20 Questions (Plus 5): The Joshua Schulte Jury Is Lost, Possibly Hopelessly

According to InnerCity Press (virtually the only press covering the Schulte verdict watch), by end of day today the jurors had sent out 25 notes, most questions but also problems with two of the jurors. At the end of the day they told the Court they “aligned” on two of the charges, but were at an impasse on the other. Given that there’s slam dunk evidence that he committed the least serious crimes (false statements and contempt), that suggests at least some members of the jury have reasonable doubt that the guy who wrote a virtual signed confession to committing the most damaging leak in CIA history actually did so.

I wanted to collect the known questions from jurors to give a sense of what issues have driven this uncertainty.

Note 1: A request for a summary of exhibits

Note 2: A request for a transcript of the testimony of David, a CIA Sysadmin, particularly as regards what jurors may have mislabeled 1209-8 (David testified about Schulte’s failed attempt to access Altabackups with regards to exhibit 1202-8).

Note 3 asked 7 questions:

  1. What is included in Count Three? We aren’t sure what the purview is — articles, search warrants, tweets? This pertains to the Espionage Charge tied to posting classified information in one of his diaries, sending a diagram of CIA’s servers to WaPo reporter Shane Harris, and planning to reveal details about how a CIA hacking tool, Bartender, was used in the field (which certainly would expose CIA officers, and probably NOCs).
  2. In 2015, when DevLAN went down, was Schulte called to fix the problem? How did he fix it? Schulte’s lawyer, Sabrina Shroff, had made much of the fact that when Schulte was at a conference he got called about DevLAN going down. It’s not directly related to any of his charges.
  3. Can you please reread what was found on Schulte’s home computer? This would have focused on deleted materials (and the lack of classified information), but given that Juror 5 almost certainly knew about the child porn allegations and there was a focus on Schulte’s hosting of movies, this may have been what they were looking for.
  4. Did GX 809 reference Schulte’s taking a drug (“took my last piece”)? If so, what was it? Was it regular use? This refers to part of one page of his prison notebook in which he discusses  taking his “last piece” and envisioning himself as a Cardinal. It is entirely unrelated to his charges.
  5. Is it confirmed that Schulte’s been diagnosed with Aspergers Syndrome? One of the very senior CIA managers suggested to another that Schulte might have Asperbergers. It is entirely unrelated to his charges.
  6. For Count One, is Altabackups inclusive of Brutal Kangaroo? Is it inclusive of OSB libraries? The backup that Schulte is alleged to have stolen included both the libraries (which were not leaked) and Brutal Kangaroo (materials on which were leaked), but it included far more, but the parties did not answer this because they weren’t sure whether this was a network question or a charging one.
  7. Where were OSB libraries housed/where did they live? They were part of Stash.

Note Four: Can we please have simplified badge times/formats for Schulte on 4/20/16 in a format similar to GX 115. One piece of evidence that Schulte did the reversion during which the backup sent to WikiLeaks was stolen was that he was the only one in his SCIF with his computer during the time the commands doing the reversion were entered into it. The badge records would show that. Jurors did get simplified badge records.

Note Five: In Exhibit GX 107, what does lock/unlock computer mean in columns Source and Type? Is the computer locking itself? What is someone unlocking? This pertains to something tracked on CIA badge records and was not explained in testimony.

Note Six includes four questions:

  1. Is there evidence that April 18 and 20 were the only two times in 2016 that Schulte left the vault last? April 18, the day Schulte allegedly conducted reconnaissance on the backup files, and April 20, the day he allegedly stole him were the only two days he was the last person in his SCIF at RDB (the time period for which may include just the last seven months he worked at CIA).
  2. What does mount the Altabackups mean? This refers to how the CIA networks were set up, and Schulte’s role in doing that.
  3. What does create data store mean? This pertains to testimony about one attempt Schulte made to regain access to files he had been booted from.
  4. When someone logs out of a virtual machine, what happens to the log files from that session? There was no testimony on this point (jurors likely asked it to try to assess whether Schulte’s buddy Michael could have stolen the files).

Note Seven (Exhibits 16-17, I think) asked for the transcripts of Michael Berger (the FBI forensics expert who presented evidence of Schulte’s efforts to wipe evidence at home) and Michael (Schulte’s buddy who took a screen cap of him deleting logs).

Note Eight: Jurors complained that one of the jurors, Juror 4, was not deliberating with the rest of the jury and coming in late.

Note Nine included two questions:

  1. Can we please have testimony from Richard Evanchec. Evanchec is one of the FBI agents that interviewed Schulte and searched his home, and so is central to the false statements charges.
  2. What testimonies covered GX 1305-8 and GX 1305-9. Can we please have transcripts about that. These are Schulte’s Google records, which Evanchec also testified about.

Note Ten: Juror five has prior information, probably including details of Schulte’s child porn charges. She also looked up one of the lawyers. It became clear in a later sidebar that this is the juror who had said something inappropriate to another juror, possibly about deliberations, on February 13, during the trial.

Note Eleven included two questions:

  1. What happened to Schulte’s computers and workstation after he went to Bloomberg (after November 10)? This is likely a question testing a theory about whether someone — possibly Michael? — could have altered logs on Schulte’s computer after he left on November 10, 2016.
  2. When and where was Rufus’s SSH key found? Was it found in the home directory or was it found forensically? Schulte had stored the key of someone, Rufus, who had had Admin access but left, on his home directory. He used it when he was deleting logs on April 20. Sabrina Shroff had gotten one witness to testify that it was very easy to access other people’s home drives, so this is likely another effort to test an alternate culprit theory.

There were two more questions today (which I’ll update on Monday when that transcript is released):

  • Something about the CFAA charge, suggesting jurors are not treating the reversion as a hack, but might be treating Schulte booting his colleague off Brutal Kangaroo as one.
  • Something about unanimity on charges, possibly relating to the leaks from jail.

And then jurors told the court that they’re only in agreement on two charges, but stuck on the others.

For the reasons I laid out here — as well as the two problem jurors — I’m not surprised about that. And given the questions, it seems clear that the extended focus on Schulte’s employment disputes at the CIA made at least some of the jurors sympathetic to the idea that someone at CIA framed Schulte. Keep in mind, too, that Schulte adopted the moniker Jason Bourne in prison, so he fed that idea. And — as Shroff noted in her close — there was no good reason to focus on the continued employment disputes that extended two months after Schulte allegedly stole the files.

When the CIA puts its formers on trial, in my opinion, it believes the general population will be as outraged by a violation of CIA’s sacred trust as they themselves are. That may be why prosecutors aired that entire nasty employment dispute. But that’s generally not the case outside of EDVA, especially not in SDNY.

Between that, and the forensic complexity of this case, it appears the jury is lost.

Reminder; Calyx Institute and other donors sprung for the transcripts of this trial.

The Joshua Schulte Jury Is Falling Apart

Even before Judge Paul Crotty dismissed a juror today for reading outside information and sharing it with another juror, it was clear that the jury was a mess. Going all the way back to February 13, a juror had said something to another juror that concerned him.

THE COURT: Okay. I got a note from a juror, and it deals with an incident that occurred on Thursday late in the day. He then left the courthouse. We asked him to put the report that he made to David on Thursday in writing, which he did on Tuesday morning. This is the note. I’m going to mark it as Court Exhibit 1. I made copies. So I don’t think we can resolve this now. But I wanted to call it to your attention right away.

