News

by Tim Cushing


Filed Under:
classified, hal martin, nsa, shadow brokers



Gov't Used An Ambiguously-Worded Tweet As The Basis For The Raid Of NSA Contractor's House

from the and-that's-OK,-says-the-judge dept

The prosecution of former NSA contractor Hal Martin continues. Martin somehow managed to exfiltrate sensitive documents and code for nearly 20 years without the NSA noticing. It finally started paying attention after its hacking tools and exploits made their way into the hands of the public via the "Shadow Brokers." These tools then made their way into the computers of the public, wreaking worldwide havoc and giving the leaky agency -- whose literal middle name is "Security" -- another PR black eye.

Hal Martin was suspected of handing over tools to the Shadow Brokers but the charges against him are solely related to the mishandling of classified info, indicating the feds no longer believe Martin was involved. But this original suspicion was apparently enough to justify the FBI raid of Martin's residence, according to the federal judge handling his case. The probable cause appears to have been generated by a tweet from Martin's Twitter account, at least according to what can be gleaned from the redacted order [PDF] handed down by Judge Richard Bennett. Josh Gerstein of Politico has the details.

Passages in the decision from U.S. District Court Judge Richard Bennett were deleted from a version made public by the court, but the remaining details suggest that investigators believed Martin was offering sensitive information to someone online shortly before a nebulous internet-based entity, the Shadow Brokers, released NSA hacking tools in August 2016 through the attention-grabbing technique of an online auction.

“In these messages, @HAL_999999999 asked for a meeting with the [redacted] and stated ‘shelf life, three weeks,’” Bennett wrote, describing the government’s assertions in court filings still under seal. “The Defendant’s Twitter messages … were sent just hours before what was purported to be stolen government property was advertised and posted on multiple online- content-sharing sites, including Twitter.”

These details have been made public as the result of Martin's attempt to suppress the evidence gathered against him. The court notes the tweet could have had a more innocuous meaning, but given the circumstances and the timing, it was not unreasonable for the FBI to believe Martin may have been involved in the leaking of classified NSA exploits.

That's not the only rejection handed to Martin. The court also denies his request to have cell-site location info obtained without a warrant suppressed, noting that the government obtained this data before the Supreme Court handed down its decision in Carpenter.

However, a key bit of evidence is no longer the government's to use: Martin's own statements. The court says the government illegally obtained these statements by not properly Mirandizing Martin prior to questioning him. There is no doubt Martin was in custody at the time he was questioned without a Miranda warning. The government denies Martin was ever taken into custody, but the court points out a person who doesn't feel they're free to go is being held against their will, which is all it takes to define "custody."

In this case, the facts demonstrate ~at a reasonable person in the Defendant's position would have perceived a police dominated atmosphere before and during the interrogation. The Defendant was initially approached by nine SWAT agents dressed in protective gear, some of whom had their guns drawn at the Defendant... Multiple other officers were also on the scene, including eight FBI agents and three State Trooper vehicles - a fact that "goes a long way towards making the suspect's home a police dominated atmosphere." The Defendant was immediately placed face down on the ground and handcuffed, "demonstrating that the officers sought out [the Defendant] and had physical dominion over him."

Although the Defendant's handcuffs were removed prior to the interrogation, "the experience of being singled out and handcuffed would color a reasonable person's perception of the situation and create a reasonable fear that the handcuffs could be reapplied at any time."

Further, after his initial detention, the Defendant was interrogated by three agents for approximately four hours.ll During the interrogation, the agents confronted the Defendant with incriminating evidence discovered on his property, which may certainly cause a reasonable person to feel compelled to cooperate with the police. Moreover, the Defendant's freedom of movement was significantly restricted during the interrogation. Indeed, he was only permitted to leave the interrogation space once -- i.e., when he went to his home office to help Hajeski access his computer equipment -- at which time he was accompanied by agents. In addition, the Defendant was isolated from his partner until the end of the interrogation -- a tactic that the Supreme Court has recognized as one of the distinguishing features of a custodial interrogation.

[...]

Taken together, these facts demonstrate that a reasonable person in the Defendant's position would have felt that he was not free to leave.

The government still records a win on most of the suppression motion. It's difficult to tell how solid the underlying warrant affidavit actually is since it -- along with several other filings -- are still under seal. It's also unclear how much ammo Martin's defense had when mounting this challenge. If the government was granted the opportunity to engage in ex parte presentations of evidence, Martin's team could be working blind.

