“ur submission form is too fucking slow, spent the whole day uploading 1 gb.”

As I noted, one of the Roger Stone-related warrant applications released last week includes more details on the communications between the Guccifer 2.0 persona and WikiLeaks leading up to the DNC release. Emma Best examines the filing from a perspective of how someone, purportedly with no prior relationship to WikiLeaks, would go about transferring even a marginally significant submission to WikiLeaks. Almost a month of back-and-forth transpires between the first contact with Guccifer 2.0 and the successful transfer of the DNC files.

A key exchange, however, happened on July 6, 2016. After Guccifer 2.0 inquires whether WikiLeaks received some documents Guccifer 2.0 sent, the persona gets cranky because it took so long to upload a 1 GB file to WikiLeaks submission system. [I’m using Best’s conversion of this filing into a nifty transcription.]

Guccifer 2.0: “fuck, [I] sent 4 docs on brexit on jun 29, an archive in gpg[.] ur submission form is too fucking slow, [I] spent the whole day uploading 1 gb”

WikiLeaks: “We can arrange servers l00x as fast. The speed restrictions are to anonymise the path. Just ask for custom fast upload point in an email.”

Guccifer 2.0: “will u be able to check ur email?”

WikiLeaks: “We’re best with very large data sets. e.g. 200gb. these prove themselves since they’re too big to fake”

Almost two weeks into this exchange, WikiLeaks says they can arrange for a custom server to transfer larger data sets — of around 200 GB.

These exchanges should, to a significant extent, be considered theater. Both sides of this conversation knew that the FBI would be watching all DMs between WikiLeaks and the Guccifer 2.0 persona. So it can’t be taken as a definitive indication of how any files get sent.

Still, it shows how WikiLeaks would respond, using the public communication accounts, to a request to submit data in July 2016.

That’s significant because it shows how things might have proceeded, two months earlier, when Joshua Schulte allegedly sent 1TB of data to WikiLeaks on May 1, 2016.

While the prosecution in Schulte’s case provided forensic evidence to explain when he stole the CIA files and sent them to WikiLeaks, key gaps remain (perhaps most notably, how he got the files out of his building, though that may be because of certain classification decisions). And because Schulte used Tails and wiped his devices afterwards, there’s no record of him actually sending the files.

Here’s how prosecutor Matthew Laroche described that process in his closing arguments.

Just as a general matter, you know this information was transmitted to WikiLeaks because they posted it on the internet. They obviously got it, and the question is when did he send it?

And that’s answered by what he did on the 30th and May 1. Let’s look at the evening of the 30th.

At 6:47 p.m., he is searching for Google history and Google view browsing history. He is concerned about what he’s been searching for. On the evening, that night, he is searching for digital disk-wipe utility on several occasions, and at 10:52 p.m., he visits a website Kill Your Data Dead With These Tips and Tools. The defendant is interested in finding out how to securely delete information that might connect him to the leak, anything that he might’ve brought home with the leak on it, anything that he might’ve used to transfer it.

And at 10:55 p.m., he runs a similar search for SSD wipe utility. And you’ll remember all those hard drives that were recovered from his home. He was wondering how to wipe them to make sure that there was no evidence of his activities.

Now, overnight, he continues working.

At 12:19 a.m., the defendant mounted his D drive onto his virtual machine, the same D drive that had those encrypted files, data2.bkp through data6.bkp. They’re in his D drive. He mounts his D drive.

Then, overnight, he is constantly looking at his computer. On at least four occasions, he is unlocking his virtual machine in the middle of the night: 1:57 a.m.; 2:34 a.m.; 2:56 a.m.; 3:18 a.m. He is doing that because he is transferring data and he wants to make sure it’s happened correctly. And you know that is the case because of the Google searches he runs at of the end the night and the early morning.

At 3:18 a.m., just after he unlocks his screen saver, the defendant searches for How Long Does It Take to Calculate MD5?

Remember, calculating an MD5 is a way to confirm that what you transferred from one place to another is the same, that it went correctly, that there were no errors. You calculate an MD5 to confirm that what you transferred transferred correctly, and that’s what he’s looking for at 3:18 a.m.

Then at 3:21 a.m., the defendant visits a website, How Can I verify That a 1TB File — one terabyte file — transferred correctly?

That description is based off this forensic testimony from Michael Berger.

Prosecutors described this as happening overnight. Overnight transmission of a 1TB file using WikiLeaks’ public submission site would be utterly impossible given the state of it at the time and the volume of data Schulte was transferring, and probably impossible regardless of how much time someone spent. Overnight transmission of 1TB of data using Tails, even to a dedicated server, would be difficult enough. Best describes that, “1 TB over Tor in one night is unlikely.”

The government timeline does have Schulte in possession of the data earlier than that, potentially giving him a week to transfer the data, with this process describing just the end of the process.

Still, the way this would happen, normally, would be for WikiLeaks to set up a dedicated server to accept the files. And that would take prior communication. Such communication likely would have happened over Jabber, not Twitter (Schulte’s opsec was piss poor in many ways but he did use Jabber).

Such a prior conversation is entirely consistent with testimony provided elsewhere, where prosecutors focused on the website’s alternative submission process.

But the seeming necessity for prior communication before this transfer happened suggests Schulte’s alleged theft and transfer of the files might not have been as reactive a decision as portrayed in his prosecution.

It would take premeditation to send WikiLeaks a 1TB file, whatever the timing. Prosecutors may know that, and have an explanation for when such prior communications happened, but they’re withholding those details for any of a number of reasons. Or it may be a big hole in this story. Schulte insists he didn’t do it and a jury failed to convict.

One way or another, however, the state of the WikiLeaks’ submission system as it existed in 2016 presents a big gap in prosecutors’ current story.

Update: Two important details for those trying to figure out how long this transfer would really take. First, Schulte ran a commercial server specifically focused on video streaming at the time, so his upload speeds would not limit the transfer time at all. Second, Schulte at least claimed that hiding data for exfiltration was his speciality. That by itself wouldn’t help him send stuff to WikiLeaks, at least not without prior contact. But it does mean that the means by which he transferred this file relied on tools he has developed at CIA.

When Julian Assange Testified before a Nation-State Investigation of a Suspected Spy…

Back on December 20, 2019, Julian Assange testified in a nation-state’s investigation of someone suspected of spying for another nation-state. He testified pursuant to international legal process that got challenged on jurisdictional grounds, but ultimately upheld. While El País provided a report of his testimony, the testimony itself was not open to the press.

As he testified, Chelsea Manning and Jeremy Hammond sat in jail in Alexandria, VA, being held in contempt for refusing to testify, under a grant of immunity, in their own nation-state’s investigation of someone suspected of working with the intelligence services of another nation-state. Related charges are being challenged on jurisdictional issues. Manning, at least, claims she won’t testify because any hearing — like the one Assange testified in — would not be public. Tomorrow, prosecutors in EDVA will bring Manning before the grand jury again, in a third attempt to get her to testify before a hearing on Friday over her motion to be released based on an assertion the coercion of contempt will never bring her to testify.

This is just one irony about the way WikiLeaks supporters are treating the investigation of David Morales, the owner of a security contractor that provided the security for Ecuador’s embassy until 2018. Morales is accused of spying for the CIA — that is, spying for a third country’s intelligence service.

There are some problems or obvious alternative explanations for the accusations against Morales, but even assuming the allegations are true, there is little that separates what Morales would have done from what Assange did on at least one occasion: work as a willing participant in a third country’s intelligence service operation compromising the privacy of private citizens. Indeed, there are allegations of Russian involvement in two other WikiLeaks-related publications: there were Russians active in Stratfor hack chat rooms, and Joshua Schulte allegedly expressed an interest in Russian help (though the allegations are contradictory and post-date the initial leak to WikiLeaks, which I’ll return to).

You might argue that Morales’ surveillance of Assange — on whoever’s authority — constituted a far more serious privacy violation than those WikiLeaks has committed by publishing the private emails of John Podesta and the private information of Turkish, Saudi, and third party citizens. That might be true in first instance, but since some of the people exposed by WikiLeaks’ publications live in authoritarian countries, the secondary effects of WikiLeaks’ publication of details about private individuals might not be.

(I have heard, directly and indirectly, multiple consistent allegations about WikiLeaks itself engaging in practices that constitute privacy violations of the sort implicated by the surveillance of Assange, but it would take a law enforcement investigation to substantiate such claims, most of the affected parties would never want to involve law enforcement, and some investigations would be barred by privilege protections.)

Ultimately, though, Spain’s investigation into UC Global is the same thing the US investigation into WikiLeaks is: a properly predicated nation-state investigation into someone suspected of engaging in espionage-related activities with a foreign intelligence service. There are legitimate reasons why those who respect privacy might support both investigations.

WikiLeaks supporters might argue that it’s different because it’s the United States. That’s a perfectly justifiable stance, but if it’s the basis of supporting one investigation and another, should be admitted explicitly. WikiLeaks supporters might argue it’s different because Assange is the alleged victim, but that doesn’t change that there are victims (and not just spy agencies) that the US is trying to protect with its investigation.

Manning and Hammond say they are refusing to testify because they object to American grand jury practices. That amounts to civil disobedience, which is certainly their prerogative. They are paying a steep price for that civil disobedience (as both already paid with their decisions not to cooperate after pleading guilty). But when WikiLeaks supporters complain about the treatment Manning is suffering for her stance, they might think about the fact that — when it came to testifying in an equivalent inquiry — Julian Assange had none of the objections to testifying.

