SOCNET: The Special Operations Community Network

SOCNET: The Special Operations Community Network (
-   Technology and Communications (
-   -   How a Russian firm helped catch an alleged NSA data thief (

HighDragLowSpeed 9 January 2019 08:25

How a Russian firm helped catch an alleged NSA data thief
Social media mistakes....


Moscow-based Kaspersky Lab turned Harold T. Martin III in to the NSA after receiving strange Twitter messages in 2016 from an account linked to him.

It indicates that the government’s own internal monitoring systems and investigators had little to do with catching Martin, who prosecutors say took home an estimated 50 terabytes of data from the NSA and other government offices over a two-decade period, including some of the NSA’s most sophisticated and sensitive hacking tools.

The case unfolded after someone who U.S. prosecutors believe was Martin used an anonymous Twitter account with the name “HAL999999999” to send five cryptic, private messages to two researchers at the Moscow-based security firm. The messages, which POLITICO has obtained, are brief, and the communication ended altogether as abruptly as it began. After each researcher responded to the confusing messages, HAL999999999 blocked their Twitter accounts, preventing them from sending further communication, according to sources.

The sender's Twitter handle was not familiar to the Kaspersky recipient, and the account had only 104 followers. But the profile picture showed a silhouette illustration of a man sitting in a chair, his back to the viewer, and a CD-ROM with the word TAO2 on it, using the acronym of the NSA's Tailored Access Operations.

A Google search on the Twitter handle found someone using the same Hal999999999 username on a personal ad seeking female sex partners. The anonymous ad, on a site for people interested in bondage and sado-masochism, included a real picture of Martin and identified him as a 6-foot-4-inch 50-year-old male living in Annapolis, Md. A different search led them to a LinkedIn profile for Hal Martin, described as a researcher in Annapolis Junction and "technical advisor and investigator on offensive cyber issues."

Dino0311 9 January 2019 10:48

Bahahahahahahahahahaha! *wipes eyes*

CV 9 January 2019 10:57

That is both hilarious (for how he got caught) and sad (for how our own IC missed it).

Polypro 11 January 2019 11:25

Variation of 'Password Re-use'. User Name/Email re-use is just as bad. Has this guy admitted to releasing 'Wanna Cry' etc...? Seems really convenient. "Who prosecutors say..." Well duh, there's tons of gear on burned up Helicopters too...

hawkdrver 11 January 2019 16:30

"technical advisor and investigator on offensive cyber issues."

solid work right there.

Polypro 11 January 2019 18:19

The irony is not lost on Kaspersky being the good guys either... 'member when they were the devil? LOL. 'The truth is out there'...

Jimbo 11 January 2019 20:48

Kaspersky can be the devil AND think they are the subject of a ham handed counterintelligence operation.

Jimbo 11 January 2019 20:51


Originally Posted by Massgrunt (Post 1058773922)
Bahahahahahahahahahaha! *wipes eyes*

Yeah. I

Once heard an urban legend of a NSA guy who tried to get a hooker off craigslist, got busted, released and tried to get another hooker on Craigslist and then got the same UC.

Dino0311 12 January 2019 00:21

The lesson here is to get your hookers the old fashioned way.

8654maine 12 January 2019 03:08


Originally Posted by Massgrunt (Post 1058774685)
The lesson here is to get your hookers the old fashioned way.

Dino0311 12 January 2019 03:37

No no, they'll never leave.

Tracy 12 January 2019 08:32

...and this is why we (IC) can't have nice things.

All times are GMT -4. The time now is 23:50.

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2019, vBulletin Solutions Inc. All Rights Reserved