Posts

CIA Put Joshua Schulte’s Buddy on Administrative Leave Last August

Update, 2/21/20: This post has been updated reflecting the DOJ response to Schulte’s bid for a mistrial based on this dispute. The response makes quite clear that the administrative leave pertains only to concerns about Michael’s candor regarding Schulte’s behavior.

Neither the Government nor the CIA believes anyone else was involved, and the defendant’s claims otherwise are based on a distorted reading of the CIA memorandum placing Michael on administrative leave (the “CIA Memorandum”). The CIA Memorandum explicitly states that Michael was placed on leave because of concerns he was not providing information about the defendant (not that he is a suspect in the theft); the Government has confirmed with the author of that memorandum that the memorandum was not intended to suggest that it was Michael rather than the defendant who stole the Vault 7 Information; and, in any event, the defendant has had all of the relevant information underlying the CIA Memorandum for months in advance of trial.

There was some drama at the end of last week’s testimony in the trial of accused Vault 7 leaker, Joshua Schulte. Schulte’s lawyers forced the government to admit that Schulte’s buddy, testifying under the name, “Michael,” is on paid leave from the CIA for lack of candor.

It turns out “Michael” got put on paid leave in August 2019, shortly after his seventh interview as part of the investigation (his interview dates, based DOJ’s response off Shroff’s cross-examination, were March 16, 2017, June 1, 2017, June 2, 2017, June 6, 2017, August 30, 2017, March 8, 2018, August 16, 2019, and January 13, 2020).

While prosecutors provided Schulte the underlying interview reports (the last one wasn’t even a 302 because prosecutors led the interview, with just one FBI agent present, possibly as part of pre-trial prep), they withheld documents explaining the personnel change until providing part of the documentation the night before Michael’s testimony starting on February 12. Technically, that late notice probably complied with Jencks, but once Judge Paul Crotty realized what documentation had been shared with whom, he granted the defense request for a continuance of Michael’s testimony so they could better understand the implications. Withholding the information was a dickish move on the part of the prosecutors.

The question is, why prosecutors did this, why they withheld information that might be deemed key to a fair trial.

I don’t think defense counsel Sabrina Shroff’s seeming take — that the government tried to hide Michael’s personnel status to hide that they were (purportedly) coercing him to get his story “to morph a little,” to testify in the way he had on threat of false statements charges and certain firing from the CIA — makes sense. That’s because, on the two key issues he testified about, Michael testified in roughly the same way in court as he did in FBI interviews in the wake of the Vault 7 disclosure.

On the stand under direct examination, Michael explained how he told his and Schulte’s colleague, Jeremy Weber, to take away Schulte’s access because he feared Schulte would respond to losing access to his own projects by restoring that access, which would lead to significant trouble.

Q. Did you ever speak with Mr. Weber about the defendant’s anger?

A. Yes.

Q. What did you talk about?

A. We didn’t talk about his anger per se. But, I told Jeremy that he should remove all of Josh’s admin accesses.

Q. Why did you ask Mr. Weber to do that?

A. I felt like Jeremy was kind of, like, setting him up. I knew that Josh was mad at Jeremy, and that he was putting him in a position where Josh had the ability or the access to change permissions on the project in question. And that he would do that because he didn’t respect Jeremy’s authority.

As Shroff elicited on cross-examination, Michael told the FBI something very similar on August 30, 2017.

Q. And it is in this meeting, if you remember, that you told the FBI that, in your opinion, Mr. Weber was setting Mr. Schulte up. Do you remember that?

A. I remember feeling that way.

Q. Okay. By that you mean that you thought Mr. Weber was setting Mr. Schulte up to fail at his job at the CIA, right?

A. I thought he was — baiting him into using his accesses, for a lack of a better word.

[snip]

A. Yeah, I thought he was setting — he was creating circumstances where he knew that Josh had access to change permissions on the server, Josh was an admin. He was telling Josh you cannot do this. But Josh technically could do that, right, he had the technical capability to do that. So, Josh was going to do that.

Q. Okay. You told Mr. Weber your concern?

A. Yes.

Q. And Mr. Weber said butt out, correct?

A. Yes, in summary. Mr. Weber said butt out.

Likewise, last week the government got Michael to explain how, on April 20, 2016 (the day the government alleges Schulte stole the Vault 7 files) Schulte first invited Michael to work out at the gym as they normally would, but then didn’t respond for an hour, at which point Michael witnessed — and took a screen cap of — Schulte deleting log files, which means Schulte’s buddy documented in real time as his buddy stole the files.

Q. It is a little difficult, so let’s blow up the left side of the screen. Do you recognize what we’re looking at?

A. Yes.

Q. How do you recognize it?

A. It is a screenshot I took.

Q. What is it a screenshot of?

A. It a screenshot of, in the bottom you can see a VM being reverted and then a snapshot removed.

Q. It is a screenshot of a computer screen?

A. Yes, of my computer screen.

Q. What date and time did you take this screenshot?

A. The date was April 20, and time was 6:56 p.m.

Q. What year was that?

A. 2016.

Michael explained his past testimony to the FBI to Shroff using much the same story (though she used a different screen cap that may be of import).