[snip]

MS. SHROFF: It’s her belief. She’s not saying she can’t be impartial. She’s not deliberated. She’s voicing an opinion. And she also notes that that was a different — I mean, she’s saying she is a different kind of citizen. That’s what we want. A jury of peers.

Judge Crotty discussed that incident with the two sides on February 19.

Then, on the first day of deliberations Tuesday, the jurors sent a bunch of notes, including one with seven questions, several of them (the questions about the DevLAN outage, drugs, and Aspergers) entirely unrelated to Schulte’s guilt or innocence:

Message: What is included in Count Three? We aren’t sure what the purview is — articles, search warrants, tweets? (2) In 2015, when DevLAN went down, was Schulte called to fix the problem? How did he fix it? (3) Can you please reread what was found on Schulte’s home computer? (4) Did GX 809 reference Schulte’s taking a drug (“took my last piece”)? If so, what was it? Was it regular use? (5) Is it confirmed that Schulte’s been diagnosed with Aspergers Syndrome? (6) For Count One, is Altabackups inclusive of Brutal Kangaroo? Is it inclusive of OSB libraries? (7) Where were OSB libraries housed/where did they live?

While a number of the questions made sense, it was also clear that the jurors are confused about the forensic evidence, including multiple threads of evidence that show Schulte was at his computer typing in the commands that reverted the backup on the date the files were stolen.

But today, according to a note from Schulte’s lawyers, Juror 1 told the Court that Juror 5 had shared outside information with him.

The defense respectfully requests that the Court halt jury deliberations temporarily and conduct an individual voir dire of jurors 2–11 to ensure that they were not exposed to prejudicial extra-record information from former Juror 5. Such an inquiry is necessary because the Court currently only has the information received in the robing room from Juror 1 and former Juror 5.

The juror who got booted spoke to the press. She seems to believe Schulte did restore his own access to certain files (given her description, she seems focused on Brutal Kangaroo), but does not believe he is guilty of the most serious charges.

“Was he a naughty boy? Yes,” Wiesenberg said. “But did he do the final click? I don’t have evidence. I want solid proof that I wasn’t given by the parties. I don’t think he did it — the most serious charges.”

[snip]

The five-week trial established that Schulte improperly reinstated his administrative privileges to access secret information he’d been told to stay away from, according to Wiesenberg, who lives in the West Village.

“He felt entitled. This was his tool — he created it,” Wiesenberg said, referring to some of the hacking tools. But that didn’t make Schulte guilty of the most serious of 11 charged counts, she added.

Note that, given how little coverage of this case there has been, she probably would have had to go looking for outside information.

In their close, prosecutors didn’t point jurors to where, in the pile of evidence they’ve been presented over the last month, the details are that might prove each of the charges against Schulte (the evidence is there, but it’s highly technical). It’s unsurprising they’re confused. And now Schulte’s lawyers want to know what other outside information on the trial has gotten into jurors.

Update: The booted juror told they Post there are others who doubt Schulte’s guilt on the most serious charges.

Wiesenberg said the Schutle jury is divided, with people like her who believe the former CIA programmer to be not guilty of the worst leak in the spy agency’s history.

It’s Easy to [Claim to] Attribute Hacks to CIA after a One Month Trial on CIA’s Tools

Yesterday, closing arguments and charging instructions in the Joshua Schulte trial were presented to the jury. As I’ve noted, I think the evidence against Schulte is quite compelling, but several things have weakened the government’s case. The transcripts for the closing arguments (which will come out tonight) may provide a better sense of how strong the case is. Otherwise, we wait on the jury.

But at least one Chinese InfoSec company is not waiting. One firm just released a report claiming to ID a number of CIA’s hacking campaigns against Chinese targets, which it dubs APT-C-39. It explicitly relies on the trial record (though not the most interesting details of it, and some of the details revealed at trial seem to conflict with this report).

Proficient in the design and development of cyber weapons and possessing knowledge of intelligence operations, Joshua became one of the core backbones of the CIA’s many important hacking tools, including a key cyber weapon – Vault 7.

In 2016, Joshua took advantage of his admin privilege of the core machine room and a preset backdoor to steal the classified documents of Vault 7 and disclosed to WikiLeaks, which was published on Wikileaks website in 2017.

In 2018, Joshua was arrested and prosecuted by the U.S. Department of Justice for the Vault 7 leaks. On February 4, 2020, at a public hearing in the federal court, the federal prosecutor alleged that Joshua, as the core developer and the person in charge of the highest administrator authority of its internal arsenal, has committed “the single biggest leak of classified national defense information in the history of CIA”by disclosing the agency’s secret hacking tools to WikiLeaks.

This piece appears to be entirely reversed engineered from the leaked files and the trial record, not actual InfoSec analysis. For example, it treats “Vault 7” as CIA’s code name, not some dumb label WikiLeaks assigned to it. It claims to track campaigns from September 2008 through June 2019; yet the trial record says CIA stopped all use of tools developed before Schulte left.

It makes much of compilation time. It is true that most of the work on these tools happen in VA and most of the developers work regular hours. However, there are two remote offices, so tools targeting China could easily be customized in Asian timezones.

The compilation time of malware is a common method and statistics in the research of APT group attribution. Through the study of the compilation time of malware, we can find out the developer’s work schedule, so as to know the approximate time zone of his location.

The following table is the schedule of compilation activities of APT-C-39 (the time is based on the East 8 time zone). It can be seen that the organization’s activities are close to the schedule in Eastern U.S. time zone, which is in line with the CIA’s location. (Virginia, U.S. Eastern Time).

It also admits that it is speculating about a key point — how CIA would use all this.

We speculate that in the past eleven years of infiltration attacks, CIA may have already grasped the most classified business information of China, even of many other countries in the world. It does not even rule out the possibility that now CIA is able to track down the real-time global flight status, passenger information, trade freight and other related information. If the guess is true, what unexpected things will CIA do if it has such confidential and important information? Get important figures‘ travel itinerary, and then pose political threats, or military suppression?

Don’t get me wrong. I’m sure the Chinese state is watching the trial closely for clues on CIA’s now defunct hacking tools, as well as organizational clues to how it used to be developed (though given China’s extensive success spying on the US, doubt they’ve learned anything even remotely new from this trial). But this report, at least, looks to be a opportunistic effort to make the most of the spectacle of the US prosecuting one of its own hackers.

Update: This, from last year, is a more credible report based on Vault 7 leaks. (h/t Catalin Cimpanu)

With One Dropped Charge and a Major Screw-up, Government in Remarkably Weak Position against Joshua Schulte

The outcome of the Joshua Schulte trial will be unresolved until closing arguments Monday and deliberation next week.

While parts of the case are circumstantial — because Schulte allegedly used TAILS, there’s no smoking gun showing him sharing stolen files with WikiLeaks — in my opinion the case against him is quite strong, particularly given really damning details from his prison notebooks talking about leaking to WikiLeaks.

But the government, having rested and rebutted the scant defense case, is in remarkably weak position right now.

