Josh Schulte Sentenced to 40 Years

Aldrich Ames was arrested at the age of 53 in 1994 after 9 years of spying for Russia. He remains imprisoned in Terre Haute to this day — 30 years and counting — at the age of 82. (My math here is all rough.)

Robert Hanssen was arrested in 2001 at the age of 57 after 22 years of spying for Russia. He died last year, at the age of 79, in Florence SuperMax.

After six years in jail — most under Special Administrative Measures sharply limiting his communication — Josh Schulte, aged 35, was sentenced Thursday to 40 years in prison. He will presumably go to either Florence (most likely, because Judge Jesse Furman recommended he should go to someplace close to Lubbock) or Terre Haute.

Since his guidelines sentencing range was life in prison, I’m not sure how much, if any, of his sentence could, hypothetically, be dropped for good behavior.

Furman sentenced him concurrently on his Child Sexual Abuse Material conviction and the Espionage Act charges. Barring any successful appeal, he would be in prison for at least 20 years on top of time served, if he were to get credit for good behavior. That would put him back on the street at age 55, still the prime of his life (says someone in precisely that prime of her life, someone still learning some of the forensic techniques Schulte mastered as a teenager).

But the possibility that Schulte would be released before 2058, when Schulte will be 69, is based on two very big assumptions (on top of my uncertainty about whether he could get time off). First, that Schulte could sustain “good behavior” in prison, when he has failed to do so even while being held under SAMs in New York. Most recently, the government alleges he somehow obtained more CSAM in 2022 while in prison, where he would consume it in his cell after days representing himself in his second trial, the one in which he was convicted of the Espionage Act charges.

Even while Schulte’s family was traveling to attend his trial in 2022, he chose to retreat to his cell to view the child pornography that he had secreted on his prison laptop. (See D.E. 1093-1 at 3-4 (describing examples of times when videos were played).)

And there’s good reason to believe he attempted to — may well have succeeded at — conducting further hacks from prison.

That’s some of what I’ve been pondering since the government first requested that Schulte be treated like four men, including Ames and Hanssen, who gave America’s secrets to Russia rather than giving them to WikiLeaks, as a jury convicted Schulte of doing, by sentencing him to life in prison.

It took years of tradecraft to recruit and cultivate sources like Ames and Hanssen.

Many of the details about what led up to Schulte’s leaks of the CIA’s hacking tools remain unknown — including via what server he shared the files, because WikiLeaks’ submission system could not have accepted them at the time, meaning Schulte necessarily had some kind of contact with WikiLeaks in advance.

But the current story is that Schulte reacted to being disciplined at work fairly directly by stealing and then sharing the CIA hacking tools in one fell swoop. In a matter of days in April and May 2016 (perhaps not coincidentally, the same period when Russian hackers were stealing files from Hillary Clinton’s team), Schulte took steps that burned a significant part of CIA’s capabilities to the ground.

As a result of that reactive decision, Schulte delivered a set of files that would allow their recipients to hunt down CIA’s human sources based off the digital tracks they left in highly inaccessible computers. As I’ve noted, Schulte was well aware of the damage that could do, because he wrote it up in a self-serving narrative after the fact.

I told them the confluence server was the one that seemed to be compromised, and while horrible and damaging at least it wasn’t Stash; At least not at this point–Hopefully they could stop any additional leaks from the network at this point. From the news articles I’ve read, wikileaks claims to have source code, but we don’t know what code or from where. However, at this point, I knew the SOP was a complete stand down on all [redacted] operations. We had no idea what had been leaked, when, for how long, or even who else had seen the materials leaked. Have they been steadily accessing our network every day? Have all our ops been blown since we wrote the first line of code? Perhaps only confluence had been leaked, but the individual(s) responsible are/were planning to exfil the other parts of DEVLAN too? So much still unknown, and with potential (yet unconfirmed) link between wikileaks and Russia–Did the Russians have all the tools? How long? It seems very unlikely that an intelligence service would ever leak a nation’s “cyber weapons” as the media calls them. These tools are MUCH more valuable undiscovered by the media or the nation that lost them. Now, you can secretly trace and discover every operation that nation is conducting. I told them all this was certainly very disturbing and I felt bad for my friends and colleagues at the agency who likely weren’t doing anything and most likely had to completely re-write everything. [my emphasis]

What gets virtually no coverage is that this is precisely what happened: the bulk of the most sensitive files Schulte stole, the source code, has never been publicly accounted for. That’s why I find credible the unsealed and sealed filings submitted with sentencing claiming that Schulte caused what Judge Furman claimed (as reported by Inner City Press) was $300 million in damage and a cascading series of compromises.

