[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

Trust: In Bid for Stay, DOJ Likened Trump to Catastrophic Intelligence Compromise

There’s a detail in DOJ’s request for a stay of Judge Aileen Cannon’s injunction on using stolen Trump documents to investigate Trump that hasn’t gotten enough attention.

A footnote modifying a discussion about the damage assessment the Intelligence Community is currently doing referenced a letter then-NSA Director Mike Rogers wrote in support of Nghia Pho’s sentencing in 2018. [This letter remains sealed in the docket but Josh Gerstein liberated it at the time.]

[I]n order to assess the full scope of potential harms to national security resulting from the improper retention of the classified records, the government must assess the likelihood that improperly stored classified information may have been accessed by others and compromised. 4

4 Departments and agencies in the IC would then consider this information to determine whether they need to treat certain sources and methods as compromised. See, e.g., Exhibit A to Sentencing Memorandum, United States v. Pho, No. 1:17-cr-631 (D. Md. Sept. 18, 2018), D.E. 20-1 (letter from Adm. Michael S. Rogers, Director, National Security Agency) (“Once the government loses positive control over classified material, the government must often treat the material as compromised and take remedial actions as dictated by the particular circumstances.”).

Even on its face, the comment suggests the possibility that the Intelligence Community is shutting down collection programs because Trump took documents home.

But the analogy DOJ made between Trump and Pho, by invoking the letter, is even worse.

I’ve written about Pho, who with Hal Martin, is believed to be the source of the files leaked by Shadow Brokers and, with them, two devastating global malware attacks, WannaCry and NotPetya.

Over a month ago, I suggested that the IC likely had Pho and Martin in mind as they considered the damage Trump may have done by doing the same thing; taking highly classified files home from work.

[T]he lesson Pho and Martin offer about how catastrophic it can be when someone brings classified files home and stores them insecurely, no matter their motives — are the background against which career espionage prosecutors at DOJ will be looking at Trump’s actions.

But with the footnote, I’m no longer the only one to make such an analogy. DOJ did so too, in an unsuccessful effort to get Judge Cannon to understand the magnitude of the breach she was coddling.

As you read this letter, replace Pho’s name with Trump’s. It reads almost seamlessly.

That’s the analogy DOJ made between Trump and someone his own DOJ prosecuted aggressively.

Pho retained classified information outside of properly secured spaces and by doing so caused very significant and long-lasting harm to the NSA, and consequently to the national security of the United States.

[snip]

[T]he exposure of the United States’ classified information outside of secure spaces may result in the destruction of intelligence-gathering efforts used to protect this nation. Mr. Pho, who voluntarily assumed this responsibility, ignored his oath to his country and the NSA by taking classified information outside of secure spaces, thereby placing that information in significant jeopardy.

[snip]

Mr. Pho’s conduct in improperly and unlawfully retaining national defense information, which included highly classified information, outside of secure space had significant negative impacts on the NSA mission.

[snip]

Techniques of the kind Mr. Pho was entrusted to protect, yet removed from secure space, are force multipliers, allowing for intelligence collection in a multitude of environments around the globe and spanning a wide range of national security topics. Compromise of one technique can place many opportunities for intelligence collection and national security at risk.

By removing such highly classified materials outside of secure space, Mr. Pho subjected those materials to compromise. It is a fundamental mandate in the Intelligence Community that classified material must be handled and stored in very specific and controlled ways. If classified material is not handled or stored according to strict rules, then the government cannot be certain that it remains secret. Once the government loses positive control over classified material, the government must often treat the material as compromised and take remedial actions as dictated by the particular circumstances. Depending on the type and volume of compromised classified material, such reactions can be costly, time consuming and cause a shift in or abandonment of programs. In this case, the fact that such a tremendous volume of highly classified, sophisticated collection tools was removed from secure space and left unprotected, especially in digital form on devices connected to the Internet, left the NSA with no choice but to abandon certain important initiatives, at great economic and operational cost.

In addition, NSA was faced with the crucial and arduous task of accounting for all of the exposed classified materials, including TOP SECRET information, the unauthorized disclosure of which, by definition, reasonably could be expected to cause exceptionally grave damage to the national security. Accounting for all of the exposed classified material was necessary so that NSA could attempt to assess the damage that resulted from the classified and diverted critical resources away from NSA’s intelligence-gathering mission.

The detrimental impacts of Mr. Pho’s activities are also felt in other less tangible ways, including a loss of trust among colleagues and essential partners who count on NSA to conduct its mission.

[snip]

Trust is an essential component of all of the work that is done by NSA employees. It is affirmed by our sworn oath to uphold and defend the Constitution, sealed by our signed obligations to protect national defense information.

[snip]

This trust extends to a circle with other U.S. intelligence agencies, who share valuable intelligence insights; military personnel, who share details of their operational plans; and international partners, who share their sovereign secrets with us, all for common objectives.

[snip]

Future decisions about sharing will be weighted with considerations of the breach of trust by one party.

There’s little that distinguishes Pho’s compromise from Trump’s. While Trump didn’t load all this stuff online like Pho did, he brought it to a thinly-protected country club aggressively targeted by foreign intelligence services — a more obvious target than Pho’s desktop computer.

And whether the IC knows about the extent of the compromise right now, or whether something he made available will shut down shipping and hospitals and drug manufacturing in two years time, as Pho’s compromises did, the IC has to act as if these files have already been compromised.

That’s what the footnote says.

As I said, Trump’s own DOJ ratcheted up prosecutions in the wake of the Pho and Martin compromises. And now Trump — along with a judge he appointed — are trying to make sure he evades the same justice that his own DOJ demanded of others.

Update: Clarified that Martin and Pho are believed to be the source of the files leaked by Shadow Brokers, but not the leakers themselves.

Go to emptywheel resource page on Trump Espionage Investigation.

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

18 USC 793e in the Time of Shadow Brokers and Donald Trump

Late last year, a Foreign Affairs article by former Principal Deputy Director of National Intelligence Sue Gordon and former DOD Chief of Staff Eric Rosenbach asserted that the files leaked in 2016 and 2017 by Shadow Brokers came from two NSA officers who brought the files home from work.

In two separate incidents, employees of an NSA unit that was then known as the Office of Tailored Access Operations—an outfit that conducts the agency’s most sensitive cybersurveillance operations—removed extremely powerful tools from top-secret NSA networks and, incredibly, took them home. Eventually, the Shadow Brokers—a mysterious hacking group with ties to Russian intelligence services—got their hands on some of the NSA tools and released them on the Internet. As one former TAO employee told The Washington Post, these were “the keys to the kingdom”—digital tools that would “undermine the security of a lot of major government and corporate networks both here and abroad.”

One such tool, known as “EternalBlue,” got into the wrong hands and has been used to unleash a scourge of ransomware attacks—in which hackers paralyze computer systems until their demands are met—that will plague the world for years to come. Two of the most destructive cyberattacks in history made use of tools that were based on EternalBlue: the so-called WannaCry attack, launched by North Korea in 2017, which caused major disruptions at the British National Health Service for at least a week, and the NotPetya attack, carried out that same year by Russian-backed operatives, which resulted in more than $10 billion in damage to the global economy and caused weeks of delays at the world’s largest shipping company, Maersk. [my emphasis]

That statement certainly doesn’t amount to official confirmation that that’s where the files came from (and I’ve been told that the scope of the files released by Shadow Brokers would have required at least one more source). But the piece is as close as anyone with direct knowledge of the matter — as Gordon would have had from the aftermath — has come to confirming on the record what several strands of reporting had laid out in 2016 and 2017: that the NSA files that were leaked and then redeployed in two devastating global cyberattacks came from two guys who brought highly classified files home from the NSA.

The two men in question, Nghia Pho and Hal Martin, were prosecuted under 18 USC 793e, likely the same part of the Espionage Act under which the former President is being investigated. Pho (who was prosecuted by Thomas Windom, one of the prosecutors currently leading the fake elector investigation) pled guilty in 2017 and was sentenced to 66 months in prison; he is processing through re-entry for release next month. Martin pled guilty in 2019 and was sentenced to 108 months in prison.

The government never formally claimed that either man caused hostile powers to obtain these files, much less voluntarily gave them to foreign actors. Yet it used 793e to hold them accountable for the damage their negligence caused.

There has never been any explanation of how the files from Martin would have gotten to the still unidentified entity that released them.

But there is part of an explanation how files from Pho got stolen. WSJ reported in 2017 that the Kaspersky Anti-Virus software Pho was running on his home computer led the Russian security firm to discover that Pho had the NSA’s hacking tools on the machine. Somehow (the implication is that Kaspersky alerted the Russian government) that discovery led Russian hackers to subsequently target Pho’s computer and steal the files. In response to the WSJ report, Kaspersky issued their own report (here’s a summary from Kim Zetter). It acknowledged that Kaspersky AV had pulled in NSA tools after triggering on a known indicator of NSA compromise (the report claimed, and you can choose to believe that or not, that Kaspersky had deleted the most interesting parts of the files obtained). But it also revealed that in that same period, Pho had briefly disabled his Kaspersky AV and downloaded a pirated copy of Microsoft Office, which led to at least one backdoor being loaded onto his computer via which hostile actors would have been able to steal the NSA’s crown jewels.

Whichever version of the story you believe, both confirm that Kaspersky AV provided a way to identify a computer storing known NSA hacking tools, which then led Pho — someone of sufficient seniority to be profiled by foreign intelligence services — to be targeted for compromise. Pho didn’t have to give the files he brought home from work to Russia and other malicious foreign entities. Merely by loading them onto his inadequately protected computer and doing a couple of other irresponsible things, he made the files available to be stolen and then used in one of the most devastating information operations in history. Pho’s own inconsistent motives didn’t matter; what mattered was that actions he took made it easy for malicious actors to pull off the kind of spying coup that normally takes recruiting a high-placed spy like Robert Hanssen or Aldrich Ames.

In the aftermath of the Shadow Brokers investigation, the government’s counterintelligence investigators may have begun to place more weight on the gravity of merely bringing home sensitive files, independent of any decision to share them with journalists or spies.

Consider the case of Terry Albury, the FBI Agent who shared a number of files on the FBI’s targeting of Muslims with The Intercept. As part of a plea agreement, the government charged Albury with two counts of 793e, one for a document about FBI informants that was ultimately published by The Intercept, and another (about an online terrorist recruiting platform) that Albury merely brought home. The government’s sentencing memo described the import of files he brought home but did not share with The Intercept this way:

The charged retention document relates to the online recruitment efforts of a terrorist organization. The defense asserts that Albury photographed materials “to the extent they impacted domestic counter-terrorism policy.” (Defense Pos. at 37). This, however, ignores the fact that he also took documents relating to global counterintelligence threats and force protection, as well as many documents that implicated particularly sensitive Foreign Intelligence Surveillance Act collection. The retention of these materials is particularly egregious because Albury’s pattern of behavior indicates that had the FBI not disrupted Albury and the threat he posed to our country’s safety and national security, his actions would have placed those materials in the public domain for consumption by anyone, foreign or domestic.

And in a declaration accompanying Albury’s sentencing, Bill Priestap raised the concern that by loading some of the files onto an Internet-accessible computer, Albury could have made them available to entities he had no intention of sharing them with.

The defendant had placed certain of these materials on a personal computing device that connects to the Internet, which creates additional concerns that the information has been or will be transmitted or acquired by individuals or groups not entitled to receive it.

This is the scenario that, one year earlier, was publicly offered as an explanation for the theft of the files behind The Shadow Brokers; someone brought sensitive files home and, without intending to, made them potentially available to foreign hackers or spies.

Albury was sentenced to four years in prison for bringing home 58 documents, of which 35 were classified Secret, and sending 25 documents, of which 16 were classified Secret, to the Intercept.

Then there’s the case of Daniel Hale, another Intercept source. Two years after the Shadow Brokers leaks (and five years after his leaks), he was charged with five counts of taking and sharing classified documents, including two counts of 793e tied to 11 documents he took and shared with the Intercept. Three of the documents published by The Intercept were classified Top Secret.

Hale pled guilty last year, just short of trial. As part of his sentencing process, the government argued that the baseline for his punishment should start from the punishments meted to those convicted solely of retaining National Defense Information. It tied Hale’s case to those of Martin and Pho explicitly.

Missing from Hale’s analysis are § 793 cases in which defendants received a Guidelines sentence for merely retaining national defense information. See, e.g., United States v. Ford, 288 F. App’x 54, 61 (4th Cir. 2008) (affirming 72-month sentence for retention of materials classified as Top Secret); United States v. Martin, 1:17-cr-69-RDB) (D. Md. 2019) (nine-year sentence for unlawful retention of Top Secret information); United States v. Pho, 1:17-cr-00631 (D. Md. 2018) (66-month sentence for unlawful retention of materials classified as Top Secret). See also United States v. Marshall, 3:17-cr-1 (S.D. TX 2018) (41-month sentence for unlawful retention of materials classified at the Secret level); United States v. Mehalba, 03-cr-10343-DPW (D. Ma. 2005) (20-month sentence in connection with plea for unlawful retention – not transmission – in violation of 793(e) and two counts of violating 18 U.S.C. 1001; court departed downward due to mental health of defendant).

Hale is more culpable than these defendants because he did not simply retain the classified documents, but he provided them to the Reporter knowing and intending that the documents would be published and made available to the world. The potential harm associated with Hale’s conduct is far more serious than mere retention, and therefore calls for a more significant sentence. [my emphasis]

Even in spite of a moving explanation for his actions, Hale was sentenced to 44 months in prison. Hale still has almost two years left on his sentence in Marion prison.

That focus on other retention cases from the Hale filing was among the most prominent national references to yet another case of someone prosecuted during the Trump Administration for taking classified files home from work, that of Weldon Marshall. Over the course of years of service in the Navy and then as a contractor in Afghanistan, Marshall shipped hard drives of classified materials home.

From the early 2000s, Marshall unlawfully retained classified items he obtained while serving in the U.S. Navy and while working for a military contractor. Marshall served in the U.S. Navy from approximately January 1999 to January 2004, during which time he had access to highly sensitive classified material, including documents describing U.S. nuclear command, control and communications. Those classified documents, including other highly sensitive documents classified at the Secret level, were downloaded onto a compact disc labeled “My Secret TACAMO Stuff.” He later unlawfully stored the compact disc in a house he owned in Liverpool, Texas. After he left the Navy, until his arrest in January 2017, Marshall worked for various companies that had contracts with the U.S. Department of Defense. While employed with these companies, Marshall provided information technology services on military bases in Afghanistan where he also had access to classified material. During his employment overseas, and particularly while he was located in Afghanistan, Marshall shipped hard drives to his Liverpool home. The hard drives contained documents and writings classified at the Secret level about flight and ground operations in Afghanistan. Marshall has held a Top Secret security clearance since approximately 2003 and a Secret security clearance since approximately 2002.

