The National Security Agency has been relentlessly hovering on the first page of journals everywhere ever since this summer. After having been hacked by the notorious Shadow Brokers group, the NSA is facing, for the third time in its history, a scandal concerning its precious cyber-armory.
What is that they say again? Fool me once, shame on you. Fool me twice (or three times, in this case), shame on me?
After the humiliation it incurred in 2013 when the Snowden affair first came out, the agency just announced that another one of its subcontractors is charged with having stolen confidential data. Beginning of October, the American Ministry of Justice informed the public that, indeed, an individual was arrested as a suspect in committing espionage against the NSA.
Harold Thomas Martin III, or Snowden 2.0 as he is now called, was an employee of Booz Allen Hamilton, a private organization in charge of providing subcontractors for US agencies particularly specialized in espionage. This second Snowden was accused of having stolen ultra-secret codes belonging to the NSA and of having taken them outside the agency’s perimeter.
If, until now, the question of whether or not a human error was at stake, it was recently revealed that Harold Thomas Martin copied an impressive amount of confidential information (50,000 Gb, to be exact). His purpose? Unknown until this date, which is why we risk hearing about this matter time and time again.
According to the New York Times, the FBI is currently trying to establish whether or not this supposed data extraction is linked to the recent NSA hack conducted by the Shadow Brokers or to the not-so-recent public revelation by Edward Snowden. This second lead turned out false, as it appears that Harold T. M. acted way before the famous whistleblower.
In retrospect, perhaps the title “Snowden: The Origins” would have been more suitable for this article. The suspect had apparently been copying secret source codes developed by the intelligence agency in order to infiltrate the IS of other states for almost two decades. With all that, he is now facing 10 years of imprisonment for government hacking.
Insider threats are ringing at the door…
…will cybersecurity answer?
The news is not only embarrassing for the NSA, which, for the second time in the past three years, has seen one of its subcontractors engage in a game of “who spies who?”, but also raised questions where the Booz Allen Hamilton group is concerned. After all, Edward Snowden was one of their employees as well. We think one simple meme can be used to summarize this whole affair:
If, until now, malware was the main worry for cybersecurity experts, recent events have changed this reality. According to a study conducted by HfSResearch, insider threats have now joined the top of major cyber-fears. Whether intended to cause damage or just accidental, the insider threat is something that over 69% of respondents said they’ve already been confronted with.
In the world of spying, being able to trust one’s agents is a must. In the event one of them turns out to be a double-agent, roles are reversed and the spying agency becomes the spied. This can also be applied to companies, when talking about the relationship between management and its employees. How do we make sure that this trust is well placed? And how can we surpass a failure? In the blink of an eye, we’re caught in an endless vicious cycle of paranoia. Which is exactly the ongoing situation in the United States.
Our revenge will be forgiveness…
…or just revenge?
Without a doubt, we owe our gratitude to the NSA for the numerous debates it has stimulated within the cybersecurity public forum debate. The imminent premiere on the big screen of Oliver Stone’s movie comes just in time for another wave of appeals directed at President Obama in order to pardon Edward Snowden. The Harold T. M. incident only adds insult to injury. Should we or should we not clear of all charges the now Moscow-based whistleblower? Public opinion is divided in two. The final decision is even more awaited, as it may set a precedent for similar cases to come.
In response, The Washington Post published an editorial in which it underlines (again) the fact that Snowden violated the law, as well as broke his contractual obligations by copying 1,5 million confidential documents and then leaking them to the press. The journal made it clear that it places national security above all and reproaches to the fugitive that, by revealing top-secret information with concern to the Prism surveillance project, it has gravely endangered the United States.
Aside from the very obvious downside, Antoine Lefebure, French Media Historian, specialized in Communications Technologies and author of “The Snowden affair: how the United States is spying on the world”, considers that the ex-subcontractor working for the NSA actually did a huge favor for his country.
“Before the Snowden affair, there was no debate whatsoever at a parliamentary level or even at a public level with concern to the dangers of cyber-surveillance […] Snowden had a very positive influence on the matter, even though, in doing so, he had broken the confidentiality pledge” (source: Sputnik News).
If knowledge is power, then knowing the NSA’s secrets is a huge gain for the enemy (whoever that enemy might be). At the same time, knowing all that the agency still has to hide, this is a huge step forward for the American people.
Having chosen privacy over security, the NSA is now standing bare before the very citizens it is trying to protect. It remains to be seen if the Harold T. M. affair is a prequel to the original Snowden? Or is he just your ordinary double agent?
(About the author: Cristina Ion is community manager at ITrust SAS)
Register or login for access to this item and much more
All Information Management content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access