The Inconsistencies of the UC Global Julian Assange Spying Story

Tomorrow, the first of two extradition hearings for Julian Assange starts. In addition to the least damning of several pardon discussions that happened with Assange, the hearing will include discussion of allegations that Assange was spied on in the Embassy, the most recent incarnation of which appeared in the Australian press today. In addition, NYT covered the story here, some key El País stories are here, and Andrew Müller-Maguhn did a presentation on it at CCC.

The story goes that a Spanish company employed to ensure security in the Ecuadorian Embassy, UC Global, significantly ratcheted up the level of video and audio surveillance of Assange in 2017. Additionally, Spain is investigating whether the head of that company, David Morales, shared that surveillance — possibly in real time — with the United States, allegedly directly with the CIA.

I’d like to point to some inconsistencies in the stories. I’m not defending the levels of surveillance of Assange — but neither would I defend the gross abuses of privacy WikiLeaks has committed against private citizens in the US, Turkey, Saudi Arabia, and other countries. Nor am I contesting that the surveillance took place. I’m even willing to stipulate that the surveillance got shared with the US (though no story on this topic convincingly substantiates this, and some of the public bases for the claim CIA was the recipient are flimsy).

What legal regime has jurisdiction

One interesting question about all this pertains to the legal regime. This is surveillance conducted by a Spanish company with US business locations on Ecuadorian territory being raised in a post-Brexit British legal proceeding regarding extradition to the US. The surveillance of the embassy is Ecuador’s concern — and whatever you think of Rafael Correa’s Bolivarist politics, he embraced really intrusive surveillance. The sharing of data from the EU to the US — whether directly from the UK or via Spain — might come under GDPR or Privacy Shield protection, except EU law excepts out national security from these laws, which would apply here. And because UC Global does and did business in the US (it even had a location in New Mexico in 2016), it might be subject to subpoena or other legal process to conduct surveillance.

As it pertains to the question of extradition, as I understand it, the law in the UK has to do with proportionality, and as we’ll see, what we’re really talking about is surveillance of Assange during a period of investigation of one of the worst breaches of any Five Eyes intelligence agencies in history, Vault 7 (not the 2016 publications), and the surveillance ratcheted up during a period when WikiLeaks was still publishing those files. Which likely means the UK is going to be very permissive in how it weighs the question of this surveillance, because this was about an investigation into someone who helped burned a Five Eyes spying partner to the ground.

The escalation of surveillance happened after Vault 7 started

Virtually all of these stories obscure the timing, as illustrated by this AMM slide.

A key part of the story suggests that because UC Global owner Morales got a contract with Sheldon Adelson in 2015, under the Obama Adminsitration, that somehow proves CIA involvement, and some of the reports on this make it clear that UC Global was working for Adelson, which negates the entirety of his role. Sillier still, that Morales traveled to Chicago is no indication of a tie to CIA.

Once you’ve dismissed that, then it’s clear the escalation didn’t start in earnest until June and July 2017.

In his talk, AMM mentions that the US was unhappy about certain “publications,” plural, without describing them. There’s good reason to be silent about it — the same silence that WikiLeaks supporters like to enforce elsewhere. WikiLeaks was not only publishing CIA’s hacking tools with thin — and inaccurate — claims to justify doing so in the guise of journalism, but WikiLeaks was and is sitting on CIA’s actual hacking tools.

At the time, WikiLeaks was in ongoing communications with accused Vault 7 leaker Joshua Schulte (communication it continued at least as long as June 2018, when WikiLeaks posted the blogs Schulte published from jail, but probably even after that). The targeting of Schulte, himself, might explain some of this surveillance. And Morales’ presence in Alexandria (which AMM misstates as Arlington) is utterly consistent with someone subject to US subpoena appearing before a grand jury in EDVA; surveillance records are considered business records in the US subject to subpoena.

Certainly, questions about what WikiLeaks was doing with the still unpublished hacking tools might have elicited the surveillance. And in the months before the surveillance actually ratcheted up in December 2017 (which is when the surveillance in question really began), Schulte was doing some things on Tor that may have included reactionary communications with WikiLeaks.

Even AMM’s presentation, however, confirms that before December 2017 — that is, before the US finally detained Schulte and charged Assange — much of Assange’s private space was not covered by the surveillance. That actually dramatically contradicts claims about surveillance of Assange made in the past.

From there, all the stories make much about the events of December 21 and 22, 2017 (indeed, AMM presents the planned Ecuadorian-Russian exfiltration on those dates as a potential US kidnapping).

But here, too, the timing is obscured. The Australian piece, for example, suggests the surveillance put in place in anticipation of these events was a response to it.

“It got to the point where, during a visit to Mr Assange, the head of Ecuador’s intelligence service [Rommy Vallejo, on December 21, 2017] was also spied on,” Martinez added.

“In the meeting between Mr Vallejo and Mr Assange the possible release [from the embassy] of Mr Assange in a few days later was discussed.”

Within hours of that secret meeting, which was known to only a few people, the US Ambassador to Ecuador complained to Ecuadorian authorities, and the next day the US issued an international arrest warrant for Assange, Martinez said.

“That leads us to believe that the conversation was urgently sent to the US authorities and that they urgently issued the international arrest warrant the next day,” he said.

There’s a lot to be told about the events of December 21, which is the day Assange was actually charged. But events pertaining to Schulte preceded them. And Ecuador’s designation of Assange as a diplomat on December 19 — and the UK’s rejection of it — would have alerted the UK (and through them, the US) of the events two days before the meeting in question, without any surveillance.

Finally, as AMM notes, “PROM” took over surveillance after Ecuador made a security agreement with the US in April 2018. AMM suggests that that, for the first time, made such surveillance illegal. There’s no basis for that, particularly given that UC Global has a US component. Moreover, it was PROM, and not UC Global, that allegedly engaged in the corrupt sale of surveillance records, something that often gets lumped on UC Global.

In summary, say what you will about this surveillance, which clearly became oppressive in December 2017. Say what you will about whether obtaining all of CIA’s hacking tools and sitting on most of them is “journalism.” But if you’re going to talk about why surveillance ratcheted up, you do need to account for the fact that WikiLeaks was engaged in activities that resemble what CIA does, not what journalists do.

Assange has 1,000 lawyers

One of the key allegations is that this surveillance collected on conversations between Assange and his lawyers. The most recent Aussie version points to meetings with Geoffrey Robertson and Jennifer Robinson.

While this may be typical surveillance at a secure diplomatic property, what Robertson did not know was he and a handful of other lawyers, were allegedly being targeted in a remarkable and deeply illegal surveillance operation possibly run at the request of the US Government.

And recordings such as Robertson’s visit are at the heart of concerns about the surveillance: privileged legal conversations between lawyer and client in a diplomatic residence were recorded and, later, accessed from IP addresses in the United States and Ecuador.

Robertson was only one of at least three Australian lawyers and more than two dozen other legal advisers from around the world that were caught up in the surveillance operation.

Long-time WikiLeaks adviser Jennifer Robinson was one of the other Australian lawyers caught in the spying operation.

Jennifer Robinson is a pretty important lawyer for WikiLeaks, but even here she’s described as an “advisor.” And WikiLeaks has a long history of gaming legal representation, up to and including using it to obtain visibility about the defense of related persons.

Randy Credico even joked about how many people are claimed to be WikiLeaks lawyers at Roger Stone’s trial.

Q. Margaret Kunstler is one of WikiLeaks’s lawyers?

A. You’ll let — she’s going to have to describe her role as a — what her role is with WikiLeaks. You know, I don’t — he has — Julian Assange has about 1,000 lawyers. You know, Michael Ratner was one of his lawyers. Alan Dershowitz was one of his lawyers.

Q. Thank you.

A. There are a lot of lawyers. All right? But, that — you know, who’s a lawyer —

Robinson will present the Dana Rohrabacher story as a witness this week, so it’s worth attending to precisely what legal role these lawyers are playing.

Even if this surveillance was shared in real time with the United States, there are protocols in both the CIA and FBI about how to deal with it. The meetings were surveilled. That doesn’t mean the meetings with the lawyers actually representing him were viewed by American authorities.

Steve Bellovin Weighs in on the Schulte Mistrial Request

Steve Bellovin, who for the reasons I laid out in this post, has impeccable credibility, has now weighed in on accused Vault 7 leaker Joshua Schulte’s bid for a mistrial. Bellovin is Schulte’s technical expert, and lost a bid last August to get direct forensic access to the workstation and servers at issue in his case.

The current bid for a mistrial is based on two complaints: first, DOJ withheld notice that the CIA had put Schulte’s buddy, Michael, on paid administrative leave last August until the day Michael testified. In addition, Schulte argued they had gotten inadequate forensic discovery to challenge the government’s case.

Ultimately, I think this bid — even with Bellovin’s renewed request — will likely not work. With regards to the forensics demand, this is really a complaint about a decision Judge Paul Crotty made under the Classified Information Procedures Act last summer, which Schulte renewed based off unpersuasive claims about the scope of one of the testimony of one of the government’s expert witness, Patrick Leedom, at trial. Schulte certainly can and no doubt will appeal Crotty’s decision, but the government claimed in its response that the defense didn’t make the more tailored requests for information that were permitted under Crotty’s order.