He appears to have been discovered when he took five Cisco switches home. After entering into a cooperation agreement and pleading guilty to one count of 793e, Marshall was (as noted above) sentenced to 41 months in prison. Marshall was released last year.

Outside DOJ, pundits have suggested that Trump’s actions are comparable to those of Sandy Berger, who like Trump stole files that belong to the National Archives and after some years pled guilty to a crime that Trump since made into a felony, or David Petraeus, who like Trump took home and stored highly classified materials in unsecured locations in his home. Such comparisons reflect the kind of elitist bias that fosters a system in which high profile people believe they are above the laws that get enforced for less powerful people.

But the cases I’ve laid out above — particularly the lesson Pho and Martin offer about how catastrophic it can be when someone brings classified files home and stores them insecurely, no matter their motives — are the background against which career espionage prosecutors at DOJ will be looking at Trump’s actions.

And while Trump allegedly brought home paper documents, rather than the digital files that Russian hackers could steal while sitting in Moscow, that doesn’t make his actions any less negligent. Since he was elected President, Mar-a-Lago became a ripe spying target, resulting in at least one prosecution. And two of the people he is most likely to have granted access to those files, John Solomon and Kash Patel, each pose known security concerns. Trump has done the analog equivalent of what Pho did: bring the crown jewels to a location already targeted by foreign intelligence services and store them in a way that can be easily back-doored. Like Pho, it doesn’t matter what Trump’s motivation for doing so was. Having done it, he made it ridiculously easy for malicious actors to simply come and take the files.

Under Attorneys General Jeff Sessions and Bill Barr, DOJ put renewed focus on prosecuting people who simply bring home large caches of sensitive documents. They did so in the wake of a costly lesson showing that the compromise of insecurely stored files can do as much damage as a high level recruited spy.

It’s a matter of equal justice that Trump be treated with the same gravity with which Martin and Pho and Albury and Hale and Marshall were treated under the Trump Administration, for doing precisely what Donald Trump is alleged to have done (albeit with far fewer and far less sensitive documents). But as the example of Shadow Brokers offers, it’s also a matter of urgent national security.

The Discovery Refrigerator: When Joshua Schulte Social Engineered His Cellmate’s Brother

In advance of some other things, I want to look at the time that Joshua Schulte, who was convicted last week on nine counts related to stealing and leaking CIA files to WikiLeaks, social engineered the brother of his cellmate.

One of the charges on which the jury found Schulte guilty was sending WaPo reporter Shane Harris a warrant affidavit from the investigation into him, along with Schulte’s own narrative purportedly debunking the allegations made in the warrant. The jury found that Schulte’s description of two hundred people who might have access to the DevLAN backups and the network setup that would allow them that access was National Defense Information. Effectively, prosecutors argued and the jury agreed, Schulte was revealing CIA’s organizational structure and numbers of classified employees to a journalist. It’s a picayune Espionage count that because it likely won’t be treated as the same leak as the charge for sending CIA’s hacking tools, could add years to Schulte’s sentence.

Schulte sent the warrant affidavits along with a dangle, a promise to tell Harris some dirt about Russian oligarchs’ ties to Marc Kasowitz and Rudy Giuliani.

We have decided to share with you an initial exposé (depending on how the first one goes with you we will share up to nine more) involving Russian oligarchs, business ties and wire transfers involving hundreds of millions of dollars to Donald Trump’s closest advisers and law firms, including Giuliani and Mark Kasowitz firms. Trump’s self-reported best friend plays a starting role.

In cross-examination of FBI Agent Evan Schlessinger, Schulte suggested, credibly, that this dangle came from his cellmate, Omar Amanat.

Q. Well, you remember the ProtonMail email that referenced Marc Kasowitz, right?

A. Yes.

Q. OK. And there’s no relation between me and Marc Kasowitz, right?

A. No. You’re — not that I’m aware of.

Q. OK. Let’s talk about the cell search at the MCC. Now, in the cell search at the MCC, did you know what cell I was in?

A. Yes.

Q. And just real quick, you did know that there was a relationship between Mr. Amanat and Marc Kasowitz, right?

A. I know it was a — it’s connected to Mr. Amanat. I don’t know exactly how.

Q. OK.

A. Or how it relates to Mr. Amanat.

Of course, Schulte wasn’t charged for leaking information about Trump’s once and future lawyers. He was charged for sharing information about the CIA that — even if Amanat were the one who sent the email to Harris — would still mean Schulte shared it with Amanat, someone else who wasn’t cleared to receive it.

Plus, the record now shows that Schulte had been working with Omar Amanat and his brother, Irfan, to get these documents out.

An FBI interview of Schulte’s cousin, Shane Presnall, conducted just days before his first trial on January 13, 2020 but only released in April, explains that the Amanats were participating in the effort to publicize Schulte’s case starting as soon as Schulte and Amanat ended up in a cell together in December 2017. In fact, Presnall handed off Schulte’s warrants (it’s not clear whether this includes Schulte’s response, which is where the classified information was) to Amanat’s brother, Irfan, by leaving them in the fridge at the apartment he had shared with Schulte. (At the time, Irfan had been charged in the same fraud as Omar, but he was still out on pretrial release; since these events in 2018, both Omar and Irfan have been sentenced, served their time, and released.)

JS’s idea to get to press was to get court documents to get more attention to his case. JS told SP he was trying to create public outrage. When arrested in December 2017, another inmate in MCC, named Omar Amanat, told JS that Omar had media comments [sic] and that JS should send documents out and Omar will get them out. SP expressed skepticism about having a stranger do this. Then Omar’s cousin (Iffy) reaches out to SP via WhatsApp and says they have media contacts and can get documents out. When moving everything out of the apartment, SP put the documents in the bottom of the fridge in his apartment and informed Iffy where the where the documents would be. Iffy came and got the documents at JS’s apartment. Iffy confirmed to SP that Iffy got the documents. Iffy had the key because SP handed it to him.

Presnall was also communicating with reporters via Signal and a ProtonMail account, JohnGalt. But after he handed off the documents, he never heard from Irfan again.

But Schulte and the Amanats continued to work closely to get the documents out.

Just days before the ProtonMail dangle with the warrants was sent to Harris on September 24, the Samsung phone primarily used by Schulte texted Irfan on Signal. [This is a version of the Signal report, GX 822-1 as submitted in the first trial, but in which I replaced phone numbers with names and eliminated extraneous data; the righthand-most column shows who sent a particular text, the second-from-right is who received it.]

Schulte claimed to be Omar. He said that J — Schulte — needed “screen shots of Romania hack and Moscow.”

Irfan was understandably confused because, at the same time as someone claiming to be his brother was texting from the Samsung, someone else was calling him on what must be the iPhone that Omar primarily used.

Nevertheless, Irfan sent the files and only then did Schulte tell Omar’s brother he had pretended to be Omar to get Irfan to send files he had been trying to get from his cellmate.

Irfan and Schulte had a good laugh together about “master airhead” Omar, and then they got back to work on the documents they were working on.

Over the next two days Irfan and Schulte chatted away as they worked on various files, at several points, switching to group chat. At one point, Omar asked who “anonymous badger” is. “My bro?”

Here’s a picture of Omar’s side of that conversation, working on the Google doc via his iPhone while Schulte and Irfan worked from other locations, from one of the 2018 warrant affidavits tied to this part of the investigation.

On September 26, Schulte texted Irfan to say that Omar broke a screen (perhaps an exacerbation of the crack seen above) but that everything was still a go.

That’s the day when jailhouse informant Carlos Betances narced them out to the guard before they could do … something … in the law library.

Q. Mr. Betances, did there come a time when you learned of an effort to take the Samsung somewhere else in the jail?

A. Yes.

Q. And what did you learn about that?

A. That they were going to pay this friend of mine, Flaco, 200 bucks to take it down to the library that day.

Q. And who wanted to pay to bring the phone to the library?

MR. SCHULTE: Objection. Hearsay.

THE COURT: How did you learn about that information?

THE WITNESS: Because Flaco told me.

[snip]

BY MR. LOCKARD: Q. Mr. Betances, did you observe anything about Mr. Schulte’s or Omar’s behavior around that time?

A. Yes. They were very wary. They wanted to go down to the library then, and — so once I realized that they wanted to go down there, I threw this little piece of paper at the guard who was right there, and letting him know that something was going to happen in the library, that he could — he should —

THE INTERPRETER: Interpreter correction. A. — that he should conduct a search or everybody should go down and figure out what was about to happen. So that is what happened. When Josh and Omar came up, they said something had happened, that there was a search, there had been a search in the library, but they never found out that I was the one who had prevented that from happening.

Q. And did you hear Mr. Schulte or Omar discuss why they wanted the phone in the library?

MR. SCHULTE: Objection.

THE COURT: Overruled.

A. They wanted to send something very important. I don’t know what it was, but it was important. They had spent a week, a long time with the phones. They would give me the phone back very late at night with a very low charge.

Over the course of the next few days, as one after another of the detainees in on the contraband phone gig got caught and put into the SHU, it seemed that Omar came to rely on the Samsung (the first of the contraband phones was seized on September 26) to send Irfan gloomy texts. What appears to be Omar asks Irfan to call Carlos’ son to let the son know they’d put $500 in his father’s commissary fund, something that Betances testified to at the second trial, claiming he newly remembered just last month being offered a $5,000 bribe through the air conditioning pipes to stay quiet.

So as the brothers allegedly discussed arranging paying off the guy who narced them out, they also discussed what Harris has received. “How much to carlo,” Irfan asked about the payment. “Washpo has em,” Omar discussed the documents.

The very last Signal text sent on the phone, on a day when Schulte was definitely in SHU but Omar was not yet, was a text from Omar to Harris, asking if they could shift to a different ProtonMail address, [email protected]

It’s a point Schulte made at trial: When that last text was sent, he was in SHU. He couldn’t have sent it.

According to Agent Schlessinger, there was no activity on the ProtonMail account Schulte had described in his notebook setting up on August 21, Annon1204, after Schulte was put in SHU. While Schulte pointed to a follow-up, on Annon1204, on September 26 that he suggested must have come from Omar, the switch to a different ProtonMail account after Schulte was moved overnight on October 1 is consistent with Omar not having the password for Annon1204, and so moving the ongoing conversation with Harris to another ProtonMail account, psalms100.

The entire (resumed) conversation with Shane Harris started with Schulte pretending to be Anonymous, partly in an effort to get Harris to send documents that Schulte’s family had already been warned, by the FBI, not to release publicly. Along the way, Schulte pretended to be Omar and then Omar pretended to be Schulte pretending to be Anonymous.

It was a grand scheme across contraband cell phones and Google docs to send out a bunch of documents. One of which, the jury has now issued their verdict, constituted a very costly crime.

How Josh Schulte Got Judge Jesse Furman to Open a File in Internet Explorer

Something puzzles me about both Josh Schulte trials (as noted yesterday, the jury found Schulte guilty of al charges against him yesterday).

In both, the government introduced a passage from his prison notebooks advocating the use of the tools he has now been found guilty of sharing with WikiLeaks in an attack similar to NotPetya. [This is the version of this exhibit from his first trial.]

Vault 7 contains numerous zero days and malware that could be [easily] deployed repurposed and released onto the world in a devastating fashion that would make NotPetya look like Child’s play.

Neither time, however, did prosecutors explain the implications of this passage, which proved both knowledge of the non-public files released to WikiLeaks and a desire that they would be used, possibly by Russia, as a weapon.

Here’s how AUSA Sidhardha Kamaraju walked FBI Agent Evan Schlessinger through explaining it on February 26, 2020, in the first trial.

Q. Let’s look at the last paragraph there.

A. “Vault 7 contains numerous zero days and malware that could easily be deployed, repurposed, and released on to the world in a devastating fashion that would make NotPetya look like child’s play.”

Q. Do you know what NotPetya is?

A. Yes, generally.

Q. What is it?

A. It is a version of Russian malware.

Here’s how AUSA David Denton walked Agent Shlessinger through that same exact script this June 30 in the second trial.

Q. And the next paragraph, please.

A. “Vault 7 contains numerous zero days and malware that could easily be deployed,” struck through “repurposed and released onto the world in a devastating fashion that would make NotPetya look like child’s play.”

Q. Sir, do you know what NotPetya is?

A. Yes, generally.

Q. Generally, what is a reference to?

A. Russian malware.

The placid treatment of that passage was all the more striking in this second trial because it came shortly after Schulte had gone on, at length, mocking the claim from jail informant Carlos Betances that Schulte had expressed some desire for Russia’s help to do what he wanted to do, which in context (though Betances wouldn’t know it) would be to launch an information war.

Q. OK. Next, you testified on direct that I told you the Russians would have to help me for the work I was doing, right?

A. Yes, correct.

Q. OK. So the Russians were going to send paratroopers into New York and break me out of MCC?

MR. LOCKARD: Objection.

THE COURT: Sustained.

BY MR. SCHULTE: Q. What is your understanding of how the Russians were going to help?

A. No, I don’t know how they were going to help you. You were the one who knew that.

Q. What work was I doing for Russia?

A. I don’t know what kind of work you were doing for Russia, but I know you were spending long periods of time in your cell with the phones.

Q. OK.

A. With a sheet covering you.

Q. OK. But only Omar ever spoke about Russia, correct?

A. No. You spoke about Russia.

Q. Your testimony is you never learned anything about Omar and Russian oligarchs?

A. No.

Denton could easily have had Schlessinger point out that wanting to get a CIA tool repurposed in Russian malware just like the Russians had integrated stolen NSA tools to use in a malware attack of unprecedented scope would be pretty compelling malicious cooperation with Russia. It would have made Schulte’s mockery with Betances very costly. But Denton did not do that.

In fact, the government entirely left this theory of information war out of Schulte’s trial. In his closing argument for the second trial, for example, Michael Lockard explicitly said that Schulte’s weapon was to leak classified information, not to launch cyberattacks.

Mr. Schulte goes on to make it even more clear. He says essentially it is the same as taking a soldier in the military, handing him a rifle, and then begin beating him senseless to test his loyalty and see if you end up getting shot in the foot or not. It just isn’t smart.

Now, Mr. Schulte is not a soldier in the military, he is a former CIA officer and he doesn’t have a rifle. He has classified information. That is his bullet.

To be sure, that’s dictated by the charges against Schulte. Lockard was trying to prove that Schulte developed malicious plans to leak classified information, not that he developed malicious plans to unleash a global cyberattack that would shut down ports in the United States. But that’s part of my point: The NotPetya reference was superfluous to the charges against Schulte except to prove maliciousness they didn’t use it for.

I may return to this puzzle in a future post. For now, though, I want to use it as background to explain how, that very same day that prosecutors raised Schulte’s alleged plan to get CIA hacking tools used to launch a global malware attack, Schulte got Judge Jesse Furman to open a document in Internet Explorer.

One of the challenges presented when a computer hacker like Schulte represents himself (pro se) is how to equip him to prepare a defense without providing the tools he can use to launch an information war. It’s a real challenge, but also one that Schulte exploited.