That’s true, first of all, because the government has spent over two weeks trying to recover from an own goal, prosecutors’ failure to provide Schulte with advance notice that one of his closest buddies at the CIA, Michael, got put on paid leave last August because the CIA no longer trusts the developer because of his closeness to and lack of candor about Schulte. In reality, Michael should have been a key witness for prosecutors, providing proof that Schulte was at his computer and logged in when the reversion and copy of the files likely shared with WikiLeaks was accomplished. But because prosecutors didn’t fully disclose the report in real time, Schulte has flipped that on its head. The trial ended with the guy who wrote that report testifying on rebuttal about how this is still all about Schulte — effectively providing emphasis that the CIA maintains that Schulte is the culprit — but it interrupted the narrative arch of the government case.

Add that to the pace of the trial, which feels like a nasty employment dispute to which the massive breach of the CIA’s hacking tools became just a side-dispute. That’s often true of CIA trials — it certainly was for Jeffrey Sterling. But the long parade of CIA witnesses — Schulte’s buddy, two other colleagues, his boss, his boss’s boss, his boss’s boss’s boss, her boss, and then yet another boss, plus a CIA SysAdmin and a security guy — all describing a series of disputes escalating from a nerf gun fight to WikiLeaks burning the CIA’s hacking capabilities to the ground refocused the trial onto whether Schulte’s complaints had merit and not on what the forensic evidence showed.

And Sabrina Shroff did a superb job of defending not the forensic case (indeed, defense expert Steve Bellovin did not take the stand to float any of the alternate theories that Schulte has been offering for two years, and in so doing will leave Shroff to claim Michael could have accessed the backup without prosecutors having gotten him to admit that wouldn’t have worked), but instead arguing that her client was maligned by the entire CIA. The boss, the boss’s boss, the boss’s boss’s boss, the boss’s boss’s boss’s boss, and then the senior-most boss are all lined up against Schulte for being an asshole. She even defused utterly damning notes about working with Russia (which I’ll return to). From the transcripts, it seemed like Shroff rattled a good many government witnesses, too, and a number of them (one of the FBI agents and the classification expert, especially) seemed to come off as unresponsive as a result.

And on a potentially significant point, FBI Agent Evan James Schlessinger’s unresponsiveness deprived the government of an opportunity to rebut something the defense will do in its close. The defense entered a stipulation that Schulte had been thrown into the SHU on October 1, 2018, before the Bureau of Prisons found the phone he allegedly used to leak classified information to Shane Harris. The phone continued to be used, probably by Schulte’s roommate Omar Amanat, for whom Schulte was writing an expert report. Somebody–again, probably Amanat–sent a Signal text to Harris on October 2, saying “Hi Shane, the anon email is down since Sunday evening Can you resend your questions to [email protected] thanks.” That text seems to be proof that no one besides Schulte had the password to the other email account, [email protected], but the FBI Agent didn’t take this point head on when he could have.

Two weeks ago, one juror apparently complained about another, suggesting she was already making up her mind. Whatever the complaint, the defense seemed to welcome it, which given the focus on the employment dispute may mean the juror sees that dispute as contested.

Finally, the government dropped one of its charges today, eliminating the Illegal Transmission of Lawfully Possessed National Defense Information (Count Two in the superseding indictment). The government dropped it to avoid confusing the jury about whether Schulte had legal access to the files that he stole. But the discussion about it leads me to think the defense could argue that Schulte had legal access to some of the files he sent to WikiLeaks, thereby getting off on that charge. If the jury convicts, that dropped charge won’t much matter in the grand scheme of things. And even an acquittal would not spring Schulte from jail, because he still faces child porn charges.

Still, I have to applaud the job that Shroff and Schulte’s other attorneys did, because she did a remarkable job with one of the most nightmarish clients. She certainly put a lot out there that might lead jurors to find there is a reasonable doubt about this.

And much of that comes from the government being dickish.

The State of Play: Joshua Schulte and Julian Assange

Last year, it looked like the Joshua Schulte trial, rescheduled in the fall to start January 13, would be done before the extradition hearing for Julian Assange started. Two things changed since then: Schulte got a delay until February 3, and then last month, Assange convinced Judge Vanessa Baraitser to split his extradition hearing into two, the first part lasting a week starting Monday, and then resuming on May 18 for three more weeks.

As a result, both men are in court during the same week, intersecting in interesting ways.

Thus far, Assange’s argument is threefold:

  1. His prosecution is hopelessly political, merely retaliation by the hated President that Assange helped elect, Donald Trump
  2. The evidence in the case against Assange is so weak as to be abusive
  3. A person cannot be extradited for political crimes like the Espionage Act

The first argument is a load of horseshit covering up the fact that the timing of the treatment of WikiLeaks as a non-state hostile intelligence service, the increased surveillance of Assange, and the initial December 21, 2017 charge all stem from WikiLeaks’ burning the CIA by publishing all its hacking tools. It’s horseshit, but it garners a lot of enthusiasm among WikiLeaks supporters who like to conveniently forget that, whatever Assange’s motivations were in 2010 (when he engaged in the acts he is charged with), he nevertheless helped Russia help Trump get elected. That said, even though the claims about what changed in 2017 are horseshit, it doesn’t change that the existing charges against Assange pose a real danger to journalism.

The second argument is far stronger. For each of the theories of prosecution under which Assange is charged — attempting to help Chelsea Manning crack a password, soliciting certain files via WikiLeaks’ wish list, and publishing a bunch of files in which the names of US and British sources were later revealed — Assange has at least a credible defense. Assange never succeeded, and could not have succeeded, in cracking that password. Manning didn’t leak the precise files that WikiLeaks had on its wish list (though did leak some of the same sets). WikiLeaks originally went to some effort to redact the names of sources, only to have a Guardian journalist release the password revealing them. Mind you, the extradition hearing is not the trial itself, so for these defenses to be relevant, WikiLeaks has to prove that the case against Assange is abusively weak.

The third argument, which is being argued today, is a more interesting legal question. Assange claims that the existing Anglo-US extradition treaty, passed in 2003, still prohibits extradition for political offenses like theEspionage Act. The US argues that Assange’s extradition is governed by the Extradition Act of 2003, which did not include such a bar (and also disagrees that these are political crimes). The lawyers are even arguing about the Magna Carta! Judge Vanessa Baraitser seems inclined to side with the US on this point, but the question will surely be appealed. Mind you, one of the charges against Assange, CFAA, is in no way a political offense, and the UK has not barred its own citizens, much less foreign citizens hanging out in foreign embassies, from being extradited on the charge (though several hackers, most recently Lauri Love, have challenged their extradition to the US for CFAA on other grounds).

Yesterday, Assange’s defense spent a good deal of time making the second argument. The US didn’t respond. Rather, it said it would deal with those issues in the May hearing.

Meanwhile, the Schulte trial is wrapping up, with Schulte doing little to mount a defense, but instead preparing an appeal. Yesterday, Schulte asked that an instruction on the defendant not testifying be added to the jury instructions (normally, these are included from the start, but Schulte has been claiming he would testify all this time). Today, Schulte told the court that Steve Bellovin won’t testify because he never got access to all the data Judge Paul Crotty ruled he couldn’t have access to (not mentioning, however, that the restrictions stemmed from Crotty’s own CIPA judgment).

I’m still unclear on the status of the witness, Michael. Schulte is trying to submit his CIA investigative report in lieu of finishing cross-examination (which is where things had left off). But it still seems possible that Crotty would require his testimony to be resumed, giving the government another opportunity to redirect his testimony. This is all likely happening today, but given that there’s so little coverage of the trial, we won’t know until Thursday.