While the defendant has maintained his stubborn insistence on full forensic images, he has failed to actually make use of the information the Government provided, such as the data on the Standalone, to explain why the discovery produced by the Government was inadequate, or to take the Court up on its repeated invitation to the defense to make more narrow requests. In United States v. Hill, the court did order the Government to produce two mirror images of hard drives containing child pornography to the defense. See 322 F. Supp. 2d 1081, 1091 (C.D. Cal. 2004). Hill, however, does not involve the requested disclosure of an unprecedented and staggering amount of classified information without a showing that the information would be both “relevant and helpful,” as required by CIPA.2

With regards to the late notice about Michael’s paid leave, I think (though am not certain) that this is actually a Jencks issue, and I think (though am not certain) the government did comply with the letter of the law even if withholding the report was dickish and unnecessary.

In his declaration, Bellovin makes a frivolous point about Michael as an excuse to complain about both issues raised in the mistrial motion: that there was a common password to Confluence that Michael could have used to access the backup files from which Schulte allegedly stole the files.

The government makes a number of specific assertions that are misleading or simply false. For example, the government states that certain FBI reports “make clear that Michael never had Atlassian administrator privileges and thus did not have the ability to access or copy the Altabackups (from which the Vault 7 information was stolen).” Gov’t Opp. at 8. As a simple factual matter, this statement is untrue. The possession of “Atlassian administrator privileges” had nothing to do with the ability to access or copy the Altabackup files. Rather, what was needed was log-in access, i.e., a working user name and password, to the Confluence Virtual Machine (or “VM”). Michael certainly had such log-in access. As shown in Leedom Slide 60 (GX 1207-10 and GX 1207-11), which is described as “April 16, 2016 Confluence Backup— password and shadow files,” a user name called “confluence” is listed (Slide 60, GX 1207-11, third line from the bottom). The password for this user name was listed on a web page that was accessible to all OSB members, including Michael, and was used for many other log-ins throughout the organization. See GX 1202-5 (listing one commonly used password as “123ABCdef.”). This password was valid both before and after April 16, 2016. So if Michael had simply typed that password into the Confluence VM on April 20, 2016, along with the user name “confluence,” he would have had access to the Altabackup files from which the Vault 7 information was allegedly taken.

Not only has the defense known this for over a year, I even pointed to the availability of root passwords days after the initial leak in March 2017. So nothing about the late notice on Michael prevented Schulte from arguing this from the start. Moreover, this is something the government already addressed in their response.

 Finally, the defense complains that he should have been able to examine the Confluence virtual machine to determine whether another user had “root” access, such as Michael. Again, the defendant’s argument fails. Initially, the defendant has been on notice since December 10, 2018 that Michael had “root” access to the ESXi Server, given that that fact was referenced in three different 302s produced to the defense at that time. Moreover, the defense has been provided with the available ESXi Server logs in discovery, such that he could have tried to determine whether any other user was logged in using the “root” password (there was not any such other user logged in during the reversion). Furthermore, to extent the defendant is complaining about the Confluence log files specifically, his assertion fails for two reasons. First, the Confluence log files of the activity on the Confluence virtual machine were deleted when the defendant reversed the reversion. Second, the Government produced to the defense the remaining Confluence application logs from April 7, 2016 through April 25, 2016 on June 14, 2019.

I remain sympathetic to Bellovin’s request in principle, but doubt that it will work legally in this instance. Plus, given Sabrina Shroff’s strategy on everything else, it seems they didn’t make the expanded requests earlier to leave open this opportunity to complain now.

What happens on appeal is a different issue though, one that goes to the heart of how CIPA gets applied in a computer hacking case like this. The government has, successfully, argued that the forensics of this case amount to classified information that must first qualify under the CIPA requirement that evidence is both relevant and helpful to the defense. I’m reasonably comfortable that the government has given Schulte enough forensics to test their theory of the case — that is, to test whether Schulte did revert backups on April 20, 2016 and access — and so presumably copy — the backup copy of the files published by WikiLeaks. But there are two questions they didn’t provide enough forensics to answer.

The first pertains to whether anyone else ever used the weak protections of these servers to do anything suspicious.

It’s clear that one prong of whatever defense Schulte will offer (and therefore what Bellovin will do in his testimony) is that CIA’s security was woefully inadequate, both in their physical space (Schulte was able to bring in thumb drives on at least two occasions and, the prosecution’s case suggests, even two hard drives) and digitally. Schulte’s lawyers have already brought out aspects of this on cross. What Bellovin won’t be able to do (aside from pointing to a time someone swapped the cables accessing the Internet, which resulted in a massive effort to clean up any data pollution of the CIA network) is point to any damage from real security incidents, aside from Schulte’s. And while that’s not necessary to rebut the government’s theory of the case, it is a part of arguing that Schulte was concerned about security himself (a claim that multiple witnesses have already credibly debunked) but also that the government was not making sufficient efforts to keep this National Defense Information secure, which is an element of the Espionage Act charges.

A far more interesting question pertains to the evidence against Schulte. Schulte is accused of stealing both the “Confluence” files — which are development notes — and “Stash” — which includes source code and user guides. The entirety of the Confluence files were posted on WikiLeaks on March 7, 2017, whereas a bunch of files from Stash were published, drip by drip, until November 2017.

The government has presented a compelling case that Schulte accessed a March 3, 2016 copy of Confluence and made a copy, based on existing logs of that back-up.

But it has not been able to do the same with Stash, I believe because the log files were deleted after the reversions that Schulte did on April 20, 2016, as elicited in cross-examination of “Dave,” the SysAdmin witness.

Q. That was confusing, you saying “yes,” me saying “okay.” Let’s talk about these missing Stash logs, okay? You said that you never would have in a security system or in a secure system lose logs, correct? A. Correct.

Q. And you were asked about missing logs, correct, missing logs from January 14 to April 21, correct? You remember that?

A. I’m sorry, I apologize, not really. But if it’s in the report, I may have talked about it.

Q. Let’s look at 3515-09. Page four. You were asked about missing logs from January 14 to April 21, 2016. Correct?

A. Is this — which exhibit is this? I apologize. I don’t have the right — do I have the right one?

The government has instead tracked file sizes and a copy date range to suggest that Schulte copied those files on that same date, here in testimony from expert witness Michael Berger.

Q. So what was your conclusion as to when the data, the range for the data?

A. For Stash we identified the range of data being from February 26, 2016, at 9:36 a.m., and March 4, 2016, at 9:45 a.m.

Q. Can you remind us, was there an identical hash for the marble file at March 1st?

A. Yes, there was.

Q. Was there a reason why you didn’t use March 1st here instead of February 26?

A. Yes.

Q. What’s that?

A. The reason is because that the files were identical, we didn’t want to assume that the data had to have come after March 1st. We took a more conservative approach and we slid our date back to being as possibly coming from after February 26 instead.

[snip]

Q. Let’s move on to the next. What does this reflect?

A. This reflects both the Stash and Confluence analysis. Looking at Stash, we can see that the data that was on WikiLeaks corresponds to the data from between February 26, at 9:36 a.m. and March 4, at 9:45 a.m. Looking at the Confluence data points, we’re able to get a smaller window that shows between March 2, 3:58 p.m. and March 3, at 6:47 a.m.

To some degree this doesn’t matter: leaking Confluence by itself would be a violation of the Espionage Act and so sufficient for guilty verdicts. But absent that evidence, the defense will be able to point to other questions about the Stash back-up made during the change in privileges on April 18, 2016, notably that the SysAdmin who changed privileges to the network on April 18, 2016, Dave, kept one copy on his desk and one copy on a hard drive he subsequently misplaced.

Q. You never told the FBI, did you, that you ever moved it to a locked compartment in your desk, correct?

A. Correct.

Q. And you also said that you actually couldn’t even recall if you had wiped the information about Stash off of that hard drive, correct?

A. Correct.

Q. And sitting here today, you have not a clue as to where that hard drive is, correct?

A. No, I don’t.

I don’t rule out Schulte using someone else’s privileges to delete the Stash logs (for example, he had and used the credentials of “Rufus,” a guy who was supposed to work in SysAdmin but moved on after a short period, in his April 20 hack). But the government hasn’t shown that, perhaps because doing so would implicate one of their key witnesses.

Given the cross of Patrick Leedom, I think it quite likely Schulte’s team knows what happened and plans to unveil it to maximal advantage during their defense.

Q. And according to you and the government, shortly afterward, during this reversion period, the theory is that he also accessed the Stash backup file, correct?

A. That would be correct.

Bellovin may have a very good idea of where such evidence would be — I’m particularly intrigued by this request, because the government doesn’t appear to understand why Bellovin asked for it — and may even know, via Schulte (who spent a lot of time on obfuscation) that it would look exculpatory (but that’s based on the government’s response, not any understanding of what this might show).

The defendant argues that he could not test the vulnerability of the “DS00 file system,” without access to the mirror image of the NetApp Server. The defendant does not explain why this forensic artifact would demonstrate any vulnerabilities or how any part of Mr. Leedom’s testimony-which did not reference the file system-implicated this assertion. Therefore, the defendant has not established that a mistrial is required based on this claim.

Then there’s a far more interesting question. As of the date of completion of a WikiLeaks Task Force Report on October 17, 2017, as brought in via the testimony of Sean Roche, the CIA had only moderate confidence that WikiLeaks hadn’t obtained the “gold repository” of finished exploits.

Q. Right. All you know is, in 2017, WikiLeaks published it, correct?

A. That’s correct.

Q. And did you by any chance learn that even after 2017 publication, the CIA still did not know whether or not WikiLeaks had the information from the gold repository?