In one such instance, in February, Schulte argued the two MDC law library desktops available to him did not allow him to prepare his defense, and so he needed a DVD drive to transfer files including “other binary files,” the kind of thing that might include malware.

Neither of these two computers suffices for writing and printing motions, letters, and other documents. The government proposes no solution — they essentially assert I have no right to access and use a computer to defend myself in this justice system.

I require an electronic transfer system; printing alone will not suffice, because I cannot print video demonstratives I’ve created for use at trial; I cannot print forensics, forensic artifacts, and other binary files that would ultimately be tens of thousands of useless printed pages. I need a way to transfer my notes, documents, motion drafts, demonstrative videos, technical research, analysis, and countless other documents to my standby counsel, forensic expert, and for filing in this court.

The government had told Schulte on January 21 that he could not have a replacement DVD drive that his standby counsel had provided in January because it had write-capabilities; as they noted in March, not having such a drive was not preventing him from filing a blizzard of court filings. Ultimately, in March, the government got Schulte to let them access the laptop to add a printer driver to his discovery laptop. Schulte renewed his request for a write-capable DVD, though, in April.

Schulte continued to complain about his access to the law library for months, sometimes with merit, and other times (such as when he objected to the meal times associated with his choice to fast during Ramadan) not.

The continued issues, though, and Schulte’s claims of retaliation by prison staffers, are why I was so surprised that when, on June 1, Sabrina Shroff reported that a guard had broken Schulte’s discovery laptop by dropping it just weeks before trial, she didn’t ask for any intervention from Judge Furman. Note, she attributes her understanding of what happened to the laptop to Schulte’s parents (who could only have learned that from Schulte) and the prison attorney (who may have learned of it via Schulte as well). In response, as Shroff had tried to do with the write-capable DVD, she was just going to get him a new laptop.

We write to inform the Court that a guard at the MDC accidently dropped Mr. Schulte’s laptop today, breaking it. Because the computer no longer functions, Mr. Schulte is unable to access or print anything from the laptop, including the legal papers due this week. The defense team was first notified of the incident by Mr. Schulte’s parents early this afternoon. It was later confirmed in an email from BOP staff Attorney Irene Chan, who stated in pertinent part: “I just called the housing unit and can confirm that his laptop is broken. It was an unfortunate incident where it was accidentally dropped.”

Given the June 13, 2022 trial date, we have ordered him a new computer, and the BOP, government, and defense team are working to resolve this matter as quickly as possible. We do not seek any relief from the Court at this time.

Only, as I previously noted, that’s not what happened to the laptop, at all. When DOJ’s tech people examined the laptop, it just needed to be charged. As they were assessing it, though,  they discovered he had a 15GB encrypted partition on the laptop and had been trying to use wireless capabilities.

First, with respect to the defendant’s discovery laptop, which he reported to be inoperable as of June 1, 2022 (D.E. 838), the laptop was operational and returned to Mr. Schulte by the end of the day on June 3, 2022. Mr. Schulte brought the laptop to the courthouse on the morning of June 3 and it was provided to the U.S. Attorney’s Office information technology staff in the early afternoon. It appears that the laptop’s charger was not working and, after being charged with one of the Office’s power cords, the laptop could be turned on and booted. IT staff discovered, however, that the user login for the laptop BIOS1 had been changed. IT staff was able to log in to the laptop using an administrator BIOS account and a Windows login password provided by the defendant. IT staff also discovery an encrypted 15-gigabyte partition on the defendant’s hard drive. The laptop was returned to Mr. Schulte, who confirmed that he was able to log in to the laptop and access his files, along with a replacement power cord. Mr. Schulte was admonished about electronic security requirements, that he is not permitted to enable or use any wireless capabilities on the laptop, and that attempting to do so may result in the laptop being confiscated and other consequences. Mr. Schulte returned to the MDC with the laptop.

1 The BIOS is firmware used to provide runtime services for operating systems and programs and to perform hardware initialization during the booting process. The BIOS settings can determine, for example, whether external ports and wireless capabilities are enabled or disabled.

This had all the markings of a hacker — someone who had once envisioned launching a cyberattack as part of his information war from jail — trying to prepare just such an attack.

Weeks later, during the trial, the government intimated that they might punish Schulte for that stunt, but were just trying to get through trial.

We have not taken any action in response to that, because we’re in the middle of trial and we’re loath to do things that would disrupt the trial at this point.

Along the way, though, Schulte’s laptop access continued to grow — for perfectly justifiable reasons tied to the trial, but which appears to have resulted in the discovery laptop (the one with the encrypted partition that he had apparently tried to access WiFi on) being in the same place as a second exhibit laptop, perhaps the very laptop originally intended to replace the one that wasn’t really broken at all. On June 13, Judge Furman ordered the Marshals to let Schulte keep his laptop at breaks. On June 15, Schulte got Furman to order the Marshals to let him use his second laptop, “just like the discovery laptop.”

MR. SCHULTE: OK. So the first thing is I think the marshals just need permission or authorization from you for me to be able to use the second laptop for my exhibits.

THE COURT: Use in the courtroom?

MR. SCHULTE: Yeah, be able to access and use it likeI use the other. I think there was court order for me to be able to use this laptop so they need authorization from you for me to use the second laptop.

THE COURT: And the second laptop is something that standby counsel procured? What is it?

MR. SCHULTE: Yes.

THE COURT: Any objection, Mr. Denton? Any concerns?

MR. DENTON: I think as long as it is something that’s used just here in the courtroom, that’s fine, your Honor. I think to the extent that it was going with the defendant anywhere else other than the courtroom, we would want to make sure that we applied the same security procedures that were applied to his original laptop.

THE COURT: Is it just to be used in this courtroom?

MR. SCHULTE: Yes. That’s correct. It is being locked, I think, in the FBI marshal’s room by the SCIF.

On June 17, Schulte asked Furman to issue a specific order to MDC to ensure he’d be able to “go to the law library and access the laptop.” Again, these are generally understandable accommodations for a defendant going pro se. But they may have placed his discovery laptop (normally used in MDC in Brooklyn) in close proximity to his exhibit laptop used outside of a SCIF in Manhattan.

With that in the background, on June 24, prosecutors described that just days earlier, Schulte had provided them code he wanted to introduce as an exhibit at trial. There were evidentiary problems — this was a defendant representing himself trying to introduce his own writing without taking the stand — but the real issue was his admission he was writing (very rudimentary) code on his laptop. As part of that explanation, the government also claimed that MDC had found Schulte tampering with the law library computer.

The third, however, and most sort of problematic category are the items that were marked as defense exhibits 1210 and 1211, which is code and then a compiled executable program of that code that appear to have been written by the defendant. That raises an evidentiary concern in the sense that those are essentially his own statements, which he’s not entitled to offer but, separately, to us, raises a substantial security concern of how the defendant was able to, first, write but, more significantly, compile code into an executable program on his laptop.

You know, your Honor, we have accepted a continuing expansion of the defendant’s use of a laptop that was originally provided for the purpose of reviewing discovery, but to us, this is really a bridge too far in terms of security concerns, particularly in light of the issues uncovered during the last issue with his laptop and the concerns that the MDC has raised to us about tampering with the law library computer. We have not taken any action in response to that, because we’re in the middle of trial and we’re loath to do things that would disrupt the trial at this point. The fact that defendant is compiling executable code on his laptop raises a substantial concern for us separate from the evidentiary objections we have to its introduction.

THE COURT: OK. Maybe this is better addressed to Mr. Schulte, but I don’t even understand what the third category would be offered for, how it would be offered, what it would be offered for.

MR. DENTON: As best we can tell, it is a program to change the time stamps on a file, which I suppose would be introduced to show that such a thing is possible. I don’t know. We were only provided with it on Tuesday. Again, we think there are obvious issues with its admissibility separate and apart from its relevance, but like I said, for us, it also raises the security concern that we wanted to bring to the Court’s attention.

[snip]

MR. SCHULTE: But for the code, the government produced lots of source code in discovery, and this specific file is, like, ten, ten lines of source code as well as —

THE COURT: Where does it come from? Did you write it?

MR. SCHULTE: Yes, I wrote it. That’s correct.

Schulte didn’t end up introducing the script he wrote. Instead, he asked forensics expert Patrick Leedom if he knew that Schulte had used the “touch” command in malware to alter file times.

Q. Do you know about the Linux touch command?

A. Yes.

Q. This command can be used to change file times, right?

A. Yes, it can.

Q. That includes access times, right?

A. Yes.

Q. And from reviewing my workstation, you know that I developed Linux malware tools for the CIA, right?

A. I know you worked on a few tools. I don’t know if they were Linux-specific or not, but —

Q. And you knew from that that I wrote malware that specifically used the touch command to change file times, right?

In the end, then, it turned out to be just one of many instances during the trial where Schulte raised the various kinds of malware he had written to hide his tracks, infect laptops, and jump air gaps, instances that appeared amidst testimony — from that same jail informant, Carlos Betonces — that Schulte had planned to launch some kind of key event in his information war from the (MCC) law library.

Q. That we — you testified that we were going to do something really big and needed to go to the law library, right?

A. You were paying $200 to my friend named Flaco to go to the library, yes.

Q. I paid someone money?

A. No. They were paying. And Flaco refused to take it downstairs. And the only option left was that they had to go down and take it themselves.

Q. OK. So Omar offered to pay money for Flaco to take some phone down, right?

A. That’s not how Flaco told me. That’s not the way Flaco described it. He said that both of them were offering him money.

Q. All right. But there were cameras in the law library, correct?

THE INTERPRETER: I’m sorry. Can you repeat the question?

Q. There were cameras in the law library, correct?

A. I don’t know.

Q. OK. But your testimony on direct was that me and Omar needed to send some information from the phone, right?

A. Let me explain it to you again. Not information. It’s that you had to do something in the, in the library. That’s what I testified about.

Q. OK. What did I have to do in the law library, according to you?

A. Well, you’re very smart. You must know the question. There was something down there that you wanted to use that you couldn’t use upstairs.

Q. OK. You also testified something about a USB drive, right?

A. Yes.

Q. You testified, I believe, that me and Omar wanted a USB device, right?

A. Yeah. You asked me all the time when the drive was going to arrive. When was it coming? When was it coming?

Q. OK. But there were already USB hard drives given to prisoners in the prison, right?

A. Not to my understanding.

Q. You don’t — you never received or saw anyone using a USB drive with their discovery on it?

A. No, because I — no, I hardly ever went down to the law library.

Q. All right. And then you said, you testified that you slipped a note under the guard’s door?

A. Yes.

Q. And that was about, you said something was going to happen in the law library, right?

THE INTERPRETER: Could you repeat the question, please?

MR. SCHULTE: Yes.

Q. You said that the note said something was going to happen in the law library, right?

A. Yes.

Which finally brings us to the Internet Explorer reference. During his cross-examination of FBI Agent Schlessinger on June 30, Schulte attempted to introduce the return from the warrant FBI served on WordPress after discovering Schulte was using the platform to blog from jail. The government objected, which led to an evidentiary discussion after the jury left for the weekend. The evidentiary discussion pertained to how to introduce the exhibit — which was basically his narrative attacking the criminal justice system — without also disclosing the child porn charges against Schulte referenced within them.

Schulte won that discussion. On the next trial day, July 6, Furman ruled for Schulte, and Schulte said he’d just put a document that redacted the references to his chid porn and sexual assault charges on a CD to share with the government.

MR. SCHULTE: Yes. I just — if I can get the blank CD from them or something I can just give it to them and they can review it.

But back on June 30, during the evidentiary discussion, Judge Furman suggested that the 80- or 90-page document that the government was looking at was something different than the file he was looking at.

That was surprising to Furman.

So was the fact that his version of the document opened in Internet Explorer.

MR. DENTON: Your Honor, on Exhibit 410 we recognize the Court has reserved judgment on that. I want to put sort of a fourth version in the hopper. At least in the version we are looking at, it is a 94-page 35000-word document. To the extent that the only thing the Court deems admissible is sort of the fact that there were postings that did not contain NDI, we would think it might be more appropriate to stipulate to that fact rather than put, essentially, a giant manifesto in evidence not for the truth. So I want to put that option out there given the scope of the document.

[snip]

MR. DENTON: Understood, your Honor. I think at that point, even if we get past the hearsay and the not for the truth problems, then there is a sort of looming 403 problem in the sense that it is a massive document that is essentially an manifesto offered for a comparatively small point. I think at that point it is risk of confusing the jury and potentially inflaming them if people decide to sit down and to read his entire screed, it significantly outweighs the fairly limited value it serves. But, we recognize the Court has reserved on this so I don’t need to belabor the point now.

THE COURT: Unless I am looking at something different, what I opened as Defendant’s Exhibit 410 — it opened for me in Internet Explorer, for some reason and I didn’t even think Internet Explorer existed anymore — and it does not appear to be 84 pages. So, I don’t even know if I am looking at what is being offered or not. But, let me add another option, which is if the government identifies any particular content in here that it thinks should be excluded under 403, then you are certainly welcome to make that proposal as well in the event that I do decide that it should come in in more or less its entirety with the child porn redacted. And if you think that there is something else that should be redacted pursuant to 403, I will consider that. All right?

MR. DENTON: We will make sure we are looking at the same thing and take a look at it over the weekend, your Honor.

To be clear: The reason this opened in IE for Furman is almost certainly that the document was old — it would date to October 2018 — and came in a proprietary form that Furman’s computer didn’t recognize. So for some reason, his computer opened it in IE.

That said, it’s not clear that the discrepancy on the page numbers in the file was ever addressed. Schulte just spoke to one of the prosecutors and they agreed on how it would be introduced.

And if a developer who had worked on malware in 2016 wanted an infection vector, IE might be one he’d pick. That’s because Microsoft stopped supporting older versions of IE in 2016, the year Schulte left the CIA. And WordPress itself was a ripe target for hacking in 2018. Schulte himself might relish using a Microsoft vector because the expert in the trial, Leedom, has moved onto Microsoft since working as a consultant to the FBI.

I have no idea how alarmed to be about all this. The opinions from experts I’ve asked have ranged from “dated file” to “he’d have to be lucky” to “unlikely but potentially terrifying” to “no no no no!” And Schulte is the kind of guy who lets grudges fester so badly that avenging the grudge becomes more important than all else.

So I wanted to put this out there so smarter people can access the documents directly — and perhaps so technical staff from the courthouse can try to figure out why that document opened in Internet Explorer.

Note: As it did with the first trial, Calyx Institute made the transcripts available. This time, however, they were funded by Germany’s Wau Holland Foundation. WHF board member Andy Müller-Maguhn has been named in WikiLeaks operations and was in the US during some of the rough period when Schulte is alleged to have leaked these documents. 

Joshua Schulte Found Guilty on All Counts

The jury has returned guilty verdicts in all nine charges against Joshua Schulte. While I expected guilty verdicts on the revamped CFAA charges, I wasn’t sure about the far more circumstantial Espionage charges. DOJ must be breathing a sigh of relief.

I have no doubt Schulte will appeal. He has been setting up appeals on a Sixth Amendment SAMS challenge and on a Van Buren challenge to the CFAA charges; plus I imagine he’ll challenge some of the instructions and other decisions Judge Jesse Furman made (though I thought Furman was more favorable to Schulte than Paul Crotty before him).

I’m as interested in what happens with WikiLeaks after this.

WikiLeaks has been spamming references to the misleading Yahoo story about the response to WikiLeaks’ publication (and, more importantly, non-publication) of the stolen CIA files. And I know Assange’s US defense attorney has been getting transcripts from the case.

The WikiLeaks team surely recognizes what I have for years: The existing charges against Assange are all teed up to expand the CFAA count to incorporate the Vault 7 release and Vault 8 non-release (and, possibly, WikiLeaks’ role in the 2016 Russian effort). And Schulte was given discovery on an ongoing investigation into what is almost certainly WikiLeaks.

So while this closes the known part of the case against Schulte, it likely represents further headaches for Assange.

Update: SDNY’s statement calls this, straight up, Espionage.

Today, Schulte has been convicted for one of the most brazen and damaging acts of espionage in American history.

The Josh Schulte Trial Moves to Deliberations

Yesterday, the two sides in the Josh Schulte case presented their closing arguments.

It is always difficult to read how a jury will view a case, and in this case (in part for reasons I’ll lay out below) that’s all the more true. I could imagine any of a range of outcomes: full acquittal, acquittal on some charges, guilty on most but not all charges, or another hung jury (though I think it likely he’ll win acquittal on at least one or two charges).

This is what the jury will be deliberating about. The short version: Judge Furman seems very skeptical of the obstruction charge against Schulte, quite persuaded by the government’s CFAA charges, but very impressed by Schulte’s closing argument.

The charges

After his first mistrial, DOJ obtained a superseding indictment designed to break his alleged crimes into explicitly identifiable crimes, presumably to prevent the jury from getting confused about what specific actions allegedly constitute a crime, as the first jury appears to have done.

The indictment is generally broken into Espionage tied to files taken directly from the CIA’s servers (Counts One and Two), Espionage tied to stuff Schulte allegedly tried to send out from jail (Counts Three and Four), CFAA for hacking the CIA servers (Counts Five through Eight), and obstruction (Count Nine). I’ve put the legal code below, but here’s how Judge Furman described the charges in his draft jury instructions.

Specifically, Count One charges the defendant with illegal gathering of national defense  information or “NDI.” Specifically, it charges that, on or about April 20, 2016, the defendant, without authorization, copied backup files of certain electronic databases (what I will refer to as the “Backup Files”) housed on a classified computer system maintained by the CIA (namely “DEVLAN”).

Count Two charges the defendant with illegal transmission of unlawfully possessed documents, writings, or notes containing NDI. Specifically, it charges that, between April and May 2016, the defendant, without authorization, retained copies of the Backup Files and communicated them to a third party not authorized to receive them, the organization WikiLeaks.

Count Five charges the defendant with unauthorized access to a computer to obtain classified  information. Specifically, it charges that, between April 18 and April 20, 2016, the defendant accessed a 16 computer without authorization and exceeded his authorized access to obtain the Backup Files and subsequently transmitted them to WikiLeaks without authorization.

Count Six charges the defendant with unauthorized access to a computer to obtain information form a department or agency of the United States. Specifically, it charges that, on or about April 20, 2016, the defendant, accessed a computer without authorization or in excess of his authorized access, and copied the Backup Files.

Count Seven charges the defendant with causing transmission of a harmful computer command. Specifically, it charges that, on or about April 20, 2016, the defendant transmitted commands on DEVLAN to manipulate the state of the Confluence virtual server on DEVLAN.

Count Eight charges the defendant with causing transmission of a harmful computer command. Specifically, it charges that, on or about April 20, 2016, the defendant transmitted commands on DEVLAN to delete log files of activity on DEVLAN.

Counts Three and Four charge the defendant with crimes relating to the unlawful disclosure or attempted disclosure of NDI while he was in the Metropolitan Correctional Center (“MCC”), the federal jail.

Count Three charges that, in or about September 2018, the defendant had unauthorized possession of documents, writings, or notes containing NDI related to the internal computer networks of the CIA, and willfully transmitted them to a third party not authorized to receive them.

Count Four charges that, between July and September 2018, the defendant had unauthorized possession of documents, writings, and notes containing NDI related to tradecraft techniques, operations, and intelligence gathering tools used by the CIA, and attempted to transmit them to a third party or parties not authorized to receive them.

Finally, Count Nine charges the defendant with obstruction of justice. Specifically, it charges that between March and June 2017, the defendant made certain false statements to agents of the FBI during their investigation of the WikiLeaks leak.

Here’s that language with the legal statutes included:

Count One, 18 USC 793(d) and 2 (WikiLeaks Espionage), Illegal gathering of National Defense Information: For copying the DevLAN backup files on or about April 20, 2016.

Count Two, 18 USC 793(e) and 2 (WikiLeaks Espionage), Illegal transmission of unlawfully possessed NDI: For transmitting the backup files to WikiLeaks in or about April and May 2016.

Count Three, 18 USC 793(e) and 2 (MCC Espionage), Illegal transmission of unlawfully possessed NDI: For sending this information about DevLAN to Shane Harris in or about September 2018.

In reality, two groups — EDG and COG and at least 400 people had access. They don’t include COG who was connected to our DEVLAN through HICOC, an intermediary network that connected both COG and EDG. . . . There is absolutely NO reason they shouldn’t have known this connection exists. Step one is narrowing down the possible suspects and to completely disregard an ENTIRE GROUP and HALF the suspects is reckless. All they needed to do was talk to ONE person on Infrastructure branch or through ANY technical description / diagram of the network.”

Count Four, 18 USC 793(e) and 2 (MCC Espionage), Attempted illegal transmission of unlawfully possessed NDI: For staging a tweet and preparing to send out information about CIA’s hacking tools from at least July 2018 through October 2018. (Here’s the version of Exhibit 809 used at the first trial.)

Government Exhibit 801, page 3: “Which brings me to my next point — Do you know what my speciality was at the CIA? Do you know what I did for fun? Data hiding and crypto. I designed and wrote software to conceal data in a custom-designed file system contained with the drive slackspace or hidden partitions. I disguised data. I split data across files and file systems to conceal the crypto—analysis tools could NEVER detect random or pseudo-random data indicative of potential crypto. I designed and wrote my own crypto—how better to foll bafoons [sic] like forensic examiners ad the FBI than to have custom software that doesn’t fit into their 2-week class where they become forensic ‘experts.’”

Government Exhibit 809, page 8: “[tool from vendor report] — Bartender for [redacted] [vendor].”

Government Exhibit 809, page 10: “Additionally, [Tool described in vendor report] is in fact Bartender. A CIA toolset for [operators] to configure for [redacted] deployment.”

Government Exhibit 809, page 11: “[@vendor] discussed [tool] in 2016, which is really the CIA’s Bartender tool suite. Bartender was written to [redacted] deploy against various targets. The source code is available in the Vault 7 release.”

Count Five, 18 USC 1030(a)(1) and 2 (CFAA), Unauthorized access to a computer to obtain classified information: For hacking into the DevLAN backup files.

Count Six, 18 USC 1030(a)(2)(B) and 2 (CFAA), Unauthorized access of a computer to obtain classified information from a department or agency, for hacking into and copying the backup files.

Count Seven, 18 USC 1030(a)(5)(A) and 2 (CFAA), Causing transmission of harmful computer code: For the reversion of Confluence on April 20, 2016.

Count Eight, 18 USC 1030(a)(5)(A) and 2 (CFAA), Causing transmission of harmful computer code: For deleting log files on DevLAN on April 20, 2016.

Count Nine, 18 USC 1503, obstruction: For lying about having taken the backup files, keeping a copy of the letter he sent to the CIA IG, having classified information in his apartment, taking information from the CIA and transferring it to an unclassified network, making DevLAN vulnerable to theft, housing information from the CIA on his home computer, and removing classified information from the CIA.

The law

Based on orders Judge Jesse Furman issued and his response to Schulte’s Rule 29 motions for an acquittal after trial, it seems he views some of the charges to be stronger than others.

Espionage, WikiLeaks charges: Furman didn’t say much about the charges tied to Schulte allegedly obtaining and sharing the Vault 7 and 8 content with WikiLeaks. The transmission charge is the one that is most circumstantial (because the government made no claims about how Schulte got the stolen files out of the CIA and didn’t fully commit to how Schulte sent them to WikiLeaks), and so is one a jury might unsurprisingly find reasonable doubt on.

Espionage, MCC charges: There are two weaknesses to the MCC charges. First, Furman allowed Schulte to argue that because the Bartender information was already made public by WikiLeaks — a topic on which Schulte elicited helpful testimony — it was no longer National Defense Information (there’s more discussion on this issue here). There’s some question whether the Hickock information was NDI as well. But also, in the Bartender case, there’s a question about whether drafting a Tweet in a notebook is a significant enough step to be found guilty.

Obstruction: Furman seems quite skeptical the government has proven their case on obstruction and came close to ruling for Schulte on his Rule 29 motion on it. He ordered the two sides to brief whether the government had provided sufficient evidence of this charge. And in the conference on the instructions, he challenged whether things Schulte said on March 15, 2017 before receiving a grand jury subpoena could be included in an obstruction charge. As Schulte pointed out, too, his false statements from later interviews got less focus in this trial.

CFAA: Furman did rule against Schulte’s Rule 29 motions on the CFAA charges, suggesting he finds the evidence here much stronger. Schulte as much as admitted he had taken the steps DOJ claims he did to revert the confluence files, effectively admitting to one of the charges as written (and that’s what the government focused on in their rebuttal). That said, if he were found guilty on the CFAA charges, Schulte would mount an interesting appeal under SCOTUS’ Van Buren ruling, issued since his last trial, which held that you can’t be guilty of CFAA if you had authorized access. Schulte laid the groundwork to argue that while he didn’t have access to Atlassian, the CIA had not revoked his access as an Administrator to ESXi, which is what he used to be able to do the reversion.

Emotion

In Schulte’s first trial, it seems clear the jury hung based on nullification of one juror, who (according to some jurors) refused to deliberate fairly. DOJ stupidly presented the case in a way that emphasized the human resource dispute, and not the leak. And in a contest of popularity between the CIA and WikiLeaks, the CIA is never going to win 12 votes unanimously, certainly not in SDNY.

I had thought that Schulte would be able to recreate that dynamic with this trial, by once again portraying himself as the unfair victim of CIA bullying. But in at least one case, I think that attempt backfired (by showing Schulte to be precisely the insubordinate prick that the CIA claims him to be).

That said, given Furman’s response, Schulte did brilliantly portray the investigation into him as being biased. So he may win the emotional battle yet again. After he finished, Furman suggested that if Schulte were acquitted, he might have a future as a defense attorney.

THE COURT: You may be seated. All right. Mr. Schulte, that was very impressive, impressively done.

MR. SCHULTE: Thank you.

THE COURT: Depending on what happens here, you may have a future as a defense lawyer. Who knows?

Tactics

In a recent New Yorker profile of Schulte, Sabrina Shroff described how by going pro se, Schulte would be able to push boundaries that she herself could not.

When you consider the powerful forces arrayed against him—and the balance of probabilities that he is guilty—Schulte’s decision to represent himself seems reckless. But, for the C.I.A. and the Justice Department, he remains a formidable adversary, because he is bent on destroying them, he has little to lose, and his head is full of classified information. “Lawyers are bound,” Shroff told me. “There are certain things we can’t argue, certain arguments we can’t make. But if you’re pro se ”—representing yourself—“you can make all the motions you want. You can really try your case.”

Schulte did this repeatedly. He did so with classified information, as when he tried to get “Jeremy Weber” to admit to a report by a still-classified group that Weber was not aware of and which the government insists, to this day, does not exist undermined the attribution of the case (this is based off an out of context text that Weber was not privy to).

Q. Were there many forensic reports filed by AFD about the leak?

A. Not that I’m aware of.

Q. OK. But at some point you learned that AFD determined the backups from the Altabackups must have been stolen, correct?

MR. LOCKARD: Objection.

THE COURT: Sustained. (Defendant conferred with standby counsel)

BY MR. SCHULTE: Q. You reviewed the AFD reports, correct?

MR. LOCKARD: Objection.

THE COURT: Sustained. Let’s move on, Mr. Schulte. (Defendant conferred with standby counsel)

THE COURT: And please keep your voice down when conferring with standby counsel.

… with investigative details (both into his own and a presumed ongoing investigation into WikiLeaks) he has become privy to, such as when he suggested that a SysAdmin named Dave had lost a Stash backup.

Q. Speaking with the admins, you’re talking Dave, Dave C., right; he was one of those?

A. Yeah, Dave.

Q. And he was an employee who put the Stash on a hard drive, correct?

A. I know I’ve heard some of that. I don’t know exactly the situation around that, but —

Q. But that, basically this hard drive with Stash was lost, correct?

MR. DENTON: Objection.

THE COURT: Sustained.

… with testimony presented as questions, as here when Schulte tried to get Special Agent Evanchec to testify that his retention of an OIG email was an honest mistake.

Q. So in your career, classifying documents, sometimes people make honest mistakes when they classify documents, correct?

MR. LOCKARD: Objection.

A. I think that’s —

THE COURT: Sustained.

BY MR. SCHULTE: Q. Have you ever made a mistake classifying a document, sir?

MR. LOCKARD: Objection.

THE COURT: Sustained.

BY MR. SCHULTE: Q. Do you know if someone makes an honest mistake in classifying a document, if they can be charged with a crime?

MR. LOCKARD: Objection.

THE COURT: Sustained.

… and with speculative claims about alternative theories, such as here when he mocked jail informant Carlos Betances’ claim that Schulte said he needed Russian help for what he wanted to accomplish.

Q. OK. Next, you testified on direct that I told you the Russians would have to help me for the work I was doing, right?

A. Yes, correct.

Q. OK. So the Russians were going to send paratroopers into New York and break me out of MCC?

MR. LOCKARD: Objection.

THE COURT: Sustained.

Over and over, prosecutors objected when Schulte made such claims, and most often their objections were sustained. But I think it highly unlikely jurors will be able to entirely unhear many of the speculative claims Schulte made, and so while some of the claims Schulte presented in such fashion were outright false, the jury is unlikely to be able to fully ignore that information.

The unsaid

There are three things that didn’t happen at the trial that I’m quite fascinated by.

First, after delaying the trial for at least four months so as to be able to use Steve Bellovin as his expert, Schulte didn’t even submit an expert report for him. There are many possible explanations for this — that Schulte didn’t like what Bellovin would have said, that Schulte used Bellovin, instead, as a hyper-competent forensic source to check his own theories but never intended to call him, or finally, that Schulte correctly judged he could serve as his own expert in questioning witnesses. That said, the fact that he didn’t use Bellovin makes the delay far more curious.

