Stolen cybertools posted for auction
Probe yet to link accused thief with online sale
WASHINGTON — Investigators pursuing what they believe to be the largest case of mishandling classified documents in U.S. history have found that the huge trove of stolen documents in the possession of a National Security Agency contractor included top-secret NSA hacking tools that two months ago were offered for sale on the internet.
They have been hunting for electronic clues that could link those cybertools — computer code posted online for auction by an anonymous group calling itself the Shadow Brokers — to the home computers of the contractor, Harold T. Martin III, who was arrested in late August on charges of theft of government property and mishandling of classified information.
But so far, the investigators have been frustrated in their attempt to prove that Martin deliberately leaked or sold the hacking tools to the Shadow Brokers or, alternatively, that someone hacked into his computer or otherwise took them without his knowledge. While they have found some forensic clues that he might be the source, the evidence is not conclusive, according to a dozen officials. All spoke on condition of anonymity.
Martin has insisted that he got in the habit of taking material home so he could improve his skills and be better at his job, according to these officials. He has explained how he took the classified material but denied having knowingly passed it to anyone else.
The material the FBI found in his possession added up to “many terabytes,” according to court papers, which would make it by far the largest unauthorized leak of classified material from the classified sector. One terabyte of data is equal to the contents of about 1 million books.
FBI agents, advised by NSA technical experts, do not believe Martin is fully cooperating, the officials say.
He has spoken mainly through his lawyers. They declined to comment before a detention hearing set for Friday in federal court.