Monday, October 31, 2016

NSA security gaps revealed after suspect arrested in breach privateofficer.com

WASHINGTON DC Oct 31 2016 — Year after year, in his messy personal life and his brazen theft of classified documents from the National Security Agency (NSA), Harold Martin III put to the test the government’s costly system for protecting secrets.
And year after year, the system failed.
Martin got and kept a top-secret security clearance despite a record that included drinking problems, a drunken-driving arrest, two divorces, unpaid tax bills, a charge of computer harassment and a bizarre episode in which he posed as a police officer in a traffic dispute. Under clearance rules, such events should have triggered closer scrutiny by the security agencies where he worked as a contractor.
Yet even after extensive leaks by Pfc. Bradley Manning in 2010 and Edward Snowden in 2013 prompted new layers of safeguards, Martin was able to walk out of the NSA with highly classified material, adding it to the jumbled piles in his house, shed and car.
A federal judge in Baltimore ruled Friday that Martin, 51, must remain jailed on charges of stealing government documents and mishandling classified information over two decades. Prosecutors say they will add new charges under the Espionage Act. Martin, whose arrest in August was disclosed this month, has admitted to taking the material but denies giving secrets to anyone else.
His actions, which prosecutors described in court as “breathtaking,” have cast a harsh light on the government’s ability to police the 3.1 million employees and 900,000 contractors who hold clearances — or even the much smaller number who work inside the most closely guarded programs, as Martin did. His case appears to show serious breakdowns in personnel evaluation, technology designed to detect leaks and the basic job of inspecting people leaving secure buildings.
Dennis Blair, a former director of national intelligence, said he was “shocked” that Martin managed to remove classified material in bulk as recently as this year, in part because the government has spent tens of millions of dollars since 2010 on measures to prevent unauthorized activity or downloads.
“If there are breakdowns in your security system, as there clearly were with Snowden and this guy, you have to look at whatever went wrong and fix it,” Blair said.
Some intelligence officials sounded a defensive note. William Evanina, the government’s top counterintelligence official, said it may be infeasible to prevent every breach at an agency like the NSA, with 35,000 employees.
“I don’t think it’s possible,” Evanina said. He credited the government with doing “an amazing job” in tightening security and called the NSA “one of the leaders.” Despite such efforts, he said, “if someone is intent on stealing classified data, it’s very hard to stop them.”
A look at Martin’s past raises a question: Did his erratic behavior ever prompt a review of his top-secret clearance, which allowed him to work on some of the nation’s most sensitive intelligence operations over two decades at eight contractors? His record of personal and legal troubles reads like it might have been drawn from the official list of factors that can be used to deny a clearance.
In 2000, Maryland put an $8,997 lien on Martin’s property for unpaid taxes that he would not pay off until 2014, a sign of chronic financial difficulties. In 2003, he was charged with misdemeanor computer harassment, a result of pestering a woman with unwanted messages. The charge was eventually dismissed.
Martin has a history of “binge drinking on a monthly basis,” Judge Richard Bennett of U.S. District Court said in a detention hearing Friday. Alcoholism does not automatically block a security clearance, officials say, but the person must acknowledge the issue and seek treatment.
In 2006, Martin was charged with driving under the influence. In 2008, he cut off another driver and in the ensuing argument said he was a police officer, according to two acquaintances who did not want to be identified. When it turned out the other driver was an off-duty state trooper, Martin fled. The local police charged him in the incident, but the record of the episode was later expunged.
“Those are all big red flags, and reasons why you wouldn’t get a clearance,” said Ross Schulman, a cybersecurity expert at the Open Technology Institute at New America, a Washington, D.C., research group. “What seems clear in this case is that they dropped the ball in choosing who to allow access to their material and computers in the first place.”
The year after the episode of police impersonation, Martin was hired by the contractor Booz Allen Hamilton, for whom he would work at the NSA for the next six years before being moved in 2015 to a Pentagon job involving offensive cyberwarfare.
A routine five-year renewal of his security clearance in 2012 should have covered all his legal tangles and the breakup of his two marriages, in the late 1990s and 2010. Such reviews include a polygraph test, in which a standard question asks about mishandling of classified information. If such a question was asked, Martin appears to have passed the polygraph.
In recent years, intelligence agencies have begun to bolster the five-year reviews with “continuous evaluation,” said Evanina, the counterintelligence chief. That means public databases showing criminal or civil cases, unpaid debts and divorces should all be scanned constantly for the names of clearance-holders, he said.
In a major upgrade to the security system after the transfer of military and diplomatic files by the former Army private now known as Chelsea Manning to WikiLeaks in 2010, the NSA and other agencies installed specialized software to detect unusual conduct on agency networks or large downloads of secret data. Agencies also cracked down on removable storage devices like CDs and thumb drives, literally gluing drives shut or disabling the software required to use them.
One former senior intelligence official suggested Martin might have dodged those safeguards because he was assigned to Tailored Access Operations, the NSA hacking unit. Because the unit develops malware to break into foreign computer networks and steal secrets, its machines are segregated from NSA’s main network to avoid the possibility that a rogue program could get loose and do damage.
In the separate network, the electronic alarms that sound for unusual downloads may not operate, and the ban on thumb drives does not always apply, said the official, who spoke on condition of anonymity. “By the nature of the work he’s in, you have to carve that out so as not to do harm to your own system,” he said.
The last chance to stop someone from carrying off secrets is at the gates to NSA facilities. Martin’s lawyer, James Wyda, said in court that “there was nothing sophisticated Martin did to remove this information” from the agency. Before the lawyer could elaborate, prosecutors objected, evidently concerned about the message that security is lax.
Only the most intrusive search would detect papers or a small drive hidden under clothing, and officials fear that universal searches would be impractical and send a message of mistrust.
“You don’t want to create a Stasi-like atmosphere,” said Michael Hayden, a former NSA and CIA director, referring to the East German secret police. Instead, NSA guards carry out random searches, which sometimes included the director, he said.
FBI agents who took 50 terabytes of data from his house found it on disks, hard drives and thumb drives. Had security guards found any of those leaving the agency, it would have set off an investigation, Martin’s former colleagues said.
As more details on the case emerged last week — including prosecutors’ assertion that the documents Martin took contain the names of some intelligence officers who worked undercover — Booz Allen Hamilton said it had hired former FBI Director Robert Mueller III to review its security and management practices. For Booz Allen, Martin’s arrest was a second devastating blow: Snowden was also an employee when he took hundreds of thousands of NSA documents in 2013.
Sen. Dianne Feinstein, vice chairwoman of the Senate Intelligence Committee, said she expected the committee to examine the incident, both to review whether recent security upgrades at the NSA are sufficient and to consider further improvements.

In court Friday, Bennett concluded that Martin posed too much of a flight risk to release before trial. Though there is no proof that Martin passed the secrets he took to others, “the harm has already occurred,” the judge said, “in terms of the loss of confidence on the part of the public” in the intelligence agencies.
The New York Times
By Scott Shane/Jo Becker

No comments: