Category Archives: NSA

Former NSA contractor Harold T. Martin III, who remains in jail awaiting a court case for allegedly carrying out the biggest theft of classified information in U.S. history, reportedly compromised more than 75percent of hacking tools that were stored in a secretive library used by the agencys elite hacking unit.

Federal prosecutors in Baltimore may seek an incitement against Martin as early as this week, according to The Washington Post. The incident is expected to contain charges of violating the Espionage Act.

Individuals familiar with the case told the Post that Martin willfully retained information pertaining to national security, which includes classified NSA data and operational plans. Violations of the Espionage Act can carry a prison term of up to 10 years for each count.

A criminal complaint unsealed by the court in October showed that government lawyers were originally seeking to charge Martin with felony theft of government property and the unauthorized removal and retention of classified materials, which would result in a misdemeanor. Recent reports suggest a steeper penalty for Martin, who worked in the U.S. intelligence community for more than a decade as a defense contractor.

Zachary Myers, an assistant U.S. attorney with the District of Maryland, said during a detention hearing in October that Martin stole irreplaceable classified material on a breathtaking scale, roughly amounting to 50 terabytes worth of digital information.

Martins defense attorneys have consistently defended their client, describing him as a patriot that simply hoarded documents he deeply treasured. Martin, they say, acted on his own volition and was not acting on the instruction of a foreign power.

Last Fall, a U.S. District Judge declined Martins request to be released from jail pending an eventual trial or resolution of the case. At the time, the judge ruled that Martin posed a flight risk.

Read this article:
Report: NSA contractor allegedly stole armory of elite hacking tools ... - CyberScoop

Former National Security Agency contractor Harold Martin was indicted today on 20 criminal counts for stealing government documents and data in his capacity as a Booz Allen Hamilton employee, according to Reuters. Each of the 20 charges carries with it a sentence of up to 10 years. Despite obvious similarities to whistleblower Edward Snowden, who also worked as a NSA contractor employed by Booz Allen Hamilton, the government is not saying what whether 52-year-old Martin actually did anything with the classified info he took. Martins arrest was first made public last October.

The Washington Post reported earlier this week that Martin may have stolen up to 50TB of classified data, which would make it the largest trove of government secrets ever stolen. US officials allege that some of that data included at least 75 percent of an elite hacking toolset used by the NSAs Tailored Access Operations (TAO). That would make Martins trove of classified data highly valuable, as TAO is tasked with developing exploits for foreign espionage.

The indictment says that Martins trove of stolen data also included documents from the CIA, the US Cyber Command, and the National Reconnaissance Office. It was allegedly all kept on computers and drives at Martins Glen Burnie, Maryland home. Martin was able to do this because of the security clearances granted to him as a contractor with at least seven different government agencies, work he began back in 1993 after serving in the US Navy, Reuters says. Martin is set to appear before a federal judge in Baltimore next week on Tuesday, February 14th.

Read more:
NSA contractor indicted for stealing more than 50TB of government secrets - The Verge

By reproducing the slime, Navy researchers one day could replace synthetic products derived from petroleum products such as Kevlar, which is used in bulletproof vests. Its not just science fiction, either.

It looks and feels a lot like snot, but Navy researchers believe slime produced by the primitive hagfish could help save lives.

The bottom-dwelling hagfish is commonly referred to as a slime eel because it looks like an eel and produces a slimy substance that quickly expands in water to enable it to escape from predators by clogging up their attackers gills.

That unique capability is what has captured the imagination of the United States Navy. Its researchers believe that, by reproducing the slime, they one day could replace synthetic products derived from petroleum products such as Kevlar, which is used in bulletproof vests. Its not just science fiction, either.

The Navy says one of its research teams in Bay County already has recreated the material. Now its beginning to work on how best to turn the synthetic slime into something useful.

From a tactical standpoint, it would be interesting to have a material that can change the properties of the water at dilute concentrations in a matter of seconds, Ryan Kincer, a materials engineer at Naval Surface Warface Center, Panama City Division, said in a statement.

The Navy also envisions using the material in products to protect firefighters and divers, as an anti-shark spray, and as a coating for ships to protect against algae, barnacles and other aquatic life that typically attach to them. Eventually, some products derived from the slime could work their way into the private sector.

While there are several varieties of hagfish frequently called one of the worlds ugliest species Navy researchers used the Pacific hagfish in their slime-duplication efforts. Thats because the Pacific hagfish has already been genetically sequenced.

Josh Kogot, a biochemist at Naval Surface Warfare Center Panama City Division, said using the Pacific hagfish allowed researchers to work quickly by specifically looking into its DNA sequence and proteins. The slime theyre interested in is a combination of two proteins and saltwater.

Kogot said it took about six months to be able to reproduce the slime into a filament.

Whats fascinating to me is just how simple in the grand scheme of things this system is. Its really a two-protein system with seawater, and its able to be this strong and expansive, he said. It can expand 10,000 times in volume in milliseconds.

To create the proteins, Kogot grew them in separate E. coli dishes, isolated and purified them, and then combined them with a centrifuge. Researchers knew they had successfully duplicated the slime by examining their version with a scanning electron microscope.

Kogot said no special equipment was necessary, either; its all equipment most biotechnology researchers already have. The filament thats created is stored in a screwtop vial and is kept in a refrigerator when its not in use, although it maintains its properties at room temperature.

Kogot said some practical-application testing on the material alreadyhas begun, but he did not elaborate for what uses.

Right now, his team is looking for ways to increase the duplicated slimes ability to attach to different surfaces, potential delivery systems, and enhancing its stability in different environments, according to the Navy.

Kogot said its too early to tell when a product using the synthetic slime could be integrated into the fleet, but testing on specific applications could begin within six months to a year.

Go here to see the original:
Hagfish slime aids NSA PC researchers - The News Herald

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...

THE BIG STORIES:

--NSA CONTRACTOR INDICTED: A federal grand jury on Wednesday issued an indictment of a former National Security Agency contractor accused of stealing thousands of pages of classified documents. Herald Thomas Martin III, 52, was charged with 20 counts of "willful retention of national defense information," according to a statement released by the Justice Department shortly after the indictment was returned. Martin worked at the NSA between 2012 and 2015 while he was an employee at the consulting firm Booz Allen Hamilton. The indictment alleges that Martin had been stealing and maintaining mounds of highly classified information starting as early as 1996, until his arrest last August.

To read the rest of our piece,click here.

--FBI NOT ANTICIPATING IMMEDIATE CHANGE ON ENCRYPTION: Donald TrumpDonald TrumpTrump pens letter to Chinese president New York Post reporter sues after being fired for critical Trump tweet: report Sessions urges respect in Senate farewell speech MORE's White House has discussed encryption policy with the FBI, a bureau official indicated Wednesday. James Baker, the FBI's general counsel, said he is unaware of any planned changes on encryption policy under the new administration. "There have been some discussions, obviously, about this," he said at an encryption policy at an event in Washington, D.C. "It is a big topic and one that people have discussed," he continued. "I am not aware of any policy change or even a determination at this point in time, given how soon we are into the new administration."

To read the rest of our piece,click here.

--NATO'S NEW CYBER GUIDE: NATO on Wednesday released the first major revision to the Tallinn Manual, the closest thing there is to a rulebook for nation-led cyber operations. Like the original 2013 manual, the new version is the result of a study by NATO to gauge consensus opinions from international law experts on what types of cyber statecraft are acceptable. "Let me assure you, the manual will sit on the desk of every legal advisor in every ministry of defense and every ministry of foreign affairs in the entire world," Director and General Editor Michael Schmitt said at a press briefing before its launch at the Atlantic Council headquarters in Washington. Both manuals pull together law originally developed to cover fields ranging from armed conflicts to outer space to extrapolate the likely legal consequences for cyber operations. But while the first draft covered war-like cyber attacks between nations, the new draft adds legal analysis of peacetime operations.

To read the rest of our piece,click here.

A POLICY UPDATE:

--SENATORS MAKE PLAY ON RUSSIAN SANCTIONS: A bipartisan group of senators is moving to check President Trump on Russia by bolstering congressional oversight before he can lift sanctions.

Sens. Lindsey GrahamLindsey GrahamOvernight Cybersecurity: Ex-NSA contractor indicted over alleged theft | NATO's new cyber guide | Senators move to limit Trump on Russia Lindsey Graham: Floor action to silence Warren long overdue Overnight Defense: McCain, Spicer spar over Yemen raid | Senate bill would limit Trump on Russia sanctions | Trump cozies up to military MORE (R-S.C.), Ben CardinBen CardinOvernight Cybersecurity: Ex-NSA contractor indicted over alleged theft | NATO's new cyber guide | Senators move to limit Trump on Russia Overnight Defense: McCain, Spicer spar over Yemen raid | Senate bill would limit Trump on Russia sanctions | Trump cozies up to military Senators move to limit Trump on Russia sanctions MORE (D-Md.), Marco RubioMarco RubioWarren seizes spotlight after GOP rebuke Overnight Cybersecurity: Ex-NSA contractor indicted over alleged theft | NATO's new cyber guide | Senators move to limit Trump on Russia Overnight Defense: McCain, Spicer spar over Yemen raid | Senate bill would limit Trump on Russia sanctions | Trump cozies up to military MORE (R-Fla.), Sherrod BrownSherrod BrownOvernight Cybersecurity: Ex-NSA contractor indicted over alleged theft | NATO's new cyber guide | Senators move to limit Trump on Russia Overnight Defense: McCain, Spicer spar over Yemen raid | Senate bill would limit Trump on Russia sanctions | Trump cozies up to military Sanders, Dems read Coretta Scott King's letter after Warren silenced MORE (D-Ohio), John McCainJohn McCainOvernight Cybersecurity: Ex-NSA contractor indicted over alleged theft | NATO's new cyber guide | Senators move to limit Trump on Russia Overnight Defense: McCain, Spicer spar over Yemen raid | Senate bill would limit Trump on Russia sanctions | Trump cozies up to military Navy's No. 2 on base closures: Don't give away 'waterfront property' MORE (R-Ariz.) and Claire McCaskillClaire McCaskillOvernight Cybersecurity: Ex-NSA contractor indicted over alleged theft | NATO's new cyber guide | Senators move to limit Trump on Russia Overnight Defense: McCain, Spicer spar over Yemen raid | Senate bill would limit Trump on Russia sanctions | Trump cozies up to military Senators move to limit Trump on Russia sanctions MORE (D-Mo.) introduced legislation Wednesday setting up a period of congressional oversight before Trump could roll back financial penalties.

The legislation, known as the Russia Sanctions Review Act, would require Trump to notify Congress before he lifts sanctions tied to the invasion of Ukraine or Russia's meddling in the White House race.

"To provide relief at this time would send the wrong signal to Russia and our allies who face Russian oppression. Sanctions relief must be earned, not given," said Graham, a frequent GOP critic of the president.

To read the rest of our piece,click here

A LIGHTER CLICK:

--FAR MORE THAN YOU COULD EVER WANT TO KNOW ABOUT ALUMINUM CANS. A palate cleansinginformational videofor stressful times. (Via Boing Boing)

A REPORT IN FOCUS:

--ENCRYPTION CHALLENGES FOR FBI 'MANAGEABLE': The challenges that data encryption pose for law enforcement are manageable, according to a new analysis by a Washington, D.C., think tank, to be released later Thursday.

The research from the Center for Strategic and International Studies, which was shared with The Hill, found no instances in which encryption played a "determinative role" in recent major terrorist attacks in Europe and the United States.

The think tank also concluded that encryption does not play a major role in terrorists' efforts to recruit followers over the internet.