Before all this happened, however, the jailhouse informant provided very damning testimony against Schulte, not only describing how Schulte obtained a phone (swapping an iPhone for a Samsung that he could load all the apps he wanted on it), but also claiming that Schulte said, “Russia had to help him with what he was doing,” launching an information war.” I had learned of similar allegations of ties or willingness to forge them with Russia via several sources in the past. And Schulte’s own jailroom notebooks include hints of the same, such as a bullet point describing how Russia could help the US “destroy itself.”

And his final plan — which the informant alerted his handlers to just before Schulte launched it — included some “Russia pieces.”

As part of the same plan to get fellow SysAdmins to leak all their secrets to WikiLeaks, then, Joshua Schulte was also hoping to encourage Russia to attack the US.

I’ve long said the Vault 7 case, if it were ever added to Julian Assange’s charges (including an extortion charge, which would also not be a political crime), would be far more damning and defensible than the ones currently charged. Filings from November suggested that the government had come to think of Schulte’s leaks to WikiLeaks as the last overt act in an ongoing conspiracy against the United States.

And by 2018, Schulte had come to see leaking to WikiLeaks as part of the same plan encouraging Russian attacks on the US, precisely the allegation WikiLeaks has spent years trying to deny, especially in the wake of Assange’s cooperation in Russia’s election year operation.

It’s not clear whether the US will add any evidence to the original 2010 charges against Assange before May (though Alexa O’Brien has pointed to where additional evidence might be), but the statement they’re waiting until then to rebut the solid defense that WikiLeaks is now offering suggests they might. That might reflect a hope that more coercion against Chelsea Manning will produce that additional evidence (she has renewed her bid to be released, arguing that such coercion has obviously failed). Or it might suggest they’ve got plans to lay out a broader conspiracy if and when Schulte is convicted.

Assange’s lawyers pushed for the delay to May in the first place. If the US government uses the extra time to add charges related to Vault 7, though, the delay may make a significant difference in the posture of the case.

Kim DotCom Posts Evidence Trump’s “Best Friend (Name Redacted)” in Pardon Discussions

Last night, Kim DotCom tried to take credit for brokering the meeting at which Dana Rohrabacher tried to pardon a pardon deal whereby Julian Assange would claim Seth Rich was his source for the DNC emails and Trump would pay him off with a pardon. He posted a bunch of texts with “Trumps best friend (name redacted)” where he pushed his  interlocutor to get Trump to take a public step in favor of the deal.

Only, the name of Trump’s “best friend (name redacted)” was not actually redacted.

While I have no doubt DotCom is overselling his own role in this, it does appear he was talking directly to Sean Hannity about it.

Which would suggest a real continuity between whatever happened when Hannity met Assange in January 2017, not long after Roger Stone reached out to Margaret Kunstler to discuss a pardon, and what happened in August 2017, when Dana Rohrabacher resumed discussion of the pardon. That suggests pardon discussions were not — as WikiLeaks is now falsely portraying — a one-time bid that got rejected, leading to Assange’s prosecution, but rather continued from late December 2016 until at least August 2017, through the time when Mike Pompeo labeled WikiLeaks a non-state hostile intelligence agency.

Hot and Cold Running Mike Pompeo and Other Ridiculous WikiLeaks Defense Claims

Today is the first day of Julian Assange’s fight to avoid extradition. In addition to legitimate First Amendment concerns about extraditing Assange on the charges as written, Assange is challenging the extradition with some very selective story-telling to pretend that he’s being prosecuted for political reasons.

For example, WikiLeaks is pointing to the Dana Rohrabacher pardon discussion in August 2017 to suggest that Trump was extorting Assange, demanding he provide certain details about the 2016 hack (details that are consistent with the lies that Assange told consistently about Russia’s role in the hack-and-leak) or else he would prosecute him. Unsurprisingly, WikiLeaks did not mention that discussions of a pardon started at least as early as December 2016 as payback for his role in the election, and continued in February 2017 as Assange tried to use the Vault 7 files to extort a pardon. If you can believe Roger Stone, pardon discussions continued even after DOJ first charged Assange in December 2017until early January 2018 (though that may have been an attempt to silence Randy Credico and thereby keep details of what really happened in 2016 secret).

WikiLeaks is also misrepresenting the timing of the increased surveillance by UC Global in December 2017 to suggest Assange was always being surveilled that heavily.

I will pass over the intervening period during which Julian Assange continued to have his conversations with his lawyers and family constantly monitored and recorded by a private agency acting on the instructions of US intelligence and for their benefit.

As slides from Andrew Müller-Maguhn make clear, the surveillance only began to really ratchet up in December 2017, after Assange had helped Joshua Schulte burn CIA to the ground (and at a time when WikiLeaks remained in communication with Schulte).

Assange’s team then mis-states when Trump’s war on journalists began, suggesting it preceded the April 2017 targeting of Assange, rather than came in August 2017.

That temporal slight is necessary because Assange’s team is claiming that Mike Pompeo decided to attack WikiLeaks in April 2017 out of the blue, out of some kind of retaliation.

That is why the prosecution of Mr. Assange, based on no new evidence, was now pursued and advocated by the Trump administration, led by spokesman such as Mike Pompeo of the CIA and Attorney General Sessions. They began by denouncing him in April 2017. I refer you to the following:

i. Firstly, the statements of Mr. Pompeo, as director of the CIA, on 13 April 2017, denouncing Julian Assange and WikiLeaks as “a non-state hostile intelligence agency“. [Feldstein, tab 18, p19 and K10] On the same occasion, Pompeo also stated that Julian Assange as a foreigner had no First Amendment rights (See Guardian article, bundle K)

ii. Then there was the political statement of Attorney General Sessions on 20 April 2017 that the arrest of Julian Assange was now a priority and that ‘if a case can be made, we will seek to put some people in jail‘ [Feldstein quoting Washington Post article of Ellen Nakashima, tab 18, at page 19]

That’s thoroughly absurd. Pompeo’s speech was entirely about CIA’s response to have been burned to the ground by WikiLeaks. This passage makes clear that, in his prepared speech at least, Pompeo’s comments about the First Amendment don’t pertain to him being a foreigner at all (I’m going to pull the video).

No, Julian Assange and his kind are not the slightest bit interested in improving civil liberties or enhancing personal freedom. They have pretended that America’s First Amendment freedoms shield them from justice. They may have believed that, but they are wrong.

[snip]

Third, we have to recognize that we can no longer allow Assange and his colleagues the latitude to use free speech values against us. To give them the space to crush us with misappropriated secrets is a perversion of what our great Constitution stands for. It ends now.

Here’s what he said in questions:

DIRECTOR POMPEO: Yeah, First Amendment freedoms. What I was speaking to there was, as – was a little less constitutional law and a lot more of a philosophical understanding. Julian Assange has no First Amendment freedoms. He’s sitting in an embassy in London. He’s not a U.S. citizen. So I wasn’t speaking to our Constitution.

What I was speaking to is an understanding that these are not reporters don’t good work to try to keep you – the American government honest. These are people who are actively recruiting agents to steal American secrets with the sole intent of destroying the American way of life. That is fundamentally different than a First Amendment activity, as I understand them, and I think as most Americans understand them. So that’s what I was really getting to.

We’ve had administrations before that have been squeamish about going after these folks under some concept of this right-to-publish. No one has the right to actively engage in the threat of secrets from America with the intent to do harm to it.

Mike Pompeo is and always will be a problematic figure to make this argument.

But all the evidence shows that Assange’s surveillance and prosecution arose in response to the Vault 7 leaks, not Trump innate hatred for journalists.

Update: Here are the Prosecution’s Opening Statement and Skeleton Argument.

The Inconsistencies of the UC Global Julian Assange Spying Story

Tomorrow, the first of two extradition hearings for Julian Assange starts. In addition to the least damning of several pardon discussions that happened with Assange, the hearing will include discussion of allegations that Assange was spied on in the Embassy, the most recent incarnation of which appeared in the Australian press today. In addition, NYT covered the story here, some key El País stories are here, and Andrew Müller-Maguhn did a presentation on it at CCC.

The story goes that a Spanish company employed to ensure security in the Ecuadorian Embassy, UC Global, significantly ratcheted up the level of video and audio surveillance of Assange in 2017. Additionally, Spain is investigating whether the head of that company, David Morales, shared that surveillance — possibly in real time — with the United States, allegedly directly with the CIA.

I’d like to point to some inconsistencies in the stories. I’m not defending the levels of surveillance of Assange — but neither would I defend the gross abuses of privacy WikiLeaks has committed against private citizens in the US, Turkey, Saudi Arabia, and other countries. Nor am I contesting that the surveillance took place. I’m even willing to stipulate that the surveillance got shared with the US (though no story on this topic convincingly substantiates this, and some of the public bases for the claim CIA was the recipient are flimsy).

What legal regime has jurisdiction

One interesting question about all this pertains to the legal regime. This is surveillance conducted by a Spanish company with US business locations on Ecuadorian territory being raised in a post-Brexit British legal proceeding regarding extradition to the US. The surveillance of the embassy is Ecuador’s concern — and whatever you think of Rafael Correa’s Bolivarist politics, he embraced really intrusive surveillance. The sharing of data from the EU to the US — whether directly from the UK or via Spain — might come under GDPR or Privacy Shield protection, except EU law excepts out national security from these laws, which would apply here. And because UC Global does and did business in the US (it even had a location in New Mexico in 2016), it might be subject to subpoena or other legal process to conduct surveillance.

As it pertains to the question of extradition, as I understand it, the law in the UK has to do with proportionality, and as we’ll see, what we’re really talking about is surveillance of Assange during a period of investigation of one of the worst breaches of any Five Eyes intelligence agencies in history, Vault 7 (not the 2016 publications), and the surveillance ratcheted up during a period when WikiLeaks was still publishing those files. Which likely means the UK is going to be very permissive in how it weighs the question of this surveillance, because this was about an investigation into someone who helped burned a Five Eyes spying partner to the ground.

The escalation of surveillance happened after Vault 7 started

Virtually all of these stories obscure the timing, as illustrated by this AMM slide.

A key part of the story suggests that because UC Global owner Morales got a contract with Sheldon Adelson in 2015, under the Obama Adminsitration, that somehow proves CIA involvement, and some of the reports on this make it clear that UC Global was working for Adelson, which negates the entirety of his role. Sillier still, that Morales traveled to Chicago is no indication of a tie to CIA.

Once you’ve dismissed that, then it’s clear the escalation didn’t start in earnest until June and July 2017.

In his talk, AMM mentions that the US was unhappy about certain “publications,” plural, without describing them. There’s good reason to be silent about it — the same silence that WikiLeaks supporters like to enforce elsewhere. WikiLeaks was not only publishing CIA’s hacking tools with thin — and inaccurate — claims to justify doing so in the guise of journalism, but WikiLeaks was and is sitting on CIA’s actual hacking tools.

At the time, WikiLeaks was in ongoing communications with accused Vault 7 leaker Joshua Schulte (communication it continued at least as long as June 2018, when WikiLeaks posted the blogs Schulte published from jail, but probably even after that). The targeting of Schulte, himself, might explain some of this surveillance. And Morales’ presence in Alexandria (which AMM misstates as Arlington) is utterly consistent with someone subject to US subpoena appearing before a grand jury in EDVA; surveillance records are considered business records in the US subject to subpoena.

Certainly, questions about what WikiLeaks was doing with the still unpublished hacking tools might have elicited the surveillance. And in the months before the surveillance actually ratcheted up in December 2017 (which is when the surveillance in question really began), Schulte was doing some things on Tor that may have included reactionary communications with WikiLeaks.

Even AMM’s presentation, however, confirms that before December 2017 — that is, before the US finally detained Schulte and charged Assange — much of Assange’s private space was not covered by the surveillance. That actually dramatically contradicts claims about surveillance of Assange made in the past.

From there, all the stories make much about the events of December 21 and 22, 2017 (indeed, AMM presents the planned Ecuadorian-Russian exfiltration on those dates as a potential US kidnapping).

But here, too, the timing is obscured. The Australian piece, for example, suggests the surveillance put in place in anticipation of these events was a response to it.

“It got to the point where, during a visit to Mr Assange, the head of Ecuador’s intelligence service [Rommy Vallejo, on December 21, 2017] was also spied on,” Martinez added.

“In the meeting between Mr Vallejo and Mr Assange the possible release [from the embassy] of Mr Assange in a few days later was discussed.”

Within hours of that secret meeting, which was known to only a few people, the US Ambassador to Ecuador complained to Ecuadorian authorities, and the next day the US issued an international arrest warrant for Assange, Martinez said.

“That leads us to believe that the conversation was urgently sent to the US authorities and that they urgently issued the international arrest warrant the next day,” he said.

There’s a lot to be told about the events of December 21, which is the day Assange was actually charged. But events pertaining to Schulte preceded them. And Ecuador’s designation of Assange as a diplomat on December 19 — and the UK’s rejection of it — would have alerted the UK (and through them, the US) of the events two days before the meeting in question, without any surveillance.

Finally, as AMM notes, “PROM” took over surveillance after Ecuador made a security agreement with the US in April 2018. AMM suggests that that, for the first time, made such surveillance illegal. There’s no basis for that, particularly given that UC Global has a US component. Moreover, it was PROM, and not UC Global, that allegedly engaged in the corrupt sale of surveillance records, something that often gets lumped on UC Global.

In summary, say what you will about this surveillance, which clearly became oppressive in December 2017. Say what you will about whether obtaining all of CIA’s hacking tools and sitting on most of them is “journalism.” But if you’re going to talk about why surveillance ratcheted up, you do need to account for the fact that WikiLeaks was engaged in activities that resemble what CIA does, not what journalists do.

Assange has 1,000 lawyers

One of the key allegations is that this surveillance collected on conversations between Assange and his lawyers. The most recent Aussie version points to meetings with Geoffrey Robertson and Jennifer Robinson.

While this may be typical surveillance at a secure diplomatic property, what Robertson did not know was he and a handful of other lawyers, were allegedly being targeted in a remarkable and deeply illegal surveillance operation possibly run at the request of the US Government.

And recordings such as Robertson’s visit are at the heart of concerns about the surveillance: privileged legal conversations between lawyer and client in a diplomatic residence were recorded and, later, accessed from IP addresses in the United States and Ecuador.