MR. DENTON: Objection.

THE COURT: Overruled.

A. Could you repeat that, please, ma’am.

Q. Sure. Is it fair to say, sir, that the CIA slash you still don’t know if WikiLeaks has the gold repository?

THE COURT: Rebecca, could you read the question back, please. (The record was read)

A. I believe that represents the last conversation I had on what is called the gold repository.

Q. So I’m correct.

A. Yes.

Q. CIA still doesn’t know?

A. I don’t know that, ma’am. I don’t work there anymore.

Q. You know what the WikiLeaks task force report is?

A. Yes, I do.

Q. Could you pull that up for this gentleman, please. Are you happier with a paper copy or the screen?

A. We can do this.

Q. Could we just go to page 45. Could you just focus on the actual text. You see that line, “However we now assess with moderate confidence”?

A. Yes.

Q. Right. “Moderate confidence that WikiLeaks does not possess the gold folder,” correct?

A. Correct.

This is clearly testimony prosecutor David Denton did not want to come in.

That moderate confidence judgment appears to be based on Leedom’s analysis of what privileges Schulte himself had.

Q. You see there a folder at the bottom, “source code and binary gold copies”?

A. Yes.

Q. What are those?

A. These are the delivered completed tools from the work at EDG.

[snip]

Q: Would the defendant have been able to copy the gold source folders?

A: No, he would not have had access to it with his DevLAN account.

But given Schulte’s own behavior, it’s not clear this analysis can rule out the possibility Schulte took the gold repository.

One of the last events in Schulte’s never-ending escalation of grievances came when he sent an email on June 28, 2016 to Meroe Park, the CIA Executive Director (the #3 ranking official at CIA), Andrew Hallmen, who was then the Director of the Directorate of Digital Innovation (and just got ousted as Deputy Director of National Intelligence in the purge of ODNI last week), and Sean Roche, the Deputy Director of DDI. This came in the wake of Schulte first obtaining privileges to his old project, Brutal Kangaroo, and then booting all the other developers off it. In response to the email, as laid in Roche’s testimony, Roche first responded immediately via email and then had a meeting with Schulte on June 30, 2016. In the meeting with the senior most official Schulte met with, he insinuated he still might get his administrator privileges back.

Q. What did you mean when you say you asked him about permissions?

A. On the system that he was working on, an agency network, his — he had — his permissions had been changed, and when his management explained to him, he went back in and changed his permissions back to get access again, and they had issued a letter of warning to him explaining how serious that was and that that behavior is not acceptable.

Q. Why was that something you discussed with him?

A. Because of how serious the nature of that is. Activity on any system that holds agency data, agency tools, things that we call sources and methods, is — is — it is very, very important that we not have a doubt about what people have access to and maintain the integrity and the protection of that information.

Q. What did you discuss with him about his permission changes?

A. I said to him something to the effect of in the post-Edward Snowden era, you don’t do something like that. That’s going to draw attention that you certainly don’t want. It’s really serious, and you cannot be taking that kind of action.

Q. And how did he respond?

A. He talked a little bit about the project that he had been working on and some new work that he had been given, and he was not pleased with it. But at one point, he stopped and he looked at me and said, You know, I could get back on it if I wanted to, something to — that’s not — I won’t say that’s the exact quote, but it’s pretty darn close.

Q. Now, when he said that, did you understand him to be raising a security concern about the network?

A. No. What I, what I realized — it was a striking comment because, to me, it illustrated that after everything that had happened, all the warnings, all of this formal process, that he was determined to undermine the controls on the network.

Brutal Kangaroo is a USB-based tool to exfiltrate from air-gapped machines. Schulte unsuccessfully attempted to delete the copy of Brutal Kangaroo he had worked on at home on April 28, 2016. But he regained access at CIA in June. He also had worked on serious obfuscation tools.

Given the state of the CIA networks, it’s not impossible that Schulte made good on that threat using tools built by the CIA to make it difficult for the CIA to discover if it happened.

Not long after, in August 2016, according to warrant affidavits the substance of which have not yet been entered into evidence at the trial (they’re likely to come in early this week via an FBI Agent laying out the evidence of the rest of the charges, including obstruction and lies in FBI interviews as well as the MCC charges), Schulte started getting really interested in WikiLeaks and Shadow Brokers and Edward Snowden.

Schulte stuck around months after he allegedly first stole data from the CIA, and he threatened a very senior official that he might regain access that would allow him to do so again.

Having access to logs that might suggest that had or had not happened wouldn’t help Bellovin refute the case against him. But it might hide details of still worse compromise that the CIA would like to keep quiet.

I think Schulte can — and will attempt to, on appeal — argue that the forensics behind a hack are a different kind of classified evidence than intelligence itself (that is, information about what the intelligence community knows), both because it is neutral data about potential compromise and because you can’t just substitute a name like you can for other intelligence. In this case, it goes to the heart of a dispute about whether the CIA was really doing what it needed to do to keep these files safe. The evidence doesn’t suggest that Schulte gave a damn about all that; on the contrary, he clearly exploited it. But it’s evidence he can make a claim to need to rebut the Espionage Act charges against him.

But I also wonder whether the CIA refused to grant Bellovin access in this case (who, as I’ve noted, has been trusted by the government in other programmatic ways, including as the technical advisor to PCLOB) not because of any exculpatory evidence they were hiding, but because of inculpatory evidence.

Update: Yikes. The government submitted a scathing “correction” of Bellovin’s declaration.

The Bellovin Affidavit asserts that the log files from the ESXi server produced by the Government in discovery were “demonstrably damaged” as a “result of prior forensic examination.” However, on or about June 14, 2019, in response to the defense’s request, the Government produced unmodified copies in their original format of both log files and unallocated space from the ESXi server.

The Bellovin Affidavit also asserts that the Government only provided “heavily redacted” versions of the Confluence databases, and not “a full copy of the SQL file.” On or about November 5, 2019, the Government provided defense counsel and the defendant’s expert access to a standalone computer at the CCI Office containing, among other things, (1) complete, unredacted copies of the March 2 and 3, 2016 Confluence databases (i.e., a “full copy of the SQL file”) and all of the Confluence data points used by Michael Berger, one of the Government’s expert witnesses, to conduct his timing analysis; (2) complete, unredacted copies of the Stash repositories for the tools for which source code had been released by WikiLeaks; (3) complete, unredacted copies of all Stash documentation released by WikiLeaks; and (4) all commit logs for all projects released by WikiLeaks, redacting only usernames. The Government understands that Dr. Bellovin examined the standalone computer at the CCI Office in December 2019.

It also suggests that Bellovin’s assertion that the Confluence root password would give Michael access to the backups is wrong, but won’t explain why until Bellovin takes the stand.

Finally, the Government does not address Dr. Bellovin’s incorrect assertions regarding Michael’s access to the Altabackups in this letter. Should Dr. Bellovin testify, the Government will cross-examine him regarding, among others, those substantive matters (using information that has already been produced to the defense in discovery). The Government notes, however, that, to assert incorrectly that Michael had access to the Altabackups, Dr. Bellovin relies on information that has been available to him since well before trial, such as the screenshot taken by Michael on April 20, 2016, which was produced by the Government to the defense in December 2018, and data for the Confluence virtual machine, which was produced by the Government to the defense by July 2019, and not on any information disclosed by the Government regarding Michael’s administrative leave status during trial.

Schulte may be yanking Bellovin’s chain on this claim.

Does DOJ Plan to Get Henry Kyle Frese’s Cooperation to Prosecute Journalists?

Henry Kyle Frese, a DIA analyst charged with leaking classified information about China to two NBC journalists in October, pled guilty today. The guidelines laid out in his plea put him well above the 10 year maximum sentence he faces, meaning he may be the rare defendant facing the full prison term allowable. More interesting, his plea includes the possibility of a downward departure for cooperation (though it explicitly says he may get that even if no other charges are brought).

That’s interesting because the bulk of the details laid out in his Statement of Facts describes what he leaked to the two journalists (remember: in investigating this case, DOJ obtained a Title III warrant to eavesdrop on his calls with the journalists). It includes details about Frese accessing information — almost certainly the information relating to China — that was unrelated to his job as a counterterrorism analyst.

In relation to one of the twelve times the defendant orally transmitted TOP SECRET NDI to Journalist 1, in or about mid-April to early May 2018, the defendant accessed an intelligence report unrelated to his job duties on multiple occasions, which contained NDI classified at the TOP SECRET//SCI level (“Intelligence Report 1”).

[snip]

On at least 30 separate occasions in 2018, the defendant conducted searches on classified government systems for information regarding the classified topics he discussed with Joumalists 1 and 2.

The only other person mentioned in the Statement of Facts was an employee of an overseas counterterrorism consulting group.

Between early 2018 and October 2019, the defendant communicated with an employee of an overseas CT consulting group (“Consultant 1”) via social media. On at least two occasions, the defendant transmitted classified NDI related to CT topics to Consultant 1, using a social media site’s direct messaging feature

Consultant 1 was not authorized to receive classified NDI, and at all times during his communications with Consultant 1, the defendant knew that he was not authorized to transmit classified NDI to Consultant 1.

This, then, appears to be the scenario that would also set a precedent before Julian Assange is brought to the US for trial: that journalists asking someone with clearance for information get treated like spies.

Joshua Schulte’s Hot and Cold Snowden Views

I’ve been tracking the government’s claims that the Vault 7 leaks “relate” to earlier WikiLeaks leaks — including Chelsea Manning’s and Anonymous‘ — Edward Snowden, and Shadow Brokers.

