A former U.S. National Security Agency contractor has offered to plead guilty to one charge of stealing a classified document in an apparent attempt to have multiple other charges dropped.

Harold T. Martin III was arrested in August 2016 and was found in possession of 50 terabytes of government data, including documents marked “Secret” and “Top Secret.”

Martin has not been charged with sharing the documents to third-parties, but he was at one stage the prime suspect in leaks of NSA documents and spy tools that were obtained and published by The Shadow Brokers according to Dark Reading.

The New York Times today called his legal strategy an “unusual gamble that his penitence and cooperation will eventually persuade prosecutors to dismiss the rest of the indictment.”

Martin is pleading guilty to one charge of stealing a document in 2014 that outlined plans for a specific organization within the NSA but it’s only one charge out of 20. The single charge carries a maximum 10-year sentence. Whether the prosecution will drop the other charges will not be known until Martin next appears in court on Jan. 22.

Sai Chavali, security strategist at ObserveIT Ltd., told SiliconANGLE that although cybersecurity professionals are not normally considered potential insider threats, they have the technical prowess to protect the firm’s sensitive data on a daily basis.

“Given the right motivations and circumstances, professionals, like Mr. Martin, can cause greater harm by exfiltrating and leaking those same crown jewels,” he said. “Martin’s approach takes advantage of outdated approaches to security to exfiltrate volumes of data, potentially more harmful than the Snowden incident in 2013.

Chavali added that this incident highlights how hard it is to detect user activity before the actual data theft using data loss prevention or network-focused tools. “More commonly we’re seeing malicious and technical users choose these hard-to-track external storage devices, such as flash and hard drives, to exfiltrate data out of their endpoints without touching the network over multiple years,” he said.

Despite industrywide investments in top cybersecurity technologies, insider threats like Harold Martin are still on the rise, Chavali added. “Every employee should be considered high-risk within an organization.”

Photo: NSA/Wikimedia Commons