In light of the recent actions and publications, I make these updates:
Pho was employed as a developer in Tailored Access Operations (TAO, operations and intelligence collection from foreign automated information systems or networks, as well as actions taken to prevent, detect and respond to unauthorized activity within DoD information systems and computer networks, for the United States and its allies) at the National Security Agency (NSA). He held a certain number of security clearances included TOP SECRET.
According to court documents, Pho removed massive troves of highly classified national defense information without authorization and kept it at his home. The official court count against him is Willful Retention of Classified National Defense Information Maybe more, but one part of the court audition is sealed for National Security Reason.
He was sentenced to 66 months in prison, to be followed by three years of supervised release, for willful retention of classified national defense information.
In a letter recovered by Politico Journalist’s, The NSA Director, Michael S. ROGERS, told these sentences:
Some of NSA's most sophisticated, hard-to-achieve, and important techniques of collecting [signals intelligence] from sophisticated targets of the NSA, including collection that is crucial to decision makers when answering some of the Nation's highest-priority questions... Techniques of the kind Mr. Pho was entrusted to protect, yet removed from secure space, are force multipliers, allowing for intelligence collection in a multitude of environments around the globe and spanning a wide range of security topics. Compromise of one technique can place many opportunities for intelligence collection and national security insight at risk.
After carefully read the Rogers letter, we can assume with moderate confidence that NHGIA HOANG PHO was the / part of / source of the #ShadowBrokers leaks. Rogers talked about techniques, nsa accounting, and other things, indicates strong and long term impacts. These things can be Eternal… class exploits, or about the framework FuzzBunch. I like how Rogers talked about Trust too, cause this whole case eroded the Trust partnership with some U.S. services. This was a strong impact and indicting someone for the presumed the /part of /source showed NSA taken time but finally found something. It’s a hard advertising to everyone working for them and a strong technical & political message too.
Unfortunately, even if predictable, there is a part of the judgment sealed, where, I presume, technical details and information landed. Maybe, in some future, the full story will be declasified? Who’s knows ? :)
References:
Harold Thomas Martin III, is a former contractor for Booz Allen Hamilton, a defense contractors well-known company for working for the U.S. Department of Defense. He was employed in the Tailored Access Operations Unit (TAO, operations and intelligence collection from foreign automated information systems or networks, as well as actions taken to prevent, detect and respond to unauthorized activity within DoD information systems and computer networks, for the United States and its allies) at the National Security Agency (NSA). Harold Thomas Martin III had a Top Secret National Security clearance.
According to court documents, Harold Thomas Martin III removed massive troves of highly classified national defense information (TOP SECRET, SCI; some of them were produced in 2014) without authorization and kept it at his home. He started removing not earlier than 1996 and continuing through August 27, 2016 The 29th August 2016, acording to the criminal complaint court document, Harold Thomas Martin III is being prosecuted for 2 counts:
The official court twenty counts against him are Willful Retention of Classified National Defense Information These counts are a choice of 20 Documents retrieved by FBI agents inside an amount of 50 Terabytes of data and hard copy (papers)
Sentences pending, he agree to plead guilty for 1 of the 20 counts of “willful retention of classified national defense information”.
After carefully reviewed again these documents, I would say there’s nothing can’t indicate Harold Thomas Martin III wasn’t the source of the initial leak, of his own free will or not. My thoughts are he wasn’t the source knowingly. But I want to replace the context, needed here and it was the reason of this blog entry: Harold Thomas Martin III is a person who’ve problem in his life, made huge mistakes or offenses (leaving TS/SCI docs on his vehicule seats in the driveway per eg.). According court document, Martin made some research on how U.S. detect leaks (technologies and procedures), about russian language too and others languages.
For me, he contacted the ShadowBrokers when they gone public and send a DM to @shadowbrokerss Twitter account with the famous sentence “shelf life, three weeks”, which can be a time limited access link to some materials. If as some people in this neighboorhod said, he was a true patriot, he maybe tried to catch them, and this can be just a bad game ended by the FBI raid. But this can be a try to shared with TA TSB some documents to prove he had access to interesting files too. This later opinion has been strengthened in the FBI minds by the discovery of an old letter where it threatened colleagues and the way they used TS/SCI files. Adding he was in posession of a “sophiticated software tool which runs without being installed on a computer and provides anonymous internet access, leaving no digital footprint on the machine” which I assumed FBI talked about a live distribution like Tails, adding FBI found evidence he had remote data storage accounts and he masters the encryption, that’s a lot of, moderate to high, indicators and I understand the RED alert as, I thinks, FBI done. During the RAID FBI found 50 Terabytes of information (Digital, paper back) per eg. Secret NSA emails, Document A about a NAVY OP classified TS/SCI; In all of this troves, FBI restrained the indictment to 20 Documents they’ve found, each document is a count of Willful Retention of Classified National Defense Information.
There’s a lot to say in this case, TS/SCI classified documents lying in the back seat of a vehicule parked in the driveway, NSA won’t be able to detect 50 Terabyes exfiltration, but I don’t thinks he’s the primary source knowingly but one of his account maybe have been breached and his backups have been recovered, which would make him the indirect source. Unfortunately, even if predictable, there is a part of the information redacted, where, I presume, technical details and information landed.
Maybe, in some future, the full story will be declasified? Who’s knows ? :)