There are numerous instances — one example is a gotcha that Schulte staged about a purported error (but not a far more significant real error) one of the FBI agents in the case made about Schulte’s Google searches — that were actually quite incriminating. The government, unsurprisingly, didn’t distract from their main case to lay this out though. But I hope to return to some of these details because, while they are irrelevant to the verdict against Schulte (and I want to make clear are distinct from the jury’s ultimate decision about his innocence), they do provide interesting details about Schulte’s actions.

Finally, the government fought hard for the right to be able to present a Schulte narrative about what happened that he shared with his cousin, Shane Presnall, but didn’t introduce it at trial. Effectively, in the document Schulte exposed the real identity of one or more of his colleagues to his cousin. I’m not sure whether the government didn’t rely on this because they wanted to avoid the possibility Presnall would testify, they wanted to limit damage already done to the covert status of the CIA employees, or they didn’t want jeopardy to attach to the document (meaning they could use it in further charges in case of an acquittal). But I’d sure like to know why DOJ didn’t rely on it.

Note: As it did with the first trial, Calyx Institute made the transcripts available. This time, however, they were funded by Germany’s Wau Holland Foundation. WHF board member Andy Müller-Maguhn has been named in WikiLeaks operations and was in the US during some of the rough period when Schulte is alleged to have leaked these documents. 

On Josh Schulte’s Continued Attempts to Hack the Judicial System

Last June, I argued that accused Vault 7 leaker Josh Schulte’s decision to represent himself involved a plan to “hack” the judicial system, not with computer code, but by introducing commands into the legal system to make it malfunction.

Joshua Schulte attempted to complete a hack of the court system yesterday.

I don’t mean that Schulte used computer code to bring down the court systems. His laptop doesn’t connect to the Internet, and so he does not have those tools available. Rather, over the 3.5 years he has been in jail, he has tested the system, figured out which messages can be used to distract adversaries, and which messages have an effect that will lead the system to perform in unexpected ways. He identified vulnerabilities and opportunities — SDNY arrogance, the pandemic and related court delays, Louis DeJoy’s postal system, and even the SAMs imposed on him — and attempted to exploit them.

[snip]

It is almost without exception an insanely bad idea for a defendant to represent themselves, and this is probably not that exception. Still, there are advantages that Schulte would get by representing himself. He’s brilliant, and clearly has been studying the law in the 3.5 years he has been in prison (though he has made multiple errors of process and judgment in his own filings). He has repeatedly raised the Sixth Amendment problems with Special Administrative Measures, notably describing how delays in receiving his mail make it impossible for him to respond to legal developments in timely fashion. So I imagine he’d prepare a Sixth Amendment challenge to everything going forward. He’d be able to demand access to the image of the server he is alleged to have hacked himself. By proceeding pro se, Schulte could continue to post inflammatory claims to the docket for sympathetic readers to magnify, as happened with a filing he submitted earlier this year. And after the government has made clear it will reverse its disastrous strategy from the first trial of making the trial all about Schulte’s conflicts with the CIA, by questioning witnesses himself, Schulte would be able to make personality conflicts central again, even against the government’s wishes. Plus, by not replacing Bellovin, Schulte would serve as expert himself. In that role, Schulte would present the false counter story he has been telling since he was jailed, but in a way that the government couldn’t cross-examine him. So it would probably be insanely detrimental, but less so than for most defendants that try it. It certainly would provide a way to mount the defense that Schulte clearly wants to pursue.

I also noted the signs that what Schulte really wanted to do was act as co-counsel with his attorneys, something prohibited by precedent in the 2nd Circuit.

Much of this has held up (though not regarding Steve Bellovin, Schulte’s superb expert; Schulte has effectively just waited for Bellovin to become available again). Schulte has engaged in the legal equivalent of a DDOS attack, with dozens of motions in the last year, many serial repeats of the same arguments rejected already, and seventeen appeals of one sort or another.

It appears that Schulte may still be attempting to have hybrid counsel. In a New Yorker profile that came out this week, his attorney, Sabrina Shroff, described how by going pro se, Schulte will not be bound by the legal ethics she is (particularly if he’s willing to face further charges for whatever he does at trial — his potential sentence is already so long any additional contempt or leaking charges might make little difference).

When you consider the powerful forces arrayed against him—and the balance of probabilities that he is guilty—Schulte’s decision to represent himself seems reckless. But, for the C.I.A. and the Justice Department, he remains a formidable adversary, because he is bent on destroying them, he has little to lose, and his head is full of classified information. “Lawyers are bound,” Shroff told me. “There are certain things we can’t argue, certain arguments we can’t make. But if you’re pro se ”—representing yourself—“you can make all the motions you want. You can really try your case.”

Nevertheless, Schulte recently wrote a letter inquiring about whether Shroff could cross-examine some of the witnesses and issue objections for him.

I fully expect Schulte to make his contentious relationship with his colleagues a central feature of the trial (Schulte even attempted, unsuccessfully, to exclude the one CIA witness who remained on good terms with him, which would have made it easy to portray his targeting as a vendetta by colleagues who hate him). I expect Schulte to disclose information about his colleagues — perhaps including that Jeremy Weber, a pseudonym, appears under his real name in the Ashley Madison hack, an allegation Schulte seemed primed to make in 2018. Whatever else Schulte does, he will attempt to raise the costs of this trial on the CIA.

Stipulating stipulations

No doubt he has other stunts planned. Schulte claimed this week that the government is refusing to stipulate to things from official custodians (like Google).

This doesn’t make sense, unless Schulte is trying to undermine the regularity of this evidence with stipulations.

All that said, I think I may have underestimated Schulte when I suggested he only intended to use legal filings as the code with which he would hack the judicial system.

When dropping a laptop alters its BIOS

On June 1, Shroff wrote the court informing Judge Jesse Furman that a guard had accidentally dropped Schulte’s discovery laptop, but asking for no further relief.

We write to inform the Court that a guard at the MDC accidently dropped Mr. Schulte’s laptop today, breaking it. Because the computer no longer functions, Mr. Schulte is unable to access or print anything from the laptop, including the legal papers due this week. The defense team was first notified of the incident by Mr. Schulte’s parents early this afternoon. It was later confirmed in an email from BOP staff Attorney Irene Chan, who stated in pertinent part: “I just called the housing unit and can confirm that his laptop is broken. It was an unfortunate incident where it was accidentally dropped.”

Given the June 13, 2022 trial date, we have ordered him a new computer, and the BOP, government, and defense team are working to resolve this matter as quickly as possible. We do not seek any relief from the Court at this time.

I think Shroff is a formidable defense attorney and she has no patience for the carceral regime that her clients face, particularly someone under strict measures like Schulte. Which is why I find it so odd that she was so blasé about what might be viewed as intentional retaliation against Schulte, just days before trial, especially given Schulte’s recent complaints about his access to the law library. A month earlier, after all, Shroff had described that efforts at détente with the jail had failed.

I’m especially puzzled about Shroff’s response given the discrepancy between her explanation — sourced to Schulte’s parents and the prison attorney, not anyone who could  be held accountable for a false claim — and that of the government.

On June 6, DOJ explained its resolution of the laptop. Their explanation sounds nothing like a dropped laptop, at all. It sounds like an attempted hack.

First, with respect to the defendant’s discovery laptop, which he reported to be inoperable as of June 1, 2022 (D.E. 838), the laptop was operational and returned to Mr. Schulte by the end of the day on June 3, 2022. Mr. Schulte brought the laptop to the courthouse on the morning of June 3 and it was provided to the U.S. Attorney’s Office information technology staff in the early afternoon. It appears that the laptop’s charger was not working and, after being charged with one of the Office’s power cords, the laptop could be turned on and booted. IT staff discovered, however, that the user login for the laptop BIOS1 had been changed. IT staff was able to log in to the laptop using an administrator BIOS account and a Windows login password provided by the defendant. IT staff also discovery [sic] an encrypted 15-gigabyte partition on the defendant’s hard drive. The laptop was returned to Mr. Schulte, who confirmed that he was able to log in to the laptop and access his files, along with a replacement power cord. Mr. Schulte was admonished about electronic security requirements, that he is not permitted to enable or use any wireless capabilities on the laptop, and that attempting to do so may result in the laptop being confiscated and other consequences.

All the more so given one of the new details disclosed in the New Yorker profile: that in his moments of desperation to keep his contraband cell phone charged in jail back in 2018, Schulte figured out how to hot-wire the phone to the light switch.

Schulte figured out a way to hot-wire a light switch in his cell so that it worked as a cell-phone charger. (The person who knew Schulte during this period praised his innovation, saying, “After that, all M.C.C. phones were charged that way.”)

In recent months, Schulte has been making technical requests, such as for his own printer or a write-capable DVD which (he explicitly said) he wanted to use to transfer “other binary files” in addition to trial exhibits, that seemed an attempt to acquire equipment that could be used for other purposes. Here, in the guise of an accident caused by a guard, Schulte got his laptop, with its BIOS alteration, its encrypted compartment, and apparent attempts to use wireless capabilities, into the office of the people prosecuting him, then got it returned with a new power cord.

Among the things Schulte worked on at CIA was a tool to jump an air gap and compressing and exfiltrating data.

The expanding Pompeo subpoena

Then there’s the way information has gotten to Schulte, who is under strict Special Administrative Measures that would normally limit news about his own case from getting shared with him (the following is not a commentary about the humanity  or constitutionality of SAMs, which are arguably not either; it is an observation that they may not be working). In a filing purporting to represent Schulte’s views as to why he needs to call Mike Pompeo as a witness, his stand-by attorneys laid out the following justification:

Secretary Pompeo was Director of the CIA in May 2017 when WikiLeaks began disclosing Vault 7 and Vault 8. As noted in prior briefings to the Court, [1] Mr. Pompeo was immediately debriefed about the WikiLeaks disclosure and specifically informed that Mr. Schulte was an early suspect. He was also told that Mr. Schulte had a disciplinary history. Further, less than a week after the disclosure, Secretary Pompeo approved the substance of the first search warrant application, authorizing the FBI to make various statements therein, at least some of which later proved untrue.

As such, Secretary Pompeo took an active role in the investigation against Mr. Schulte and has non-hearsay information that is relevant to the charges. Mr. Schulte also seek to inquire of Secretary Pompeo whether he directed his staff to consider charges against Mr. Schulte to the exclusion of anyone else or contrary to existing exculpatory evidence

Further, while the government has sought to establish the grave harm caused by the leak, just months after it allegedly occurred, [2] Secretary Pompeo championed WikiLeaks’ publication of the stolen DNS [sic] emails on social media. This disconnect, too, is ripe for examination.

Finally, as recently as September 2021, [3] Secretary Pompeo continued to voice his views on the prosecution of leaks from WikiLeaks, see https://nationalpost.com/news/trump-pompeo-and-cia-agents-discussed-kidnappingassassinating-assange-in-revenge-for-vault-7-leak. Secretary Pompeo’s evolving stance on the prosecution of leaks is relevant to the issues at trial. Accordingly, Mr. Schulte asks this Court to deny the government’s application to preclude Secretary Pompeo’s testimony. [my numbering]

In the past, I have argued that calling Pompeo as a witness is a reasonable request, for what I’ve marked as reason 2, above. As House Intelligence Chair, Mike Pompeo cheered WikiLeaks’ release of emails by Russia from the DNC. He did so in July 2016, months after Schulte is alleged to have transmitted the CIA files in early May 2016. That Pompeo’s support of WikiLeaks, even when he had access to intelligence about them, did not prevent him from being confirmed as CIA Director undercuts claims about Schulte’s perception of the particular damage leaking to WikiLeaks might do.

But the other two reasons are more suspect. Reason one, Pompeo’s approval of early steps in the investigation, is only a measure of what he got briefed, and the briefer would be the more direct witness to the substance of that briefing (and given the seniority of some of the witnesses who testified at his first trial, likely already appeared as witnesses. But Pompeo’s presumed briefing of the case to Donald Trump — before Trump almost blew the case by sharing those details with Tucker Carlson on the very day the FBI first searched Schulte — is another issue. I’m acutely interested in Trump’s treatment of the attack on the CIA by a Russian-associated outlet in 2017, but it really doesn’t indicate anything about Schulte’s guilt or innocence.

The last reason — the claim published by Yahoo but never matched by another outlet that Pompeo responded to the initial Vault 7 release by asking about the possibility of assassinating Julian Assange — is a more dubious argument still. Remember: This is Schulte’s standby counsel writing this filing. They’re not under SAMs, Schulte is, but they’re only his standby counsel, and so should only be posting things he can be privy to. The rationale for calling Pompeo is presented as Pompeo’s comments, from September 2021, responding to the Yahoo story. Except the story linked — to a Canadian story on the Yahoo story published a day before Pompeo’s response — doesn’t reflect those 2021 comments from Pompeo at all. If Pompeo were really asked to testify about this, he would debunk parts of it, as his actual public comments about the story did. If the Yahoo story became an issue at trial, it might come out that the story repeats a claim (though nowhere near the most inflammatory claim of the story) made publicly by a WikiLeaks surrogate in 2020, but never (AFAIK) made publicly elsewhere, and that Michael Isikoff had persistently suppressed details from the Stone prosecution that debunk large parts of the Yahoo story. That is, if the Yahoo story became an issue at Schulte’s — or anyone else’s — trial, it could easily be discredited, like several of the other stories used in WikiLeaks’ campaign against Assange’s extradition. But Schulte, who has purportedly read about this in spite of his SAMs, would like to make it an issue at his trial.

A minute note in the docket may indicate that the two sides settled this issue on Friday. So we’re likely to be deprived of Pompeo’s testimony for a second Schulte trial.

The [redacted] discovery

I find reasons one and three particularly interesting given a series of documents that presumably relate to a broader-than-publicly understood investigation into WikiLeaks. Schulte was provided materials from that investigation in discovery on April 6 or 8. Schulte sent Judge Furman a request on April 29 (perhaps not coincidentally, after a UK judge approved Assange’s extradition, though the actual extradition decision remains pending before Priti Patel) asking to obtain all the discovery from that case, have it excluded from the protective order so he could use it at trial, and asking Furman to give Schulte an investigator so he could learn more about that investigation. In response to an order from Furman, the government responded on May 16. All the materials were docketed on May 25.

The materials are so heavily redacted as to offer little illumination to the subject. They do say, however, that the investigation “is neither known to the public nor to all of the targets of the investigation,” suggesting that at least one of those targeted is aware of it, and that DOJ is working with targets, not subjects. DOJ asserts that Schulte’s claims about the utility of the evidence for his trial conflict. It also describes that Schulte wants to argue — falsely, DOJ asserts — that this evidence proves the Vault 7 materials were obtained by hackers. Given the original discovery letter and subsequent treatment, it is unclear to me whether this information is considered classified, or just confidential. But the government, unsurprisingly, argues that the material shouldn’t be released.

