified NSA data. Homeland Security has even banned the company’s software on federal computers due to such security concerns.
“It’s irony piled on irony that people who worked at Kaspersky, who were already in the sights of the U.S. intelligence community, disclosed to them that they had this problem,” Stewart Baker, a general counsel for the NSA in the 1990s, told Politico. “We all thought [Martin] got caught by renewed or heightened scrutiny, and instead it looks as though he got caught because he was an idiot.”
Martin, who is set to go on trial in June, was arrested in August 2016 and is facing 20 counts of unauthorized and willful retention of national defense information.
“It looks as though he got caught because he was an idiot.”
Prosecutors say the ex-NSA contractor spent two decades taking classified government information from the U.S. intelligence community and hoarded the secrets at his home in Maryland. During a raid of his property, authorities seized dozens of laptops and digital devices in addition to six full bankers’ boxes stuffed with documents.
At least 50 terabytes of data were taken away – and authorities said the haul may have been the largest theft of classified documents in U.S. history.
And yet, the massive breach may never have been uncovered. But five days before the arrest, a Kaspersky Lab employee tipped off an NSA worker about Martin, according to Politico.
The tipster was reportedly spurred on by a series of strange Twitter messages two company researchers received from an account that prosecutors believe belonged to Martin.
Twitter user “HAL999999999” reportedly asked to be put in touch with Kaspersky Lab CEO Eugene Kaspersky, although it is not clear what the user hoped to achieve. Thirty minutes after two of the messages were sent, an online group dubbed the Shadow Brokers began leaking classified NSA data online.
Sources told Politico the Kaspersky researchers were able to link the Twitter account to Martin and soon began wondering if he was also tied to the Shadow Brokers group. The researchers then decided to notify the NSA.
The identity of HAL999999999 was quickly exposed after the Kaspersky Lab researchers started running the name through Google searches.
One search, according to Politico, uncovered a post by someone using the same alias on a website frequented by people interested in bondage and sadomasochism. The ad, which sought female sexual partners, reportedly included a picture of Martin and identified him as living in Annapolis, Maryland.
Another search brought up a LinkedIn profile for “Hal Martin.” The person behind that account said he worked in Annapolis Junction as a “technical adviser and investigator on offensive cyber issues,” Politico reported.
James Wyda, Martin’s public defender, previously told Politico that Martin was hoarding the NSA data at his home because he suffers from a compulsive disorder.
Wyda, Kaspersky Lab, the FBI and the U.S. District Attorney’s Office handling the case declined to comment to Politico about how integral the Russian-based company was to the investigation.
At the time of his arrest in 2016, Martin worked for Booz Allen Hamilton Holding Corp, according to Reuters. The same company previously employed Edward Snowden who in 2013 leaked secret documents that exposed domestic and international surveillance programs carried out by the NSA.
Lukas Mikelionis and the Associated Press contributed to this report.