Twitter messages to Russian cybersecurity firm helped NSA leak probe

The US considers Kaspersky Lab a threat, yet the company may have helped the FBI catch one of the NSA's biggest security risks.

Alfred Ng Senior Reporter / CNET News
Alfred Ng was a senior reporter for CNET News. He was raised in Brooklyn and previously worked on the New York Daily News's social media and breaking news teams.
Alfred Ng
2 min read
Kaspersky Lab 20th Anniversary Party illustration

Kaspersky Lab reportedly played a role in the FBI's investigation of an alleged NSA leaker.

Jacopo Raule/Getty Images for Kaspersky Lab

The alleged leaker behind one of the largest data breaches in the NSA's history might have been caught because of a Russian cybersecurity company the US government considers a national security threat.

An exclusive report from Politico on Wednesday revealed that Kaspersky Lab, a Moscow-based security firm, turned over Twitter messages that Harold T. Martin III sent it in 2016.

Martin, a contractor for the National Security Administration, had access to top secret documents from the agency's hacking group. He's accused of stealing a treasure trove of the NSA's hacking tools. After being leaked, those NSA exploits were used in massive hacks, including the WannaCry ransomware attack.

According to a court filing from December, Martin, who used the account @HAL_99999999, reached out on Twitter asking for a meeting, writing, "shelf life, three weeks."

Watch this: Biggest hacks of 2018

While the court documents were redacted to obscure who received those messages, Politico reports that they were sent to researchers at Kaspersky Lab, who turned over the messages to the US government.

FBI agents were able to search Martin's home in August 2016 after obtaining a warrant based on those Twitter messages, according to court documents. If convicted, Martin faces more than 10 years in prison. 

Kaspersky Lab declined to comment on the case. The Department of Justice did not respond to a request for comment.  

The cybersecurity company has had a strained relationship with the US government. Federal agencies and lawmakers have accused Kaspersky Lab of working with the Russian government.

That accusation has led to multiple countries dropping Kaspersky, including the Netherlands and the UK. Kaspersky Lab has denied any ties to the Russian government, and argued that US intelligence has not provided any evidence that connected it to the Kremlin.

Martin's lawyers argued that the FBI did not have a probable cause for a search warrant based on those Twitter messages.

At a hearing on Tuesday, the former NSA contractor's attorneys said that the US government has not provided copies of digital evidence it seized from Martin, which it hopes to use in his defense.

In a letter on Wednesday, US district judge Richard Bennett wrote that the government will need to provide those copies only if it determined that Martin opened those sensitive documents. You can read the letter here:

See with your own eyes: Twitter opens huge archive of tweets tied to Russia, Iran misinformation.

Beaten up in the name of cybersecurity: Security experts have a thing for Brazilian jiujitsu.