Posts

Judge Crotty Should Let Joshua Schulte Test His Theory of Defense Forensically

At a hearing on July 25, accused Vault 7 leaker Joshua Schulte’s lawyer, Sabrina Shroff, argued that it’s possible if the government provides some forensic evidence that the CIA maintains is too classified to share, this case might avoid trial, either by identifying alternate culprits or leading her to advise her client to plead.

Mr. Kamaraju says that I would be forced anyway to then make a Section 5 motion to show relevance, etc. Well, maybe not. Maybe if I got the forensics, I would be able to say, hey, I think the government is completely wrong, Mr. Schulte is completely innocent, and you should go back and relook at your charging decisions because of X, Y, and Z in the forensics.

On the flip side, I could look at the forensics and say to my client, you know, maybe this isn’t the strongest case. Maybe we shouldn’t be going to trial. Not all discovery is asked for or relevant because it is only going to be used at trial. We asked for discovery because it is proper Rule 16 information that the defendant should have that would tell him about the charges and help him make proper decisions in the most serious or the most benign of cases.

At issue, per an order Judge Paul Crotty issued days before the hearing (but which got released publicly afterwards) is evidence that would exist if a narrative Schulte seeded before he left the CIA were true. In addition to all the email he wrote at CIA (the government is giving him what he wrote, but not the responses), he wants “a complete forensic copy of the Schulte Workstation and DevLAN, so that his expert can conduct a comprehensive forensic analysis.” Ultimately, Crotty did not grant Schulte’s request, noting that he “has been accused of leaking information he obtained from his employment at CIA both before he was arrested and from his cell at MCC after his arrest.” Instead, he directed the defense to “submit[] a more tailored request [that] provides good reason for further forensic discovery in a motion to compel. In this context, it would also be helpful, for example, if Schulte would communicate his thinking of how others are responsible for the theft.”

Yet that didn’t work, at least not immediately. In the aftermath of that order, Schulte’s team said the Wall Counsel hasn’t responded substantively to a previously written request. That seems to be a justifiable complaint about the difficulties of working with Classified Information Protect Act and Wall Counsel (to say nothing of really complex technical issues which none of the lawyers fully understand). It’s like a giant game of telephone and Schulte’s right to a fair trial is at stake.

Which is why the government should take this offer from Shroff more seriously than they appear to have done: giving Schulte’s expert direct access to the full set of data he seeks.

We have offered to limit the access to either counsel or go even further and limit the access to just the expert. We have even offered that the CIA need not give it to us. We would go to the CIA or the expert would go to the CIA to review the forensics.

Even while it could use CIPA to limit what they give Schulte’s team, it would serve the government to give his expert this access.

I say that, first of all, because of who Schulte’s expert is: Columbia University CompSci professor Steve Bellovin. He’s not just some forensics guy with clearance. He’s someone who has served in governmental positions (most notably as PCLOB’s tech expert for a year). That means he has already seen government spying in action, and what he’d see here would be a server that got replaced, probably before April, and some hacking tools and targets there were in no way exceptional.

Just as importantly, Bellovin is well-respected in the activist community, both on technical matters and judgment. If Bellovin were to test Schulte’s alternative explanation for the leak of the Vault 7 files and Schulte subsequently pled (suggesting that Shroff had counseled that he not take his theories to trial), it would suggest that Schulte’s story didn’t hold up to Bellovin’s scrutiny.

If that happened, it would be a key statement about not just what Schulte has claimed, but about what WikiLeaks did, in releasing the files in 2017.

As the government tells it, Schulte got in a fight with a colleague in December 2015, which led him to sour on the CIA as early as February 2016. When the agency didn’t respond in the way he wanted to Schulte’s claim that the colleague had threatened him, he started to retaliate in April 2016 by first copying the backup server holding all the CIA’s hacking tools, then sending it to WikiLeaks. In short, the government’s story is that Schulte simply burned the CIA’s hacking capabilities to the ground because he felt like they wronged him, a fairly breathtaking claim for one of the most damaging leaks to the government in history.

Schulte’s story is harder to suss out for a number of reasons: the defense has avoided putting this in writing, in part in an attempt to protect their theory of defense, some of what Schulte has argued is classified and still sealed, and other parts consist of rants he has published online or in dockets, not coherent arguments. Plus, some of Schulte’s claims are clearly lies, most demonstrably his claim that, “Federal Terrrorists [sic] had no evidence of plaintiff actually using cell phone” before they got a warrant relying on an affidavit that included pictures of him using the phone he had in MCC.

Schulte’s theory, as available, consists of three parts:

  • More people had access to the backup server from which the files were stolen than the government claims
  • The files were relatively easier to steal from an offsite backup server than the onsite one the government alleges Schulte stole them from
  • The likely culprits used security vulnerabilities he (claims to have) identified to CIA managers to steal the files

Evidence he’s making the first argument appears in his lawsuit against the Attorney General, where he claims the government has lied about the number of people who could access the server with the hacking tools.

AG lies about the number of people who had access to the classified information

Given a passage from the government’s response to his motion to suppress, Schulte must be referring to the claim that 200 people had access to the servers themselves, not the claim that 3-5 people had access to the backup server from which FBI claims the files were stolen. Schulte’s sealed filing appears to have argued that a second CIA group had access to the server.

