Ex-NSA Worker Accused of Stealing Trove of Secrets Offers to Plead Guilty

BALTIMORE — A veteran cybersecurity specialist for the National Security Agency and other intelligence organizations, accused of taking thousands of secret documents home over two decades, has decided to plead guilty later this month to a single charge that could carry a 10-year sentence.

But under the terms laid out by prosecutors, the intelligence contractor, Harold T. Martin III, would have no guarantee that the government will drop 19 additional felony charges. Martin appears to be making an unusual gamble that his penitence and cooperation will eventually persuade prosecutors to dismiss the rest of the indictment.

According to court filings on Wednesday, Martin is expected to plead guilty Jan. 22 before Judge Marvin J. Garbis of U.S. District Court to one count of willful retention of national defense information in connection with his taking home a single classified NSA document. But charges involving 12 other NSA documents, five from the military’s Cyber Command, and one each from the CIA and the National Reconnaissance Office, would remain in place.

A detailed letter filed by prosecutors in federal court marks a step toward resolution of a highly embarrassing case that exposed gaping holes in the government’s system for safeguarding secrets.

Martin, 52, described by his own lawyers as a compulsive hoarder, took home highly classified documents from the NSA and other agencies beginning in the late 1990s, stashing them on paper, hard drives and flash drives in his house in Glen Burnie, Maryland; a shed in his yard; and his car. His serial theft, totaling a staggering 50 terabytes of data, went undetected until his arrest Aug. 27, 2016.

Martin had worked for the NSA’s hacking unit, then known as Tailored Access Operations, and the material he took included most or all of the agency hacking tools that ended up being offered for sale on the internet by a group calling itself the Shadow Brokers.

In the scramble to trace the breach, investigators stumbled upon Martin’s thefts. But officials have said investigators have been unable to prove a connection between Martin and the Shadow Brokers, who are widely suspected to have ties to Russian intelligence.

The Shadow Brokers disclosures, which continued for more than a year, have been devastating for the NSA, where morale has been hurt by the continuing hunt for a possible leaker. The stolen tools have been used by North Korea and Russia to carry out cyberattacks around the world.

If Martin can convince investigators that he had nothing to do with the Shadow Brokers’ disclosures and assist them in other ways, he may be able to limit his exposure at sentencing. The prosecutors’ letter, however, says that his proposed guilty plea “does not preclude” the use of any admissible evidence “at the defendant’s trial on the remaining 19 counts of the indictment.”

A schedule laid out by Garbis sets dates for continuing legal action on the additional charges after the Jan. 22 plea hearing. Martin’s lawyer, James Wyda, the federal public defender for Maryland, declined to comment. Prosecutors did not respond to a request for comment.

Martin’s lawyers have indicated that they will argue for a lesser sentence on the grounds that he suffers from a mental disorder that caused him to take the material home year after year; that he never tried to give it to the news media, a foreign country or anyone else; and that he is a Navy veteran and a patriot who served his country for years.

But prosecutors may be loath to offer leniency for Martin’s repeated, brazen violations of his secrecy oath. He is charged with taking a volume of information that dwarfs even the data taken by Edward Snowden, the NSA contractor who fled the country in 2013 with hundreds of thousands of secret documents and gave them to journalists. They may also be wary of a condemning tweet from President Donald Trump, who has vowed to be tough on leakers and has shown no reluctance to criticize his own Justice Department.

After the disclosures by Snowden, who lives in exile in Russia and faces charges should he ever return to the United States, NSA officials spent millions of dollars toughening security and installing software to detect unusual downloads. But Martin appears to have blithely continued his theft of secrets without trouble from the stepped-up safeguards.

In addition to Martin, two other former NSA workers have been charged with illegally removing classified material from the agency, which eavesdrops on foreign communications and hacks into computer networks overseas.

Last month, Nghia H. Pho, 67, of Ellicott City, Maryland, pleaded guilty to one count of willful retention of national defense information. He is scheduled for sentencing in April. His case revealed what officials believe was the use of Kaspersky Lab anti-virus software by Russian intelligence officials to steal classified documents from Pho’s home computer.

In addition, Reality L. Winner, 26, awaits trial on charges that she took a classified NSA document about Russian hacking attacks on a voting software company and sent it to the online publication The Intercept last year.

Those cases do not appear to be related to either the Shadow Brokers disclosures or a parallel leak of hacking-related documents from the CIA to WikiLeaks, which has published them under the names Vault7 and Vault8.

The repeated loss of extremely sensitive material on a large scale from two agencies has raised questions about whether it is possible for the government to protect secrets from determined hackers or insiders who have a political or financial motive to divulge them.