Posts

Joshua Schulte Attempts to Hack the Court System

/24 Comments/in /by

Joshua Schulte attempted to complete a hack of the court system yesterday.

I don’t mean that Schulte used computer code to bring down the court systems. His laptop doesn’t connect to the Internet, and so he does not have those tools available. Rather, over the 3.5 years he has been in jail, he has tested the system, figured out which messages can be used to distract adversaries, and which messages have an effect that will lead the system to perform in unexpected ways. He identified vulnerabilities and opportunities — SDNY arrogance, the pandemic and related court delays, Louis DeJoy’s postal system, and even the SAMs imposed on him — and attempted to exploit them.

As a reminder, a jury hung on the most serious charges against Schulte in March 2020. Afterwards, the government moved to retry Schulte quickly, but his defense attorneys said they needed more time, in part because their expert, Steve Bellovin, was for health reasons unwilling to serve as an expert during COVID. Last November, Judge Paul Crotty scheduled a trial to start June 7, 2021, which would have been a week ago Monday. In March, Schulte’s superb attorney, Sabrina Shroff, moved to delay the trial once more, to October, still citing Bellovin’s withdrawal.

Meanwhile, starting in January, Schulte started submitting pro se filings, some filed through Shroff, and some sent directly. The government responded to a motion for habeas corpus (basically, to point out he needs to file suit against the Warden of MCC, not the prosecution), but did not respond to his motion to suppress evidence seized from the MCC jail. When Schulte filed to request direct access to Lexus Nexis, the government responded, in part, by asking Judge Crotty to force Schulte to decide whether he was representing himself, pro se, or, if not, then to solely allow Shroff and her team to make filings on his behalf.

The defendant’s request appears to be an attempt to further his pattern of engaging in inappropriate, quasi-pro se litigation. The Court should not consider the defendant’s instant letter for that reason. “A defendant has a right either to counsel or to proceed pro se, but has no right to ‘hybrid’ representation, in which he is represented by counsel from time to time, but may slip into pro se mode for selected presentations.” United States v. Rivernider, 828 F.3d 91, 108 (2d Cir. 2016). Although the Court has “discretion to hear from a represented defendant personally,” id. at 108 n.5, “the interests of justice will only rarely be served by a defendant’s supplementation of the legal services provided by his . . . counsel,” United States v. Swinton, 400 F. Supp. 805, 806 (S.D.N.Y. 1975). To the extent the defendant has any colorable claims for relief, his attorneys can present them to the Court, and the Court should reject the defendant’s attempts to “slip into pro se mode,” Rivernider, 828 F.3d at 108, whenever it suits him. See, e.g., United States v. Crumble, No. 18 Cr. 32 (ARR), 2018 WL 3112041, at *4 (E.D.N.Y. June 25, 2018) (“As Markus has not elected to represent himself, he does not have a right to make a motion on his own behalf, nor does he have a right to insist that the district court hear his applications. While I have previously exercised my discretion to entertain Markus’s pro se submissions, I will do so no longer. If Markus wishes to file any further motions, he is directed to ask his trial counsel—or appellate counsel— to adopt this motion. I trust that assigned counsel will file any motions that they do not view as frivolous on Markus’s behalf. Any pro se motions made by Markus, however, will be summarily denied.” (cleaned up)).

In any event, even if the Court considers the defendant’s submission, it is without merit. As his letter acknowledges, he has access to legal databases (a fact confirmed by the volume of his recent pro se filings), but additionally he demands special access to “filings, briefs, modern search, and the ability to print.” The defendant’s claims about the purported deficiencies of the databases to which he does in fact have access do not support such demands or establish a basis for relief. “[A]n inmate cannot establish relevant actual injury simply by establishing that his prison’s law library or legal assistance program is subpar in some theoretical sense.” Lewis v. Casey, 518 U.S. 343, 351 (1996). The defendant identifies no reason he should be afforded special access beyond that which the facility provides in the normal course, and at bottom, he is represented by counsel who have the ability to make well-researched and thoroughly prepared legal claims on his behalf.

Crotty denied Schulte’s request for Lexus Nexis, but didn’t address the pro se request.

Meanwhile, two of the three prosecutors on the team, Matthew LaRoche and Sidhardha Kamaraju, withdrew from the case, both because they’ve left government. LaRoche was involved in a prosecution that collapsed because the government committed a Brady violation, but Kamaraju was not. Kamaraju, however, probably has the most computer expertise of the original three.

Yesterday there was a remarkable status hearing. Crotty started by asking the remaining prosecutor, David Denton, when replacement prosecutors will file an appearance. Imminently, Denton said, though it sounded like he didn’t believe that.

Crotty asked whether Shroff has found an expert. Curiously, she explained that Bellovin still can’t do it, even with the waning risk of COVID, because of his schedule at Columbia University. Crotty noted that it is her responsibility to find an expert (she had said in a November status conference that it would amount to ineffective assistance not to have one).

But the real stunner came at the end, when Shroff said that Schulte wanted her to tell the court that he had told the government back in November that he was proceeding pro se. Denton responded that this was the first he had heard of such a thing, and Shroff responded that he was incorrect; Schulte had informed the government in November.

The hearing ended with a commitment to brief whether Schulte can proceed pro se.

It is almost without exception an insanely bad idea for a defendant to represent themselves, and this is probably not that exception. Still, there are advantages that Schulte would get by representing himself. He’s brilliant, and clearly has been studying the law in the 3.5 years he has been in prison (though he has made multiple errors of process and judgment in his own filings). He has repeatedly raised the Sixth Amendment problems with Special Administrative Measures, notably describing how delays in receiving his mail make it impossible for him to respond to legal developments in timely fashion. So I imagine he’d prepare a Sixth Amendment challenge to everything going forward. He’d be able to demand access to the image of the server he is alleged to have hacked himself. By proceeding pro se, Schulte could continue to post inflammatory claims to the docket for sympathetic readers to magnify, as happened with a filing he submitted earlier this year. And after the government has made clear it will reverse its disastrous strategy from the first trial of making the trial all about Schulte’s conflicts with the CIA, by questioning witnesses himself, Schulte would be able to make personality conflicts central again, even against the government’s wishes. Plus, by not replacing Bellovin, Schulte would serve as expert himself. In that role, Schulte would present the false counter story he has been telling since he was jailed, but in a way that the government couldn’t cross-examine him. So it would probably be insanely detrimental, but less so than for most defendants that try it. It certainly would provide a way to mount the defense that Schulte clearly wants to pursue.

But I think that’s just Schulte’s fall-back plan.

I think his current plan is to argue that, because anything his attorneys did in his name after he purportedly informed prosecutors he was proceeding pro se would be a legal nullity, then two things have happened since that allegedly occurred that will permit him to demand immediate release. First, if his attorneys’ agreements to exclude time from the Speedy Trial clock were not valid, then it would mean the government has run out of time to prosecute Schulte. Additionally, if a request that Shroff made in March to reschedule the trial was not valid, then the trial would have still been scheduled for last week. I suspect Schulte will try to argue that the government forgot to hold their trial and so must be released.

Mind you, there’s no evidence in the docket that Schulte informed prosecutors, much less the court, that he was proceeding pro se. There’s a filing he made in April 2020 that claimed he had no lawyers and made requests as if he was proceeding pro se, one that everyone ignored. But according to Shroff, that’s not the notice; the notice took place in November. Still, given how Schulte has carefully tested how the mail system works with SAMs and COVID, I don’t rule out him sending a letter directly to prosecutors.

The other problem with his claim to be proceeding pro se is that in a May filing, Schulte referred to the October trial (meaning, he recognizes the validity of both that request and Shroff’s exclusion of time under the Speedy Trial Act) and complained that his attorney-client mail was being opened. If he were proceeding pro se without Crotty formally appointing Shroff as standby counsel, their communications would have no privilege. So he has said two things in a pro se filing that are inconsistent with really proceeding pro se.

Certainly, Shroff has said things — in multiple venues — that indicate she believed she remained Schulte’s lawyer.

Given that Schulte claims everything his legal team has done since November was done without his sanction, though, the government would seem to have cause to ask Crotty to assign entirely different lawyers to serve as Schulte’s stand-by counsel, if indeed he does proceed pro se going forward. Which would make his plan for the actual trial, if it ever happens, untenable.

To be sure, I’m not saying this is going to work. But the government — what’s left of the prosecution team, anyway — had better understand that Schulte has been treating the court system with the same adversarial approach as he allegedly did the CIA’s servers. Schulte is claiming to have entered a command into his prosecution back in November that hacked the system, effectively changed the effect of everything that has happened since. Just trusting that such a possibility cannot happen under the legal system is probably a bad idea given where the CIA’s trust that Schulte wouldn’t hack the system turned out.