Schulte does not dispute that the CIA Group was responsible for using and maintaining the LAN, that as of March 2016 fewer than 200 employees were assigned to the CIA Group, or that only these employees had access to the LAN. (See id. ,r 8(b)). Rather, Schulte argues that Agent Donaldson failed to note in the Covert Affidavit that a second CIA group (“CIA Group-2”), [redacted], allegedly also had access to the LAN.

For what it’s worth, the government disputes this claim outright. They introduce and conclude an otherwise redacted discussion by twice asserting this claim is false.

Schulte’s assertions about CIA Group-2’s access to the LAN are untrue [seven lines redacted] In short, Schulte is simply wrong.

Schulte’s claim that the files were more easily stolen from an offsite backup server may be more of a throwaway, based on what the government provided in discovery, reflecting what a contractor said almost a year into the investigation. (Remember that the government is not meaning to restate Schulte’s theories here, but instead to refute his claim that the initial affidavit against him included reckless errors.)

Schulte does not challenge that the Classified Information was taken from a back-up file, but instead argues that the back-up files were also stored at an offsite location (the “Offsite Server”), based on a network diagram of the LAN, and that, in one CIA Group contractor’s opinion, the “easiest” way to steal those back-up files was from the Offsite Server. None of this information, however, renders Agent Donaldson’s assessment misleading. Initially, while it is true that the back-up files were also stored in an Offsite Server, Agent Donaldson never suggested that the only place that the back-up files existed was the Back-up Server. Nor did Agent Donaldson opine in the abstract on the easiest method of exfiltrating the Classified Information from the LAN. Rather, he merely stated that it was “likely” that the Classified Information had come from the Back-Up Server, an eminently reasonable conclusion, given that the Back-Up Server contained the back-up files that mirrored the Classified Information, and Schulte–whom the FBI properly identified as a likely perpetrator of the theft–had access to it. Gates, 462 U.S. at 230-31 (courts do not isolate each factor of suspicion but look at the totality of the circumstances). The opinion of the contractor–who did not have access to all of the information and who had no relevant investigatory experience–in no way undermines that assessment, particularly when (i) that opinion is contradicted by [redacted], a LAN system administrator and a witness upon whom Schulte relies in his motion, who stated that “the easiest way to steal the data leaked by WikiLeaks” was for someone with administrative access to the LAN to “simply remov[e] the backup file from the network application” (i.e., the Back-Up Server) (Shroff C. Decl., Ex. I); and (ii) even if the contractor’s opinion was relevant, it was not conveyed to the FBI until February 2018, nearly a year after the date of the Covert Affidavit, see Garrison, 480 U.S. at 85.

Significantly, the government bases its claim that Schulte leaked classified information from jail in part on him sharing a “Network Structure Document” with someone (probably a reporter); given that some of the other information he is alleged to have leaked in violation of classification or protective orders was meant to sustain his claims of innocence, this probably does too. If so, that would suggest he was floating this theory about a year ago.

Finally, in his Presumption of Innocence blog, Schulte maintains that the CIA network was vulnerable in ways that he claims he raised with the CIA before he left.

I reported numerous security vulnerabilities that I discovered within our network and particularly issues with system administration, backup, and protection of some of our prominent tool sets. I was continually met with pushback and retaliatory responses that ultimately forced me to resign. My final acts were to file complaints with the OIG and the House Select Committee on Intelligence to hopefully prevent future retaliatory actions against others.

So while the government claims that Schulte retaliated by leaking the CIA’s hacking tools because the CIA wasn’t treating him with the respect he thought he deserved, Schulte appears to be claiming that possibly members of CIA’s Group-2 or perhaps even outsiders stole the files via vulnerabilities he identified before he left.

While not exactly the same, WikiLeaks made related claims when they released the files, in part as rationale for publishing them.

Compare what we can make out of Schulte’s defense with what WikiLeaks published in its “press release” accompanying the first Vault 7 release. WikiLeaks describes CIA “losing control” of its hacking tools, not someone leaking them.

Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized “zero day” exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.

While it mentions former US government hackers (which could include Schulte), it also invokes contractors (the press release elsewhere mentions Hal Martin), and contractors were the presumed source for Vault 7 files at the time. While WikiLeaks acknowledges that the files came from “an isolated, high-security network situated inside the CIA’s Center for Cyber Intelligence in Langley, Virgina [sic]” the description of the archive circulating in unauthorized fashion suggests that WikiLeaks is claiming the files were more broadly accessible.

The “press release” also suggests CIA’s hacking division had 5,000 users, implying all were involved in the production of hacking tools.

By the end of 2016, the CIA’s hacking division, which formally falls under the agency’s Center for Cyber Intelligence (CCI), had over 5000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other “weaponized” malware.

While that may or may not be the CIA Group-2 Schulte claims had access to the servers, it certainly suggests a far larger universe of potential sources for the stolen files than the 200 the government claims, much less the around 5 SysAdmins who had privileges to the backup server.

The purported motive for releasing these tools — both that of the source and of Assange — is partly the insecurity of having such tools lying around.

In a statement to WikiLeaks the source details policy questions that they say urgently need to be debated in public, including whether the CIA’s hacking capabilities exceed its mandated powers and the problem of public oversight of the agency. The source wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyberweapons.

Once a single cyber ‘weapon’ is ‘loose’ it can spread around the world in seconds, to be used by rival states, cyber mafia and teenage hackers alike.

Julian Assange, WikiLeaks editor stated that “There is an extreme proliferation risk in the development of cyber ‘weapons’.

[snip]

Securing such ‘weapons’ is particularly difficult since the same people who develop and use them have the skills to exfiltrate copies without leaving traces — sometimes by using the very same ‘weapons’ against the organizations that contain them.

[snip]

Once a single cyber ‘weapon’ is ‘loose’ it can spread around the world in seconds, to be used by peer states, cyber mafia and teenage hackers alike.

In other words, WikiLeaks justified posting development notes for a significant portion of CIA’s hacking tools — and ultimately the source code for one — to prevent “teenage hackers” from obtaining such weapons and using them. (By this February, a security researcher had made his own hacking module based off what WikiLeaks had released.) A key part of that claim is the risk that CIA itself had not sufficiently secured its own tools, that they were “circulat[ing] … in an unauthorized manner.” That is, WikiLeaks purports to be the fulfillment of and remedy for precisely the risk Schulte claims — in his Presumption of Innocence blog — he warned the CIA about.

Except the government claims that’s not true.

It is true, as the affidavit in dispute in Schulte’s motion to suppress lays out, that Schulte wrote a “draft resignation letter” purporting to warn about these dangers and, on his last day, sent the CIA’s Inspector General a letter raising the same issues. The government reviews what he did at length in their response to his motion to suppress.

Agent Donaldson discussed the circumstances of Schulte’s resignation from the CIA in November 2016, including a letter and email he wrote complaining about his treatment. (Id. ,i,i 19-20). On October 12, 2016, Schulte sent an email to another CIA Group employee with the subject line “ROUGH DRAFT of Resignation Letter *EYES ONLY*,” which attached a three-page, single-spaced letter (the “Letter”). (Id. ,i 19(a)). In the Letter, Schulte stated that the CIA Group management had unfairly “veiled” CIA leadership from various of Schulte’s “concerns about the network security of the CIA Group’s LAN” and that “[t]hat ends now. From this moment forward you can no longer claim ignorance; you can no longer pretend that you were not involved.” (Id. ~ 19(a)(ii)). The Letter also stated that Schulte was resigning because management had “‘ignored'” issues he had raised about ‘”security concerns,”‘ including that the LAN was ‘”incredibly vulnerable’ to the theft of sensitive data.” (Id. ~ 19(a)(iii)). In particular, Schulte stated that the “inadequate CIA security measures had ‘left [the CIA Group’s LAN] open and easy for anyone to gain access and easily download [from the LAN] and upload [sensitive CIA Group computer code] in its entirety to the [public] internet.”‘ (Id.~ 19(a)(iv)).

[snip]

However, on November 10, 2016, Schulte’s last day at the CIA, Schulte sent an internal email to the CIA’s Office of Inspector General (“OIG”), which Schulte marked “Unclassified,” advising that he had been in contact with the U.S. House of Representatives’ Permanent Select Committee on Intelligence regarding his complaints about the CIA (the “OIG Email”). (Id ~ 19(c)). The OIG Email raised many of the same complaints in the Letter, including “the CIA’s treatment of him and its failure to address the ‘security concerns’ he had repeatedly raised in the past.” (Id ~ 19(c)(i)). Although Schulte had labeled the OIG Email “Unclassified,” the CIA determined that the OIG Email did in fact contain classified information. (Id.~ 19(c)(iii)). Schulte nevertheless printed and removed the email from the CIA when he left that day. (Id ~ 19( c )(ii)).

As the government response notes, the affidavit describes that Schulte never actually sent the resignation letter.

Agent Donaldson noted that Schulte did not appear to send the Letter. (Id. ~ 19(b)).

A later discussion of the resignation letter as part of a summary of the probable cause against Schulte goes still further, claiming that there is no record that Schulte raised security concerns with CIA management (which is presumably one reason he asked for all his emails).

(iv) drafted a purported “resignation email,” in which he claimed essentially that he had warned CIA management about security concerns with the LAN7 that were so significant that the LAN’s contents could be posted online–precisely what happened four months later (see id. ,r 19);

7 There is no record of Schulte reporting any such security concerns to CIA management.

The government makes Schulte’s allegedly false claim to have raised concerns about the security of the CIA tools a key part of its short summary of the probable cause against Schulte, insinuating that Schulte wrote both the resignation letter and the letter to the IG (which he wrote five and six months, respectively, after the government alleges he stole the files) as a way to create a cover story for the leaked documents.

Thus, even if the Covert Affidavit was rewritten to Schulte’s (incorrect) specifications, it would still establish probable cause by showing that Schulte was a CIA employee with a grudge against the CIA and a track record of improperly accessing and taking classified information, who left the CIA claiming that classified information from the LAN would one day be sprayed across the Internet and who worried about the investigation when his “prophecy” came to pass.

Of course, the government — especially intelligence agencies like the NSA and CIA — always dismiss the claims to be whistleblowers of leakers. The CIA claimed Jeffrey Sterling only leaked details of the Merlin operation because he was disgruntled about an EEOC complaint they had denied. NSA denied that Edward Snowden had raised concerns — first at CIA about its security, then at NSA about the boundaries of EO 12333 and Section 702. In the former case, however, the government knows of at least three other people who thought Sterling’s concerns had merit, and the actual details around Merlin’s own activities were a clusterfuck. In the latter, even a really problematic HPSCI report acknowledges that both incidents occurred, and NSA ultimately released enough of the backup to show that the NSA undersold the latter instance (though Snowden’s claims were not as substantive as he claimed).

Thus far, Schulte has presented no such counterevidence (indeed, the docket does not show his team submitted a reply to the government’s response before their August 16 deadline, though a reply could be held up in classification review). [Update: This letter asking to sever the MCC charges from the WikiLeaks charges says they’re still working on their replies.]

There may be a very good reason why Schulte’s defense didn’t go there: because one of the lies the government claims he told to FBI Agents on March 20 and 21, 2017 involves making CIA systems more vulnerable to the theft of data.

On or about March 20 and 21, 2017, Schulte … denied ever making CIA systems vulnerable to the theft of data.

Aside from this mention, this allegation doesn’t otherwise appear in public documents I’m aware of. But the implication is that before Schulte wrote two documents that — the government claims — served to establish a cover story claiming he leaked the documents because CIA’s server was vulnerable to theft, he tampered with the CIA’s server to make it more vulnerable to theft.

There actually is evidence that the server was vulnerable to theft. In Crotty’s opinion, he overruled the government’s effort to withhold some internal reports on the leak under CIPA. He explained,

These documents [redacted] might help Schulte advance a theory that DevLAN’s vulnerabilities could have allowed someone else to have taken the leaked data. They also support the defense’s theory that Schulte’s behavior while an employee of the CIA was consistent with someone who was trying to help the agency address security flaws, rather than someone who was a disgruntled employee.

That’s why it’d be worthwhile for Bellovin to have access to the server directly: to test not just how vulnerable the servers really were (I bet he’d be willing to help improve their security along the way!), but also to test himself whether there’s any evidence that someone besides Schulte exploited those vulnerabilities.

The government’s reliance on CIPA in this case is an attempt to try Schulte for an unbelievably sensitive leak without (as Crotty laid out) giving him opportunity to leak some more.

But the case goes beyond Schulte’s actions, to implicate WikiLeaks’ actions (court filings make it clear that WikiLeak’s claims around this leak were false in another manner, one which I’m not describing at the government’s request). And while details of CIA’s unexceptional hacking program are useful for researchers to have, it would matter if the stated rationale for releasing them was bullshit manufactured after the fact. That’s all the more true if WikiLeaks — which used to boast its perfect record on verification — knew the claim to be false, particularly given how and when it released these files, with an attempt to extort the US government and in the wake of the Russian hacks, at a time CIA would have needed these tools to prevent follow-ups.

Three months after Schulte’s trial (if this does go to trial), the government will be embroiled in attempting to extradite Julian Assange under charges that are rightly being attacked as an assault on the press. The government is never going to reveal all it knows about Assange (including, pertinent to this case, whether there’s any evidence Assange used some of the CIA’s own tools for his own benefit). Bellovin, if he were permitted to review the CIA server, would never be in a position to reveal what he learned; but his role in this case provides a rare opportunity for a trusted outsider to weigh in on a controversial case.

Effectively, a guy who authored CIA’s obfuscation tool and purportedly planned an information war from jail — complete with fake FBI and CIA personas — may have created the vulnerability he claimed to be exposing by leaking the files. If Bellovin were able to test that possibility, it would go a long way to shift an understanding about WikiLeaks recent intentions with the US government.

DOJ Says It Never Offered Accused Vault 7 Leaker Joshua Schulte a Plea Deal

As the Joshua Schulte prosecution has inched along against the backdrop of the Julian Assange indictment, I’ve heard chatter about his plans: that the two sides might prosecute the child porn charges and leave the leak untried; that the government was trying to get him to cooperate against Assange.

In the former case, the opposite now seems more likely. Last week, Judge Paul Crotty granted Schulte’s motion to sever his child porn and copyright charges from his Espionage ones. But the minute order states that the Espionage charges will be tried first, in November, with the child porn charges tried some time after that. That’s true, even though the Espionage charges are far more complex to try than the child porn ones. If the government wanted to use the child porn charges to put Schulte away indefinitely and avoid the difficulties of an Espionage trial, they’d try those first. (Update: at the hearing where this was decided, the defense said they wanted the Espionage trial to go first, and all other parties agreed.)

As to the latter, Schulte himself has sown the belief he was being offered a plea deal. In one version of his “Presumption of Innocence” blog, for example, he claimed (falsely, given the warrants he himself released) the government never obtained any evidence implicating him in the leak, and was just pursuing the child pornography charges to “break” him so he’ll cooperate against WikiLeaks.

