BALTIMORE — In a case that exposed the government’s embarrassing failure to secure its secrets, a 54-year-old former National Security Agency contractor pleaded guilty on Thursday to taking classified documents home in a deal likely to put him in prison for nine years.
Harold T. Martin III, who worked in the N.S.A.’s Tailored Access Operations hacking unit, admitted his guilt more than two years after his arrest in what may be the biggest breach of classified information in history. F.B.I. agents who swarmed his modest home south of Baltimore in 2016 found stacks of documents and electronic storage devices stashed in his car, his home and even a garden shed.
But investigators never found proof that Mr. Martin, who was working on a doctorate in information systems at the time of his arrest, had shared the stolen secrets with anyone else, though there is evidence he may have considered doing so.
Wearing a gray jail jersey with white stripes and a neatly trimmed beard, Mr. Martin stood and answered the judge’s questions in a clear, calm voice. “It’s time we closed this Pandora’s box,” the defendant said at one point, his most extensive statement in court.
Mr. Martin pleaded guilty to one count of willful retention of defense information. Judge Richard D. Bennett said he would approve and impose the prescribed sentence, which was negotiated between prosecutors and defense lawyers. Sentencing was set for July.
His lawyers, James Wyda and Deborah Boardman, have argued that he was simply an eccentric hoarder who started taking work home and could not stop. “His actions were the product of mental illness. Not treason,” his lawyers said in a statement. They called him a “patriot” and said he was “deeply remorseful.”
In an interview, Robert K. Hur, the United States attorney for Maryland, called the scale of the information taken by Mr. Martin “breathtaking in its scope” and said the nine-year sentence would be the longest ever imposed for illegal retention of secrets.
Poring over the piles of material they found in their searches, investigators were astonished to discover that for 20 years, Mr. Martin, known as Hal, had been carrying classified material out of the N.S.A. and other security agencies where he had worked. At the time of his arrest, he was working for Booz Allen Hamilton — the same intelligence contractor that had employed Edward Snowden, who flew to Hong Kong in 2013 and gave journalists a large trove of N.S.A. documents.
Along with the Snowden and Martin cases, another N.S.A. worker, Nghia Pho, was sentenced in September to five and a half years in prison after taking home secret material describing the agency’s hacking tools. Intelligence officials believe the tools and related documents were then stolen from Mr. Pho’s home computer by Russian hackers. A young N.S.A. linguist named Reality Winner was sentenced last August to five years and three months for leaking a classified document on Russian election hacking to The Intercept, an online publication.
But perhaps the most damaging leak of all was discovered around the time of Mr. Martin’s arrest in August 2016, when a mysterious group calling itself the Shadow Brokers announced an online auction of a long list of software exploits the N.S.A. used to break into foreign computer networks. The Shadow Brokers eventually made the stolen cyberweapons public, and other countries and criminal groups began using them for hacking and theft around the world.
F.B.I. investigators focused on Mr. Martin after getting a tip from Kaspersky Lab, a Russian cybersecurity company. Two Kaspersky employees had gotten cryptic messages from Mr. Martin — calling himself “HAL999999999” — via Twitter that seemed to be offering secrets, as Politico first reported in January. The assistance was a bit ironic, because American intelligence officials have sometimes accused Kaspersky of being too close to Russian intelligence, charges the company denies.
“Shelf life, three weeks,” Mr. Martin wrote in one of his cryptic texts, seeming to suggest that he was offering material on a time-limited basis. But shortly after sending the messages, he blocked on Twitter the two Kaspersky employees he had just contacted, so they could not respond.
The F.B.I. quickly linked the HAL999999999 Twitter account to Mr. Martin, and agents were soon searching his modest house in Glen Burnie, a Baltimore suburb. They discovered a staggering total of 50 terabytes of government data, a virtual library’s worth, much of it classified at a high level.
Investigators at first believed Mr. Martin might be the Shadow Brokers, who had posted their first announcement of their auction of N.S.A. hacking tools a half-hour after Mr. Martin blocked the two Kaspersky workers on Twitter. They found the same N.S.A. exploits in Mr. Martin’s vast collection of stolen material.
But the Shadow Brokers continued to post taunting manifestoes and stolen software for months after Mr. Martin was jailed. It appears that the investigators eventually concluded that Mr. Martin was not the source of the Shadow Brokers’ material, at least not wittingly.
Government officials have never charged anyone in the Shadow Brokers breach, and speculation has centered on two possible perpetrators: Russian intelligence or disgruntled N.S.A. insiders. If F.B.I. and N.S.A. security officers have made progress in solving the case, they have not said anything about it in public.
According to court filings, Mr. Martin first agreed to plead guilty in January 2018. But negotiations subsequently fell apart, and the plea came more than a year after it was first expected. Mr. Martin has been incarcerated since his arrest, and the two and a half years he has served will be counted toward his sentence.