Harold T. Martin III, 54, has already been in jail for nearly three years since the FBI raided his home in Glen Burnie, Md., on Aug. 27, 2016. Investigators had been searching desperately for the person responsible for the leak of a cache of high-value hacking tools developed by the NSA, which was stolen from the NSA and had been offered online just weeks earlier by a mysterious group called the Shadow Brokers.
In the three years since the raid, the government has not alleged that Martin leaked any of that information, and prosecutors confirmed Friday that nothing Martin took had been disseminated. The identity of the Shadow Brokers, and the source of their stolen tools, has not been publicly disclosed, if it was ever discovered.
What agents found in the small home Martin shared with his wife amazed them — at least 50 terabytes of data, the equivalent of 500 million pages of material, much of it highly classified and related to hacking, gathered over 20 years, court records show.
Martin apologized during his sentencing before U.S. District Judge Richard D. Bennett and said he recognized that taking the data was wrong. Bennett said the case “has given me great pause,” but he agreed to impose the nine-year term agreed upon by the defense and prosecution, the maximum recommended under federal sentencing guidelines.
Martin pleaded guilty in March to one count of willful retention of national defense information. U.S. Attorney Robert K. Hur said then that the sentence would be the longest ever imposed on a willful retention charge. Martin will receive credit for the three years he has already served, the judge said.
Martin spoke for about 20 minutes, his voice calm, soft and sometimes difficult to hear as he read nearly verbatim from a letter he’d written earlier this month to the judge.
He made clear that what he’d done was wrong.
“The manner and method of my approach was unorthodox, unconventional, uncanny,” he wrote. “But also unauthorized, illegal and just plain wrong. One step beyond black. Please do not copy this. It is not the easy or correct path. I took shortcuts, went backwards, sideways and around things, crossing major borders and boundaries. It is not good, it’s very, very BAD.”
Martin was an employee of Booz Allen Hamilton, the same company that employed Edward Snowden, who shared vast amounts of classified NSA data with journalists in 2013 about U.S. spying programs. Booz Allen struggled to deal with a second security embarrassment, hiring former FBI director Robert S. Mueller III to investigate the leak and revising its hiring and supervision protocols.
About two weeks before Martin’s arrest, hackers had started selling the tools developed by the NSA to exploit software vulnerabilities in large programs used by governments, businesses and hospitals. Then, a Russian cybersecurity firm notified the NSA that it had received cryptic Twitter messages from Martin seeking to speak with the lab’s founder, The Washington Post reported in January.
The messages had come shortly before the release of the stolen hacking tools, from the Twitter handle @HAL999999999. Looking for the source of the leak, the FBI obtained a search warrant for Martin’s home and car.
Martin, who had cycled through several contracting jobs, worked in the Tailored Access Operations unit of the NSA, designed to create ways to secretly hack into computers.
When the agents arrived, they found “an astonishing quantity” of classified digital data, much of it lying open in his home office, in the back seat of his car or in a backyard storage shed, the government said in court filings.
“The large volume of hard-copy and digital documents,” prosecutors wrote, “included information from the National Security Agency, U.S. Cyber Command, the National Reconnaissance Office and the Central Intelligence Agency.”
One document contained “specific operational plans against a known enemy of the United States,” the government said, and a Cyber Command document discussed “capabilities and gaps in capabilities of the U.S. military and details of specific operations.”
Martin’s lawyers said he had no nefarious intent in taking the documents home. He was simply a hoarder who dealt with “undiagnosed autism” and believed that having the data close would make him a better employee.
A sentencing memorandum filed by federal public defender James Wyda quotes from a report written by neuropsychologist David Black, who said Martin’s hoarding disorder resulted from “a constellation of largely undiagnosed and untreated mental health challenges that have plagued Mr. Martin his entire life.”
Over time, Black said, as Martin collected stacks of information in his home, he “developed the belief that the material he worked with could fill the loneliness and emptiness he felt from a lack of social connection and the perpetual sense of rejection he felt at work.”
Black said Martin, who moved through seven government contracting jobs over 23 years after leaving the Navy, was convinced that “possessing it would make him more competent and more valued at his next contracted position, because he would carry institutional knowledge with him, thereby having a unique capacity to safeguard the United States.”
Wyda noted that “the government never uncovered any evidence that he was a traitor or a danger to our nation.”
Assistant U.S. Attorney Zachary Myers dismissed the notion Martin was driven by a hoarding habit.
“He repeatedly made the decision to steal national defense information for nearly 20 years,” Myers said in court. “This is not a case of hoarding … The defendant did not amass a large quantify of newspapers or junk or stray cats or anything else indicating a hoarding disorder.”
Myers said there was no evidence uncovered that Martin passed on any of the information.
The judge, Bennett, remarked several times on the gravity of Martin’s actions were. The documents stolen contained information about international intelligence sources for the U.S., the judge noted.
“These people are out there. They were endangered,” he said.