Update: Via InnerCity Press, there’s the transcript of the hearing.

April 12, 2020: Schulte claims he has no attorneys, claims only a few months remain on Speedy Trial

May 31, 2020: Shroff asks for a week extension to respond to government scheduling motion

June 8, 2020: Schroff requests a status conference for August or September 2020, acting as if Schulte’s request did not exist

June 15, 2020: Shroff initiates White Plains grand jury challenge

June 19, 2020: SDNY extends Speedy Trial to July 1, 2020

July 16, 2020: Shroff informs Judge Crotty Schulte will not reply to Rule 29 motion

July 27, 2020: Shroff asks for extension on grand jury challenge

July 28, 2020: Shroff asks for ESXi server (basically a repeat of Schulte’s April request)

July 30, 2020: Shroff asks for two week delay on status hearing citing (in part) Steve Bellovin’s withdrawal

August 14, 2020: Shroff asks for two week extension on reply to request for ESXi server

September 15, 2020: Shroff reply on ESXi laptop

September 16, 2020: SDNY proposes schedule, with January 2021 trial date

September 21, 2020: SDNY responds to Bellovin submission of ex parte declaration

October 14, 2020: SDNY asks for 30 day exclusion

October 30, 2020: Shroff requests Schulte appear remotely

November 4, 2020: Status conference, trial set for June 7, 2021, with time excluded; Shroff maintains it would be ineffective counsel to go to trial without expert

THE COURT: Are you entitled to an expert?

MS. SHROFF: In a case like this, yes. I’m quite certain I’m entitled to an expert. I think it would be clear error and ineffective assistance of counsel to try this case without an expert, without a doubt.

November 16, 2020: Shroff-submitted motion to dismiss on White Plains grand jury

November 19, 2020: Shroff submits request for VTC meeting with Schulte’s family

January 1, 2021: Schulte motion to suppress MCC evidence (docketed February 24)

January 7, 2021: Shroff requests 2 week extension on White Plains grand jury reply

January 19, 2021: Shroff files Schulte pro se motion for writ of habeas corpus regarding SAMs, dated December 25, 2020

January 22, 2021: Shroff requests two week extension on January 21 deadline for reply on White Plains grand jury reply

January 22, 2021: Shroff requests funds for new laptop for Schulte

January 27, 2021: Civil Division AUSA asks Crotty to dismiss motion for writ so it can be refiled naming Warden as defendant

February 22, 2021: Shroff submits reply on White Plains grand jury challenge

February 24, 2021: Schulte files motion to reconsider decision on habeas (docketed March 4)

March 19, 2021: Schulte calls on Crotty to decide his motion to suppress on the merits, given government non-response (docketed April 5)

March 22, 2021: Shroff moves, with consent of Schulte, to reschedule trial to last quarter of 2021

March 24, 2021: Crotty denies motion to dismiss; Crotty reschedules trial for October 25, excludes time

April 12, 2021: Schulte asks for Lexus Nexis (docketed April 29)

May 5, 2021: Schulte complains about mail delays (docketed May 19); among other things it reflects an October trial date and references attorney-client mail

May 7, 2021: Matthew LaRoche withdraws

May 11, 2021: SDNY submits opposition to Lexus Nexis request, including request for order that Schulte not submit pro se

June 3, 2021: Sidhardha Kamaraju withdraws

June 7, 2021: Date of trial scheduled in November 2020

June 15, 2021: Status hearing at which Schulte claims to have been representing himself pro se since November

Joshua Schulte’s Hot and Cold Snowden Views

/3 Comments/in , , /by

I’ve been tracking the government’s claims that the Vault 7 leaks “relate” to earlier WikiLeaks leaks — including Chelsea Manning’s and Anonymous‘ — Edward Snowden, and Shadow Brokers.

With respect to Snowden, specifically, in a warrant application submitted in 2017 (PDF 150) the government cited Schulte’s search for a specific Snowden tweet on August 4, 2016, just as he started searching for WikiLeaks information.

In a November filing laying out their theory of the crime, the government cited his searches on WikiLeaks and “related” topics in that same time period.

