Claiming Josh Schulte’s Leaks Cost CIA 100s of Millions, DOJ Asks for Life Sentence

In support of sentencing for Josh Schulte, DOJ submitted an unclassified letter from CIA’s Deputy Director claiming his breach cost the agency hundreds of millions of dollars, a sealed classified filing that must speak to grave harm, and a sealed letter from a CSAM victim.

The how they get to the sentencing recommendation is quite technical (though it involves a terrorism enhancement for using computers to engage in espionage).

The what — a request for a life sentence — is not surprising. The comparison of his crimes to Robert Hanssen and Aldrich Ames is similary not surprising.

Indeed, it is the proof that Schulte carried out his conduct with the specific intent that his theft would harm the United States that sets his case apart. In virtually all cases identified in the Government’s research in which violations of § 793(b) have been prosecuted, that charge has been paired with violations of 18 U.S.C. § 794, which penalizes the delivery of national defense information to a foreign government with the same intent requirement. That offense does not apply to Schulte’s conduct, because he chose to transmit the Stolen CIA Files to WikiLeaks, rather than directly to a foreign state. But Schulte’s intent to harm the United States, the scope of his theft and disclosure, and the consequences of his conduct, more closely parallels cases prosecuted under § 794 than so-called “leak” cases in which comparatively small amounts of information are shared with media organizations with a misguided sense of the public interest. In such cases, Courts have routinely, albeit gravely, concluded that terms of life imprisonment are the only appropriate sanction for such devastating crimes, notwithstanding the fact that many similarly situated individuals accepted responsibility for their crimes. See, e.g., United States v. Robert Hanssen, 01 Cr. 1088 (E.D. Va. 2002) (life imprisonment for FBI supervisor who pled guilty to selling classified information to Russia); United States v. Aldrich Ames, 94 Cr. 166 (E.D. Va. 1994) (life imprisonment for CIA officer who pled guilty to selling classified information to Russia); United States v. Arthur James Walker, 85 Cr. 92 (E.D. Va. 1985) (life imprisonment for former Navy officer convicted of selling documents for transmission to Russia); United States v. Andrew Daulton Lee, 589 F.2d 980 (9th Cir. 1979) (life imprisonment for contractor convicted of selling classified information regarding CIA project to Russia).

It is, however, fairly sobering.

40 replies
  1. EW Moderation Team says:

    A reminder to all new and existing community members participating in comments:
    — We have been moving to a new minimum standard to support community security over the last year. Usernames should be unique and a minimum of a minimum of 8 letters.

    — We do not require a valid, working email, but you must use the same email address each time you publish a comment here. **Single use disposable email addresses do not meet this standard.**

    — If you have been commenting here but have less than 1000 comments published and been participating less than 10 years as of October 2022, you must update your username to match the new standard.

    Thank you.

  2. David F. Snyder says:

    The entire list given in that last quote are just some of Putin’s “useful idiots.” I hope they nab the orange one.

  3. Peterr says:

    From the cover letter:

    At an unclassified level, I can confirm that the crimes committed by Mr. Schulte caused exceptionally grave harm to U.S. national security and the CIA.

    The phrase “exceptionally grave harm” (or “damage”) is a term of art in the intelligence community. In the Code of Federal Regulations (CFR), it appears in the definitions that apply to various levels of security classifications:

    (f) Security classification category. The specific degree of classification (Top Secret, Secret or Confidential) assigned to classified information to indicate the degree of protection required.

    (1) Top Secret. Top Secret refers to national security information or material which requires the highest degree of protection. The test for assigning Top Secret classification shall be whether its unauthorized disclosure could reasonably be expected to cause exceptionally grave damage to the national security. Examples of “exceptionally grave damage” include armed hostilities against the United States or its allies; disruption of foreign relations vitally affecting the national security; the compromise of vital national defense plans or complex cryptologic and communications intelligence systems; the revelation of sensitive intelligence operations; and the disclosure of scientific or technological developments vital to national security. This classification shall be used with the utmost restraint.

    CFR says to use this classification and phrasing with utmost restraint, and it is the first thing that Deputy Director of the CIA David S. Cohen says about what Schulte has done. Cohen’s letter was hand-delivered to the court, because attached to it was a “classified statement by Peter T. Ranks, Director of CIA’s Center for Cyber Intelligence.”

    The three words “exceptionally grave harm” were not chosen lightly, nor the method of delivery, and I would imagine every federal judge in the DC district and circuit knows that.

    • Rayne says:

      Oh jeepers, I needed your comment, thank you. It explains the follow-up post VOA’s Steve Herman made yesterday to a wholly unrelated subject I won’t elaborate on here.

      I didn’t realize State Department and the White House used the same CFR language in public statements until you shared this about the phrase “exceptionally grave harm” (or “damage”).

      • Peterr says:

        To folks in the Intelligence Community, those words are a Flashing Red Light with a Klaxon Horn. If they are used to describe something you have done, even if only as an accusation and not a conclusion, you will feel an urgent need to change your pants.