[B]ecause the [redacted] Investigation Materials relate to an ongoing criminal investigation, and their disclosure could cause serious harms to that investigation and other law enforcement interests.

The argument for Pompeo’s testimony, above, came after DOJ responded to Schulte’s request for more information. That is, Schulte’s defense stretched beyond a completely legitimate claim that Pompeo’s actions prove that even the CIA did not consider support for WikiLeaks disqualifying at the moment Schulte allegedly leaked the files, to claims that are little more than repetitions of Trumpist and WikiLeaks propaganda.

Meanwhile, Schulte is asking for a two day adjournment of trial after jury selection starting tomorrow, partly on account of the laptop, partly because the government has shifted the order in which they’ll present witnesses, this time starting with Richard Evanchec, one of the FBI Agents who originally investigated the leak, rather than Schulte’s colleagues at the CIA (among other things, doing so will foreground Schulte’s easily debunked cover story, which he plans to tell himself in court).

Sometime this week, Schulte will have his moment in court, this time running his own defense and exploiting whatever hacks — digital or legal — he has succeeded in launching over the last year or four. As Shroff says, Schulte’s not bound by professional ethics in any way that would limit what arguments he makes. Schulte will undoubtedly attempt to feed the jury the kind of code that the legal system normally doesn’t expect. We will then get to see whether such code causes the system to malfunction.

FBI’s Russian Hack-and-Leak Investigation as Disclosed by the Sussmann Trial

Now that he has been acquitted, it’s easy to conclude the Michael Sussmann prosecution was a pointless right wing conspiracy theory. It was!

But the exhibits that came out at trial are a worthwhile glimpse of both the FBI’s investigation into the 2016 Russian hack of Democrats and the Bureau’s shoddy investigation of the Alfa Bank anomalies.

I’ve started unpacking what a shitshow the FBI investigation into the latter was here and collecting technical exhibits pertaining the investigation here (though that post is currently out of date).

As to the Russian hack-and-leak, Sussmann’s team facilitated the process with a summary exhibit they included showing a selection of FBI communications pertaining to the investigation that either involve or mention Sussmann. Sussmann introduced these documents to show how obvious his ties to the Democrats would have been to the FBI, including to some people involved in the Alfa Bank investigation. A few of these communications refute specific claims Durham made, showing that meetings or communications Durham argued must relate to the Alfa Bank effort could be explained, in one case far more easily, as part of the hack-and-leak response. That is, some of these documents show that Durham was taking evidence of victimization by Russia and using it instead to argue that Sussmann was unfairly victimizing Trump.

 

 

Below, I’ve grouped the communications by topic (though a number of these communications span several topics). Note that Latham & Watkins’ paralegal only used the last date on these communications, which I will adopt. But a number reflect a communication chain that extends months and includes dates that are far more important to the Durham prosecution.

Some of these files include topics that have attracted a great deal of often misleading coverage, such as the efforts to get server images from the Democrats. Importantly, by the time the FBI asked for server images, according to these communications, the only place to get them was at CrowdStrike.

I don’t believe DNC/DCCC have the images that CS took. Only CS have those. It’s like paying ATM fees to your bank to get your cash. DNC/DCCC will be charged to get the images back.

After some discussion about who would pay CrowdStrike to create a second image, the firm offered to do it for free.

These communications also give a sense of the extent to which Democrats faced new and perceived threats all through the election. Given the communications below and some details I know of the Democrats’ response to the attacks, I suspect these communications do not include real attempted attacks, either because they were not reported or because the report went to FBI via another channel. While CrowdStrike attempted to ensure Sussmann was always in the loop, for example, that discipline was not maintained. And we know CrowdStrike found the compromise of the Democrats analytics hosted on AWS in September, a compromise that may only show up in these communications mentioned in passing. Some in the FBI seemed entirely unsympathetic to the paranoia that suffering a nation-state attack during an election caused, which couldn’t have helped already sour relations between the FBI and Hillary’s people.

Perhaps the most interesting communications — to me at least — pertain to efforts to authenticate the documents that got publicly posted and to identify any alterations to them. At least as laid out in these communications, the Democrats were way behind the public in identifying key alterations to documents posted by Guccifer 2.0, and it’s unclear whether the FBI was any further ahead. But these discussions show what kind of alterations the Democrats were able to identify (such as font changes) as well as which publicly posted documents the FBI was sharing internally.

FBI public statements

160614 DX102 A discussion of Jim Trainor’s preparation for a meeting with Ellen Nakashima in advance of her June 14, 2016 reporting the hack and CrowdStrike’s attribution. Among other things, they note Nakashima’s confidence that GOP PACs were also targeted.

160725 DX112 This email chain between Sussmann and Trainor captured Sussmann’s frustration that FBI made an announcement of an investigation into the DNC hack without first running the statement by Sussmann.

160729 DX117 Before FBI sent out a statement about the DCCC hack, Jim Trainor sent Sussmann their draft statement. In response, Sussmann complained that FBI said they were aware of media reports but not of the hack itself. The timing of this exchange is important because Durham’s team repeatedly described a meeting between Marc Elias and Sussmann that day pertaining to a server as relating to the Alfa Bank anomaly.

Points of contact

160616 DX105 An email thread sent within FBI OGC (including to Trisha Anderson) discussing an initial meeting between Jim Trainor, Amy Dacey, Sussmann, and Shawn Henry.

160621 DX107 Starting on June 16, Amy Dacey thanked Assistant Director Jim Trainor for meeting with the Democrats about the hack. The thread turned into a confused request from the campaign for a briefing about whether they, too, had been compromised.

160725 DX114 This chain reflects Hawkins’ confused response after Sussmann provided the contact information for a Hillary staffer with a role in technical security. Hawkins stated, “Nothing concerning HFA has come up.”

160809 DX127 After Donna Brazile replaced Debbie Wasserman Schultz, Sussmann set up a meeting between her and Jim Trainor.

160811 DX128 An email chain among cyber FBI personnel discusses three Secret threat briefings for the DNC, DCCC, and Hillary campaign. Sussmann was scheduled to attend all three briefings, and Marc Elias was scheduled to attend the DCCC and Hillary briefings (though he testified that he did not attend).

160811 DX130 Sussmann sent the FBI notice of a public report of the DNC’s establishment of a cybersecurity advisory board. The report was passed on to Jim Trainor.

DHS outreach

160802 DX106 A Lync chain starting in the initial aftermath of the Nakashima story, referencing an Intelligence Committee briefing, and discussing how to facilitate DHS assistance to the Democrats through Sussmann.

160802 DX120 With the goal of reaching out to the Democratic victims to offer assistance, DHS asked who the point of contact for both would be.

160816 DX125 This email chain documents DHS’ “SitRep” of their understanding of the DNC/DCCC hacks and their efforts to reach out to help. This includes sharing of DNC/DCCC “artifacts” with NCCIC.

Authentication and venue

160708 DX109 An email chain seeking DNC help authenticating a document released by Guccifer 2.0.

160723 DX110 A discussion starting on July 21 about authenticating and extending after the initial WikiLeaks dump. Hawkins observed, “Looks like there will be multiple releases on that [the WikiLeaks] front.”

160802 DX118 After Adrian Hawkins asked CrowdStrike’s Christopher Scott a question about a public report that the Democrats’ analytics had been hacked, Scott explained that Sussmann had to be involved in any discussions between the FBI and their cybersecurity contractor. Hawkins also asked for specifics about the compromised servers that the FBI could use to establish venue.

160816 DX134 An email chain mentioning but not including Sussmann describes the efforts to establish venue (especially for Field staff who rely on laptops and travel a lot) as well as the efforts to authenticate documents.

160822 DX136 Two Lync messages describing a script that can be used to match WordPress documents with files stolen from the DNC.

160922 DX145 NSD’s Deputy Chief of  Cyber, Sean Newell, asks Sussmann to meet to discuss some information requests from NDCA. They set up a meeting for September 26.

160930 DX147 Hawkins follows up on Newell’s request for information with a much more detailed request from the San Francisco Division. This request includes details of the forensics NDCA was asking for, generally to include the CrowdStrike reports, network diagrams, logs, and images for the compromised hosts.

161004 DX148 In response to WikiLeaks promises about an upcoming file release, Newell follows up on a September 27 request he made of Sussmann for any files that were altered as well as a list of files that had been released but not circulated outside of the victim organizations first, including some indication whether those had been altered. Sussmann says they would have information available later that week.

161012 DX150 In another chain of responses to Newell’s information request, someone at Perkins Coie passes on a description from the DCCC about how an image posted by Guccifer 2.0 differed from the file structure as it appeared on their server, including as it pertained to a file named, “Pelosi Vote Email.”

161026 DX154 This chain is a follow-up to the Newell request, though it actually includes Guccifer 2.0 documents about Trump’s taxes discussed. It includes description of an altered document published by Guccifer 2.0, in which the font was changed. It also includes a DOJ NSD person asking FBI to print out the document because they don’t have any unattributable computers.

161024 DX165 This is yet another continuation of the Newell request, this one included the Trump Report altered by Guccifer 2.0. It includes some discussion of alterations to that document (as compared to unaltered ones released by WikiLeaks). It also describes documents that a DNC research staffer believes were taken from his local desktop.

CrowdStrike Reports

160815 DX132 Burnham to Farrar explaining there are two CloudStrike reports, one for the DNC and the other for the DCCC. The former is done, while the latter will be done soon.

160825 DX137 Hawkins asks Sussmann about the DNC CrowdStrike report, Sussmann explains it’s still a few days away, but then the next day says he’s reading “it” (which may be the DCCC report). Sussmann’s response gets forwarded to a few more people.

160830 DX 138 A Lync chain conveying that Sussmann had alerted the FBI that the CrowdStrike report was done and asking if WFO should pick it up.

Server images

161013 DX151 In another chain of responses to Sean Newell’s information request, the discussion turns from Sussmann’s effort to make sure the Democrats respond to all the FBI’s data request to how to obtain images (whether to have CrowdStrike spend 10 hours to do it or let FBI onsite to do it themselves). As part of this chain, Sussmann says that “in theory” the Democrats would be amenable to letting the FBI onsite to image the serves themselves, but then checks to see whether the data is at CrowdStrike or the DNC.

161013 DX152 This chain is follow-up to the request for server images. Sussmann connects the FBI and CrowdStrike, CS offers to image the servers for free, and the FBI provides the address where to send them.

161028 DX153 A Lync that starts with Newell requesting someone attend the October 11 meeting with Sussmann, continues through a discussion about how to get images of the compromised servers (including whether Sussmann may have misinterpreted the ask), and includes a discussion about a re-compromise.

Lizard Squad ransomware threat

160803 DX121 Late night on August 2, Sussmann reported a ransomware threat from the Lizard Squad. This email discusses the various equities behind such a threat and involves a guy named Rodney Hays, whom the Durham team would at one point insist must be Rodney Joffe.

160806 DX124 This chain reflects more of the response to Sussmann reporting a ransomware threat from Lizard Squad. As noted, it involves a guy named Rodney Hays that Durham’s team insisted must be Joffe.

160922 DX144 Over a month after the Democrats reported the Lizard Squad threat, Eric Lu wrote up the intake report, including the bitcoin address involved and Sussmann’s email to Rodney on August 9 thanking him for his assistance.

Other threats

160726 DX115 Sussmann set up a meeting with Hawkins and others so someone could report “some offline activity related to the intrusion.” This was around the time when Ali Chalupa believed she was being followed, though nothing in this chain describes the threat.

160908 DX140 On August 26, EA Hawkins wrote Sussmann directly alerting him to a new phishing campaign targeting Democrats. On September 7, he wrote back with three accounts that may have been targeted.

160916 DX141 Moore emailing Josh Hubiak — a cyber agent in Pittsburgh — asking for contact information for Michael Sussmann so she can obtain the contact information for a DNC bigwig whose Microsoft Outlook account was compromised, apparently by APT 28. Hubiak is one of the agents also involved in the Alfa Bank investigation.

160917 DX142 The day after the request for contact information for the DNC bigwig, there’s further discussion about how to contact him. The FBI also shares new files reflecting the network share for a different DNC person, a former IT staffer, that was uploaded to Virus Total.

160927 DX146 In response to public reports that some Democratic phones may have been targeted and a potential compromise of Powell’s phone (probably Colin, whose communications were posted to dcleaks), there’s some chatter about what information is available from Apple and Google. One of the key agents involved complains that, “it would be awesome if Google helped out, as I know they are at least 2 steps ahead of me and I’m in a sad, losing game of catchup.”

161011 DX149 This seems to be a collection of Lync notes from October 11, showing three different issues pertaining to Sussmann happening at once: the transfer of custody of the thumb drives to the Chicago office, a reference to a meeting with Sussmann, and a report of a new Democratic concern about exposed Social Security numbers.

161230 DX155 A Lync chain that goes from October 28 through December 30 covering the concern about a bug at DNC HQ, the response to the NYT article naming Hawkins, and another compromise alert.

161017 DX164 This may be a summary prepared for Mother Jones. Whatever the purpose (there is no date), it describes the timeline of FBI’s response to a request for a sweep of DNC headquarters in response to some anomaly. Sussmann permitted the sweep but asked that it be done covertly, so as not to alert DNC staffers.

Crossfire Hurricane

160804 DX123 On August 4, Joe Pientka forwarded the original June 14 Nakashima story to the agents who had just been assigned to the Crossfire Hurricane team with the explanation, “Just going through old — possibly pertinent emails.”

Technical Exhibits, Michael Sussmann Trial

Thanks to those who’ve donated to help defray the costs of trial transcripts. Your generosity has funded the expected costs of transcripts. But if you appreciate the kind of coverage no one else is offering, we’re still happy to accept donations. This coverage reflects the culmination of eight months work. 

Most of my coverage during the Michael Sussmann trial will be trial related, describing what witnesses and exhibits say about the case.

But there are good reasons to question the conduct of the investigation — and that’s a topic a lot of people have independent interest in. So I wanted to start a running post on technical issues.

If there’s a link that doesn’t work, it probably means I’ve forgot to set permissions to public (some of this needs redaction before posting). Leave a comment or tweet me at @emptywheel.