Because DOJ couldn’t trade a death sentence in exchange for cooperation about how Schulte did it, as they did with Ames and Hanssen, because digital encryption is much more secure than a dead drop in a Virginia park, it’s not clear whether the government even knows all of it.

I don’t even know what Schulte was trying when he attempted to social engineer me from jail in 2018 — but I have my suspicions.

Later this month, Julian Assange will get a last chance to stave off extradition. I have long suspected if the UK approves the extradition, Russia will attempt to swap Evan Gershkovich for Assange. One way or another, we may learn more about what the US government has learned about the WikiLeaks operation in the 7 years since Schulte was part of one of the most successful, sustained attacks by Russia on the US.

But until then, Schulte will be moving to new long-term accommodations in a highly secure prison.

32 replies
  1. EW Moderation Team says:

    A reminder to all new and existing community members participating in comments:

    — We have been moving to a new minimum standard to support community security over the last year. Usernames should be unique and a minimum of a minimum of 8 letters.

    — We do not require a valid, working email, but you must use the same email address each time you publish a comment here. **Single use disposable email addresses do not meet this standard.**

    — If you have been commenting here but have less than 1000 comments published and been participating less than 10 years as of October 2022, you must update your username to match the new standard.

    Thank you.

    • Purple Martin says:

      In my forties I may have considered sixties, Elderly. Now, with the (ahem) wisdom of a few more decades, I’m just Old, while Elderly manages to stay about two decades out. (Spry old coot to keep that up.)

    • David F. Snyder says:

      When I think of a 50 year old song, I think of something along the line of Glenn Miller. but actual 50 year old songs are more along the line of “Bennie and the Jets” or “Apostrophe” etc. Gah!

  2. Fiendish Thingy says:

    IMO, Schulte’s case is the perfect counter argument to those who whine about the pace of DOJ’s Trump prosecutions, usually starting with “if it were anyone else…” ;

    3 years to investigate and indict, 2+ years and two trials to convict, and over a year to sentence.

  3. dar_5678 says:

    > I have long suspected if the UK approves the extradition, Russia will attempt to swap Evan Gershkovich for Assange.

    I wonder what Russia would demand in exchange for Edward Snowden.

  4. wetzel-rhymes-with says:

    A contractor working for the CIA is discovered to be downloading CSAM by a foreign intelligence agency, and this is kompromat. He is forced to reveal vital national security secrets, which are directed to Wikileaks, an organization itself being destroyed by kompromat, whether kompromat about Assange or Assange’s own greed for kompromat. Kompromat is like money. It’s like a financial asset. Opposition research. A person can transfer it, save it, spend it, or invest in it. Some individuals are collectors of kompromat, I think those people develop a greed or avarice about it.

    If kompromat were a kind of intellectual property like a patent or a trademark, then like trade secrets, kompromat would be capital. It has power to make things happen in the world like money, but unlike a trade secret revealed as a patent gaining value as commerce flourishes, kompromat is spent when it becomes public and loses all its value as intellectual property, although there is also a kind of flourishing, Kompromat flourishes as a scandal. A person’s life is destroyed.

    When kompromat becomes public, it forms a mob around the stigma, so the flourishing of a piece of kompromat can work as fascist propaganda, and the truth may not even matter. Revealing kompromat only increase the power of the original holder if they have more kompromat. Regular people ruin their lives trying to get rich on kompromat. I think only institutional investors or wealthy indiividuals can invest in kompromat.

    [FYI – something in this text triggered the Spam algorithm. I don’t know what it is but please keep this in mind before firing off multiple attempts of the same comment. The other copies will be binned. /~Rayne]

    • Ginevra diBenci says:

      Kompromat only works as leverage as long as it stays secret, something increasingly difficult to sustain in today’s wired world. Both the owner and the target have an investment in secrecy, obviously. But how many secrets have that kind of power?

      I’m wishing Fani Willis had not empowered her critics by failing to disclose her relationship with Nathan Wade from the outset. Mike Roman, a kompromat expert, used this to his advantage when the truth might have cut him off at the knees.