        • Rayne says:

          Shit. That explains another news development today.

          I will bet good money IDF killed US intelligence operatives and/or key assets this week.

          • vigetnovus says:

            I would tend to agree. Been kinda wondering that in the back of my mind since earlier this week. Netenyahu’s rhetoric has been ramping up a lot as of late.

            • Rayne says:

              There have been multiple fuck-yous to the White House and State Department. The public is not asking why so much confidence.

              • vigetnovus says:

                Is it confidence, or is it the lashing out of folks who are running out of options and are increasingly being cornered?

                I hope it is the latter, although I realize that can be very very dangerous too. Not that this wasn’t foreseen. I feel like the world is playing a very high stakes 8-dimensional chess game right now, with grave consequences should the “wrong” side lose. So much for a “nice game of chess”, JOSHUA. (War Games reference, not talking about the subject of this article)

                • Rayne says:

                  I wish I felt it was a case of the subject being cornered, but I suspect there are more hostages than the humans under immediate control of Hamas or IDF.

                  Like entire economies of humans unaware of being held hostage.

                  • vigetnovus says:

                    Well, that is unfortunate. Except that these folks have got to realize that economic terrorism is a one-way ticket to mutually assured destruction, so I’m not really sure if that gives them the leverage they think it does.

                    But, I hear ya. I feel like if there is a solution here, it is exceedingly complex and a very narrow pathway to thread the needle through with little margin for error. Otherwise, well, so long and thanks for all the fish???

                    • Rayne says:

                      Think very carefully about what possible outcomes emerge when the largest economy/ies is/are threatened with a sudden onset recession.

                      Karma doesn’t simply mean fate; it means all the outcomes which come with a choice. Play the karmic game of Jenga all the way: if this [XYZ] choice is made, what are the next likely outcomes? Who will be hurt and how badly?

                      Are we willing to set in motion a civil war which is already on the verge, for example? What kind of new future leadership might offer protections to certain foreign leaders? Exceedingly complex, yes, but really just an example of thinking strategically as one does in chess.

                      And fuck me but I’m not willing to nudge any Jenga pieces right this moment.

          • boatgeek says:

            Way back in teh early 2000’s, my father was a USAID officer in Tel Aviv, working on aid projects in the Occupied Territories. On one visit, he mentioned offhand that the people in his division were seen by many in the Israeli government as working for the enemy, and that he was pretty sure that his land line was tapped. I said something like “And these are supposed to be our friends?” His reply stuck with me:

            “Don’t think that Israel is our friend. Sometimes our interests align, but they will do whatever they want if they think it’s in their interest.”

            [paraphrased by 20 years of distance.]

            If the information you have becomes public, I would appreciate you sharing it as the EW team has on many other topics. This is not intended as a request for content, just recognizing your efforts on reporting what the mainstream media should be reporting.

            • Rayne says:

              You’re probably familiar with the observer effect theory in physics — observation has an effect on outcome. Citizen journalists are motivated to participate in reporting for a similar reason; a topic may not get the attention it needs in order to realize change.

              Sometimes a topic is sensitive enough, though, that coverage shouldn’t be published as soon as an issue is uncovered. If the point of citizen journalism is to effect a positive outcome, timing can matter critically.

              That’s about all I’m going to say at least for the moment. Now is simply not the time for me to elaborate. I wish the public was more media literate and educated about government and transnational relationships because it would make all of this moot.

              • boatgeek says:

                Absolutely, and I appreciate whatever you are able to share at the time when it makes sense for you to share it.

          • Savage Librarian says:

            Some seemingly disparate entities that have the potential to converge:

            1. Brad Parscale’s AI based Campaign Nucleus.
            2. Royi Burstien, Percepto International’s co-founder and CEO (formerly CEO of Psy-Group; and retired from IDF.) Connections to Koch Disruptive Technologies (KDT).
            3. Abbott’s defiance of SCOTUS about border control and the Rio Grande.
            4. Trucker convoy headed to TX.
            5. Governors (FL, OK, TN, TX) weighing the merit of whether or not to send National Guard to assist Abbott.

            • vigetnovus says:

              Sending the National Guard across state lines in defiance of the President would be an insurrection charge in my book. It is literally taking up arms against the will of the Government.

        • earthworm says:

          “exceptionally grave harm” —
          very uneasy feeling about the docs the former guy was saving out for his purposes.

      • Benji-am-Groot says:

        Rayne – I am not qualified to speculate on the level of “exceptionally grave harm” damage done by Schulte except to think it set back our ability to keep CIs safe from detection to the fekking stone age. For starters.

        What prompts my response to you is kudos for best use “oh jeepers” since a 1973 episode of M*A*S*H, well spoken Cpl. Rayne O’Reilly….

    • Peterr says:

      Note also the absence of any qualifiers attached to the phrase “exceptionally grave harm.” No “might cause” or “may have led to” or “could possibly have” here. Cohen is blunt and direct: what Schulte did *caused* exceptionally grave harm.

