Written by Shannon Vavra

Former NSA contractor Harold T. Martin was sentenced Friday to nine years in federal prison for his role in a massive theft of classified documents.

Martin was responsible for one of the largest leaks of U.S government secrets, collecting up to 50 terabytes of classified government documents over the course of two decades.

U.S. District Judge Richard Bennett’s sentence falls short of the maximum number of years Martin previously faced — 10 years for each of the 20 counts against him — for unauthorized and willful retention of national defense information. However, the sentence aligns with the plea agreement his public defenders reached with the U.S. government.

The U.S. attorneys said his theft called for “significant” prison time, according to the government’s sentencing memorandum, which CyberScoop obtained.

“The exceptionally grave nature and circumstances of the defendant’s criminal conduct call for a significant prison term,” they write. “For nearly twenty years he chose to violate the public’s trust and the nation’s laws by stealing and retaining national defense information. The defendant knew the entire time he was committing these crimes.”

Martin’s public defenders wrote in their sentencing memorandum, obtained by CyberScoop, that in all the government’s efforts to investigate him, they did not find the NSA contractor committed treason.

“The government never uncovered any evidence that he was a traitor or a danger to our nation,” the public defenders write.

Martin will receive credit for time already served since 2016. Martin has also been sentenced to three years of supervised release.

Between 1996 and August 2016, Martin smuggled out thousands of pages of documents on classified government programs, and stored them in his home, shed, and car. The documents detailed computer infrastructure, U.S. Cyber Command targets and weaknesses as well as details on NSA capabilities, targeting information, and foreign cyber intrusion techniques. Some documents also touched on CIA foreign intelligence sources and National Reconnaissance Organization secrets.

These documents remain classified, according to the government’s sentencing memorandum.

Even though Martin knows his fate, the broader mystery surrounding the massive leak remains unresolved — just days before Martin was arrested in 2016, a group known as the Shadow Brokers began leaking classified NSA hacking tools online. A Twitter account that was allegedly Martin’s messaged someone the words “shelf life, three weeks,” according to a prior ruling from the judge. Hours later, stolen government documents were posted online, according to prosecutors. No direct link between the Shadow Brokers and Martin’s case has been made.

Bennett reminded U.S. attorneys of the tweet and the timeline on Friday in court. Assistant U.S. Attorney Zachary Myers said the U.S. government would not be commenting further than noting that the timeline is, indeed, in the facts of the case.

Jim Wyda, Martin’s public defender, said Friday there was no indication Martin intended for any transaction to take place by that tweet.

Attacks linked with the tools and clues about who may be behind the group, however, continue to surface. At least a year before the Shadow Brokers released the tools en masse in April 2017, a hacking group with ties to the Chinese government known as BuckEye was already using the tools, according to Symantec research issued this year.

It is still unknown how the Shadow Brokers gained access to the tools, whether the group had access into an NSA server to steal the or obtained them from an insider at the agency. The group is at the center of a counterintelligence investigation, as CyberScoop previously reported. The FBI would neither confirm nor deny the existence of the probe.

Hal Martin’s Mental Health

Martin’s public defenders have long argued that Martin’s mental health contributed to his theft. The sentencing memorandum submitted last week argued the same.

“As his mental health declined, Mr. Martin continued to obsessively immerse himself in work. He began taking documents and other materials home from work, initially justifying his behavior by convincing himself that it would allow him to do his job better,” his public defenders wrote. “Over time, Mr. Martin’s actions became a hoarding disorder.”

Myers told the court Friday that the U.S. government believes the way the files were found does not indicate he had a hoarding problem.

“This is not a case of hoarding, this is stealing,” Myers said Friday at a federal court house in Baltimore. The stolen information “was not in a disorganized manner,” he said, adding what the government found was “logical” and “repetitive.”

Bennett noted Friday he had concerns about the case regarding whether Martin’s alleged hoarding problem, noting that for someone who is a hoarder, he seemed well organized.

Martin began serving in the U.S. Navy on active duty in 1988, for which he maintained a secret clearance. In 1994 while serving in the U.S. Naval Reserve, his clearance was upgraded to top secret, after which he worked for several government contractors, including Booz Allen Hamilton. Between 2012 and 2015 he worked at the NSA.

Martin spoke at length Friday, reading directly from his allocution, apologizing to friends and family. He noted his methods were “uncanny” and “unauthorized, warning “please do not copy this” and that “loose lips sink ships.”

Many other NSA contractors have been caught for leaking classified information in recent years.

Last year, Reality Winner, a contractor for Pluribus International Corp., was sentenced to more than five years in prison after leaking a classified report on Russian spearphishing in the 2016 election cycle. Former NSA employee Nghia H. Pho was also sentenced last year to five-and-a-half years in prison for stealing classified hacking tools.