Around this time, Schulte also began regularly to search for information about WikiLeaks. In the approximately six years leading to August 2016, Schulte had conducted one Google search for WikiLeaks. Beginning on or about August 4, 2016 (approximately three months after he stole the Classified Information), Schulte conducted numerous Google searches for WikiLeaks and related terms and visited hundreds of pages that appear to have resulted from those searches. For example, in addition to searching for information about WikiLeaks and Julian Assange, its primary leader, Schulte also conducted searches using the search terms “narcissist snowden,” “wikileaks code,” “wikileaks 2017,” “shadow brokers,” and “shadow broker’s auction bitcoin.” “Snowden” was presumably a reference to Edward Snowden, the former NSA contractor who disclosed information about a purported NSA surveillance program, and “Shadow Brokers” was a reference to a group of hackers who disclosed online computer code that they purportedly obtained from the NSA, beginning in or about August 2016. Indeed, in contrast to the period before August 4, 2016, between that date and March 2017 (when the first of the Leaks occurred), Schulte conducted searches for Wikileaks and related information on at least 30 separate days.

Many of these searches, particularly the Snowden ones, could have been innocuous.

When Schulte’s lawyers tried to complain that Paul Rosenzweig’s inclusion of Manning, Anonymous, and Snowden in his expert testimony on WikiLeaks falsely assumed that Schulte knew of those earlier leaks, the government revealed that in contemporaneous chats, Schulte had commented on both Manning and Snowden.

Moreover, even setting aside the dubious assertion that a member of the U.S. intelligence community could have been completely unaware of WikiLeaks’ serial disclosures of classified and sensitive information and the resulting harm, the Government’s proof at trial will include evidence that the defendant himself was well aware of WikiLeaks’ actions and the harms it caused. For example, WikiLeaks began to disclose classified information Manning provided to the organization beginning in or about April 2010, including purported information about the United States’ activities in Afghanistan. In electronic chats stored on the defendant’s server, the defendant discussed these disclosures. For example, on August 10, 2010, the defendant wrote in a chat “you didn’t read the wikileaks documents did you?” and, after that “al qaeda still has a lot of control in Afghanistan.” In addition, on October 18, 2010, the defendant had another exchange in which he discussed Manning’s disclosures, including the fact that the information provided was classified, came from U.S. military holdings, and that (according to the defendant) it was easy for Manning to steal the classified information and provide it to WikiLeaks. Similarly, in a June 9, 2013 exchange, the defendant compared Manning to Edward Snowden, the contractor who leaked classified information from the National Security Agency, and stated, in substance and in part, that Snowden, unlike Manning, “didnt endanger in [sic] people.”

As I noted, that exchange the very day Snowden came forward might suggest Schulte had a much less critical view of Snowden’s leak than Manning’s.

But that’s not what he told his former CIA colleague, who testified this week under the pseudonym Jeremy Weber. To Weber, Schulte condemned Snowden’s behavior in the strongest terms, arguing Snowden was a traitor who should be executed.

A. I don’t believe so, no.

Q. You don’t remember him ever discussing leakers with you?

A. I, I do remember talking about leakers.

Q. Okay. What do you recall?

A. There was discussion around Snowden.

Q. Okay. And?

A. Schulte felt that Snowden was a — had betrayed his country.

Q. That doesn’t, you know, he seems to have strong opinions on everything. You sure he didn’t say more?

A. He probably would have call him a traitor. Said he should be executed for sure. I don’t remember specific verbiage, but he did express his typical strong opinions.

Q. Right. Then he had those same opinions about Chelsea Manning, correct?

A. Possibly. I don’t remember conversations about Chelsea Manning.

Q. And when he was talking about Snowden, it was clear to you that he strongly believed in the mission of the CIA, correct?

A. Yes.

Q. And he strongly believed that you should do nothing against America, correct?

A. Yes.

Q. And he thought Snowden should be executed, correct?

A. I believe I recall specifically him saying that.

Remarkably, Schulte’s lawyer Sabrina Shroff didn’t seem to expect this answer, even though she made much of the prior interviews Weber had had with what she called prosecutors, but which instead probably reflects having gotten 16 302s for Weber, many of them probably interviews with just FBI agents conducting early interviews as part of the investigation.

Q. You met with each one of these prosecutors, correct?

A. I don’t know if I talked to all of them, but, yes.

Q. You’ve talked to them somewhere between 11 and 15 times?

A. I have no idea what the number was.

Q. March 22, 2017, March 27, April 5, May 8th, May 22, June 1st, August 31. This was all in 2017.

A. Okay.

Q. Do you have any idea how many hours you spent with them in 2017?

A. No, I don’t.

Q. 2018, you met with them on January 12, June 1st, June 11, August 6, November 12, December 12, Any idea how many hours you spent with them?