I’m arrested and charged with a crime that had nothing to do with the initial search warrant and that I was completely innocent. The U.S. Attorney unethically and immorally misleads the court regarding what the initial investigation was about, when they found the illicit materials, and the fact that they did not think I was involved for 5 months until their initial investigation came up empty. I’m denied bail and thrown into prison immediately and they use the situation as leverage telling my attorney every day that he can make this huge embarrassment and misunderstanding all go away if only I would agree to cooperate on the WikiLeaks investigation and admit to it. They admit, unabashedly that these entire charges are nothing more than a ruse, an attempt at leverage to break me.

A version of this claim was repeated in a piece the Intercept did yesterday claiming to track how (a select group of) leakers got identified by the FBI.

Of the four Espionage Act cases based on alleged leaks in the Trump era, the most unusual concerned Joshua Schulte, a former CIA software developer accused of leaking CIA documents and hacking tools known as the Vault 7 disclosures to WikiLeaks. Schulte’s case is different from the others because, after the FBI confiscated his desktop computer, phone, and other devices in a March 2017 raid, the government allegedly discovered over 10,000 images depicting child sexual abuse on his computer, as well as a file and chat server he ran that included logs of him discussing child sexual abuse images and screenshots of him using racist slurs. Prosecutors initially charged Schulte with several counts related to child pornography and later with sexual assault in a separate case, based on evidence from his phone. Only in June 2018, in a superseding indictment, did the government finally charge him under the Espionage Act for leaking the hacking tools. He has pleaded not guilty to all charges.

Schulte was identified as the suspect just like all the other people profiled in the story were: because he was one of the few people who had access to the files that got leaked and his Google searches mapped out a damning pattern of research involving the leak, among other things. In his case, WikiLeaks itself did several things to add to the evidence he was the source. It is true that Schulte was charged with the porn charges first and that it took 15 months for the government to ultimately charge the leak, but the theory of Schulte’s role in the leak has remained largely unchanged since a week after the first files were dropped.

Schulte again suggested he might get a plea deal in his lawsuit against then Attorney General Jeff Sessions for imposing Special Administrative Measures against him when he raised 5K1 letters that might allow someone to avoid mandatory minimum sentencing.

But in last week’s opposition to Schulte’s motion to suppress most of the warrants against him — including some on the grounds that they relied on poisonous fruit of attorney-client privileged material — the government denies ever offering a plea deal.

Schulte claims that the FBI read his thoughts on severance (which the Government has consented to) or a plea offer (which the Government has not made), but none of those “thoughts” are referenced in any subsequent search warrant.

The claim that the government left unredacted a reference to Schulte’s views on a plea deal does not appear in the unredacted version of Schulte’s motion to suppress, but given his lawyers’ claim that his journals were intended to be a discussion of his legal remedies, it may be an attempt to suppress the Presumption of Innocence notes cited above (even though Schulte made the same notes public).

Mr. Schulte’s narrative writings and diary entries contain information he “considered to be relevant to his potential legal remedies.”

There’s lot of room for a discussion short of a plea offer that might be true even given the government claim that “the Government has not made” any offer (such as that one of the series of attorneys who have represented Schulte has recommended that he seek a deal).

But the detail is particularly interesting given the timing of his trial and something the government claimed the last time Chelsea Manning and her lawyers tried to get her out of jail. It insisted they want Manning’s testimony for subjects and charges not included in Assange’s current indictment, and said the submission of the extradition request against Assange does not preclude future charges based on those offenses.

As the government’s ex parte submissions reflect, Manning’s testimony remains relevant and essential to an ongoing investigation into charges or targets that are not included in the superseding indictment. See Gov’t’s Ex Parte Mem. (May 23, 2019). The offenses that remain under investigation are not time barred, see id., and the submission of the government’s extradition request in the Assange case does not preclude future charges based on those offenses, see Gov’t’s Supplement to Ex Parte Mem. (June 14, 2019).

Barring a delay because of Classified Intelligence Protect Act proceedings, Schulte will face trial on the Espionage charges in November, three months before the next hearing in Assange’s extradition. And while there’s no hint in Schulte’s case that WikiLeaks played a role in the front end of Schulte’s alleged leak, there’s abundant evidence that they continued to cooperate with him in the aftermath and even in the initial release itself. Indeed, that’s some of the most damning evidence against Schulte.

Schulte seems to think he could cooperate against Assange and face lesser charges. If the government told the truth last week, he may have little prospect to diminish what would amount to a life sentence if he’s found guilty.

Joshua Schulte Keeps Digging: His Defensible Legal Defense Continues to Make a Public Case He’s Guilty

To defend him against charges of leaking the CIA’s hacking tools to WikiLeaks, Sabrina Shroff has made it clear that Joshua Schulte is the author of the CIA’s lies about its own hacking.

In a motion to suppress all the earliest warrants against Schulte submitted yesterday, Shroff makes an unintentionally ironic argument. In general, Shroff (unpersuasively) argues some things the government admitted in a Brady letter sent last September are evidence of recklessness on the part of the affiant on those earliest warrants, FBI Agent Jeff Donaldson. She includes most of the items corrected in the Brady letter, including an assertion Donaldson made, on March 13, 2017, that Schulte’s name did not appear among those published by WikiLeaks: “The username used by the defendant was published by WikiLeaks,” the prosecutors corrected the record in September 2018. To support a claim of recklessness, Schroff asserted in the motion that someone would just have to search on that username on the WikiLeaks site to disprove the initial claim.