      Because Trump has played the kompromat game as an amateur for decades, he feels more comfortable with it than he maybe should. The jury is still out on that, however.

      • Bruce Olsen says:

        Based on his expression after the Helsinki meeting with Putin, Trump probably learned how amateur a kompromatist (kompromatizer?) he was.

        • wetzel-rhymes-with says:

          Aside from his father, I think the McCarthyite mob lawyer, Roy Cohn, and National Enquirer publisher, David Pecker, are the only two people I have ever seen referenced as the mentors of Donald Trump. I think from Cohn, Trump is like Reagan. He’s a Macy’s Day balloon pulled down the street. He’s John Barron. You can’t ever precisely identify him.

          I don’t think Trump necessarily has been compromised by Putin for Trump to experience dominance. He recognizes Putin has a bigger fortune, money, kompromat, and yachts. Maybe holding onto all of those classified documents and becoming a dictator are from the narcissistic injury Donald Trump experiences that someone could be bigger than Him.

          Or maybe Putin actually does have kompromat on Trump. Kompromat forms people into a network where it flows like tribute along vertical lines of authority, like the kompromat passed from Manifort to Deripaska, trying to settle a debt, so to with Trump’s kompromat I would imagine to Putin, so this is now all GOP opposition research is potentially kompromat held in Russia. Maybe we are abandoning Ukraine out of the human fallibility of Okies from Muskogee. Kompromat is flowing like money in networks of the compromised. Ockham’s Razor it is how the GOP has been turned.

    • wetzel-rhymes-with says:

      Thanks for the heads up, Rayne! Maybe Schulte got his hands on another phone!

      Ruminating this morning how kompromat could be thought of as a financial asset. No legal claim or contract, but possession of kompromat forms a stream of receivables from another entity. It could compel exchange of financial assets or liabilities with another entity under favorable conditions, so I think there is the possibility of making a collection of kompromat into a kind of hedge fund. An intelligence service can manufacture wealth in the form of kompromat in a kleptocracy. In the West a journalistic corporation, or a person’s private island suffice.

      Should Epstein’s files be found, ruining the lives of the rich, famous and powerful, the kompromat would lose its value. Should Ghislaine tell everybody what she knows? Maybe Guislaine’s father Robert Maxwell had a similar racket in Great Britain? In kleptocracies the claim of kompromat is the same as any other legal claim. Maybe FSB will use catch-and-kill to rule the world. If it all stays secret, it all still has value as kompromat. Jeffrey died for all their sins, to keep them all secret.

    • Narpington says:

      Ideally, a spook’s employer would find out he’s up to no good before the opposition.

      One might also hope that his employer would immediately warn friendly entities (Apple, Google etc) of any exploits they’d used which had been compromised.

      • wetzel-rhymes-with says:

        I remember one of John Naisbitt’s “Megatrends” in the 1980’s was that he predicted the “de-massification” of economic goods. I think something like demassification of kompromat has happened since the time of Sherlock Holmes. Back then, maybe, kompromat wasn’t intellectual property but physical property – a damaging letter or a notebook. Nigerian scammers can hide behind AI girlfriends and manufacture digital kompromat from Asians, Americans, and Europeans. In the Neuromancer world of the-not-to-distant future, Elon will be downloading digital kompromat from us directly through our implants.

  5. Harry Eagar says:

    Perhaps some spooky work should be confined to paper?

    If done at all.

    My first encounter with the CIA was in the stacks of the library at Cow College in 1965. A periodical shelved because C. College was a Federal Repository: Communism in Indonesia. I did not understand then, of course, but I had in my teen-age hands a piece of a plot that was at that moment murdering 250,000 — or maybe 500,000, who’s counting? — innocent people.

    There are worse crimes than stealing CIA secrets.

    • earlofhuntingdon says:

      The number of people killed in Indonesia’s mass killings is probably north of 500,000, a long list of them generated specifically by the CIA. It’s one of the great undercovered stories. But there’s no indication Schulte’s crimes were about anything other than Schulte.

  6. Magnet48 says:

    I don’t know from kompramat but to this unsophisticated soul it seems like the worst folly to give a prison laptop to an accomplished & convicted hacker. Maybe I’m just too naive but I would hope my government would think better of it next time.

Comments are closed.