The report comes at a moment of heightened concern over cybersecurity and a debate about encryption and federal authorities' access to secured communications.

To read the rest of our piece,click here.

WHO'S IN THE SPOTLIGHT:

--EVERYBODY: Here are16 people to watch in tech, including a bunch of cybersecurity folk.

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

Most Americansthink they know more about cybersecuritythan Donald Trump or Hillary ClintonHillary Rodham ClintonKaine: Sometimes I feel like I live in 'alternate reality' Warren seizes spotlight after GOP rebuke Overnight Cybersecurity: Ex-NSA contractor indicted over alleged theft | NATO's new cyber guide | Senators move to limit Trump on Russia MORE. (The Hill)

A digital liberties group is pushing the EU toabandon its data transfer pactwith the U.S. (The Hill)

President Trump and Intel tout new$7 billion investmentto create 10K jobs. (The Hill)

FTC names a deregulation supporterhead ofits Bureau of Consumer Protection. (The Hill)

DHS is bringingmarket-ready techto the RSA conference. (The Hill)

ForcePoint Security Labs spots a reconnaissancehacking campaigntargeting U.S. based embassies. (ForcePoint blog)

Republicans flock to "Confide,"a secure messaging app, to avoid email breaches. (Axios)

Websites should let youcut and paste passwords.(Troy Hunt)

The Virginian cybersecurity firmInvincia is soldto the Brit behemoth Sophos. (Washington Post)

If you'd like to receive our newsletter in your inbox,please sign up here.

More here:
Overnight Cybersecurity: Ex-NSA contractor indicted over alleged theft | NATO's new cyber guide | Senators move to ... - The Hill

If the National Security Agency and Cyber Command were to split, NSA Executive Director Corin Stone explained thatany disagreements between the agencies would be decided by the secretary of defense and the director of national intelligence, to ensure fair judgment.

There have been conflicting opinions on the decision on whether to split the NSA from U.S. Cyber Command, which have traditionally operated as separate agencies under a dual-hat system with the same head. Stone said that Cyber Command is tasked with protecting Department of Defense networks, and the NSA conducts foreign signals intelligence and protects other national security systems, which are already separate jobs.

If the dual hat splits, it wont make a huge difference, frankly, Stone said in the Steptoe Cyberlaw Podcast last week.

Stewart Baker, former National Security Agency general counsel and partner at Steptoe & Johnson, questioned what would happen if the two agencies disagreed on a course of action. For example, how would the situation be resolved if Cyber Command wanted to take down an enemys network but the NSA wanted it to remain open because it was collecting useful intelligence information from the network.

It makes it more sensible to have a civilian head, Baker said, referring to the current head of both the NSA and Cyber Command, Adm. Michael Rogers.

Baker said that it would be unfair if the military branch, Cyber Command, received more authority from a leader with a military background.

Stone said that this wouldnt be the case because in the event of a disagreement between the different agencies, the two would voice their reasoning to the secretary of defense and the director of national intelligence, who would then make a decision together.

The NSA is also trying to monitor what information goes in and out of the agency without alienating employees.

The NSA has suffered from security leaks due to employeesEdward Snowden and Harold Martin, which has forced the agency to focus more on what data is leaving Fort Meade. The NSA has also had to consider intimidating its trustworthy employees during the dip in morale following these security leaks.

Its about defeating the enemy and making sure were not doing anything to enable [them], Stone said.

Snowden and Martin, both NSA contractors, were charged with stealing classified government information. Stone said that monitoring the movement of information has become more difficult with the use of flash drives and other technology that makes data mobile.

Any leaks, any unauthorized disclosures has an impact on morale, Stone said. Weve got a dedicated workforce. Theyre extremely sophisticated technical experts working very long hours on tough, tough problems, sometimes for years at a time and when someone is a peer or a colleague or someone they knew or someone they didnt know decides to break trust with the U.S. government, with the American people, and with their peers and colleagues, thats something that does deal a blow to morale.