With respect to Snowden, specifically, in a warrant application submitted in 2017 (PDF 150) the government cited Schulte’s search for a specific Snowden tweet on August 4, 2016, just as he started searching for WikiLeaks information.

In a November filing laying out their theory of the crime, the government cited his searches on WikiLeaks and “related” topics in that same time period.

Around this time, Schulte also began regularly to search for information about WikiLeaks. In the approximately six years leading to August 2016, Schulte had conducted one Google search for WikiLeaks. Beginning on or about August 4, 2016 (approximately three months after he stole the Classified Information), Schulte conducted numerous Google searches for WikiLeaks and related terms and visited hundreds of pages that appear to have resulted from those searches. For example, in addition to searching for information about WikiLeaks and Julian Assange, its primary leader, Schulte also conducted searches using the search terms “narcissist snowden,” “wikileaks code,” “wikileaks 2017,” “shadow brokers,” and “shadow broker’s auction bitcoin.” “Snowden” was presumably a reference to Edward Snowden, the former NSA contractor who disclosed information about a purported NSA surveillance program, and “Shadow Brokers” was a reference to a group of hackers who disclosed online computer code that they purportedly obtained from the NSA, beginning in or about August 2016. Indeed, in contrast to the period before August 4, 2016, between that date and March 2017 (when the first of the Leaks occurred), Schulte conducted searches for Wikileaks and related information on at least 30 separate days.

Many of these searches, particularly the Snowden ones, could have been innocuous.

When Schulte’s lawyers tried to complain that Paul Rosenzweig’s inclusion of Manning, Anonymous, and Snowden in his expert testimony on WikiLeaks falsely assumed that Schulte knew of those earlier leaks, the government revealed that in contemporaneous chats, Schulte had commented on both Manning and Snowden.

Moreover, even setting aside the dubious assertion that a member of the U.S. intelligence community could have been completely unaware of WikiLeaks’ serial disclosures of classified and sensitive information and the resulting harm, the Government’s proof at trial will include evidence that the defendant himself was well aware of WikiLeaks’ actions and the harms it caused. For example, WikiLeaks began to disclose classified information Manning provided to the organization beginning in or about April 2010, including purported information about the United States’ activities in Afghanistan. In electronic chats stored on the defendant’s server, the defendant discussed these disclosures. For example, on August 10, 2010, the defendant wrote in a chat “you didn’t read the wikileaks documents did you?” and, after that “al qaeda still has a lot of control in Afghanistan.” In addition, on October 18, 2010, the defendant had another exchange in which he discussed Manning’s disclosures, including the fact that the information provided was classified, came from U.S. military holdings, and that (according to the defendant) it was easy for Manning to steal the classified information and provide it to WikiLeaks. Similarly, in a June 9, 2013 exchange, the defendant compared Manning to Edward Snowden, the contractor who leaked classified information from the National Security Agency, and stated, in substance and in part, that Snowden, unlike Manning, “didnt endanger in [sic] people.”

As I noted, that exchange the very day Snowden came forward might suggest Schulte had a much less critical view of Snowden’s leak than Manning’s.

But that’s not what he told his former CIA colleague, who testified this week under the pseudonym Jeremy Weber. To Weber, Schulte condemned Snowden’s behavior in the strongest terms, arguing Snowden was a traitor who should be executed.

A. I don’t believe so, no.

Q. You don’t remember him ever discussing leakers with you?

A. I, I do remember talking about leakers.

Q. Okay. What do you recall?

A. There was discussion around Snowden.

Q. Okay. And?

A. Schulte felt that Snowden was a — had betrayed his country.

Q. That doesn’t, you know, he seems to have strong opinions on everything. You sure he didn’t say more?

A. He probably would have call him a traitor. Said he should be executed for sure. I don’t remember specific verbiage, but he did express his typical strong opinions.

Q. Right. Then he had those same opinions about Chelsea Manning, correct?

A. Possibly. I don’t remember conversations about Chelsea Manning.

Q. And when he was talking about Snowden, it was clear to you that he strongly believed in the mission of the CIA, correct?

A. Yes.

Q. And he strongly believed that you should do nothing against America, correct?

A. Yes.

Q. And he thought Snowden should be executed, correct?

A. I believe I recall specifically him saying that.

Remarkably, Schulte’s lawyer Sabrina Shroff didn’t seem to expect this answer, even though she made much of the prior interviews Weber had had with what she called prosecutors, but which instead probably reflects having gotten 16 302s for Weber, many of them probably interviews with just FBI agents conducting early interviews as part of the investigation.

Q. You met with each one of these prosecutors, correct?

A. I don’t know if I talked to all of them, but, yes.

Q. You’ve talked to them somewhere between 11 and 15 times?

A. I have no idea what the number was.

Q. March 22, 2017, March 27, April 5, May 8th, May 22, June 1st, August 31. This was all in 2017.

A. Okay.

Q. Do you have any idea how many hours you spent with them in 2017?

A. No, I don’t.

Q. 2018, you met with them on January 12, June 1st, June 11, August 6, November 12, December 12, Any idea how many hours you spent with them?

MR. LAROCHE: Objection.

A. No.

THE COURT: Overruled.

Q. Then you met with them in January. Correct?

A. Yes.

Q. January 14, January 21, and January 29. Correct?

A. Possibly, yes.

Still, if Shroff has 16 302s from Weber and she didn’t know how he would answer this question, whether he and Schulte had ever spoken about Snowden’s leaks, it suggests the FBI and prosecutors never thought to ask someone who had worked side by side with Schulte for 6 years, starting around the same time as the Manning leaks and continuing through the Snowden leaks. Which is pretty remarkable.

The government responded by getting Weber to read from Schulte’s prison notebook where he seemingly advocated for sending top secret documents to WikiLeaks.

Q. Can you please read what the defendant wrote here?

A. “This is a huge wake-up call to U.S. intelligence officers. The Constitution you fight to defend will be” —

MS. SHROFF: Denied.

A. — “denied to you if, God forbid, you are ever accused of a crime. If your government has no allegiance in you, why do you have any allegiance towards your government or associates provided info to the NYT.”

MR. LAROCHE: Can we go up to the next, to the top of this page, please.

Q. Again, is this the defendant’s handwriting?

A. Yes.

Q. Can you please read what the defendant wrote?

A. “Your service in” — defense, maybe, “in” — I don’t recognize that word — “security investigations and pristine criminal history can’t even get you bail. As Joshua Schulte has said, you are denied a presumption of innocence. Ironic, you do your country’s dirty work, but when you — when your country accuses you of a crime, you are arrested and presumed guilty. And” — I don’t — “and” something, “your service. Send all of your secrets here: WikiLeaks.”

The chats from 2013 are not yet in evidence, so the government simply relied on what they had already entered with Weber based off his familiarity with Schulte’s handwriting.

But Shroff will — and already has — argued that you can’t argue the views Schulte expressed after he had been in jail for months were the same ones that motivated his actions in 2016, when he allegedly stole all these files. Weber couldn’t place his conversations about Snowden in time, so his views could have also changed before he leaked the files. But the 2018 prison notebooks cannot be said to reflect Schulte’s views in 2016.

The government seems intent on using Snowden et al to prove a level of mens rea that’s more than they need to prove to get convictions on the Espionage Act charges — that Schulte intended to do harm rather than had reason to know, based off his understanding of classification and the import of those hacking tools, that it would do harm. The varying things Schulte has said about Snowden and others may or may not support that, at least for the Espionage charges tied to the 2016 leaks.

That said, if and when Schulte is sentenced for all this, the testimony that he once claimed to believe leakers like Snowden should be executed may not help him avoid a life sentence.

Calyx Institute has generously funded obtaining these Schulte trial transcripts. Please consider a tax deductible donation to support that effort.

The Glenn Greenwald versus the Julian Assange Charges, Compared

Yesterday, Brazil charged Glenn Greenwald as part of the criminal sim swapping group that also leaked The Intercept details of corruption in Sérgio Moro’s efforts to put Lula in prison.

In a criminal complaint made public on Tuesday, prosecutors in the capital, Brasília, accused Mr. Greenwald of being part of a “criminal organization” that hacked into the cellphones of several prosecutors and other public officials last year.

Here’s the indictment.

The indictment comes after a ruling, in December, that Glenn (whom Bolsonaro was already targeting in a financial investigation) could not be investigated.

Those reports led a Supreme Court justice, Gilmar Mendes, to issue an extraordinary order barring the federal police from investigating Mr. Greenwald’s role in the dissemination of the hacked messages.

Prosecutors on Tuesday said they abided by that order until they found audio messages which, they argued, implicated Mr. Greenwald in criminal activity.

Prosecutors have claimed that they were abiding by that order, which relied on a Brazilian law (which sounds like it’s akin to the Bartnicki decision in the US) that says journalists cannot be prosecuted for publishing stolen information. But they found recordings that — they claim — show Glenn was interacting with the hackers while they were engaged in their other crimes, and advised them to delete logs, which (the indictment argues) helped them evade prosecution.

Citing intercepted messages between Mr. Greenwald and the hackers, prosecutors say the journalist played a “clear role in facilitating the commission of a crime.”

For instance, prosecutors contend that Mr. Greenwald encouraged the hackers to delete archives that had already been shared with The Intercept Brasil, in order to cover their tracks.