Finally, the Brady letter explained that a key aspect of the affidavit’s narrative—that Mr. Schulte was the likely culprit because WikiLeaks suspiciously did not publicly disclose his identity—was false. Mr. Schulte’s identity (specifically, his computer username “SchulJo”) was mentioned numerous times by WikiLeaks, as a simple word-search of the WikiLeaks publication would have shown. See Shroff Decl. Exh. F at 7

If you do that search on his username — SchulJo — it only readily shows up in one file, the Marble Framework source code.

That file was not released until March 31, 2017. So the claim that Schulte’s name did not appear in the WikiLeaks releases was correct when Donaldson made it on March 13. That claim — like most of the ones in the Brady letter — reflect the incomplete knowledge of an ongoing investigation, not recklessness or incompetence (Schulte has written elsewhere that he believed the FBI acted rashly to prevent him from traveling to Mexico, which given other details of this case — including that he hadn’t returned his CIA diplomatic passport and snuck it out of his apartment when the FBI searched his place, they were right to do).

By sending her reader to discover that Schulte’s name appears as the author of the Marble Framework, she makes his “signature” that of obfuscation — hiding who actually did a hack.

Marble is used to hamper forensic investigators and anti-virus companies from attributing viruses, trojans and hacking attacks to the CIA.

Marble does this by hiding (“obfuscating”) text fragments used in CIA malware from visual inspection.

[snip]

The source code shows that Marble has test examples not just in English but also in Chinese, Russian, Korean, Arabic and Farsi. This would permit a forensic attribution double game, for example by pretending that the spoken language of the malware creator was not American English, but Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators even more strongly to the wrong conclusion, — but there are other possibilities, such as hiding fake error messages.

Marble was one of the files WikiLeaks — and DNC hack denialists — would point to to suggest that CIA had done hacks (including the DNC one) and then blamed them on Russia. In other words, in her attempt (again, it is unpersuasive) to claim that FBI’s initial suspicions did not reach probable cause, she identifies Schulte publicly not just with obfuscation about a breach’s true culprits, but with the way in which the Vault 7 leak — ostensibly done out of a whistleblower’s concern for CIA’s proliferation of weapons — instead has served as one prong of the propaganda covering Russia’s role in the election year hack.

That’s just an ironic effect of Shroff’s argument, not one of the details in yesterday’s releases that — while they may legally serve to undermine parts of the case against her client — nevertheless add to the public evidence that he’s not only very likely indeed the Vault 7 culprit, but not a terribly sympathetic one at that.

Back when FBI first got a warrant on Schulte on March 13, 2017, they had — based on whatever advanced notice they got from Julian Assange’s efforts to use the files to extort a pardon from the US government and the week of time since WikiLeaks had released the first and to that date only set of files on March 7 — developed a theory that he was the culprit. The government still maintains these core details of that theory to be true (this Bill of Particulars Schulte’s team released yesterday gives a summary of the government’s theory of the case as of April 29):

  • The files shared with WikiLeaks likely came from the server backing up the CIA’s hacking tools, given that the files included multiple versions, by date, of the files WikiLeaks released
  • Not that many people had access to that server
  • Schulte did have access
  • Not only had Schulte left the CIA in a huff six months before the WikiLeaks release — the only  person known to have had access to the backup server at the time who had since left — but he had been caught during the period the files were likely stolen restoring his own administrator privileges to part of the server after they had been removed

But, after it conducted further investigation and WikiLeaks published more stolen files, the government came to understand that several other things that incriminated Schulte were not true.

[T]he government appears to have abandoned the central themes of the March 13 affidavit: namely, that the CIA information was likely stolen on March 7–8, 2016, that Mr. Schulte was essentially “one of only three people” across the entire CIA who could have taken it, and that WikiLeaks’s supposed effort to conceal his identity was telltale evidence of his culpability

There’s no indication, however, that Donaldson was wrong to believe what he did when he first obtained the affidavit; Shroff claims recklessness, but never deals with the fact that the FBI obtained new evidence. Moreover, for two of the allegations that the government later corrected — the date the files were stolen and the number of people who had access to the server, Donaldson admitted those were preliminary conclusions in his initial affidavit (which Shroff doesn’t acknowledge):

It is of course possible that the Classified Information was copied later than March 8, 2016, even though the creation/modification dates associated with it appear to end on March 7, 2016.

[snip]

Because the most recent timestamp on the Classified Information reflects a date of March 7, 2016, preliminary analysis indicates that the Classified Information was likely copied between the end of the day on March 7 and the end of the day on March 8.

[snip]

It is, of course, possible that an employee who was not a designated Systems Administrator could find a way to gain access to the Back-Up Server. For example, such an employee could steal and use–without legitimate authorization–the username and password of a designated Systems Administrator. Or an employee lacking Systems Administrator access could, at least theoretically, gain access to the Back-Up Server by finding a “back- door” into the Back-Up Server.

