According to a report published by Politico, Kaspersky Lab helped the National Security Agency (NSA) identify the contractor who stole classified NSA documents and was charged for the crime in 2016. As per the sources who revealed the information to Politico, two people played a key role in tipping off the NSA regarding the contractor Harold Martin III.
See: Israel hacked Kaspersky to inform US about Russia stealing NSA exploits
Reportedly, Martin was the one who sent odd Twitter messages to two Kaspersky researchers under the ID @HAL999999999, which included a request to speak with the company’s CEO Eugene Kaspersky, whom Martin referred to as Yevgeny in his message. The message read:
“So, figure out how we talk… With Yevgeny present.” And another message read: “Shelf life, three weeks.”
Martin wrote that this request has a “shelf life” of three weeks. Soon after the researchers responded to the messages, they were blocked by the Twitter user, apparently Martin. In total five messages were exchanged between Martin and Kaspersky researchers, who then passed them on to the US government.
The account was later evaluated by Kaspersky researchers who identified that it belonged to Martin and they reached out to the NSA. On August 27, 2016, Martin was arrested and his attorneys are fighting the case and seeking to get full copies of the evidence against him from the US Justice Department.
In a court ruling [PDF], the Twitter exchange between Martin and the Kaspersky employees was revealed and the US District Court Judge Richard Bennett rejected the motion by Martin’s attorneys for suppressing the evidence in this case.
It is worth noting that the messages were posted exactly thirty minutes before somebody using the alias Shadow Brokers leaked a link to a series of NSA tools. The link was part of a post in Tumblr. The Shadow Brokers also revealed that some tools will be up for auctioning for the price of 1 million Bitcoin.
It is clear that Kaspersky’s researchers helped the FBI and SWAT in arresting Martin as they were able to raid his residence and discover a cache of confidential documents stored in digital and hard copies only after the Russian cyber-security company’s staff informed them about Martin.
See: Hackers Leak Passwords to NSA’s “Top Secret Arsenal” against Trump’s Policies
It isn’t yet clear if Martin had any affiliation with Shadow Brokers or if he transferred the data and NSA tools to Shadow Brokers and what he intended to do with the data is also unknown. Martin hasn’t been charged with espionage but he is facing 20 counts of legal retention of classified information. He is ready to plead guilty to one count that may send him to jail for ten years.
Ironically, President Trump banned Kaspersky Lab in 2017 on the grounds that the Moscow-based firm is helping Russian intelligence agencies in obtaining classified information about the NSA’s hacking tools and tactics. The company has categorically denied these claims and wants the ban to be removed. Whether this move from Kaspersky Lab in tipping off the NSA about Martin will lead to lifting the ban on the company, it remains to be seen.