Prosecutors also say that Mr. Greenwald was communicating with the hackers while they were actively monitoring private chats on Telegram, a messaging app. The complaint charged six other individuals, including four who were detained last year in connection with the cellphone hacking.

The indictment includes long excerpts of the discussion, which (if my combination of shitty Portuguese assisted by Google Translate is correct) they claim shows that, amid news that Moro had been hacked, the source of the Intercept’s files came to Glenn and admitted there were currently monitoring Telegraph channels in the period before the Intercept was going to publish and had a discussion about whether they had to keep the stuff leaked to the Intercept pertaining to corruption. Glenn was quite careful to note he wasn’t offering advice about what the hackers should do, but said they would keep their one copy in a safe place and so the hackers could do whatever they wanted with the stuff they had. Even in spite of Glenn’s clear statement that The Intercept had obtained the files long before the ongoing hacking, the Brazilian prosecutors claim this shows Glenn knew of ongoing hacking and then discussed deleting logs of the prior hacking, making him a co-conspirator.

Apparently, however, this same evidence had already been reviewed before the December ruling, meaning the government is reversing itself to be able to include Glenn in the charges. The government must first get the approval of the judge that issued the initial ruling to prosecute Glenn.

Let me start by saying that this is both an attack on the press and a fairly clear attempt at retaliation against a Jair Bolsonaro critic, part of a sustained attack on Glenn and his spouse, David Miranda. The press in the US has pretty loudly come out in support of Glenn, and no matter what you think of Glenn or his Russia denialism, Glenn deserves support on this issue.

The charges have led a lot of people to say that the charges are just like what is happening with Julian Assange. They are similar. But I think they are distinct, and it’s worth understanding the similarities and distinctions.

Before I do that, since I’ve been accused — because I report on what the prosecution of Joshua Schulte says — of being insufficiently critical of the existing charges against Assange, here’s a post where I talked about the danger of the first charge against Assange (conspiracy to hack information) and here’s one where I lay out how a number of the Assange charges are for publishing information. I don’t support the current charges against Assange, though I think some of Assange’s more recent actions pose closer calls.

Renewing old charges

In both cases, the government took evidence that had already been assessed — in Assange’s case, chat logs from 2010 that the Obama Administration had deemed were not distinguishable from stuff the NYT does, and in Glenn’s case, the recordings that police had already reviewed before the ruling that Glenn should not be investigated — and found reason to charge that hadn’t existed before. In Glenn’s case, that decision was made just weeks later, under the same Administration. In Assange’s case, that decision came by another Administration (one installed in part with WikiLeaks’ assistance), but also came after WikiLeaks engaged in several more leaks that had pissed off the US.

The US government has (Trump flunky efforts to pardon Assange notwithstanding) always hated Assange, but it’s unlikely he would have been charged without 1) the Vault 7 leak burned the CIA’s hacking ability to the ground and 2) an authoritarian Trump administration with a gripe against journalism generally. That said, it’s still not clear why, if DOJ wanted to go after Assange, they didn’t do it exclusively on actions (like extortion using CIA files) that were more distinguishable from journalism, unless the government plans to add such charges to show a pattern over time, one that culminated in the Vault 7 leaks.

Whereas with Glenn, this feels immediately personalized, an effort to keep looking at a leak that exposed Bolsonaro’s hypocrisy until charges could be invented.

The similar conspiracy charge

Where the two cases are most similar is the common charge: a conspiracy involving computer hacking. But even there, there are important differences.

Brazil is arguing (again, relying on my shitty Portuguese) that Glenn is part of the conspiracy his sources are being prosecuted for because in a conversation where he acknowledged that they were still engaged in criminal hacking, he talked about deleting logs. That is, they’re not arguing that he tried to take part in the hacking. They’re arguing that he helped the ongoing hacking by helping the hackers evade discovery.

This is something that the government has shown WikiLeaks to do, for example showing Assange discussing with Chelsea Manning about operational security. The government cites OpSec assistance in the directly comparable “Conspiracy to Commit Computer Intrusion” charged against Assange (count 18):

  1. It was part of the conspiracy that ASSANGE and Manning used the “Jabber” online chat service to collaborate on the acquisition and dissemination of the classified records, and to enter into the agreement to crack the password hash stored on United States Department of Defense computers connected to the Secret Internet Protocol Network.
  2. It was part of the conspiracy that ASSANGE and Manning took measures to conceal Manning as the source of the disclosure of classified records to WikiLeaks, including by removing usernames from the disclosed information and deleting chat logs between ASSANGE and Manning.

But those are described in the “manner and means” section of the conspiracy charge. The overt acts part, however, describes things more commonly described as hacking: Manning’s use of a Linux operating system to obtain Admin privileges, her sharing of a password hash, and Assange’s unsuccessful effort to crack it. That is, Assange is charged with taking an overt act that amounts to hacking, whereas Glenn is charged with advising a source to delete logs (notwithstanding the way Glenn, in very lawyerly fashion, made it clear that he wasn’t offering advice). The inclusion of OpSec in the manners and means is absolutely dangerous in the Assange indictment. But the government alleged something more to include him in a CFAA conspiracy, something not present in the charge against Glenn.

Assange is also charged with another conspiracy charge that reflects ongoing discussions to obtain more information. That’s distinguishable from Glenn’s charge in that Assange was talking about getting more information, whereas all Glenn is alleged to have done is have a discussion at a time he knew his source was committing other ongoing hacking unrelated to and long after obtaining the files he published. But the two conspiracies are similar insofar as the government in question holds a publisher/journalist accountable for continued communication with a source who is engaged in ongoing lawbreaking, but in Assange’s case that crime pertains to obtaining information for Assange, whereas with Glenn it involves an entirely different crime.

More — and in some way, more dangerous — charges against Assange

There’s no parallel between the charge against Glenn and the other charges against Assange, which are some of the most dangerous. As I’ve laid out, there are three theories of prosecution used against Assange:

  • The attempt to hack to obtain additional classified information (described above, along with a charge tied to the things they were trying to obtain by cracking that password)
  • A solicitation of specific files, some of which Manning sought out and provided
  • The publication of three sets of informants names

The last of these is absolutely a charge for publishing information; that’s specifically what (with its contorted thinking) the charge against Glenn tries not to do.

The solicitation request is something both Brazil and the US attempt to insinuate about the Intercept for its advocacy of SecureDrop (which is now used by a slew of outlets). It’s also something that could easily be used to criminalize normal journalism.

The Brazilian charge against Glenn at least attempts to avoid criminalizing any of these things.

Espionage

Of course, that’s a big difference right away. Glenn is not accused of publishing anything classified. Assange is.

And Assange is charged in such a way that gives him liability for releasing classified information under the Espionage Act.

And that’s an added danger of the Assange charges. Thus far, Assange has been charged for leaks that Chelsea Manning has never backed off having a whistleblower interest in leaking (the broad use of State cables she leaked would support that, but that’s less true of the Afghan and Iraqi war logs). As such, Assange is being charged for something that could implicate any journalist publishing classified information.

That said, that could change. That’s why some of the arguments the government is making in the Schulte case are so noteworthy. They are preparing to rely on precedents used for organized crime to argue that, in part because he leaked to WikiLeaks, Schulte intended to harm the US. To the extent that they substantiate that motive, it would put Schulte solidly in the position that the Espionage was designed for. But the government seems to be preparing to apply that argument to WikiLeaks more broadly.

Extradition and international legal process

Finally, though some folks appear to be forgetting this in demanding that the US get involved in Glenn’s case, Glenn was charged as a resident of Brazil for actions taken in Brazil. Assange was charged as an Australian citizen for actions taken in the UK affecting the US government, which has asked the Brits to extradite him for charges (Espionage) that fit under the kind of political crime that often will not merit extradition. Of course, Assange is fighting against Five Eyes governments that, post Vault 7 leak, are likely far less interested in such legal distinctions. Indeed, I suspect that’s one of the reasons the US charged Assange for leaking informant identities; some of those informants were British sources as much as American ones.

Still, the extradition gives Assange a preliminary opportunity to fight these charges, not just because it is a political crime and his health is at risk, but also based on claims (the validity of which I’ve been meaning to unpack) that he was spied on in the Embassy in ways that violate EU if not UK law.

Glenn, however, is facing charges in the increasingly authoritarian country he lives in with his spouse and children. So even though, as I understand it, the high court will have to approve his charges before he is actually prosecuted, Glenn still faces political retaliation within his resident country.

Update: Here’s a Mathew Ingram piece doing similar, though less granular, analysis.

The Government Prepares to Argue that Transmitting Information *To* WikiLeaks Makes the Vault 7 Leak Different

In a long motion in limine yesterday, the government suggested that if Joshua Schulte had just been given a “prestigious desk with a window,” he might not have leaked all of CIA’s hacking tools in retaliation and caused what the government calls “catastrophic” damage to national security.

Schulte grew angrier at what he perceived was his management’s indifference to his claim that Employee-1 had threatened him. Schulte also began to complain about what, according to him, amounted to favoritism toward Employee-1, claiming, for example, that while the investigation was ongoing, Schulte was moved to an “intern desk,” while Employee-1 had been moved to a “prestigious desk with a window.”

[snip]

The Leaks are the largest illegal disclosure of CIA information in the agency’s history and, as noted above, caused catastrophic damage to national security.

Along the way, the motion provides the most detailed description to date about how the government believes Schulte stole the Vault 7 files from CIA. It portrays him as an arrogant racist at the beginning of this process, and describes how he got increasingly belligerent with this colleagues at CIA leading up to his alleged theft of the CIA’s hacking files, leading his supervisors to recognize the threat he might pose, only to bollox up their efforts to restrict his access to CIA’s servers.

