A federal contractor suspected of leaking powerful National Security Agency hacking tools has been arrested and charged with stealing classified information from the U.S. government, according to court records and a law enforcement official familiar with the case.
Harold Thomas Martin III, 51, who worked for Booz Allen Hamilton, was charged with theft of government property and unauthorized removal and retention of classified materials, authorities said. He was arrested in August after investigators searched his home in Glen Burnie, Md., and found documents and digital information stored on various devices that contained highly classified information, authorities said.
The breadth of the damage Martin is alleged to have caused was not immediately clear, though officials alleged some of the documents he took home “could be expected to cause exceptionally grave damage to the national security of the United States.” Investigators are probing whether Martin was responsible for an apparent leak that led to a cache of NSA hacking tools appearing online in August, according to an official familiar with the case.
Those tools included “exploits” that take advantage of unknown flaws in firewalls, for instance, allowing the government to control a network.
The NSA and Booz Allen are no strangers to having classified material removed by one of their own. In 2013, contractor Edward Snowden passed a massive trove of documents to journalists, embarrassing the agency and shedding light on massive government surveillance programs that have faced criticism since they were revealed. Snowden also was charged criminally but has successfully sought asylum in Russia.
An NSA spokesman declined to comment. In a statement attached to an SEC filing, Booz Allen said that when it learned one of its employees was arrested, “we immediately reached out to the authorities to offer our total cooperation in their investigation, and we fired the employee. We continue to cooperate fully with the government on its investigation into this serious matter.” The company said there had “been no material changes to our client engagements as a result of this matter.”
Military records and an online profile show that Martin was a decorated former Naval officer and reservist with a broad interest in cyber issues. His attorney said he was a Navy lieutenant, and records show he served for more than a decade, spending some years on the USS Seattle before ultimately ending his military career in the inactive reserves. Among the awards he received were a Joint Meritorious Unit Award, a Navy Expeditionary Medal and a National Defense Service Medal.
According to his LinkedIn profile, Martin was in a computing Ph.D. program at University of Maryland, Baltimore County, and he had studied software and security engineering at George Mason University and economics and math at the University of Wisconsin. He wrote that his goal was “to advance state of the art in several areas of computing practices in the public/private sector.”
Federal public defender Jim Wyda and first assistant federal public defender Deborah Boardman, who are representing Martin, said in a statement that the charges against Martin were “mere allegations” and they had not yet seen prosecutors’ evidence.
“There is no evidence that Hal Martin intended to betray his country. What we do know is that Hal Martin loves his family and his country,” the attorneys said. “He served honorably in the United States Navy as a lieutenant and he has devoted his entire career to protecting his country. We look forward to defending Hal Martin in court.”
Prosecutors did not reveal in the criminal complaint against Martin what precisely they recovered, though they alleged that some documents were produced in 2014 and were “critical to a wide variety of national security issues.” Martin’s motive, if he in fact removed the materials, also was unclear. The complaint alleged that Martin initially denied to investigators he took documents home, but once confronted with specific examples, admitted he did so and that he knew the materials were classified. The complaint alleged Martin “stated that he knew what he had done was wrong.”
If convicted, Martin would face a maximum of 11 years in prison. The U.S. Attorney’s Office in Maryland said he appeared in court on August 29 and remains detained. The charges against him were unsealed Wednesday. A lawyer for Martin did not immediately return a message seeking comment, and efforts to reach family members were unsuccessful.
John Woodrow Cox, Sari Horwitz and Julie Tate contributed to this report.
This article was written by Ellen Nakashima and Matt Zapotosky from The Washington Post and was legally licensed through the NewsCred publisher network.
Online Degrees & Certificates In Cybersecurity
American Military University's online cybersecurity programs integrate multiple disciplines to ensure you gain the critical skills and management practices needed to effectively lead cybersecurity missions – from government or private industry. Learn from the leader. American Military University is part of American Public University System, which has been designated by the National Security Agency and the Department of Homeland Security as a National Center of Academic Excellence in Cyber Defense Education.