Federal prosecutors dropped a felony hacking charge Thursday against a Defense Department intelligence analyst who poked around in a system involved in a national terrorism investigation.
The analyst, Brian Keith Montgomery, pleaded guilty to a misdemeanor charge instead, settling the case and making prison time unlikely.
Montgomery held a top secret clearance while working on a covert program at the National Geospatial-Intelligence Agency — the spy agency in charge of satellite and aerial image collection. On April 9, while stationed at an NGA facility on Fort Belvoir in northern Virginia, the 10-year agency veteran saw a message that “provided significant detail about a classified operation” that was unrelated to his job, according to a court affidavit filed by a Pentagon investigator.
The analyst twice logged in to a system involved in the terrorism investigation: first on April 9, when he stayed on for two hours, and then on April 14. He’d gotten the password from another classified message to which he also had legitimate access. Montgomery later told investigators that he hadn’t noticed a warning in the message advising that only personnel participating in the classified operation were authorized to use the password.
Court records say little about the system Montgomery logged into, except that it was was being used from around the United States, and was being monitored by the FBI and other law enforcement agencies at the time of Montgomery’s access.
By accessing the system, Montgomery endangered the terrorism investigation, and “caused harm to the U.S. Army and the FBI,” according to an affidavit by Dexter Wells, an agent with the Defense Criminal Investigative Service.
Federal prosecutors in the Eastern District of Virginia charged Montgomery on Sept. 11 with a single felony count under a provision of the Computer Fraud and Abuse Act that covers intrusions in which damage is done or public safety is jeopardized.
The charge was dropped in a plea deal on Wednesday. Montgomery pleaded guilty to new, lesser charge of exceeding his authorized access to the NGA computer on which he read about the terrorism operation and obtained the password to the unnamed system. The misdemeanor carries up to a year in prison, but sentencing guidelines suggest probation for a first offense.
In an interview with Threat Level last week, Montgomery said he was being made a scapegoat for a security slip-up that sent the password to thousands of analysts without the need-to-know.
“In my opinion, go after the person who provided me with that information,” he told Threat Level last week. “I was just a consumer. I wasn’t the person who put that username and password out there for tens out thousands of analysts to see.”
The United States’ Attorneys office has not returned a phone call on the case. Montgomery and his attorney did not immediately return phone calls Thursday.