Harold T. Martin III, a former government contractor, is still facing trial for the alleged theft of massive amounts of National Security Agency data, including documents and tools from the NSA's Tailored Access Operations Division. Now, a new report by Kim Zetter for Politico suggests that the NSA and the Justice Department tracked down Martin thanks to information shared by an ironic source: the Moscow-based malware protection company Kaspersky Lab. Citing two anonymous sources familiar with the investigation, Zetter reports that Kaspersky Lab employees passed information on Martin to the US government after he sent unusual direct messages via Twitter to the company in 2016.
Kaspersky passed the US government five messages from an anonymous Twitter account named @HAL999999999 to two researchers at the company. The first message, sent August 15, 2016, requested that a researcher facilitate a conversation with "Yevgeny," the given name of Kaspersky Lab founder and CEO Eugene Kaspersky. "So, figure out how we talk… With Yevgeny present," the message read. The second message: "Shelf life, three weeks."
The messages came just 30 minutes before someone calling themselves Shadow Brokers dumped a link to a collection of NSA tools in a Tumblr post and announced additional tools would be auctioned off for 1 million Bitcoin.
After responding to the messages, both Kaspersky researchers were promptly blocked by the @HAL999999999 account, according to Politico's sources. Analysis of the account by Kaspersky researchers linked it to Martin and work he did for the US intelligence community. That prompted Kaspersky employees to reach out to the NSA, as they believed it might be connected to the Shadow Brokers case.
Martin was arrested on August 27, 2016. His case is still pending, and his attorneys have been fighting to get the Justice Department to provide full copies of the evidence in the case. The Twitter messages were first revealed in a court ruling in which US District Court Judge Richard Bennett denied a motion by attorneys for Martin to suppress evidence in the case because the government had used the messages as the basis for a search.
There's no small amount of irony in the detail, as Kaspersky's software and services have been banned for government use by a law signed by President Donald Trump in December of 2017. Kaspersky has been accused of sharing data from antivirus agent software with Russian intelligence, and Kaspersky data may have been used to identify a computer storing NSA data. Kaspersky issued a report claiming that the company had detected files associated with the NSA "Equation Group" hacking tools after a Kaspersky customer's computer became infected with a backdoor packaged with pirated Microsoft Office software.