SAN FRANCISCO — How did Harold Martin go from being an “intense but sweet man” who friends and colleagues describe as deeply, almost obsessively focused on his work, to being dragged, stricken and pale, from his house in Glen Burnie, Maryland amid suspicions that he stole classified documents from the elite NSA hacker unit where he worked?
Martin was the sort of person who would talk your ear off about some detailed aspect of his research into cloud computing, or pass by without saying a word, said one of Martin’s colleagues at the University of Maryland, who said he was in “regular touch” with Martin until he was arrested on Aug. 27. The colleague asked not to be identified by name as he had spoken to federal prosecutors about the case and had been advised not to speak to the media.
“He would go down the rabbit hole with some idea or another, he would get very intensely focused on something, but then move onto something else, so I would describe him as someone with a range of interests though all of them tied back to information systems,” who, like others who spoke to BuzzFeed News about Martin, called him by his nickname, Hal.
“On the one hand, I want to say, ‘no way, did Hal do what they seem to be saying he did,’” he added. “But on the other, he had his quirks. He was really serious about his interests, he would suck up all the information to be had about this topic or that… You could say he liked to show off what he knew.”
Martin, a retired navy officer, was working as a contractor for Booz Allen Hamilton at the NSA at the time of his arrest. His work, much of which was with an elite offensive team of government hackers, gave him access to some of the government's most classified information. His colleagues said he relished the job, and was constantly researching and reading up on the latest work to be published by his colleagues in the national security and cybersecurity world.
A second colleague, also from the University of Maryland, told BuzzFeed News that he had recently spoken to Martin about his PhD research and that he got the sense that “Martin had a lot on his plate, was busy working and not going to finish his dissertation anytime soon.”
“There are a lot of those guys at the university who are really there part time and are doing government work full-time,” said the colleague, who also did not want to be named. “If you were going to look for people with access to a lot of classified information, this would be a good place to start.”
One former employee of Booz Allen Hamilton told BuzzFeed News that they were sure Martin’s actions were not “malicious in nature.”
“From what I’ve heard, what I’ve understood, this is a guy who took home material, classified material, and stored it improperly. I haven’t seen anything to suggest his actions were malicious in nature,” said the employee, who spoke to BuzzFeed News on condition of anonymity. “People want to call him another whistleblower or Snowden. Maybe because that movie is out, but that’s not what I see happening here,” the employee said.
And yet, many questions remain.
A page dedicated to Martin’s PhD research on the University of Maryland only deepens the mystery. Amid the links to his highly technical research on cloud computing, autonomous software agents, and computing architecture, are encrypted files in executable (.exe) form which someone uploaded to the free malware and virus scanning website, Virus Total, a week after his arrest. Again, theories among national and cybersecurity experts for just how the files appeared on Virus Total have ranged from federal agents scanning the files themselves to check if they contained harmful links, to a planned dead man’s drop, where Martin may have set the files to be uploaded in the event of his arrest or death.
Online, Martin left a digital footprint that included regularly participating in discussions on message boards like DailyDave, a technical discussion list for various cybersecurity interests. There he speculated about questions like “what is cyber-range?” writing: “Cyberseige is an example of training through gaming, and if it evolves into more a VR experience, may lead to a lot of interesting outcomes.”
In one thread asking about what made up a cyberweapon, he wrote, “might want to consider emphasizing that anything that can significantly degrade/destroy/gum-up an electronic 'capability' is a cyber wep. The ability to flood a network with terrible sysadmins, shorting out a certain substation in crofton, an emp generator, or, yes, not malicious, but poorly (memory leaks,crappy coding,not doc'd) written apps can be cyber weps... The 'low and slow' variety, that waste time, misinform, slow down progress.... Things that suck out the soul/money/enthusiasm/creative 'will to live' of ITers trying to build/create decent IT constructs. Just a thought.... Rock on, hope your presentation is well received. Best, Hal.”
Little else is publicly available about Martin. He divorced his first wife in January 2010, and at the time of his arrest appeared to have remarried. Divorce papers obtained by BuzzFeed News show he got custody of a Lexus, the license plate of which read “POLYGRAPH.”
A criminal complaint filed on Aug. 29 against Harold T. Martin III, 51, has him charged with “theft of government property” and “unauthorized removal or retention of classified material or documents or material by a government employee or contractor.” His LinkedIn page shows that he was a contractor with Booz Allen Hamilton who worked within the NSA’s offensive cyber unit, part of which is tasked with penetrating the information systems of foreign countries.
When federal officers raided his home on Aug. 27, they seized “many terabytes of information” in digital media, according to the criminal complaint. In his home and two storage sheds were thousands of pages of documents of classified information, according to court documents. Six of the classified documents “appear to have been obtained from sensitive intelligence,” according to the complaint, which added that Martin at first denied taking the documents and files, but then admitted to bringing them to his residence in his car without authorization. While many of those were described as “old,” some were as recent as 2014, according to unnamed officials who spoke to the New York Times. The report also said that some of the classified documents had also been been posted online.
Theories among national security experts for why Martin stashed classified documents have ranged from painting him as a hapless academic, to a potential spy and/or whistleblower. Some have argued that he intended to use the documents as part of his dissertation research at the University of Maryland, where he was working on a dissertation, though why he would risk sneaking out classified documents for a PhD paper remains unclear. Others have said that he intended to make the documents public, a la Edward Snowden, or that he intended to sell the classified information to a foreign government. Neither explains why he would risk holding the documents in his home for years.
US officials have painted Martin as an “insider threat,” with Assistant Attorney General for National Security, John Carlin, telling a CNBC summit in Cambridge, Massachusetts, on Wednesday, that authorities had “made arrest of an individual who was involved in taking classified information.”
Carlin said the arrest highlighted the “problem of insider threats.”
“We talk a lot about how someone can gain…access remotely, but as you’re designing internal security programs…we also need to take into account, whether it’s economic espionage or traditional espionage, the focus on those who are trusted within our companies, within our government, who can exploit that trust to cause enormous harm,” he said.
Sheera Frenkel is a cybersecurity correspondent for BuzzFeed News based in San Francisco. She has reported from Israel, Egypt, Jordan and across the Middle East. Her secure PGP fingerprint is 4A53 A35C 06BE 5339 E9B6 D54E 73A6 0F6A E252 A50F
Got a confidential tip? Submit it here.