Stone said that there has to be some layer of trust between the agency and employees because carrying flash drives has become commonplace and the agency cant inspect every one. Stone also said that the employees at NSA especially care about protecting citizen information.

The NSA is also working to increase transparency following these leaks by encouraging employees to discuss its mission with the public to be less of a mystery. This method also helps with hostile audiences, according to Baker.

If somebody is standing there and theyre talking like you, and they sound like you, and theyre just an ordinary person like you, its hard to hate them, Stewart said.

The NSAs current organizational system, which was revamped in 2016 under the name NSA21, integrates offensive and defensive cyber operations. Stone said that she believes that the focus on each side is balanced and allows the agency to tackle threats faster.

We have already seen more agility based on that integration, Stone said.

NSA has updated its goals in other ways, including fostering creativity and providing more support to its personnel throughout their careers. Stone said that the NSA has been supporting its employees by focusing on diversity efforts.

The NSA runs free GenCyber camps for students from elementary through high school to learn about cybersecurity. The NSA has also been reaching out to students at Historically Black Colleges, such as Morgan State University and Howard University, to consider careers at the agency.

Stewart said that the NSA already has some level of diversity because of the many different military and civilian backgrounds of its employees. Stone said there was more that could be done, but agreed in that respect.

We do have a level of diversity thats extraordinary, Stone said.

Continued here:
NSA Executive Explains Logistics of Possible Cyber Command Split - MeriTalk (blog)

Federal prosecutors in Baltimore are expected to seek an indictment as early as this week against a former National Security Agency contractor who is accused of carrying out the biggest theft of classified information in U.S. history.

The indictment against Harold T. Martin III is expected to contain charges of violating the Espionage Act by willfully retaining information that relates to the national defense, including classified data such as NSA hacking tools and operational plans against a known enemy of the United States, according to individuals familiar with the case.

Martin, 52, was arrested Aug. 29 at his home in Glen Burnie, Md., and he has been held in a detention facility since. A U.S. District Judge last fall declined Martins request to be released from jail pending an eventual trial or resolution of the case, ruling that he was a flight risk.

In a complaint unsealed in October, the government charged Martin with felony theft of government property and the unauthorized removal and retention of classified materials, a misdemeanor. The prosecutors said then that they expected that the indictment would also include charges of violations of the Espionage Act, offenses that carry a prison term of up to 10 years for each count.

Such charges, prosecutors said, if run consecutively, could amount to a sentence as high as 30 years to life in prison.

The Justice Department declined to comment Monday.

In court hearings and filings, prosecutors have characterized Martins actions as highly damaging to national security. Over the course of 20 years working with various federal agencies, Martin took irreplaceable classified material on a breathtaking scale, said Zachary A. Myers, an assistant U.S. attorney with the District of Maryland, at a detention hearing in October.

Myers said Martin took many thousands of pages of classified material as well as 50terabytes of digital data, much of which has special handling caveats.

Martin previously worked in the Navy, leaving active duty in 1992 and then held a variety of tech jobs with government contractors. He worked at the NSA from 2012 to 2015, where he was an employee of the intelligence contractor Booz Allen Hamilton.

For some portion of that time, Martin was in the NSAs elite hacker unit, Tailored Access Operations, which makes and deploys software used to penetrate foreign targets computer networks for foreign espionage purposes.

Some U.S. officials said that Martin allegedly made off with more than 75percent of TAOs library of hacking tools an allegation which, if true, would be a stunning breach of security.

James Wyda, one of Martins defense attorneys, declined to comment.

His attorneys have previously portrayed him as a patriot who took material home to become better in his job, not to pass them to a foreign spy agency and betray his country. The desire to improve became a compulsion, Wyda argued at the detention hearing.

This is the behavior of a compulsive hoarder who could not stop gathering and possessing the documents he treasured, Wyda said.

Martins theft was discovered more than a year after another breach at TAO, in which a longtime employee was discovered to have taken without authorization significant quantities of the units hacking tools. The breach was not thought to be as serious as Martins, but it caused concern within the intelligence community.