Robertson was only one of at least three Australian lawyers and more than two dozen other legal advisers from around the world that were caught up in the surveillance operation.

Long-time WikiLeaks adviser Jennifer Robinson was one of the other Australian lawyers caught in the spying operation.

Jennifer Robinson is a pretty important lawyer for WikiLeaks, but even here she’s described as an “advisor.” And WikiLeaks has a long history of gaming legal representation, up to and including using it to obtain visibility about the defense of related persons.

Randy Credico even joked about how many people are claimed to be WikiLeaks lawyers at Roger Stone’s trial.

Q. Margaret Kunstler is one of WikiLeaks’s lawyers?

A. You’ll let — she’s going to have to describe her role as a — what her role is with WikiLeaks. You know, I don’t — he has — Julian Assange has about 1,000 lawyers. You know, Michael Ratner was one of his lawyers. Alan Dershowitz was one of his lawyers.

Q. Thank you.

A. There are a lot of lawyers. All right? But, that — you know, who’s a lawyer —

Robinson will present the Dana Rohrabacher story as a witness this week, so it’s worth attending to precisely what legal role these lawyers are playing.

Even if this surveillance was shared in real time with the United States, there are protocols in both the CIA and FBI about how to deal with it. The meetings were surveilled. That doesn’t mean the meetings with the lawyers actually representing him were viewed by American authorities.

Steve Bellovin Weighs in on the Schulte Mistrial Request

Steve Bellovin, who for the reasons I laid out in this post, has impeccable credibility, has now weighed in on accused Vault 7 leaker Joshua Schulte’s bid for a mistrial. Bellovin is Schulte’s technical expert, and lost a bid last August to get direct forensic access to the workstation and servers at issue in his case.

The current bid for a mistrial is based on two complaints: first, DOJ withheld notice that the CIA had put Schulte’s buddy, Michael, on paid administrative leave last August until the day Michael testified. In addition, Schulte argued they had gotten inadequate forensic discovery to challenge the government’s case.

Ultimately, I think this bid — even with Bellovin’s renewed request — will likely not work. With regards to the forensics demand, this is really a complaint about a decision Judge Paul Crotty made under the Classified Information Procedures Act last summer, which Schulte renewed based off unpersuasive claims about the scope of one of the testimony of one of the government’s expert witness, Patrick Leedom, at trial. Schulte certainly can and no doubt will appeal Crotty’s decision, but the government claimed in its response that the defense didn’t make the more tailored requests for information that were permitted under Crotty’s order.

While the defendant has maintained his stubborn insistence on full forensic images, he has failed to actually make use of the information the Government provided, such as the data on the Standalone, to explain why the discovery produced by the Government was inadequate, or to take the Court up on its repeated invitation to the defense to make more narrow requests. In United States v. Hill, the court did order the Government to produce two mirror images of hard drives containing child pornography to the defense. See 322 F. Supp. 2d 1081, 1091 (C.D. Cal. 2004). Hill, however, does not involve the requested disclosure of an unprecedented and staggering amount of classified information without a showing that the information would be both “relevant and helpful,” as required by CIPA.2

With regards to the late notice about Michael’s paid leave, I think (though am not certain) that this is actually a Jencks issue, and I think (though am not certain) the government did comply with the letter of the law even if withholding the report was dickish and unnecessary.

In his declaration, Bellovin makes a frivolous point about Michael as an excuse to complain about both issues raised in the mistrial motion: that there was a common password to Confluence that Michael could have used to access the backup files from which Schulte allegedly stole the files.

The government makes a number of specific assertions that are misleading or simply false. For example, the government states that certain FBI reports “make clear that Michael never had Atlassian administrator privileges and thus did not have the ability to access or copy the Altabackups (from which the Vault 7 information was stolen).” Gov’t Opp. at 8. As a simple factual matter, this statement is untrue. The possession of “Atlassian administrator privileges” had nothing to do with the ability to access or copy the Altabackup files. Rather, what was needed was log-in access, i.e., a working user name and password, to the Confluence Virtual Machine (or “VM”). Michael certainly had such log-in access. As shown in Leedom Slide 60 (GX 1207-10 and GX 1207-11), which is described as “April 16, 2016 Confluence Backup— password and shadow files,” a user name called “confluence” is listed (Slide 60, GX 1207-11, third line from the bottom). The password for this user name was listed on a web page that was accessible to all OSB members, including Michael, and was used for many other log-ins throughout the organization. See GX 1202-5 (listing one commonly used password as “123ABCdef.”). This password was valid both before and after April 16, 2016. So if Michael had simply typed that password into the Confluence VM on April 20, 2016, along with the user name “confluence,” he would have had access to the Altabackup files from which the Vault 7 information was allegedly taken.

Not only has the defense known this for over a year, I even pointed to the availability of root passwords days after the initial leak in March 2017. So nothing about the late notice on Michael prevented Schulte from arguing this from the start. Moreover, this is something the government already addressed in their response.

 Finally, the defense complains that he should have been able to examine the Confluence virtual machine to determine whether another user had “root” access, such as Michael. Again, the defendant’s argument fails. Initially, the defendant has been on notice since December 10, 2018 that Michael had “root” access to the ESXi Server, given that that fact was referenced in three different 302s produced to the defense at that time. Moreover, the defense has been provided with the available ESXi Server logs in discovery, such that he could have tried to determine whether any other user was logged in using the “root” password (there was not any such other user logged in during the reversion). Furthermore, to extent the defendant is complaining about the Confluence log files specifically, his assertion fails for two reasons. First, the Confluence log files of the activity on the Confluence virtual machine were deleted when the defendant reversed the reversion. Second, the Government produced to the defense the remaining Confluence application logs from April 7, 2016 through April 25, 2016 on June 14, 2019.

I remain sympathetic to Bellovin’s request in principle, but doubt that it will work legally in this instance. Plus, given Sabrina Shroff’s strategy on everything else, it seems they didn’t make the expanded requests earlier to leave open this opportunity to complain now.

What happens on appeal is a different issue though, one that goes to the heart of how CIPA gets applied in a computer hacking case like this. The government has, successfully, argued that the forensics of this case amount to classified information that must first qualify under the CIPA requirement that evidence is both relevant and helpful to the defense. I’m reasonably comfortable that the government has given Schulte enough forensics to test their theory of the case — that is, to test whether Schulte did revert backups on April 20, 2016 and access — and so presumably copy — the backup copy of the files published by WikiLeaks. But there are two questions they didn’t provide enough forensics to answer.

The first pertains to whether anyone else ever used the weak protections of these servers to do anything suspicious.

It’s clear that one prong of whatever defense Schulte will offer (and therefore what Bellovin will do in his testimony) is that CIA’s security was woefully inadequate, both in their physical space (Schulte was able to bring in thumb drives on at least two occasions and, the prosecution’s case suggests, even two hard drives) and digitally. Schulte’s lawyers have already brought out aspects of this on cross. What Bellovin won’t be able to do (aside from pointing to a time someone swapped the cables accessing the Internet, which resulted in a massive effort to clean up any data pollution of the CIA network) is point to any damage from real security incidents, aside from Schulte’s. And while that’s not necessary to rebut the government’s theory of the case, it is a part of arguing that Schulte was concerned about security himself (a claim that multiple witnesses have already credibly debunked) but also that the government was not making sufficient efforts to keep this National Defense Information secure, which is an element of the Espionage Act charges.