FBI investigation

160921 Allison Sands’ Lync Notes (thru 161012)

160922: Scott Hellman/Nate Batty assessment

160923: Electronic Communication opening investigation

160923: EC plus all three shared documents

160926: Curtis Heide Lyncs

160926: Heide to Hellman, Hope our assessment is good

160926: Ryan Gaynor notes (includes details on election protection efforts)

161004: Kyle Steere document contents thumb drives

161005: Investigative update from Allison Sands

Includes:

  • FBI conclusion on changing DNS records
  • FBI’s response to David Dagon’s defense
  • Logs from Cendyn, with Listrak still to come
  • Barracuda reference
  • Discussion of Tor node

161007: Sands Draft FD-1023 CHS Report

170118: Sands Closing Memo

170327: 302 interview Alfa Bank

Materials shared with FBI

White paper

DNS logs

62 pages of DNS logs

Trump Who Is

9 IP Addresses

15 Trump mail domains

160919 Expert White Paper

Joffe data requests (postdates original data in white paper)

160820: Antonokakis to DeJong requesting data (including dcleaks)

List of IP addresses

Alfa Bank script

160915: DeJong shares results with Joffe

170718: DeJong to Joffe: I have four jobs that look for Trump

Posts related to technical issues

The Methodology of Andrew DeFilippis’ Elaborate Plot to Break Judge Cooper’s Rules

The Methodology of Andrew DeFilippis’ Elaborate Plot to Break Judge Cooper’s Rules

Thanks to those who’ve donated to help defray the costs of trial transcripts. Your generosity has funded the expected costs. If you appreciate the kind of coverage no one else is offering, we’re still happy to accept donations for this coverage — which reflects the culmination of eight months work. 

When Michael Sussmann attorney Sean Berkowitz was walking FBI Agent Scott Hellman through the six meetings he had with Durham’s team on Tuesday — meetings he first had as a witness about the investigation into the Alfa Bank allegations and later in preparation for his trial testimony — Berkowitz asked Hellman about how, sometime earlier this year, Andrew DeFilippis and Jonathan Algor asked him whether he could serve as their DNS expert for the trial.

Q And then, more recently, you met with Mr. DeFilippis and I think Johnny Algor, who is also at the table here, who’s an Assistant U.S. Attorney. Correct?

A. Yes.

Q. They wanted to talk to you about whether you might be able to act as an expert in this case about DNS data?

A. Correct.

To Hellman’s credit, he told Durham’s prosecutors — who have been investigating matters pertaining to DNS data for two years — that he only had superficial knowledge of DNS and so wasn’t qualified to be their expert.

Q. You said, while you had some superficial knowledge, you didn’t necessarily feel qualified to be an expert in this case, correct, on DNS data?

A. On DNS data, that’s correct.

It wasn’t until the third day of trial before Durham’s team presented any evidence about the alleged crime. Instead, Durham’s first two witnesses were their nominal expert, David Martin, and Hellman, who told Durham he wasn’t an expert but who offered opinions he neither had the expertise to offer nor had done the work to substantiate.

That’s important, because DeFilippis used him to provide an opinion only an expert should give. And virtually everything about his testimony — his claim to have relied on the data in the materials without looking at the thumb drives, an apparently made up claim about the timing of the analysis, and behaviors that the FBI normally finds suspicious — suggest he’s not only not a DNS expert qualified to assess this report, but his assessment of the white paper Sussmann shared also suffers from serious credibility issues.

The battle over an expert

The testimony of the nominal expert, David Martin, was remarkably nondescript, particularly given the fight that led up to his testimony. Durham’s team sprung even having an expert on Sussmann at a really late date: on March 30, after months of blowing off Sussmann’s inquiries if they would. Not only did they want Martin to explain to the jury what DNS and Tor are, Durham’s team explained, but they also wanted him to weigh in on the validity of conclusions drawn by researchers who had found the anomaly.

  • the authenticity vel non of the purported data supporting the allegations provided to the FBI and Agency-2;
  • the possibility that such purported data was fabricated, altered, manipulated, spoofed, or intentionally generated for the purpose of creating the false appearance of communications;
  • whether the DNS data that the defendant provided to the FBI and Agency-2 supports the conclusion that a secret communications channel existed between and/or among the Trump Organization, Alfa Bank, and/or Spectrum Health;

[snip]

  • the validity and plausibility of the other assertions and conclusions set forth in the various white papers that the defendant provided to the FBI and Agency-2;

As Sussmann noted in his motion to limit Martin’s testimony, he didn’t mind the testimony about DNS and Tor. He just didn’t want this trial to be about the accuracy of the data, especially without the lead time to prepare his own expert.

As the Government has already disclosed to the defense, should the defense attempt to elicit testimony surrounding the accuracy and/or reliability of the data that the defendant provided to the FBI and Agency-2, Special Agent Martin would explain the following:

  • That while he cannot determine with certainty whether the data at issue was cherry-picked, manipulated, spoofed or authentic, the data was necessarily incomplete because it was a subset of all global DNS data;
  • That the purported data provided by the defendant nevertheless did not support the conclusions set forth in the primary white paper which the defendant provided to the FBI;
  • That numerous statements in the white paper were inaccurate and/or overstated; and
  • That individuals familiar with these relevant subject areas, such as DNS data and TOR, would know that such statements lacked support and were inaccurate and/or overstated.

Based off repeated assurances from Durham that they weren’t going to make accuracy an issue in their case in chief, Judge Cooper ruled that the government could only get into accuracy questions if Sussmann tried to raise the accuracy of the data himself. But if he said he relied on the assurances of Rodney Joffe, it wouldn’t come in.

The government suggests that Special Agent Martin’s testimony may go further, depending on what theories Sussmann pursues in cross-examination or his defense case. Consistent with its findings above, the Court will allow the government’s expert to testify about the accuracy (or lack thereof) of the specific data provided to the FBI here only in certain limited circumstances. In particular, if Sussmann seeks to establish at trial that the data were accurate, and that there was in fact a communications channel between Alfa Bank and the Trump Campaign, expert testimony explaining why this could not be the case will become relevant. But, as the Court noted above, additional testimony about the accuracy of the data—expert or otherwise—will not be admissible just because Mr. Sussmann presents evidence that he “relied on Tech Executive-1’s conclusions” about the data, or “lacked a motive to conceal information about his clients.” Gov’s Expert Opp’n at 11. As the Court has already explained, complex, technical explanations about the data are only marginally probative of those defense theories. The Court will not risk confusing the jury and wasting time on a largely irrelevant or tangential issue. See United States v. Libby, 467 F. Supp. 2d 1, 15 (D.D.C. 2006) (excluding evidence under Rule 403 where “any possible minimal probative value that would be derived . . . is far outweighed by the waste of time and diversion of the jury’s attention away from the actual issues”).

Then, days before the trial, the issue came up again. Durham sent a letter on May 6 (ten days before jury selection), raising a bunch of new issues they wanted Martin to raise. Sussmann argued that Durham was trying to expand the scope of what his expert could present. Among his complaints, Sussmann argued that Durham was trying to make a materiality argument via his expert witness.

Third, the Special Counsel apparently intends to offer expert testimony about the materiality of the false statement alleged in this case. Indeed, the Special Counsel’s supplemental topic 9 regarding the importance of considering the collection source of DNS data is plainly being offered to prove materiality. But the Special Counsel did not disclose this topic in either his initial expert disclosure or Opposition, and the Court’s ruling did not permit such testimony. The Special Counsel should not now be allowed to offer an entirely new expert opinion under the guise of eliciting testimony regarding the types of conclusions that can be drawn from a review of DNS data.

Judge Cooper considered the issue Tuesday morning, before opening arguments. When asking why Martin had to present the concept of visibility, DeFilippis explained that Hellman–the Agent who’s not an expert on DNS but whom DeFilippis nevertheless had asked to serve as an expert on DNS–would talk about the import of knowing visibility to assess data.

THE COURT: Well, but isn’t the question here whether a case agent — is your case agent later going to testify that that was something that the FBI looked at or wanted to look at in this case and was unable to do so, and that that negatively affected the FBI’s investigation in some way? MR.

DeFILIPPIS: Yes, and I expect Special Agent Hellman, who will testify likely today, Your Honor, I expect that that is a concept that he will say was relevant to the determination that — determinations he was making as he drafted analysis of the data that came in. And, again, I don’t think we — for example, another way in which this comes up is that the FBI routinely receives DNS data from various private companies who collect that data, and it is always relevant sort of the breadth of visibility that those companies have. So it’s relevant generally, but also in this particular case the fact that the FBI did not have insight into the visibility or lack of visibility of that data certainly affected steps that the FBI took.

THE COURT: Okay. But Mr. Sussman has not been accused of misrepresenting who the source is. He’s simply — but rather who the client is. So how do you link that to the materiality of the alleged false statement?

MR. DeFILIPPIS: Because, Your Honor, I think we view them as intertwined. It was because — it was in part because Mr. Sussman said he didn’t have a client that made it more difficult for the FBI to get to the bottom of the source of this data or made it less likely they would, and so — and, again, I don’t think we expect to dwell for a long time on this, but I think the agents and the technical folks will say that that is part of why the origins of the data are extremely relevant when they took investigative steps here.

When Cooper noted Sussmann’s objection to Martin discussing possible spoofing of data, DeFilippis again answered not about what Martin would testify, but what Hellman would.

As DeFilippis explained, he claimed to believe that under Cooper’s ruling, the government could put in any little thing they wanted that they claimed had been part of the investigation.

And Special Agent Hellman, when he testifies today — now, Your Honor’s ruling we understand to permit us to put into evidence anything about what the FBI analyzed and concluded as its investigation unfolded because that goes to the materiality of the defendant’s statement. So Special Agent Hellman — through Agent Hellman we will offer into evidence a paper he prepared when the data first came in, and among its conclusions is that the data might — he doesn’t use the word “spoof” — but might have been intentionally generated and might have been fabricated. That was the FBI’s initial conclusion in what it wrote up.

So in order for the jury to understand the course of the FBI’s investigation and the conclusions that it drew at each stage, those concepts are at the center of it.

[snip]

MR. DeFILIPPIS: Okay. Your Honor, I’m sorry. We understood your ruling to be that the FBI’s conclusions as it went along were okay as long as we weren’t asserting the conclusion that it was, in fact, fabricated. You know, I mean, it’s difficult to chart the course of the FBI’s investigation unless we can elicit at each stage what it is that the FBI concluded.

Judge Cooper ordered that references to spoofing be removed — leading to a last minute redaction of an exhibit — but permitted a discussion of visibility to come in.

After all that fight, Martin’s testimony was not only bland, but it was recycled powerpoint. He not only admitted lifting the EFF description of Tor for his PowerPoint, but he included their logo.

Hellman delivers the non-expert expert opinion Durham was prohibited from giving

As I said, Martin was witness number one, Hellmann — the self-described non-expert in DNS — was witness number two.

Even though Hellman admitted, again, that he’s not a DNS expert, DeFilippis still had him go over what DNS is.

Q. How familiar or unfamiliar are you with what is known as DNS or Domain Name System data?

A. I know the basics about DNS.

Q. And in your understanding, on a very basic level, what is DNS?

A. DNS is basically how one computer would try and communicate with another computer.

After getting Hellman to explain how he purportedly got chain of custody signatures on September 20, 2016 for the materials Michael Sussmann dropped off with James Baker on September 19, DeFilippis walked Hellman through how, he claimed, he had concluded that the allegations Sussmann dropped off were unsupported. Hellman reviewed the data accompanying the white paper, Durham’s star cybersecurity witness claimed on the stand, and after reviewing that data, determined there was no allegation of a hack in the materials and therefore nothing for the Cyber Division to look at. And, as a report he wrote “within a day” summarized, he concluded the methodology was horrible.

As you read the following exchange, know that (as I understand it) some, if not most, of what Hellman describes as the methodology is wrong. Obviously, if Hellman’s understanding of the methodology is wrong, then the opinion that DeFilippis elicits from a guy who admitted he was not an expert on DNS but whom DeFilippis nevertheless asked to serve as his expert witness on DNS before inviting David Martin in to present slides lifted from the Electronic Frontier Foundation instead [Takes a breath] … If Hellman’s understanding of the methodology and the data he’s looking at is wrong, then his opinion about the methodology is going to be of little merit.

With that understanding, note the objection of Sean Berkowitz, who fought DeFilippis’ late hour addition of an expert that DeFilippis wanted to use to opine on the validity of the research, bolded below.

So we looked at the top part, which set out your top-line conclusion. You then have a portion of the paper that says, “The investigators who conducted the research appear to have done the following.” Now, Special Agent Hellman, it appears to be a pretty technical discussion, but can you just tell us, in that first part of the paper, what did you set out and what did you conclude?

A. It looks to be that they were looking for domains associated with Trump, and the way that they did that was they looked at a list of sort of all domains and looked for domains that had the word “Trump” in them as a way to narrow down the number of domains they were looking at.

And then they wanted to find, well, which of that initial set of Trump domains, which of them are email servers associated with those domains. And the way they did that was to search for terms associated with email, like “mail” or other email-related terms to then narrow down their list of domains even further to be Trump-associated domains that were email servers.

Q. And did you opine on the soundness of that methodology? In other words, did you express a view as to whether this was a good way to go about this project?

A. We did not — I did not feel that that was the most expeditious way to go about identifying email servers associated with the domain.

Q. And why was that?

A. You can name an email server anything you want. It doesn’t have to have the words “mail” or “SMTP” in it. And so by — if you’re just searching for those terms, I would wager to guess you would miss an actual email server because there are other — there are other more technical ways that you can use — basically look-up tools, Internet look-up tools where you can say, for any domain, tell me the associated email server. That’s essentially like a registered email server. But the way that they were doing it was they were just looking for key terms, and I think that it just didn’t make sense to me why they would go about identifying email servers that way as opposed to just being able to look them up.

Q. Was there anything else about the methodology used here by the writer or writers of this paper that you found questionable or that you didn’t agree with?

A. I think just the overall assumptions that were being made about that the server itself was actually communicating at all. That was probably one of the biggest ones.

Q. And what, if anything, did you conclude about whether you believed the authors of the paper or author of the paper was fairly and neutrally conducting an analysis? Did you have an opinion either way?

MR. BERKOWITZ: Objection, Your Honor.

THE COURT: Basis?

MR. BERKOWITZ: Objection on foundation. He asked him his opinion. He’s not qualified as an expert for that.

THE COURT: I’ll overrule it.

A. Sorry, can you please repeat the question?

Q. Sure. Did you draw a conclusion one way or the other as to whether the authors of this paper seemed to be applying a sound methodology or whether, to the contrary, they were trying to reach a particular result? Did you —

A. Based upon the conclusions they drew and the assumptions that they made, I did not feel like they were objective in the conclusions that they came to.

Q. And any particular reasons or support for that?

A. Just the assumption you would have to make was so far reaching, it didn’t — it just didn’t make any sense.

That’s how, as his second witness, Andrew DeFilippis introduced the opinion of a guy who admitted he wasn’t an expert on DNS that DeFilippis had asked to serve as an expert even though DeFilippis should have known that he didn’t have the expertise to offer expert opinions like this.

If Sussmann is found guilty, I would bet a great deal of money this stunt will be one part of a several pronged appeal, because Judge Cooper permitted DeFilippis to do precisely what Cooper had prohibited him from doing before trial, and he let him do it with a guy who by his own admission is not a DNS expert.

Cyber Division reaches a conclusion without looking at the thumb drives

Now let’s look at what Hellman describes his own methodology to be.

First, it was quick. DeFilippis seems to think that serves his narrative, as if this stuff was so crappy that it took a mere glimpse to discredit it.