Follow this link:
Prosecutors to seek indictment against former NSA contractor as early as this week - Washington Post

February 7, 2017

Agency insists encrypted VENONA transmissions - some of which could be over 70 years old - are classified TOP SECRET

VENONA, a Signals Intelligence (SIGINT) and decryption program run by the NSA and its predecessor, the U.S. Armys Signal Intelligence Service, intercepted and ultimately decrypted thousands of Soviet messages, most infamously helping to finger the Rosenbergs. These decrypted messages have been a useful resource to historians, and the NSA boasts that over the course of five more releases, all of the approximately 3,000 VENONA translations were made public and put on their website.

However, there are still a few lingering questions about the VENONA program. For a long time, the popular account was that the program was greatly aided by the recovery of a partially burned codebook. However, the NSAs own version of the story contradicts this, and provides a different context to the recovered materials in both their public histories and a now declassified history that was originally TOP SECRET UMBRA. For what its worth, the NSAs version seems internally consistent and logical - while the Soviets accidental reuse of One-Time Pads and recovered codebooks did aid in the NSAs decryption of the messages, the codes for the VENONA intercepts seem to have only been discovered through the hard work and brute force analysis of dedicated cryptologists.

Seeing an opportunity to allow the cryptographically minded to look at the original encrypted versions of the intercepts, I filed a FOIA request for both the unencrypted and untranslated copies of messages which were examined by the February 1943 project later codenamed VENONA, specifically including any messages which were not successfully or fully decrypted or translated. While there was a good chance that the Agency would decide to withhold any messages that werent decrypted, the release of their encrypted formats could be quite interesting. The collective ingenuity of the internet would get to challenge the NSAs, with any victory over the NSA enriching both their and the publics understanding of history.

Instead, the Agency refused to provide anything new. It was all still classified as TOP SECRET.

This was unexpected, but not entirely surprising. I assumed that the Agency simply hadnt bothered to declassify the documents and that the form letter exaggerated, in typical bureaucratic form letter fashion, how current the classification really was. After all, I had requested both the decrypted and untranslated copies of the messages. The untranslated copies would have the same information as the translated copies, but in Russian. They could be redacted just as easily as the translated English version, and the NSAs process of translating Russian to English couldnt possibly be classified - the Agency even publicly posts some of its translation training resources.

The response to lingering over-classification is fairly simple. One simply files a Mandatory Declassification Review (MDR) request, which I did. I pointed out that the decrypted and translated records have been released and posted to the NSAs website, and neither the decryption method (a One Time Pad was repeatedly used, allowing the code to be broken) nor the Russian-to-English translation process remains classified. It took the NSA eight months, but they eventually responded - the declassification was denied and the information remained TOP SECRET.

The NSA added that the information was also withheld because it might reveal NSA/CSS functions and activities and was therefore exempt from automatic declassification. While I disagreed under the circumstances, I could understand the argument that the raw intercepts should remain TOP SECRET. Revealing them could, theoretically, disclose information about the NSAs process for decryption. However, the story had already been told and was described as an iterative analytical process that was aided by the reuse of One-Time Pads and some recovered materials. Since the devils in the details, this seemed somewhat fair. But the idea that the decrypted, but still in Russian intercepts needed to remain TOP SECRET, while English versions were posted on the NSAs website? That was truly surprising.

Is this a case of the NSA being stubborn in unnecessarily keeping something classified? Its certainly not without precedent, especially from the Agency that spent its early years being so secretive and unacknowledged that the joke was that NSA stood for No Such Agency. Or is the NSA actually hiding something? A more refined MDR with follow up appeals might yield something, but for now the NSA remains tantalizingly coy about its secrets.

The NSAs declassified history of VENONA is embedded below:

Like Mike Bests work? Support him on Patreon.