His team may be working partially blind anyway. There's reason to believe the government is now a whole lot more cagier about its classified/sensitive evidence after accused CIA hacking tool leaker Josh Shulte was found to be leaking documents from prison -- documents he apparently obtained as part of the government's discovery obligations. It will likely be months before the public sees any part of the government's warrant affidavit. It may be years before anyone other than this court sees all of it. Still, an ambiguously-worded tweet seems like pretty thin probable cause, even if its timing seemed to align with the Shadow Brokers' actions at the time the warrant was sought.


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • This comment has been flagged by the community. Click here to show it
    identicon
    William Claude Dukenfield, 2 Jan 2019 @ 12:39pm

    Well, it's not exactly from out of the blue!

    Already long under suspicion / prosecution... What exactly is your point here? Because on the surface, you're upset that a person indicted for serious crimes against the people of the US -- if not the world by releasing the "tools" -- hasn't been let off the hook by suppressing all evidence.

    Weird item to re-write.

    reply to this | link to this | view in chronology ]

    • icon
      PaulT (profile), 2 Jan 2019 @ 1:15pm

      Re:

      "What exactly is your point here? "

      If only you'd occasionally ask that question seriously - maybe even reading the full article as well where it's clearly explained - before posting.

      reply to this | link to this | view in chronology ]

    • identicon
      Rocky, 2 Jan 2019 @ 4:00pm

      Re: Well, it's not exactly from out of the blue!

      If you bothered to read the article you would have perhaps understood what the point was. To reduce it to something simple you may understand is that the LEO's played fast and loose with a suspects rights and they are getting away with most of it.

      Anyone not getting upset that LEO's ignore peoples rights and regularly use that to set up unfair legal proceedings is a fool. No matter what criminal act someone supposedly did they should be presumed innocent until proven guilty - anything else means that you undermine the whole concept of fair trials and instead get an institution where the government through LEO's decides who is guilty or not and we know from both history and current events around the world that that is a very bad idea.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 2 Jan 2019 @ 5:24pm

      Re:

      The same tools are used to protect the limp copyright on your amateur bedroom trysts.

      Don't kid yourself that your hands are clean. Especially not where they've been going.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 3 Jan 2019 @ 7:13am

      Re: Well, it's not exactly from out of the blue!

      Your post looks ambiguous.

      Sounds like someone's due for a raid.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 2 Jan 2019 @ 12:50pm

    This sounds like a typical case of some secret organization stumbling across something and then informing other public agencies as to what was taking place. Then to keep the organ of the information and the origination agency secret probable cause was manufactured.

    reply to this | link to this | view in chronology ]

  • icon
    ysth (profile), 2 Jan 2019 @ 1:33pm

    Smells of parallel construction

    reply to this | link to this | view in chronology ]

    • icon
      Anonymous Anonymous Coward (profile), 2 Jan 2019 @ 4:14pm

      Re:

      More than that, it is evidence polishing...on the fly. It remains to be seen if the tap dancing is impressive (to a court or anyone else). Some tap dances are pre-programmed, or choreographed. Other tap dances are intuitive and not done according to a plan, but are improvisational. Thing is, the FBI are not often a very good tap dancers, even if they get their made up conspiracies past court inspection. At that point, we have to look at the courts and the rules they have to follow, or should follow, and the legislators who make things easier for for profit prisons.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 2 Jan 2019 @ 2:14pm

    This story seems to be Kabuki theater.

    They may have wanted to release those tools.

    reply to this | link to this | view in chronology ]

  • icon
    Bamboo Harvester (profile), 3 Jan 2019 @ 4:53am

    Something....

    ...doesn't ring true here.

    An NSA Contractor of over 20 years doesn't know enough to simply ask "Am I under arrest?"?

    Miranda applies to Arrests specifically - if you're "detained" they aren't read out.

    Worse yet, he was taken down by a SWAT team and was NOT arrested? Why? Someone had to order that team out.

    As to the timing of the tweets, come on - if the NSA and FBI were actively investigating him, it's an excuse to hide the ten petabytes of illegally obtained information they have on him. All hail parallel construction.

    reply to this | link to this | view in chronology ]

    • identicon
      Someoneinnorthms, 4 Jan 2019 @ 12:30pm

      Re: Something....

      Someone doesn't know the case law here
      Mendenhall v. U.S. is the seminal one. If you don't feel free to leave you are "under arrest," regardless whether anyone said the magic words or not.

      reply to this | link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    identicon
    Hector Monzalez, 3 Jan 2019 @ 11:56am

    Education

    The NSA supports the other activities without having to concern about departure of domestic and foreign intelligence, https://www.mbaglue.com/ provide you best guidance and admission help for your distance MBA.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Close
Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.