MR. LAROCHE: Objection.

A. No.

THE COURT: Overruled.

Q. Then you met with them in January. Correct?

A. Yes.

Q. January 14, January 21, and January 29. Correct?

A. Possibly, yes.

Still, if Shroff has 16 302s from Weber and she didn’t know how he would answer this question, whether he and Schulte had ever spoken about Snowden’s leaks, it suggests the FBI and prosecutors never thought to ask someone who had worked side by side with Schulte for 6 years, starting around the same time as the Manning leaks and continuing through the Snowden leaks. Which is pretty remarkable.

The government responded by getting Weber to read from Schulte’s prison notebook where he seemingly advocated for sending top secret documents to WikiLeaks.

Q. Can you please read what the defendant wrote here?

A. “This is a huge wake-up call to U.S. intelligence officers. The Constitution you fight to defend will be” —

MS. SHROFF: Denied.

A. — “denied to you if, God forbid, you are ever accused of a crime. If your government has no allegiance in you, why do you have any allegiance towards your government or associates provided info to the NYT.”

MR. LAROCHE: Can we go up to the next, to the top of this page, please.

Q. Again, is this the defendant’s handwriting?

A. Yes.

Q. Can you please read what the defendant wrote?

A. “Your service in” — defense, maybe, “in” — I don’t recognize that word — “security investigations and pristine criminal history can’t even get you bail. As Joshua Schulte has said, you are denied a presumption of innocence. Ironic, you do your country’s dirty work, but when you — when your country accuses you of a crime, you are arrested and presumed guilty. And” — I don’t — “and” something, “your service. Send all of your secrets here: WikiLeaks.”

The chats from 2013 are not yet in evidence, so the government simply relied on what they had already entered with Weber based off his familiarity with Schulte’s handwriting.

But Shroff will — and already has — argued that you can’t argue the views Schulte expressed after he had been in jail for months were the same ones that motivated his actions in 2016, when he allegedly stole all these files. Weber couldn’t place his conversations about Snowden in time, so his views could have also changed before he leaked the files. But the 2018 prison notebooks cannot be said to reflect Schulte’s views in 2016.

The government seems intent on using Snowden et al to prove a level of mens rea that’s more than they need to prove to get convictions on the Espionage Act charges — that Schulte intended to do harm rather than had reason to know, based off his understanding of classification and the import of those hacking tools, that it would do harm. The varying things Schulte has said about Snowden and others may or may not support that, at least for the Espionage charges tied to the 2016 leaks.

That said, if and when Schulte is sentenced for all this, the testimony that he once claimed to believe leakers like Snowden should be executed may not help him avoid a life sentence.

Calyx Institute has generously funded obtaining these Schulte trial transcripts. Please consider a tax deductible donation to support that effort.

“What is the root user?” Joshua Schulte Set Up the Shared “root” Password He’ll Use in His Defense

/5 Comments/in , , /by

In a full day of testimony yesterday, one of Joshua Schulte’s former colleagues, testifying under the name Jeremy Weber (which may be a pseudonym of a pseudonym under the protective order imposed for the trial) introduced a ton of detail about how the engineering group he and Schulte worked in was set up bureaucratically, how the servers were set up, and how relations between Schulte and the rest of the group started to go south in the months and weeks leading up to the date when, the government alleges, he stole CIA’s hacking tools. He also described how devastating the leak was for the CIA.

In that testimony, the government began to lay out their theory of the case: When Schulte lost SysAdmin access to the servers hosting the malware they were working on — and the same day the unit announced they’d soon be moving the last server to which Schulte had administrator privileges under the official SysAdmin group — Schulte went back to the back-up file of the server from the day the fight started blowing up, March 3, 2016, and made a copy of it.

But the government also started previewing what will likely be Schulte’s defense: that some of these servers were available via a shared root password accessible to anyone in their group.

Prosecutor Matthew LaRoche walked Weber through a description of how a “root” user for the ESXi server was used.

Q. What is the root user?

A. The root user, in this situation, “root” was kind of Linux term for the administrative account on the machine, like the default administrator account.

Q. You also mentioned there was a password for the ESXi server?

A. That’s correct.

Q. Was that password stored anywhere?

A. Yes, it was.

Q. Where?

A. It was stored on OSB’s passwords page for some of our services.

Q. What do you mean by OSB’s passwords page?

A. OSB had a lot of virtual machines outside of the Atlassian products that had passwords on them solely because the technology required to have a password and not for security practices, so that — these were often like test machines, and these passwords we kept on a page so that if somebody was leveraging that VM they would have the credentials they needed to log in to it.