      If the details in the classified attachment bear that out in specific and detailed ways (“because of these revelations, Agents A B and C were suddenly grabbed and killed . . . ” or “in mere hours after these revelation were made, SIGINT programs X Y and Z suddenly went quiet, as the targets of those programs took steps to counter what were until then programs that the targets were not even aware of . . .”), the sentencing hearing will be short and sweet, in stark contrast to the exceedingly lengthy sentence itself.

      • emptywheel says:

        There are four kinds of harm we can be certain happened:

        1) CIA lost years of work and the tools that they produced, along with the zero days used to develop those tools
        2) CIA went through a phase in 2017, after the US suffered the Russian attack, in which it was substantially blind to a number of key targets
        3) Adversaries identified the human assets who were asked to insert these USB tools into target computers
        4) Adversaries identified the handlers who tried to protect the human assets identified in 3

        There is an exceedingly high likelihood that Russia got at least a few months advance warning, meaning they got to the assets who had used these tools and their handlers before the CIA did. There are several known people that I think were compromised as a result.

        Given the “exceedingly grave harm” label and the sentencing request, I expect in this case not all assets were saved. The reason you would name Schulte in the same breath as Hanssen and Ames is if Russia, especially, took out some CIA assets.

        Another thing that I have very good reason to believe happened is that pro-Russian hackers used the source code stolen from the CIA, which was generally never published, to build their own tools, using the CIA’s obscurity as double shield.

        • EuroTark says:

          I think we can add a corollary to 1). Snowden revealed that there was a pretty substantial effort to recruit assets that would be able to insert vulnerabilities into existing products. It’s quite possible that Schulte’s leaked tools could make it possible to backtrace where some of those vulnerabilities came from.

          • emptywheel says:

            That’s precisely what I mean by item 3. Adversaries would have easily been able to search their systems, find the identified code, then find out who had access. This literally was the equivalent of giving US adversaries a list of really well placed assets with just a bit of log scanning.

            • EuroTark says:

              Ah, apologies. I took your #3 to be more about the assets that deployed the developed tools, and not those that made the tools possible in the first place.

              • emptywheel says:

                oh, then I am confused. my bad.

                That may be more NSA than CIA. A lot of what Schulte was doing (and so released) had to do with fairly tailored exploits to hand to a recruited asset in a difficult country so they could stick it in a computer. Think Iranian scientists, for example.

                One project he was working on exploited a very significant zero day. But I don’t think that was created or encouraged.

                • EuroTark says:

                  Sufficiently advanced incompetence is indistinguishable from malice, or something to that effect. Snowden made me look at bugs such as Debian’s OpenSSL vulnerability in a new way.

                  These lines were removed because they caused the Valgrind and Purify tools to produce warnings about the use of uninitialized data in any code that was linked to OpenSSL. You can see one such report to the OpenSSL team here. Removing this code has the side effect of crippling the seeding process for the OpenSSL PRNG. Instead of mixing in random data for the initial seed, the only “random” value that was used was the current process ID. On the Linux platform, the default maximum process ID is 32,768, resulting in a very small number of seed values being used for all PRNG operations.

                  The very short version is that a Debian maintenance-crewmember made a very minor change to how the OpenSSL library was packaged. That is the component which generates the security certificates for servers, and the change made it very possibly to brute-force any certificate generated by a Debian-server, which was a fairly large part of the internet back then. There’s certainly enough cover that it could have happened by accident, but it could also have been introduced deliberately. Similarly for Heartbleed, which NSA actually denied exploiting before it was publically known.

    • Bruce-K-in-ATH-GR says:

      From the 1987 movie “Dragnet”:

      “He is presently in the men’s correction facility at Chino, serving 43 consecutive 99-year sentences. Which makes him eligible for parole in 7 years.”

  4. OnKilter says:

    Schulte was supposed to be sentenced on January 10, 2024 for his conviction for multiple child pornography crimes.

    But I cannot find any indication that this has been accomplished.

    • emptywheel says:

      No, it’s part of the same sentencing. His lawyer had a trial in December and asked for a continuance, and Furman gave less than a month.

      He’s currently scheduled to be sentenced on all of it on February 1.

  5. Sussex Trafalgar says:

    Excellent article and subsequent comments. And never forget the Trump meeting with Putin in Helsinki and the press conference that followed. The press conference was ghastly and informative.

    Anyone who can fog a mirror should assume Trump and Putin communicate on a regular basis.

  6. earthworm says:

    Am always curious about those late night
    ‘truth social posts” and what time it happens to be, moscow/st petersburg.

    • ColdFusion says:

      Moscow is currently +3 UTC, east coast of USA is -4 or -5 UTC (depending on DST) so 7-8 hours ahead of the balding orange. Putin can read a 2am rant while he eats brunch.

      Also, $83.3mil fine decided by a jury for the 2nd defamation case, and since he can’t shut up about it, seems they are looking to sue him a 3rd time.

Comments are closed.