A far more interesting question pertains to the evidence against Schulte. Schulte is accused of stealing both the “Confluence” files — which are development notes — and “Stash” — which includes source code and user guides. The entirety of the Confluence files were posted on WikiLeaks on March 7, 2017, whereas a bunch of files from Stash were published, drip by drip, until November 2017.

The government has presented a compelling case that Schulte accessed a March 3, 2016 copy of Confluence and made a copy, based on existing logs of that back-up.

But it has not been able to do the same with Stash, I believe because the log files were deleted after the reversions that Schulte did on April 20, 2016, as elicited in cross-examination of “Dave,” the SysAdmin witness.

Q. That was confusing, you saying “yes,” me saying “okay.” Let’s talk about these missing Stash logs, okay? You said that you never would have in a security system or in a secure system lose logs, correct? A. Correct.

Q. And you were asked about missing logs, correct, missing logs from January 14 to April 21, correct? You remember that?

A. I’m sorry, I apologize, not really. But if it’s in the report, I may have talked about it.

Q. Let’s look at 3515-09. Page four. You were asked about missing logs from January 14 to April 21, 2016. Correct?

A. Is this — which exhibit is this? I apologize. I don’t have the right — do I have the right one?

The government has instead tracked file sizes and a copy date range to suggest that Schulte copied those files on that same date, here in testimony from expert witness Michael Berger.

Q. So what was your conclusion as to when the data, the range for the data?

A. For Stash we identified the range of data being from February 26, 2016, at 9:36 a.m., and March 4, 2016, at 9:45 a.m.

Q. Can you remind us, was there an identical hash for the marble file at March 1st?

A. Yes, there was.

Q. Was there a reason why you didn’t use March 1st here instead of February 26?

A. Yes.

Q. What’s that?

A. The reason is because that the files were identical, we didn’t want to assume that the data had to have come after March 1st. We took a more conservative approach and we slid our date back to being as possibly coming from after February 26 instead.

[snip]

Q. Let’s move on to the next. What does this reflect?

A. This reflects both the Stash and Confluence analysis. Looking at Stash, we can see that the data that was on WikiLeaks corresponds to the data from between February 26, at 9:36 a.m. and March 4, at 9:45 a.m. Looking at the Confluence data points, we’re able to get a smaller window that shows between March 2, 3:58 p.m. and March 3, at 6:47 a.m.

To some degree this doesn’t matter: leaking Confluence by itself would be a violation of the Espionage Act and so sufficient for guilty verdicts. But absent that evidence, the defense will be able to point to other questions about the Stash back-up made during the change in privileges on April 18, 2016, notably that the SysAdmin who changed privileges to the network on April 18, 2016, Dave, kept one copy on his desk and one copy on a hard drive he subsequently misplaced.

Q. You never told the FBI, did you, that you ever moved it to a locked compartment in your desk, correct?

A. Correct.

Q. And you also said that you actually couldn’t even recall if you had wiped the information about Stash off of that hard drive, correct?

A. Correct.

Q. And sitting here today, you have not a clue as to where that hard drive is, correct?

A. No, I don’t.

I don’t rule out Schulte using someone else’s privileges to delete the Stash logs (for example, he had and used the credentials of “Rufus,” a guy who was supposed to work in SysAdmin but moved on after a short period, in his April 20 hack). But the government hasn’t shown that, perhaps because doing so would implicate one of their key witnesses.

Given the cross of Patrick Leedom, I think it quite likely Schulte’s team knows what happened and plans to unveil it to maximal advantage during their defense.

Q. And according to you and the government, shortly afterward, during this reversion period, the theory is that he also accessed the Stash backup file, correct?

A. That would be correct.

Bellovin may have a very good idea of where such evidence would be — I’m particularly intrigued by this request, because the government doesn’t appear to understand why Bellovin asked for it — and may even know, via Schulte (who spent a lot of time on obfuscation) that it would look exculpatory (but that’s based on the government’s response, not any understanding of what this might show).

The defendant argues that he could not test the vulnerability of the “DS00 file system,” without access to the mirror image of the NetApp Server. The defendant does not explain why this forensic artifact would demonstrate any vulnerabilities or how any part of Mr. Leedom’s testimony-which did not reference the file system-implicated this assertion. Therefore, the defendant has not established that a mistrial is required based on this claim.

Then there’s a far more interesting question. As of the date of completion of a WikiLeaks Task Force Report on October 17, 2017, as brought in via the testimony of Sean Roche, the CIA had only moderate confidence that WikiLeaks hadn’t obtained the “gold repository” of finished exploits.

Q. Right. All you know is, in 2017, WikiLeaks published it, correct?

A. That’s correct.

Q. And did you by any chance learn that even after 2017 publication, the CIA still did not know whether or not WikiLeaks had the information from the gold repository?

MR. DENTON: Objection.

THE COURT: Overruled.

A. Could you repeat that, please, ma’am.

Q. Sure. Is it fair to say, sir, that the CIA slash you still don’t know if WikiLeaks has the gold repository?

THE COURT: Rebecca, could you read the question back, please. (The record was read)

A. I believe that represents the last conversation I had on what is called the gold repository.

Q. So I’m correct.

A. Yes.

Q. CIA still doesn’t know?

A. I don’t know that, ma’am. I don’t work there anymore.

Q. You know what the WikiLeaks task force report is?

A. Yes, I do.

Q. Could you pull that up for this gentleman, please. Are you happier with a paper copy or the screen?

A. We can do this.

Q. Could we just go to page 45. Could you just focus on the actual text. You see that line, “However we now assess with moderate confidence”?

A. Yes.

Q. Right. “Moderate confidence that WikiLeaks does not possess the gold folder,” correct?

A. Correct.

This is clearly testimony prosecutor David Denton did not want to come in.

That moderate confidence judgment appears to be based on Leedom’s analysis of what privileges Schulte himself had.

Q. You see there a folder at the bottom, “source code and binary gold copies”?

A. Yes.

Q. What are those?

A. These are the delivered completed tools from the work at EDG.

[snip]

Q: Would the defendant have been able to copy the gold source folders?

A: No, he would not have had access to it with his DevLAN account.

But given Schulte’s own behavior, it’s not clear this analysis can rule out the possibility Schulte took the gold repository.

One of the last events in Schulte’s never-ending escalation of grievances came when he sent an email on June 28, 2016 to Meroe Park, the CIA Executive Director (the #3 ranking official at CIA), Andrew Hallmen, who was then the Director of the Directorate of Digital Innovation (and just got ousted as Deputy Director of National Intelligence in the purge of ODNI last week), and Sean Roche, the Deputy Director of DDI. This came in the wake of Schulte first obtaining privileges to his old project, Brutal Kangaroo, and then booting all the other developers off it. In response to the email, as laid in Roche’s testimony, Roche first responded immediately via email and then had a meeting with Schulte on June 30, 2016. In the meeting with the senior most official Schulte met with, he insinuated he still might get his administrator privileges back.

Q. What did you mean when you say you asked him about permissions?

A. On the system that he was working on, an agency network, his — he had — his permissions had been changed, and when his management explained to him, he went back in and changed his permissions back to get access again, and they had issued a letter of warning to him explaining how serious that was and that that behavior is not acceptable.

