The Insider Threat – At The NSA!

October 20, 2016 CyberCecurity Leave a comment

Photo from Flickr; Courtesy Fort Meade public affairs office

Some of you probably remember Edward Snowden (just kidding!). Snowden was a Booz, Allen, Hamilton employee, on contract to the NSA. Well now there is another Snowden at Booz.

Booz has annual revenue in excess of $5 billion and has contracts all over the federal government.

Earlier this month, the feds arrested Harold Thomas Martin III, another Booz employee assigned to the NSA. Remember that package of cyber exploits that hit the dark web a couple of months ago that was thought be be an NSA toolkit lost in the wild? Well, the feds are saying that was the work of Martin. Earlier this month they arrested Martin and charged him with theft of government property and unauthorized removal and retention of classified materials.

If that was all, it would be an interesting story, but not news worthy.

As the story unfolds, the feds are now saying that they have found 50,000,000,000,000 bytes of stolen data in his house and car; most of it out in the open (all though, I am not sure that makes much of a difference under the circumstances). If you are not sure how to read a number with that many zeros, it is 50,000 gigabytes or 50 terabytes.

The 50,000 gigabyte number, the court filings say, is a conservative number, so it is likely more.

If we were talking about Netflix standard definition movies to compare with, streaming 24 hours a day, 7 days a week, that much data represents watching Netflix, non-stop for almost 6 years. If the movies were HD, it only represents 2-3 years of 24×7 watching.

Martin, who lives in Glen Burnie, MD, near NSA HQ, has apparently been taking this data since 1996. That makes it one of the longest running undetected cases of espionage ever.

Unlike Snowden however, it appears, so far, that he didn’t have a goal to release this data or sell it to the Ruskies, but rather, he was hoarding it. AT LEAST, THAT IS WHAT THEY ARE SAYING NOW.

For the NSA, this is another huge black eye.

For Booz, Allen, Hamilton, it (hopefully) makes government customers leery of their ability to protect classified customer information. First Snowden and now Martin.

For average citizens, it should make them skeptical of the government’s claims that information that is shared with them can realistically be protected. Certainly it should call into question the government’s ability – or for that matter anyone’s ability – to keep millions of encryption keys secret.

This is the downside of the digital world. If he had to carry those 50,000 gigabytes of data out in paper, it would represent 25 billion pages of text – definitely harder to steal and even harder to store.

It also points to the insider threat problem at most companies – who are likely not as secure as the NSA.

This is likely not the end of this story. All I can say is holy cow!

Information for this post came from The Washington Post and USA Today.