The motion, along with several other submitted yesterday, suggests that the government would like to argue that leaking to WikiLeaks heightens the damage that might be expected to the United States.

Along with laying out that it intends to argue that the CIA charges (stealing the files and leaking them to WikiLeaks) are intertwined with the MCC charges (conducting “information war” against the government from a jail cell in the Metropolitan Correction Center; I explained why the government wants to do so here), the government makes the case that cybersecurity expert Paul Rosenzweig should testify as a witness about WikiLeaks.

Rosenzweig will testify about (i) WikiLeaks’s history, technical and organizational structure, goals, and objectives; (ii) in general terms, prior leaks through WikiLeaks, in order to explain WikiLeaks’s typical practices with regard to receiving leaked classified information, its practices or lack thereof regarding the review and redaction of sensitive information contained in classified leaks, and certain well-publicized harms to the United States that have occurred as a result of disclosures by WikiLeaks; and (iii) certain public statements by WikiLeaks regarding the Classified Information at issue in this case.

Rosenzweig’s testimony would come in addition to that of classification experts (probably for both sides) and forensic experts (again, for both sides; Steve Bellovin is Schulte’s expert).

The expert witnesses were allowed to testify as to the background of the organization Wikileaks; how the U.S. Government uses certain markings and designations to identify information that requires special protection in the interests of national security; the meaning of certain computer commands and what they would do; how various computers, servers, and networks work; how data is stored and transferred by various computer programs and commands; and the examination of data that is stored on computers and other electronics.

The only motion in limine Schulte submitted yesterday objected to Rosenzweig’s testimony. Schulte argues that the government’s expert notice neither provides sufficient explanation about Rosenzweig’s intended testimony nor proves he’s an expert on WikiLeaks. More interesting is Schulte’s  argument that Rosenzweig’s testimony would be prejudicial. It insinuates that Rosenzweig’s testimony would serve to substitute for a lack of proof about how Schulte sent the CIA files to WikiLeaks (Schulte is alleged to have used Tor and Tails to transmit the files, which would leave no forensic trace).

In Mr. Schulte’s case, the government has no reliable evidence of how much information was taken from the CIA, how it was taken, or when it was provided to WikiLeaks. The government cannot overcome a lack of relevant evidence by introducing evidence from other cases about how much information was leaked or how information was leaked in unrelated contexts. The practices of WikiLeaks in other contexts and any testimony about alleged damage from other entirely unrelated leaks is completely irrelevant.

Schulte’s claimed lack of evidence regarding transfer notwithstanding, that’s not how the government says they want to use Rosenzweig’s testimony. They say they want to use his testimony to help prove that Schulte intended to injure the US.

The Government is entitled to argue that Schulte intended to harm the United States, by transmitting the stolen information to WikiLeaks, because he knew or had reason to know what WikiLeaks would do with the information. The fact that WikiLeaks’ prior conduct has harmed the United States and has been widely publicized is powerful evidence that Schulte intended or had reason to believe that “injury [to] the United States” was the likely result of his actions—particularly given that the Government will introduce evidence that demonstrates Schulte’s knowledge of earlier WikiLeaks disclosures, including his own statements.

It does so by invoking WikiLeaks’ past leaks and the damage those leaks have done.

Accordingly, proof that it was foreseeable to Schulte that disclosure of classified information to WikiLeaks could cause “injury [to] the United States” is a critical element in this case. Indeed, the Senate Select Committee on Intelligence has explicitly stated “that WikiLeaks and its senior leadership resemble a non-state hostile intelligence service.” S. Rep. 115-151 p. 10. In order to evaluate evidence related to this topic, the jury will need to understand what WikiLeaks is, how it operates, and the fact that WikiLeaks’ previous disclosures have caused injury to the United States. The Government is entitled to argue that Schulte intended to harm the United States, by transmitting the stolen information to WikiLeaks, because he knew or had reason to know what WikiLeaks would do with the information.

Notably, the government motion invokes the Senate’s recognition that WikiLeaks resembles “a non-state hostile intelligence service.” That may well backfire in spectacular fashion. That statement didn’t come until over a year after Schulte is alleged to have stolen the files. And the statement was a follow-up to Mike Pompeo’s similar claim, which was a direct response to Schulte’s leak. If I were Schulte, I’d be preparing a subpoena to call Pompeo to testify about why, after the date when Schulte allegedly stole the CIA files, on July 24, 2016, he was still hailing the purported value of WikiLeaks’ releases.

The thing is, showing that the specific nature of the intended recipient of a leak is an element of the offense has never been required in Espionage leak cases before. Indeed, the government’s proposed jury instructions are based off the instruction in the Jeffrey Sterling case. While the government flirted with naming James Risen an unindicted co-conspirator in that case, they did not make any case that leaking to Risen posed unique harm.

Moreover, even before getting into Schulte’s statements about WikiLeaks (most of which have not yet been made public, as far as I’m aware), by arguing the CIA and MCC charges together, the government will have significant evidence not just about Schulte’s understanding of WikiLeaks, but his belief and that they would lie to harm the US. The government also has evidence that Schulte knew that WikiLeaks’ pretense to minimizing harm with the Vault 7 files was false, and that instead WikiLeaks did selective harm in its releases, though it doesn’t want to introduce that evidence at trial.

In other words, this seems unnecessary, superfluous to what the government has done in past Espionage cases, and a dangerous precedent (particularly given the way the government suggested that leaking to The Intercept was especially suspect in the Terry Albury and Reality Winner cases).

That’s effectively what Schulte argues: that the government is trying to argue that leaking to WikiLeaks is particularly harmful, and that if such testimony goes in, it would be forced to call its own witnesses to testify about how past WikiLeaks releases have shown government malfeasance.

This testimony could also suggest that the mere fact that information was released by WikiLeaks necessarily means that it was intended to—and did—cause harm to the United States. These are not valid evidentiary objectives. Instead, this type of testimony would create confusion and force a trial within a trial on the morality of WikiLeaks and the extent of damage caused by prior leaks. If the government is allowed to introduce this evidence, the defense will necessarily have to respond with testimony about how WikiLeaks is a non-profit news organization, that it has previously released information from government whistle-blowers that was vital to the public understanding of government malfeasance, and that any assertion of damages in the press is not reliable evidence.

The government, in a show of reasonableness, anticipates Schulte’s argument about the prejudice this will cause by stating that it will limit its discussion of prior WikiLeaks releases to a select few.

The Government recognizes the need to avoid undue prejudice, and will therefore limit Mr. Rosenzweig’s testimony to prior WikiLeaks leaks that have a direct relationship with particular aspects of the conduct relevant to this case, for example by linking specific harms caused by WikiLeaks in the past to Schulte’s own statements of his intent to cause similar harms to the United States or conduct. Those leaks include (i) the 2010 disclosure of documents provided to WikiLeaks illegally by Chelsea Manning; (ii) the 2010 disclosure of U.S. diplomatic cables; (iii) the 2012 disclosure of files stolen from the intelligence firm Stratfor; and (iv) the 2016 disclosure of emails stolen from a server operated by the Democratic National Committee.

The selected cases are notable, as all of them (with Manning’s leaks seemingly listed twice) involve cases the government either certainly (with the EDVA grand jury seeking Manning and Jeremy Hammond’s testimony) or likely (with ongoing investigations into Roger Stone) currently has ongoing investigations into.

As a reminder: absent an unforeseen delay, this trial will start January 13, 2020 and presumably finish in the weeks leading up to the beginning of Julian Assange’s formal extradition process on February 25. The government has maintained it can add charges up until that point, and US prosecutors told British courts it won’t provide the evidence against Assange until two months before the hearing (so around Christmas).

Schulte’s trial, then, appears to be the opening act for that extradition, an opening act that will undermine the claims WikiLeaks supporters have been making about the journalistic integrity of the organization in an attempt to block Assange’s extradition. Rosenzweig’s testimony seems designed, in part, to heighten that effect.

Which may be why this instruction appears among the government’s proposed instructions.

Some of the people who may have been involved in the events leading to this trial are not on trial. This does not matter. There is no requirement that everyone involved in a crime be charged and prosecuted, or tried together, in the same proceeding.

You may not draw any inference, favorable or unfavorable, towards the Government or the defendant from the fact that certain persons, other than the defendant, were not named as defendants in the Indictment. Do not speculate as to the reasons why other persons were not named. Those matters are wholly outside your concern and have no bearing on your function as jurors.

Whether a person should be named as a co-conspirator, or indicted as a defendant in this case or another separate case, is a matter within the sole discretion of the United States Attorney and the Grand Jury.

As noted, a number of different WikiLeaks supporters have admitted to me that they’re grateful Assange has not (yet) been charged in conjunction with the Vault 7 case, because even before you get to his attempt to extort a pardon with the files, there’s little journalistic justification for what it did, and even more reason to criticize WikiLeaks’ actions as the case against Schulte proceeded.

Yet the obscure proceedings before the EDVA grand jury suggests the government may be pursuing a conspiracy case that starts in 2010 and continues through the Vault 7 releases, with the same variety of Espionage and CFAA charges continuing through that period.

By arguing the CIA and MCC charges in tandem, the government can pretty compellingly make the case that WikiLeaks’ activities went well beyond journalism in this case. But it seems to want to use Rosenzweig’s testimony to make the case more broadly.