Between the two corrections, the revised information increases the number of possible suspects from two to five, out of 200 people who would have regular access to the files. A footnote to a later affidavit (PDF 138) describes that on April 5, 2017, FBI received information that suggested the number might be higher or lower. (I suspect Schulte argued in a classified filing submitted yesterday that even more people could have accessed it, not least because he has been arguing that in his various writings posted to dockets and other things,)

But, even though the Brady letter corrects the dates on which Schulte reinstated his administrator privileges for the Back-Up server slightly (he restored his own access on April 11, not April 14, which is when his managers discovered he had done so), Shroff only addresses his loss of privileges as innocent, without addressing that he got that access back on his own improperly.

More importantly, the motion doesn’t address, at all, that Schulte kicked everyone else off one of his programs, the Brutal Kangaroo tool used to hack air gapped networks using thumb drives. Nor does it address allegations against Schulte made in August 2016 as part of his clearance review, including that his demeanor changed for the worse around February 2016, he might be “subject to outside coercion,” and he tended not to abide by “guidelines concerning when and what kinds of media or data (such as external drives) could be connected or uploaded to CIA computer systems.” There are other details in the affidavit — such as Schulte’s attempt to learn what his former colleagues knew of the investigation — that support probable cause too (these may be among the things Shroff addresses in a classified filing).

That is, the probable cause that Schulte was the culprit was pretty strong even with the errors in the original affidavit, and none of the errors suggests malice or incompetence or even the recklessness Shroff alleges.

Shroff is right that the March 13 affidavit doesn’t offer as much probable cause to tie Schulte’s home to the crime; but that’s the magistrate’s fault and fairly standard for computer crimes, not the FBI’s. Shroff obscures the effect of FBI obtaining a second warrant to actually search the 150 storage media and computer devices they found in his home (a list of what they seized starts on PDF 116), as well as a second warrant to obtain child porn.

It is also true, as the defense argues, that the evidence to search for child porn was thin. But given that the government had a warrant to search the computer in question, and given precedents about child porn, that may not matter (though I think it is more likely to succeed than the rest of this). In any case, by the time of the main searches on child porn, three different magistrates had signed off on these searches.

This is a totally understandable attempt to get some of this evidence suppressed. But along the way the affidavits released yesterday provide a slew of damaging new details such as:

  • Schulte conducted a ton of searches on Google in April 2016 about detecting USB insertion, copying big files, deleting files, preventing other admins from seeing what someone was doing on a LAN
  • Schulte made a snapshot of (part of?) the LAN on April 20, 2016
  • In early May, Schulte researched how to use Tor and Tails, which the government alleges he used to send the files
  • On August 4, 2016 — the day after Snowden sent this tweet — Schulte did a Google search for WikiLeaks for the first time ever (note, I believe the Snowden tweet may have been preparation for the misleading IG report on him released the following month)

  • Between then and March 7, Schulte searched on WikiLeaks over 20 more times, reading hundreds of articles on it; but he didn’t visit WikiLeaks for the first time until March 7, 2017, the first day the files posted; he also searched for that Snowden tweet

In short, just Schulte’s Google searches alone provide very strong evidence that he’s the Vault 7 leaker. Which explains why his attorneys are making what will probably be an unsuccessful attempt to claim the Google searches were overly broad and lacked probable cause (something Schulte wrote elsewhere seems to reflect that he has been told this will be treated under a Good Faith exception).

Schulte has been trying to disclose all these materials for over a year. But they really don’t help his case.

US Government Reveals It Has Video Evidence of Joshua Schulte Sharing Classified Information as Ecuador Restricts Assange’s Legal Visits

In a letter sent Thursday to Paul Crotty, the judge in the case of alleged Vault 7 WikiLeaks source, Joshua Schulte, prosecutors described the investigation conducted when, “in or about early October 2018,” they discovered he had been communicating clandestinely with third parties outside of the Metropolitan Corrections Center, where he has been held since December. They described discovering a truly stupendous amount of communications gear to store in a jail cell, amounting to multiple cell phones and other devices, from which Schulte was running 13 email and social media accounts.

In or about early October 2018, the Government learned that Schulte was using one or more smuggled contraband cellphones to communicate clandestinely with third parties outside of the MCC. The Government and the FBI immediately commenced an investigation into Schulte’s conduct at the MCC. That investigation involved, among other things, the execution of six search warrants and the issuance of dozens of grand jury subpoenas and pen register orders. Pursuant to this legal process, in the weeks following the Government’s discovery of Schulte’s conduct at the MCC, the FBI has searched, among other things, the housing unit at the MCC in which Schulte was detained; multiple contraband cellphones (including at least one cellphone used by Schulte that is protected with significant encryption); approximately 13 email and social media accounts (including encrypted email accounts); and other electronic devices.

Now, the prosecutors use that word “encrypted” twice, as if it means extra spooky, but these days, a cellphone with significant encryption could mean an iPhone (though in jail Schulte might be able to get state of the art spook or crook phones) and “encrypted email accounts” often means ProtonMail.