Q. Why was that something you discussed with him?

A. Because of how serious the nature of that is. Activity on any system that holds agency data, agency tools, things that we call sources and methods, is — is — it is very, very important that we not have a doubt about what people have access to and maintain the integrity and the protection of that information.

Q. What did you discuss with him about his permission changes?

A. I said to him something to the effect of in the post-Edward Snowden era, you don’t do something like that. That’s going to draw attention that you certainly don’t want. It’s really serious, and you cannot be taking that kind of action.

Q. And how did he respond?

A. He talked a little bit about the project that he had been working on and some new work that he had been given, and he was not pleased with it. But at one point, he stopped and he looked at me and said, You know, I could get back on it if I wanted to, something to — that’s not — I won’t say that’s the exact quote, but it’s pretty darn close.

Q. Now, when he said that, did you understand him to be raising a security concern about the network?

A. No. What I, what I realized — it was a striking comment because, to me, it illustrated that after everything that had happened, all the warnings, all of this formal process, that he was determined to undermine the controls on the network.

Brutal Kangaroo is a USB-based tool to exfiltrate from air-gapped machines. Schulte unsuccessfully attempted to delete the copy of Brutal Kangaroo he had worked on at home on April 28, 2016. But he regained access at CIA in June. He also had worked on serious obfuscation tools.

Given the state of the CIA networks, it’s not impossible that Schulte made good on that threat using tools built by the CIA to make it difficult for the CIA to discover if it happened.

Not long after, in August 2016, according to warrant affidavits the substance of which have not yet been entered into evidence at the trial (they’re likely to come in early this week via an FBI Agent laying out the evidence of the rest of the charges, including obstruction and lies in FBI interviews as well as the MCC charges), Schulte started getting really interested in WikiLeaks and Shadow Brokers and Edward Snowden.

Schulte stuck around months after he allegedly first stole data from the CIA, and he threatened a very senior official that he might regain access that would allow him to do so again.

Having access to logs that might suggest that had or had not happened wouldn’t help Bellovin refute the case against him. But it might hide details of still worse compromise that the CIA would like to keep quiet.

I think Schulte can — and will attempt to, on appeal — argue that the forensics behind a hack are a different kind of classified evidence than intelligence itself (that is, information about what the intelligence community knows), both because it is neutral data about potential compromise and because you can’t just substitute a name like you can for other intelligence. In this case, it goes to the heart of a dispute about whether the CIA was really doing what it needed to do to keep these files safe. The evidence doesn’t suggest that Schulte gave a damn about all that; on the contrary, he clearly exploited it. But it’s evidence he can make a claim to need to rebut the Espionage Act charges against him.

But I also wonder whether the CIA refused to grant Bellovin access in this case (who, as I’ve noted, has been trusted by the government in other programmatic ways, including as the technical advisor to PCLOB) not because of any exculpatory evidence they were hiding, but because of inculpatory evidence.

Update: Yikes. The government submitted a scathing “correction” of Bellovin’s declaration.

The Bellovin Affidavit asserts that the log files from the ESXi server produced by the Government in discovery were “demonstrably damaged” as a “result of prior forensic examination.” However, on or about June 14, 2019, in response to the defense’s request, the Government produced unmodified copies in their original format of both log files and unallocated space from the ESXi server.

The Bellovin Affidavit also asserts that the Government only provided “heavily redacted” versions of the Confluence databases, and not “a full copy of the SQL file.” On or about November 5, 2019, the Government provided defense counsel and the defendant’s expert access to a standalone computer at the CCI Office containing, among other things, (1) complete, unredacted copies of the March 2 and 3, 2016 Confluence databases (i.e., a “full copy of the SQL file”) and all of the Confluence data points used by Michael Berger, one of the Government’s expert witnesses, to conduct his timing analysis; (2) complete, unredacted copies of the Stash repositories for the tools for which source code had been released by WikiLeaks; (3) complete, unredacted copies of all Stash documentation released by WikiLeaks; and (4) all commit logs for all projects released by WikiLeaks, redacting only usernames. The Government understands that Dr. Bellovin examined the standalone computer at the CCI Office in December 2019.

It also suggests that Bellovin’s assertion that the Confluence root password would give Michael access to the backups is wrong, but won’t explain why until Bellovin takes the stand.

Finally, the Government does not address Dr. Bellovin’s incorrect assertions regarding Michael’s access to the Altabackups in this letter. Should Dr. Bellovin testify, the Government will cross-examine him regarding, among others, those substantive matters (using information that has already been produced to the defense in discovery). The Government notes, however, that, to assert incorrectly that Michael had access to the Altabackups, Dr. Bellovin relies on information that has been available to him since well before trial, such as the screenshot taken by Michael on April 20, 2016, which was produced by the Government to the defense in December 2018, and data for the Confluence virtual machine, which was produced by the Government to the defense by July 2019, and not on any information disclosed by the Government regarding Michael’s administrative leave status during trial.

Schulte may be yanking Bellovin’s chain on this claim.

Joshua Schulte Doubles Down on Forcing Mike Pompeo to Testify in His Trial

As I laid out, accused Vault 7 leaker Joshua Schulte is (predictably) trying to force Mike Pompeo to testify at his trial (the parties apparently have reached an agreement on the rest of Schulte’s human graymail bid). In the single filing submitted under his name since he got added to the trial team, James Branden justifies that request, in part, on what I have noted: the future CIA Director was cheering WikiLeaks’ publication of stolen emails months after Schulte allegedly sent CIA’s hacking tools to WikiLeaks in July 2016.

Further, in this case, the government has sought to establish the grave harm of a WikiLeaks leak while just months after Mr. Schulte allegedly leaked, Sec. Pompeo championed WikiLeaks’s publication of the stolen DNC emails on social media. This disconnect, too, is ripe for examination.

The Senate should never have confirmed such a person to lead the CIA for just this reason: because he would forever lose the ability to claim high ground with regards to WikiLeaks. Given that Pompeo himself is the one who first named WikiLeaks a non-state hostile intelligence service, this seems like a fair basis for questioning.

Branden cites two other reasons to justify calling Pompeo. As CIA Director, he approved the use of sensitive information to obtain search warrants to target Schulte in March 2017, and some of that information turned out to be (slightly) wrong.

Further, less than a week after the disclosure, Sec. Pompeo approved the substance of the first search warrant application, authorizing the FBI to make various statements therein, at least some of which later proved untrue.

Judge Paul Crotty rejected a challenge to these warrants, but putting Pompeo on the stand would provide the defense a memorable way to highlight those details. The government can probably argue, correctly, that Pompeo made no firsthand assertion about the credibility of those details, he simply said the leak was damaging enough that the CIA was willing to share sensitive information in hopes of prosecuting it. There are other reasons that Pompeo’s actions in advance of these warrant applications are of acute interest, but I doubt questions eliciting them would be permitted.

Schulte also wants to ask Pompeo about an imagined role he had in the charging decisions.

The defense also seeks to inquire of Sec. Pompeo whether he directed his staff to push charges against Mr. Schulte to the exclusion of anyone else or to the exclusion of exculpatory evidence.

For a lot of reasons, the government could probably move to exclude this discussion, even if it existed in substance, as prosecutorial decisions don’t get shared with defendants. Still, Schulte seems to have a theory of defense here — some reason he believes Pompeo would want to limit the focus to Schulte — that might be more inculpatory than he imagines.

image_print