In 2016, U.S. law enforcement arrested Harold T. Martin III, a National Security Agency (NSA) contractor, for stealing a massive amount of classified data that would put Edward Snowden to shame. Now, it’s being revealed the intelligence that led to the bust came from the unlikeliest of sources: a Russian cybersecurity company.

Kaspersky Lab, based in Moscow, tipped the NSA about Martin’s threat after receiving a series of messages via Twitter. According to Politico, which spoke with two sources involved in the ongoing investigation, Martin stole around 50 terabytes of classified data from the NSA and other intelligence agencies over a 20-year period. The data included information on the NSA’s top secret hacking programs. Martin’s crimes are believed to be the largest breach of classified data and documents in U.S. history.

Utilizing a Twitter account under the name “HAL999999999,” Martin sent five messages to Kaspersky Lab employees, asking them to arrange a meeting with the firm’s CEO. Meanwhile, a hacker group named Shadow Brokers began publishing classified NSA data online and arranged an online auction for NSA codes. The Kaspersky Lab managed to trace the Twitter account back to Martin. The almost simultaneous actions – 30 minutes elapsed between Martin’s tweets and the Shadow Brokers’ announcement – led the Russian firm to deduce Martin was behind it. They promptly contacted the NSA.

Martin’s trial is scheduled for June. He is charged with 20 counts of unauthorized and willful retention of national defense information. If found guilty, he faces up to ten years behind bars.