Q. Where was that passwords page located?

A. Confluence.

Q. Was it restricted in any way?

A. It was.

Q. How?

A. It was to OSB.

This detail has been public since WikiLeaks first published the documents. I pointed it out here:

Among the pages that got exposed in this week’s Wikileaks dumps of CIA’s hacking tools was a page of Operational Support Branch passwords. For some time the page showed the root password for the network they used for development purposes.

These passwords, as well as one (“password”) for another part of their server, were available on the network site as well.

Throughout the period of updates, it included a meme joking about setting your password to Incorrect.

[snip]

A discussion ensued about what a bad security practice this was.

2015-01-30 14:30 [User #14588054]:

Am I the only one who looked at this page and thought, “I wonder if security would have a heart attack if they saw this.”?

2015-01-30 14:50 [User #7995631]:

Its locked down to the OSB group… idk if that helps.

2015-01-30 15:10 [User #14588054]:

I noticed, but I still cringed when I first saw the page.

I have no idea whether these passwords exacerbated CIA’s exposure. The early 2015 discussion happened well before — at least as we currently understand it — the compromise that led to Wikileaks’ obtaining the files.

It turns out that Schulte himself moved this password onto the ESXi passwords page on or before March 31, 2015, almost a year before he allegedly stole the files.

MR. LAROCHE: Ms. Hurst, can you please publish Government Exhibit 1003, and please just zoom in on the top of the email, the to-from.

Q. Is this another email from the CIA, Mr. Weber?

A. Yes, it is.

Q. When was this email sent?

A. It was sent on March 31, 2015, at 8:20 p.m.

Q. Who sent it?

A. It was sent by Josh Schulte.

Q. Who was it sent to?

A. It was sent to the OSB email group.

Q. How do you know that?

A. The string NCS-IOC-EDG-AED-OSB is a user group and it’s explicit in its naming. NCS was in the org chart above IOC, the rest of those are the groups that we have previously talked about.

Q. It’s a lot of acronyms.

A. It is.

Q. Below that, what’s the subject line?

A. OSB.DevLAN.net VM credentials.

Q. What’s OSB.DevLAN.net?

A. That was the OSB ESXi server.

MR. LAROCHE: Ms. Hurst, if you could please zoom out and then on to the text of the email.

Q. Can you read the first sentence, please?

A. “I’ve modified the OSB’s ESXi server page to contain the passwords and other information directly instead of through the OSB’s passwords page; also updated the permissions to be restricted to everyone outside of OSB.”

Q. Do you understand what he’s referring to by OSB’s ESXi server page?

A. Yes.

Q. What’s he referring to?

A. It was a second page created later to contain information specifically to the ESXi server and the administration of that.

Q. And do you understand what he means by updated the permissions to be restricted to everyone outside of OSB?

A. This was him saying that only people within the OSB — within OSB would have access to read this page.

Q. Now, is this the same ESXi server that as of 2015 was running Confluence and Bamboo?

A. Yes, it was.

I think this is what that page would have looked like, in part, in the March 3, 2016 files, with the same root password set to “mysweetsummer:”

Schulte will eventually argue that he not only recognized that this arrangement — which he set up, per this email — was insecure, but that he warned people about it repeatedly. Weber says that didn’t happen, because if Schulte had complained, he would have told Schulte to fix it.

Q. Are you sure that the defendant never made any complaints that DevLAN was vulnerable to theft?

A. Yes.

Q. Why?

MS. SHROFF: Objection.

THE COURT: Overruled.

A. If he had complained to me about the Atlassian products being vulnerable to theft, I would have told him to fix it. The Atlassian products were our responsibility, and if he had highlighted an issue with that, I would have made it our primary focus to fix that.

The government has already begun showing forensics suggesting the files were stolen via other means.

More importantly, they showed that if Schulte thought the shared root password was insecure, he’s got no one but himself to blame for it.

It’s certainly possible he will point to things he’ll argue are proof that he raised concerns about this arrangement — rather than just joking about it on the development pages (it won’t take too long before we learn which numbered ID WikiLeaks used for Schulte). But there’s already evidence that he’s the one who set it up that way.

Calyx Institute has generously sprung for Schulte transcripts. If you’d like to support the effort, you can make a tax deductible donation to them here.