Friday, October 21, 2016

Martin classified data leaks - pretrial court documents

In response to a pre-trial detention hearing, United States attorneys filed a motion to deny that Harold Martin III being released from prison.  Based on this document, we know a lot more about the strength of the government's case.

Misrepresentations or misinterpretations?
I've seen some pundits with poor reading comprehension misinterpret two things in this section.  First several pundits said that Martin had "dozens of computers."  That's not what the statement says.


The government says that they seized "dozens of computers and other digital storage devices" which is far different.  The wording may be intentionally designed to make the judge believe that Martin had dozens of computers.  But this isn't surprising to me.  Martin is a practicing infosec professional.  Take one trip to BlackHat or RSA and you can bring back a dozen or more USB devices from vendor booths.  Assuming that at some time in his career Martin went to a security conference (or many such conferences), he would likely have dozens of digital devices.

The other misinterpretation I'm seeing a lot in the media is that Martin stole 50TB of classified data.  But the government never makes this claim.  They only claim that they recovered 50TB of storage devices from his residence.  They never discuss (and honestly probably do not know) what percentage of the storage media contains classified data.

Handwritten notes
This next excerpt is particularly damning.  A document recovered from Martin's residence contains hand written notes, seemingly for explaining the document to those who lack the same context he has.


If the government is to be taken at face value, it appears that Martin was planning to pass this document to a third party. Whether Martin intended to pass the printed document to a reporter or a foreign government, the allegation is highly disturbing.

Are we still doing this "Need to know" thing?
This excerpt suggests that Martin had documents in his possession for which he had no need to know.  In a post-Snowden NSA, this seems a little cavalier - how did Martin come into possession of this very sensitive need to know document?


Documents stored openly in the back of Martin's car
This is huge - it's pretty amazing to think about classified documents stored openly in Martin's home and/or in the back of his car.


Later in the document, the government points out that Martin's residence lacks a garage. This means his car was parked out in the open at nights, probably with classified data storage.  The government states that's how they found it when they served the search warrant.

Classified theft may have begun in 1996, but the government doesn't claim that
The documents state that Martin had access to classified information starting in 1996.  However, they stop short of saying when he first started stealing data.  Many media outlets have talked about how he has been stealing data for 20 years.


Read the filing carefully however and you will see that there is no mention that Martin stole data for 20 years, only that he's had a security clearance that long.

Disgruntled? Yeah, I'd say so...
In 2007, apparently Martin drafted a letter to send to his coworkers.  It appears that he's a little vindictive and disgruntled.  Feeling marginalized (and wanting to feel important) is one of the reasons people commit treason.  Their failure to allow Martin to "help them" may have been a catalyst for the treason.


And of course "They" are inside the perimeter.  If the government's claims are to be believed, nobody knew this better than Martin himself.


That's all folks
It could keep writing, but this is probably a good place to drop off.  If you're really interested in more, you should read the source document.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.