Remember “The Shadow Brokers” and the arrest of a former NSA contractor accused of stealing 50 Terabytes of top secret documents from the intelligence agency?
It turns out that, Kaspersky Lab, which has been banned in US government computers over spying fears, was the one who tipped off the U.S. government and helped the FBI catch NSA contractor Harold T. Martin III, unnamed sources familiar with the investigation told Politico.
In October 2016, the U.S. government arrested and charged Martin, 51, with theft of highly classified documents, including most sensitive NSA hacking tools and top-secret information about “national defense,” that he siphoned from government computers over the period of two decades.
The breach is believed to be the largest heist of classified government material in America’s history, far bigger than Edward Snowden leaks.
According to the sources, the Antivirus firm learned about Martin after he sent unusual direct messages via Twitter to its two researchers in 2016, just 30 minutes before the Shadow Brokers hacking group began leaking classified NSA hacking tools on the Internet.
“The case unfolded after someone who U.S. prosecutors believe was Martin used an anonymous Twitter account with the name ‘HAL999999999’ to send five cryptic, private messages to two researchers at the Moscow-based security firm,” Politico reports.
“The first message sent on Aug. 13, 2016, asked one of the researchers to arrange a conversation with ‘Yevgeny’ — presumably Kaspersky Lab CEO Eugene Kaspersky, whose given name is Yevgeny Kaspersky.”
The timing of the Twitter messages, the Shadow Brokers leaks, and other clues like HAL999999999 Twitter profile linked to Martin and Martin access to the NSA’s elite hacking unit, immediately triggered a red flag at Kaspersky, who then reported the communication to the NSA.
However, it should be noted that Martin, who is set to go on trial in June, is currently facing 20 counts of unauthorized and willful retention of national defense information, and the FBI doesn’t have any evidence to link him with the Shadow Brokers.
By the way, don’t confuse the Martin case with the case of Nghia Hoang Pho, 67, a developer for the the NSA’s Tailored Access Operations Division who was sentenced to 5.5 years in prison last year to illegally taking classified documents home, which were later stolen by Russian hackers from his home PC that was running Kaspersky antivirus.
In the Pho’s case, the U.S. government accused Kaspersky Lab of colluding with the Russian intelligence agency to obtain and expose the classified NSA data from the NSA employee’s computer.
Ironically, Martin was arrested at a time when the FBI was engaged in an aggressive campaign against Kaspersky Labs to discredit it and get its software banned from US federal computers for the sake of national security.
Even though Kaspersky Lab vigorously and repeatedly denied these accusations, its software and services was banned for government use by a law signed by President Donald Trump in December of 2017 and later by the Department of Homeland Security (DHS) over spying fears.
At the time of his arrest in August 2016, Martin worked for Booz Allen Hamilton Holding Corp, the same company previously employed Edward Snowden who also leaked classified documents in 2013 that exposed secret surveillance programs carried out by the NSA.