Image by via Flickr and is licensed under CC BY 4.0

Originally posted here:
NSA rejections hint at lingering secrets surrounding Cold War codebreakers - MuckRock

Senators on the Armed Services Committee will be briefed by a top intelligence official on cyber threats Tuesday morning.

The hearing, which will beclosedto the public, will feature testimony from Adm. Michael Rogers, who holds the dual-leadership role at U.S. Cyber Command and the National Security Agency (NSA).

The closed-door briefing will give lawmakers an opportunity to press Rogers on the intelligence communitys recent findings about Russias cyber attacks aimed at the U.S. presidential election.

The committee last received testimony from Rogers and other intelligence officials on foreign cyber threats to the United States in January, ahead of the intelligence communitys release of a report on Russias meddling in the U.S. presidential election.

The CIA, FBI and NSA concluded in theinvestigationthat Russian President Vladimir Putin ordered a cyber and disinformation campaign to undermine the U.S. democratic process, harm Hillary Clintons electability and aid now-President Donald TrumpDonald TrumpNew York Times editorial board slams Trump for Putin comments Bannon flies close to the sun The regulation referee MORE.

The Pentagon and other government agencies have been challenged to secure computer systems and infrastructure as cyber threats from nation states and other hostile actors have increased.

Trump waspoisedto sign an executive action overhauling cybersecurity across the government last week, though it was ultimately postponed.

More:
Head of NSA to brief senators on cyber threats - The Hill

On Monday, The Washington Post reported one of the most stunning breaches of security ever. A former NSA contractor, the paper said, stole more than 50 terabytes of highly sensitive data. According to one source, that includes more than 75 percent of the hacking tools belonging to the Tailored Access Operations. TAO is an elite hacking unit that develops and deploys some of the world's most sophisticated software exploits.

Investigators have floated several theories. One holds that Martin directly provided the tools to the person or group responsible for the leak. An alternate theory is that the leakers obtained the software by hacking Martin. As reported in October, Martin was charged with felony theft of government property and unauthorized removal and retention of classified material. Monday's Washington Post article says that prosecutors will likely file charges of "violating the Espionage Act by 'willfully' retaining information that relates to the national defense, including classified data such as NSA hacking tools and operational plans against 'a known enemy' of the United States."

An unnamed US official told the paper that Martin allegedly hoarded more than 75 percent of the TAO's library of hacking tools. It's hard to envision a scenario under which a theft of that much classified material by a single individual would be possible.

Listing image by National Security Agency

Go here to read the rest:
Former NSA contractor may have stolen 75% of TAO's elite hacking tools - Ars Technica

Richard Ledgett, deputy director of the National Security Agency, has announced he will retire this spring, the agency confirmed to CyberScoop Friday.

Ledgett, 59, has been deputy director the agencys top civilian since January 2014, when he succeeded Chris Inglis. Prior to that, according to his official biography,He led the NSA Media Leaks Task Force responsible for integrating and overseeing the totality of NSAs efforts surrounding the Ed Snowden megaleaks.

Ledgett joined the NSAin 1988 and and rose to be, during 2012-13, director of the agencysThreat Operations Center, the famed NTOC. Before that, he served a a stint 2010-12 in various posts in the Office of the Director of National Intelligence, including being the the first national intelligence manager for cyber.

He is a recipient of the National Intelligence Superior Service Medal and was for a time an instructor andand course developer at the National Cryptologic School.

It has been anticipated that he would retire in 2017 and he decided the time is right this spring after nearly 40 years of service to the nation, the agency said in an emailed statement.

Last year, Ledgett presented a gloomy picture of the connected future, warning about the dangers of the Internet of Things. Hetoldthe U.S. Chamber of Commerces 5th Annual Cybersecurity Summit that theconnection to our networks of hundreds of thousands, maybe millions, ofinternet-connecteddevices that come from multiple vendors and havediffering software and hardware upgrade paths without a coherent security plan means that there are vulnerabilities[created]in those networks.

Read more here:
NSA's No. 2, its top civilian, will retire shortly - FedScoop