Q. Special Agent Hellman, how long would you say it took you and Special Agent Batty to write this up?

A. Inside of a day.

Q. Inside of a day, you said?

Berkowitz walked Hellman through the timeline of it, and boy was it quick. There’s some uncertainty about this timeline, because John Durham’s office doesn’t feel the need to make clear whether exhibits they’re turning over in discovery reflect UTC or ET. But I think I’ve laid it out below (Berkowitz got it wrong in cross-examination, which DeFilippis used to attack his analysis).

As you can see, not only were FBI’s crack cybersecurity agents making a final conclusion about the data within a day but — by all appearances — they did so before they had ever looked at the thumb drives included with the white papers. From the record, it’s actually not clear when — if!!! — they looked at the thumb drives. But it’s certain they had their analysis finalized no more than one working day after they admitted they hadn’t looked at the thumb drive, which was itself after they had already decided the white paper was shit.

Timeline

September 20, 10:20AM: Nate Batty tells Jordan Kelly they’ll come from Chantilly to DC get the thumb drives

September 20, 10:31AM: Jordan Kelly tells Batty the chain of custody is “Sussman to Strzock to Sporre”

September 20, 12:29PM: Hellman and Nate Batty accept custody of the thumb drives

September 20, 1:30PM: Hour drive back to Chantilly, VA

September 20, 4:44PM: Hellman appears to explain the process of picking up the thumb drives to jrsmith, claiming to have spoken to Baker on the phone. jrsmith jokes about “doctor[ing] a chain of evidence form.”

September 20, 4:58: Hellman says the more he reads the report “it feels a little 5150ish,” suggesting (as he explained to Berkowitz on cross) the authors suffered from a mental disability, and Hellman complains that “it contains an absurd quantity of data” to which Batty responded, the data seemed “inserted to overwhelm and confuse the reader.”

September 21, 8:47AM: Batty tells Hellman their supervisor wants them to “write a brief summary of what we think about the DNC report.” Batty continues by suggesting that “we should at least plug the thumb drives into Frank’s computer and look at the files…”

9/22, 9:44AM: Curtis Heide, in Chicago, asks Batty to send the contents of the thumb drive so counterintelligence agents can begin to look at the evidence. The boys in Cyber struggle to do so for a bit.

9/22, 2:49PM: Batty asks Hellman what he did with the blue thumb drive.

9/22, 4:46PM: Batty sends “analysis of Trump white paper” to others.

In other words, the cyber division spent less than 28 hours doing this analysis.

Yes. The analysis was quick.

Hellman says his analysis is valid because he looked at the data

The hastiness of the analysis and the fact that Hellman didn’t look at the thumb drive before making initial conclusions about the research is fairly problematic, because when he discussed his own methodology, he described the data driving everything.

Q. Now, what principally, from the materials, did you rely on to do your analysis?

A. So it was really two things. It was looking at the data, the technical data itself. There was a summary that it came with. And then also we were comparing what we saw in the data, sort of the story that the data told us, and then looking at the narrative that it came with and comparing our assessment of the data to the narrative.

[snip]

Q. And in connection with that analysis, did you also take a look at the data itself that was underlying this paper?

A. Yes

[snip]

Q. And if we look at that first page there, Agent Hellman, what kind of data is this?

A. It appears to be — as far as I can tell, it looks to be — it’s log data. So it’s a log that shows a date and a time, a domain, and an IP address. And, I mean, that’s — just looking at this log, there’s not too much more from that.

Q. And do you understand this to be at least a part of the DNS data that was contained on the thumb drives that I think you testified about earlier?

A. Yes.

[snip]

A. It would have mattered — well, I think on one hand it would not have mattered from the technical standpoint. If I’m looking at technical data, the data’s going to tell me whatever story the data’s going to tell me independent of where it comes from. So I still would have done the same technical analysis.

But knowing where the data comes from helps to tell me — it gives me context regarding how much I believe in the data, how authentic it is, do I believe it’s real, and do I trust it. [my emphasis]

He repeated this claim on cross with Berkowitz.

I just disagreed with the conclusions they came to and the analysis that they did based upon the data that came along with the white paper.

When Berkowitz asked him why counterintelligence opened an investigation when Cyber didn’t, Hellman suggested that the people in CD wouldn’t understand how to read the technical logs.

A. Um, I think they’d probably be looking at it from the same vantage point, but if you’re not — you don’t have experience looking at technical logs, you may not have the capability of doing a review of those logs. You might rely on somebody else to do it. And perhaps counterintelligence agents are going to be thinking about other investigative questions. So I guess it would probably be a combination of both.

“If I’m looking at technical data,” DeFilippis’ star cybersecurity agent explained, “the data’s going to tell me whatever story the data’s going to tell me.”

Except he didn’t look at the technical data, at least not the data on the thumb drives, before he reached his initial conclusion.

Hellman makes a claim unsupported by the data in his own analysis

I’ll leave it to people more expert than me to rip apart Hellman’s own analysis of the white paper Sussmann shared with the FBI. In early consultations, I’ve been told he misunderstood the methodology, misunderstood how researchers used Trump’s other domains to prove that just one had this anomaly (that is, as a way to test their hypothesis), and misstated the necessity of some long-term feedback loop for this anomaly to be sustained. Again, the experts will eventually explain the problems.

One part of his report that I know damns his methodology, however, is where he says the researchers,

Searched “…global nonpublic DNS activity…” (unclear how this was done) and discovered there are (4) primary IP addresses that have resolved to the name “mail1.trump-email.com”. Two of these belong to DNS servers at Russian Alfa Bank. [my emphasis]

This is the point where every single person I know who assessed these allegations who is at least marginally expert on DNS issues stopped and said, “global nonpublic DNS activity? There are only a handful of people that could be!” See, for example, this Robert Graham post written in response to the original Slate story, perhaps the most influential critique of the allegations, probably even on Durham. Every marginally expert person I know has, upon reading something like that, tried to figure out who would have that kind of visibility on the data, because that kind of visibility, by itself, would speak to their expertise. Those marginally expert people did not have the means to identify the possible sources of the data. But a lot of them — including the NYTimes!! — were able to find people who had that kind of visibility to better understand the anomaly. When Hellman read that, he simply said, “unclear how this was done” and moved on.

Still, Hellman did not contest (or possibly even test) the analysis that said there were really just four IP addresses conducting look-ups with the Trump marketing server. Dozens of people have continued to test that result in the years since, and while there have been adjustments to the general result, no one has disproven that the anomaly was strongest between Alfa Bank and Trump’s marketing domain.

Where Hellman’s insta-analysis really goes off the rails, however, is in his assertion that, “it appears that the presumed suspicious activity began approximately three weeks prior to the stated start date of the investigation conducted by the researcher.”

I’m not a DNS expert, but I’m pretty good at timelines, and by my read here are the key dates in the white paper.

May 4, 2016: Beginning date for look-up analysis

July 28, 2016: Lookup for hostnames yielding Trump

September 4, 2016: End date for look-up analysis

September 14, 2016: Updated search for look-ups covering June 17 through September 14

The start date reflected in this white paper is July 28, 2016. Three weeks before that would be July 7, 2016, a date that doesn’t appear in the white paper. The anomaly started 85 days before the start date reflected in this white paper (and the start date for the research began months earlier, but still over three weeks after the May 4 start date).

I don’t understand where he got that claim. But DeFilippis repeated it on the stand, as if it were reflected in the data, I guess believing it makes his star cybersecurity agent look good.

DeFilippis’ star cybersecurity agent has some credibility problems

There are a few more problems with the credibility of Hellman, DeFilippis’ star cybersecurity agent who is not a DNS expert. One of those is that he compared notes with his boss before first testifying.

Q: And you also spoke with Nate Batty around that time, Right?

A: Yes.

Q: Did you talk to him before the first interview to kind of get ready for it?

A: I think so, but I don’t remember.

Q: Is that something that you encourage witnesses to do, to talk to other witnesses to see if your recollections are consistent?

A: No.

In addition, notwithstanding that Batty was told that Sussmann was in the chain of control, Batty claimed to believe the source was “anonymous” and Hellmann claimed to believe it was sensitive–a human source. Even after comparing notes their stories didn’t match.

There are other problems with Hellman’s memory of the events, notably that in his first interview — the one he did shortly after comparing notes with Batty — he claimed that Baker had told him he was unable to identify the source of the data.

Q. And when you went to Mr. Baker’s office, do you remember what, if anything, was said during that discussion or during that interaction?

A. I remember being in the office, but I don’t distinctly recall what the conversation was. I do remember after the fact, though, that I was frustrated that I was not able to identify who had provided these thumb drives, this information to Mr. Baker. He was not willing to tell me.

At the very least, this presents a conflict with Baker’s testimony, but it’s also another testament to how variable memories can be four years, much less six years, after the fact.

Hellman also claimed, when asked on cross, that the first time he had ever seen the reference to a “DNC report” in September 21 Lync notes he received was two years ago, when he was first interviewed.

A: The first time I saw this was two years ago when I was being interviewed by Mr. DeFilippis, and I don’t recall ever seeing it. I never had any recollection of this information coming from DNC. I don’t remember DNC being a part of anything we read or discussed.

Q: Okay. When you say, the first time you saw it was two years ago when you met with Mr. DeFilippis, that’s not accurate. Right? You saw it on September 21st, 2016. Correct?

A: It’s in there. I don’t have any memory of seeing it.

And when Sean Berkowitz asked about Hellman the significance of seeing the reference to a “DNC report” first thing on September 21, he described that DeFilippis suggested to him that it was likely just a typo for DNS.

Q. What’s your explanation for it?

A. I have no recollection of seeing that link message. And there is — I have absolutely no belief that either me or Agent Batty knew where that data was coming from, let alone that it was coming from DNC. The only explanation that popped or was discussed was that it could have been a typo and somebody was trying to refer to DNS instead of DNC.

Q. So you think it was a typo?

A. I don’t know.

Q. When you said the only one suggesting it — isn’t it true that it was Mr. DeFilippis that suggested to you that it might have been a typo recently?

A. That’s correct.

When asked about a topic for which there was documentary evidence Hellman had seen in real time that he claimed not to remember, Andrew DeFilippis offered up an explanation that Hellman then offered on the stand.

On the stand, DeFilippis also tried to get Hellman to call a marketing server a spam server, though Hellman resisted.

Once you look closely, I don’t think Hellman’s testimony helps Durham all that much. What it proves, however, is that DeFilippis attempted to coach testimony.

One final thing. DeFilippis got his star cybersecurity agent to observe that the researchers didn’t include their name or other markers on their report, as if that’s a measure of unreliablity.

Q. Now, let me ask you, were you able to determine from any of these materials who had actually drafted the paper alleging the secret channel?

A. No.

Q. In other words, was it contained anywhere in the documents?

Here’s what Hellman’s own report looks like:

There’s a unit — ECOU1 — but the names of the individual agents appear nowhere in the report. The report is not dated. It does not specifically identify the white papers and thumb drives by control numbers, something key to evidentiary analysis.

It has none of the markers of regularity you’d expect from the FBI. Hellman’s own analysis doesn’t meet the standards that DeFilippis uses to measure reliability.

This long-time Grand Rapids resident is furious that Hellman judged there was no hack

Everything above I write as a journalist who has tried to understand this story for almost six years. Between that and 18 years of covering national security cases, I hope I now have sufficient familiarity with it to know there are real problems with Hellman’s analysis.

But let me speak as someone who lived in Grand Rapids for most of this period, and had friends who had to deal with the aftermath of Spectrum Health appearing at the center of a politically contentious story.

Hellman had, as he testified, two jobs. First, he was supposed to determine whether there were any cyber equities, then he was supposed to do some insta-analysis of the data without first looking at the thumb drives.

According to Hellman, there was no hack.

I was asked to perform two tasks in tandem with Special Agent Batty, and our tasks were, number one, to look at this data, look at the data and look at the narrative that it came with and identify were there any what’s known as cyber equities. And by that it was, was there any allegation of a hacking. That’s what cyber division does. We investigate hacking. So was there an allegation that somebody or some company or some computer had been hacked. That was first.

[snip]

As I mentioned, the first piece was we had to identify was there any real allegation of hacking; and there was not. That was our first task by our supervisor. There was not.

[snip]

The allegation was that someone purported to find a secret communication channel between the Trump organization and Russia. And so we identified first that, no, we didn’t think that there was any cyber equity, meaning that there was probably nothing more for cyber to investigate further, if there was no hacking crime.

Except here’s what the white paper says about Spectrum, that Grand Rapids business that was swept up in this story.

The Spectrum Health IP address is a TOR exit node used exclusively by Alfa Bank. ie.,  Alfa Bank communications enter a Tor node somewhere in the world and those communications exit, presumably untraceable, at Spectrum Health There is absolutely no reason why Spectrum would want a Tor exit node on its system. (Indeed, Spectrum Health would not want a TOR node on its system because, by its nature, you never know what will come out of a TOR node, including child pornography and other legal content.)

We discovered that Spectrum Health is the victim of a network intrusion. Therefore, Spectrum Health may not know it has a TOR exit node on its network. Alternatively, the DeVos family may have people at Spectrum who know there is a TOR node. i.e.,  could have been placed there with inside help.

When faced with some anomalous activity that seemed to tie into the weird DNS traffic, the experts suggested that maybe the Spectrum hack related to the DNS anomaly.

To be clear, this Tor allegation is the the weakest part of this white paper. You will hear about this to no end over the next week. It was technically wrong.

But the allegation in the white paper is that maybe a recent hack of Spectrum Health is why it had this anomalous traffic with Trump’s marketing server. There’s your hack!!

Had the people at FBI’s cybersecurity side actually treated this as a possible compromise, it might have addressed the part of this story that never made any sense. And we might not, now, six years later, be arguing about what might explain it.

Let me be clear: I do think the white paper overstated its conclusions. I don’t think secret communication is the most obvious explanation here.

But there are hacks and then there are hacks in the testimony of DeFilippis’ star cybersecurity agent.

Update: Corrected an attribution to Batty instead of Hellman.

Update: Fixed my own timeline.

Update: Added link to Robert Graham’s analysis.

Update: This may be where Hellman gets his erroneous three week claim. There were two histograms included with the report. One, the close-up, does start around July 7.

But the broader scope shows look-ups earlier, very actively in June, but with a few stray ones in May.

The government didn’t include the pages and pages of logs that Batty complained about in this exhibit. Had they, it would be clear to jurors that this claim is false.

Update: Correction on two points. First, I think I’ve finally got the Lync exchange above correct between Batty and Hellman. As noted, Hellman complains that “it contains an absurd quantity of data” to which Batty responded, the data seemed “inserted to overwhelm and confuse the reader.”

Second, I was wading through exhibits this morning and found the exhibit of 19 pages of logs. Here’s just a subset of them, including logs that go back to May 2016. Hellman didn’t look even at the printed page of log files closely enough to realize his claim about three weeks was wrong. These data weren’t intended to overwhelm the reader. They were there to show how the anomaly accelerated during the election.

image_print