DOJ Holds Big Presser to Make It Clear It Will Use Title III Wiretaps to Prosecute Leaks

John Demers, the Assistant Attorney General who did not think Donald Trump’s extortion by using congressionally appropriated security funding to pressure Ukraine into providing him with campaign propaganda merited an investigation, just had a big press conference to announce the arrest of Henry Kyle Frese, a DIA counterterrorism analyst accused of leaking information about a specific country’s weapons systems to two journalists who work at related media outlets (NBC is one outlet that would fit the presumed arrangement, but there are surely others; Update–it appears this is one of the stories). It sounds like a journalist Freese lived with asked him first to help a more senior journalist from the related outlet, then published a story herself, based off the allegedly leaked materials.

The leak doesn’t sound all that serious, in the grand scheme of things.

What was serious is the warning this press conference was meant to send to journalists. Demers bragged about the sentence imposed on Reality Winner, and boasted of the 6 people the Trump DOJ has prosecuted for leaks. He raised the Jeff Sessions’ speech announcing DOJ would target leaks.

When asked if DOJ was considering prosecuting the two journalists, the speakers on the press conference deferred, as they did about any ongoing investigation. That is, they may well be intending to do so.

Perhaps one of the bigger pieces of news about this arrest is not that DOJ arrested an analyst trying to do a favor for his girlfriend. Rather, it’s that DOJ decided to use a Title III wiretap to intercept Freese’s calls to the journalists, something that would be more proportional to the mob, not journalists.

But that’s where the national security priorities of Trump’s DOJ are. Not investigating him, or at least his personal lawyer, for schemes that obviously make our country less safe. But instead to use wiretaps to go after journalism.

Government Confirms that WikiLeaks Didn’t Release All the Vault 7 Files

Accused Vault 7 hacker Joshua Schulte’s lawyers seem really intent on preventing the government from using evidence obtained while he was using a contraband phone at MCC in his trial for the main leak of CIA’s hacking tools to WikiLeaks.

They’ve already challenged warrants obtained using evidence found in notebooks marked as attorney-client privileged information but then released after a wall team review; in my NAL opinion, that challenge is the most likely of any of his motions to succeed. Last week, they also moved to sever the two MCC charges from the main Espionage ones (they’ve already severed the child porn and copyright violation charges from the Espionage ones), explaining that two of his attorneys, including his lead attorney Sabrina Shroff, would testify to something about discussions from May and June 2018 that would address his state of mind when he leaked and tried to leak CIA materials later in 2018.

To defend against the government’s allegations, Mr. Schulte would call two of his attorneys—Matthew B. Larsen and Sabrina P. Shroff—to present favorable testimony bearing on his state of mind.

This pertains, in some way, to the government’s claim that Schulte wrote classified information in his prison notebooks as part of a plan to leak it.

The government has indicated that its evidence on the MCC Counts will include portions of notebooks seized from Mr. Schulte’s cell, in which he allegedly documented his plans to transmit classified information.

[snip]

Defense counsel expects that at trial, the government will seek to introduce excerpts of Mr. Schulte’s writings in his notebooks as evidence of his specific intent to violate the law.

If they succeed at severing count four from the main Espionage charges, it might make it harder to link what Schulte was doing in jail with what he was allegedly doing over two years earlier. As I noted when Schulte’s team first challenged the MCC warrants, it’s clear why they’re doing this: the MCC evidence indicates he had an ongoing relationship with WikiLeaks.

The FBI investigation proceeded from those notebooks to the WordPress site showing him claiming something identical to disinformation he was packaging up to share with WikiLeaks. They also got from those notebooks to ProtonMail accounts where Schulte offered to share what may or may not be classified information with a journalist. The reason why the defense is pushing to suppress this — one of the only challenges they’re making in his prosecution thus far — is because the stuff Schulte did in prison is utterly damning and seems to confirm both his familiarity with WikiLeaks and his belief that he needed to create disinformation to claim to be innocent.

The government, in a fairly scathing response to Schulte’s motion to sever the trials, confirms that it believes the MCC charges include evidence that help support the main charges on leaking the files to WikiLeaks (what the government calls CIA counts). The government had a “reverse proffer” on December 18, 2018 and laid out all the evidence against Schulte, including pointing out that (as I described) the material seized from MCC helped prove the CIA charges.

About six weeks later, on December 18, 2018, the Government met with defense counsel (the “Reverse Attorney Proffer”). At this meeting, the Government described for defense counsel the theory of the Government’s case with respect to the charges in the Second Superseding Indictment, and answered defense counsel’s questions about the charged counts, including the new counts. The Government also explicitly noted during the Reverse Attorney Proffer that it believed that the material recovered pursuant to the MCC Warrants was relevant evidence with respect to not only the MCC Counts, but also the CIA Counts.

Having laid out the interconnectedness of these charges, the government then explains at some length why having different attorneys defend Schulte in the CIA and MCC counts would cause delays in both, because replacement counsel would need to familiarize themselves with both sets of charges. Now, as I noted, there’s unclassified information that Schulte clearly shared with WikiLeaks both before and while he was in jail. But right there in the middle of this passage is the revelation that Schulte identified classified information in his prison notebooks that he shared with WikiLeaks but that WikiLeaks has not yet published.

Regardless, Schulte’s proposal—further severed trials and new counsel for the MCC Counts—would neither prevent trial delay nor resolve the ethical issue. Rather, it is likely to exacerbate both. First, appointing new counsel on the MCC Counts is likely to cause, rather than prevent, further trial delay and would complicate Schulte’s defense across all counts. Because of the interconnectedness of the MCC Counts and the CIA Counts, as well as the child pornography and copyright counts, new counsel would need to become familiar with the evidence as to all counts in order to appropriately advise and defend Schulte. Indeed, new counsel might determine that the best course with respect to the MCC Counts would be to seek to negotiate a plea that resolves those charges along with some combination of the CIA Counts, child pornography counts, and/or copyright count. Those negotiations could not occur until new counsel was fully familiar with all aspects of the case. This would take a substantial amount of time given that new counsel would have to be cleared and that a substantial portion of the evidence is classified and, thus, must be reviewed in sensitive compartmented information facilities. Moreover, even after new counsel became familiar with the case, it is possible that new counsel might have different views than current counsel concerning a variety of trial strategy decisions, including, among others, the desirability of Schulte testifying, which could impact one or all of the severed trials and would need to be coordinated among all of Schulte’s attorneys. As a result, trial on the CIA Counts could not proceed until new counsel for the MCC Counts was familiar with the entire case. In short, the appointment of new counsel would likely further complicate this case and lead to substantial delays.

Second, severing the CIA Counts from the MCC Counts also would not resolve the purported ethical issue. Even if the trials were severed, evidence of Schulte’s prison conduct, including the Schulte Cell Documents, would still be admissible at the trial addressing the CIA Counts as both direct evidence and Rule 404(b) evidence of those crimes. For example, in the Schulte Cell Documents, Schulte specifically identifies certain classified information that was provided to WikiLeaks but which WikiLeaks has not yet published, which is direct evidence that Schulte transmitted classified information to WikiLeaks as charged in the WikiLeaks Counts. Similarly, Schulte’s prison conduct is also admissible as to the WikiLeaks Counts for a variety of Rule 404(b) purposes including to show, among other things, consciousness of guilt, motive, opportunity, intent, absence of mistake, and modus operandi.5

5 Similarly, during a trial addressing the MCC Counts, the Government would introduce evidence relating to the CIA Counts as direct evidence to complete the story of the crime and, in the alternative, as Rule 404(b) evidence. For example, evidence related to the CIA Counts would establish Schulte’s motive for committing and ability to commit the MCC Counts, as well as his knowledge that the information he unlawfully transmitted was classified national defense information. As a result, even a trial on the MCC Counts would entail introduction of much of the evidence from the Espionage Trial. [my emphasis]

The government doesn’t say whether it knows that WikiLeaks received this information because it found it after seizing Julian Assange’s computers or some other way.

The detail that Schulte referred to information that the government apparently knows WikiLeaks received — but that WikiLeaks has never published — is interesting for an entirely different reason.

On top of asking to sever two more charges, Schulte is also asking for a delay in trial, from November to January. The government says it’s cool with that delay, so long as there won’t be any further delay.

The Government understands that the defendant is seeking to adjourn the Espionage Trial until January 13, 2020. Although the Government is prepared to start trial as scheduled on November 4, 2019, the Government does not oppose the defendant’s adjournment request with the understanding that the defendant will not seek another adjournment of the Espionage Trial absent exceptional and unforeseen circumstances[.]

This story on Jeremy Hammond’s subpoena in EDVA clarifies something about which there has been a great deal of confusion. The US can still add charges against Julian Assange at least until his extradition hearing, which starts on February 25.

Nick Vamos, former head of extradition at the Crown Prosecution Service in England, said the treaty between the two countries still allows for the U.S. to add charges to the Assange case, but that will become more difficult and problematic for the American prosecutors as they get closer to the scheduled extradition hearing in February.

The discussion today has focused on the Stratfor hacks that Hammond is serving time for. Because the five year statute of limitations for CFAA would normally have tolled by now, they are likely pursuing some kind of conspiracy charges, for a conspiracy that continued past 2012.

But given the seeming cooperation while Schulte was in jail and the knowledge that WikiLeaks sat on — or used — one of the other files provided by Schulte, if the government is planning on more conspiracy charges, chances are good that Vault 7 will eventually be included in them.

image_print