In any case, that’s a whole lot of legal process for a one month investigation of someone sitting in a jail cell (Schulte was moved to solitary when the investigation started on October 1), but then Schulte allegedly had a shit-ton of hardware. The 6 search warrants were presumably used for Schulte’s devices, and the “dozens of grand jury subpoenas and pen registers” would probably have been used for those email and social media accounts, perhaps with both used for each account (I have a working theory that for encrypted comms it may take more than one pen register to get the data).

Schulte was using all this hardware and software, according to the prosecutors, to — among other things — do two things: send details about the search warrants to investigate him, as well as yet more classified information, to third parties.

As a result of these searches and other investigative steps, the Government discovered that Schulte had, among other things, (i) transmitted classified information to third parties, including by using an encrypted email account, and (ii) transmitted the Protected Search Warrant Materials to third parties in direct contravention of the Court’s Protective Order and the Court’s statements at the May 21 conference.

The prosecutors included a superseding indictment with their letter, adding two extra counts to his already life sentence-threatening indictment: a new Count Eleven, which is contempt of court for blowing off the protective order covering his search warrant starting in April, and a new Count Four, which is another count of transmitting and attempting to transmit unlawfully possessed national defense information (793(e)) during the period he has been in MCC.

With regards to Count Eleven, on Monday a letter Schulte sent to Judge Crotty that was uploaded briefly to PACER (I believe this is the third time Schulte has succeeded in getting such letters briefly uploaded to the docket), revealing that he had been moved to solitary, but also complaining about corrections the government had made to his original search warrant:

I beg you Judge Crotty to read the first search warrant affidavit and the government’s Brady letter; the FBI outright lied in that affidavit and now acknowledge roughly half of these lies. Literally, they [sic] “error” on seeing dates of 3/7 where there were only 3/2 dates and developing their entire predicate based on fallacious reasoning and lies. They “error” in seeing three administrators where there were “at least 5” (ie. 10). They [sic] “error” in where the C.I. was stolen who had access, and how it could be taken — literally everything.

While I absolutely don’t rule out the government either focused on Schulte back in March 2017 for reasons not disclosed in the search warrant application, or that they parallel constructed the real reasons badly (both of which would be of significant interest, but both of which his very competent public defender can deal with), the docket suggests the Vault 7 case against him got fully substantiated after the porn case, perhaps because of the stuff he did last year on Tor that got him jailed in the first place. As I noted, that Tor activity closely followed one of Julian Assange’s more pubic extortion attempts using the Vault 8 material Schulte is accused of sharing, though Assange has made multiple private extortion attempts both before and since.

Which brings me to the second new charge, transmitting and attempting to transmit national defense information to a third party, with a time span of December 2017 to October 2018. Effectively, the government claims that even after Schulte was jailed last December, he continued to share classified information.

I’m particularly interested in the government’s use of “attempted” in that charge, not used elsewhere. The time period they lay out, after all, includes a period when Ecuador restricted Julian Assange’s communication. Effectively, the government revealed on Wednesday that they have video evidence of Schulte sharing classified information with … someone.

Meanwhile, in the Ecuadoran embassy in London, things have been heating up between Assange and his hosts.

About halfway through the period after which Schulte had been put into solitary so the government could investigate a bunch of communications devices they claim they didn’t know about before around October 1, Ecuador announced what seemed to be a relaxation of restrictions on Assange, but actually was more of an ultimatum. He could have visitors, but first they’d have to apply 3 days in advance and supply their social media handles and identifying details for any devices they wanted to bring with them. Assange, too, has to register all his devices, and only use Ecuador’s wifi. If anyone uses unapproved devices, they’ll be deemed a security threat to Ecuador under the protection of the UK, basically giving the UK reason to prosecute them to protect Ecuador. Assange has to have regular medical exams; if he has a medical emergency, he’ll be treated off site. Starting on December 1, he has to start paying for food and other supplies. He has to start cleaning up the joint. He has to start taking care of his cat.

Assange immediately sued over the new rules. But he lost that suit on Monday. But even as he appeals that verdict, according to Courage Foundation, Ecuador has restricted even legal visits, something that hadn’t been the case before. Those restrictions appear to have been put in place on Wednesday, the same day the new Schulte charges were rolled out. They’ll remain in place until Monday.

A piece by Ryan Goodman and Bob Bauer renewed discussion this morning about the First Amendment limits on suing or prosecuting WikiLeaks for conspiring with Russia to swing the 2016 election; I hope to respond to it later, but wrote about the same lawsuit in this post. I think their view dangerously risks political journalism.

But I also think that you don’t necessarily need to charge WikiLeaks in the conspiracy to sustain a conspiracy charge; you can make them unindicted co-conspirators, just like Trump would be. I have long noted that you could charge Assange, instead, for his serial attempts to extort the United States, an effort that has gone on for well over 18 months using the very same files that Schulte is alleged to have leaked to WikiLeaks (extortion attempts which may also involve Roger Stone). Assange has accomplished those extortion attempts, in part, with the assistance of his lawyers, who up until this week (as far as I understand from people close to Assange) were still permitted access to him.

Say. Have I observed yet that these events are taking place in the last days before Mueller’s election season restrictions end?

As I disclosed in July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post.