Q. Uh-huh.

A. I believe I was trying to dig into what the screenshot meant. I was unsure. You know, I took the screenshot because I was concerned, and then I tried to validate those concerns by determining did a person do these reverts, or was this a system action? This is me trying to dig into that. I have debug view open to see if there was any debug messages about reverting the VMs or something. That could have been there already. I don’t know. But specifically this command prompt here that you see, this black-and-white text, the command prompt, I was looking at IP addresses.

Q. And did you do that on the same day, or you did this later?

[snip]

Q. And you don’t see anything before the start time of 6:55?

A. Yeah. I don’t see anything before 6:55 — or I see 6:51.

Q. Right, but you’re saying that even though your vSphere was running, you didn’t see any April 16 snapshot?

A. Yeah. I don’t see an April 16 snapshot.

On redirect prosecutors will have Michael make it clear that the reason he didn’t see an April 16 snapshot is because it had been deleted, making this a damning admission, not a helpful one.

So knowing that the CIA has concerns that Michael isn’t telling the truth about all this doesn’t help Shroff rebut the most damning details of Michael’s testimony: that one of Schulte’s closest friends at CIA tried to intervene to prevent Schulte from doing something stupid before it happened, and the same friend happened to get online and capture proof of it happening in real time.

Nor does it help her rebut another damning detail from Michael’s testimony, a description of how a rubber band fight between him and Schulte led to Michael hitting Schulte physically.

Q. Could you just describe generally what happened.

A. Sure. On that day, Josh hit me with a rubber band, I hit him back with a rubber band. This went back and forth until late at night. I hit him with a rubber band and then ran away before he could hit me back. He trashed my desk. I trashed his desk. And then I was backed up against Jeremy’s desk and Josh was looking at me, kind of coming towards me. And something came over me and I just hit him.

This might seem, if you’re the NYT trying to cull the trial record for glimpses of the banality of CIA cubicle life, like an innocuous detail. But it’s not. Schulte’s defense, such as he has offered one so far, is that he had a real gripe with a colleague, Amol, which escalated into both being moved, him losing his SysAdmin access, which led to his retaliation against the CIA. But what Amol did was take Schulte’s Nerf darts away when they landed on his desk and make verbal — but never physical — attacks against Schulte. Yet Schulte obtained a restraining order against Amol, not against Michael, the guy who really had physically hit him. This rubber band fight with Michael, as juvenile as it seems, actually undermines Schulte’s claim that his complaint against Amol made sense.

Meanwhile, Shroff herself seems to have brought out the detail that led to CIA’s personnel action (and which Judge Crotty argued prosecutors had withheld by not sharing the full CIA notice). On direct, Michael told prosecutor Sidhardha Kamaraju that he stopped digging to find out what had happened because he remembered that he was using a regular user account that — he couldn’t remember — might not have the right permissions to view logs.

Q. Did that seem strange to you that there were no log files there?

A. Yes. At first this was strange to me.

Q. Why did you think it was strange at first?

A. Just because, a system managing this many VMs should have lots of logs.

Q. Did you try to find out why there weren’t any log files there?

A. I did some more digging, yes.

Q. What did you think as a result of your digging?

A. I remembered that this account that I was using was a regular user account, and I couldn’t remember if the regular user accounts had administrative permissions to view logs.

But as Shroff had him explain on cross, Michael told the FBI that Schulte had given him “pseudo creds” to one of his virtual machines. He told them that almost three months before the FBI first asked him about the screen cap showing Schulte delete logs.

Q. No, it’s not correct? What is it then?

A. This is a VM that he would have run on his DevLAN machine.

Q. So it is a virtual machine that he ran on his own DevLAN, correct?

A. Yes.

Q. Okay. So it says “Josh.” Correct?

A. Yes.

Q. Then it says “Michael,” correct?

A. Yes.

Q. And then it says “other,” correct?

A. Yes.

Q. And they asked you about this document, correct?

A. Yes.

Q. And you told them, did you not, that Josh had given you what you turned as a phrase “pseudo creds,” correct?

A. I don’t remember specific wording but, yes. I believe he gave me pseudo accesses to this VM.

[snip]

Q. And then you told them that you probably had root access to the machine to do with it what you wanted, correct?

A. Yes. If I had pseudo creds, then that’s true.

Q. They asked you if you were surprised to find out that you shared a VM with Josh, and you said no, correct?

This is a reference to “sudo” credentials, which is root access. The government response makes it clear that Michael had administrative access, using the “root” password, to the ESXi server, but did not have admin access to the Atlassian suite, which is what Schulte alleged used to steal the documents.

Michael’s “system administrator” privileges were well-documented in the reports of the FBI interviews. Indeed, Michael’s “system administrator privileges” were discussed in at least three different interviews, one of Michael and the other two of Mr. Weber:

  • In a March 22, 2017 interview, Weber stated that “Michael, [the defendant], [Weber], and [Matt] had administrative access to the ESXi server …. A root password was required to directly log into the ESXi server and this password was shared on OSB’s Confluence page that all of OSB had access to.” CLASSIFIED JAS _ 001318 – 001320 ( emphasis added).
  • In a May 26, 2017 interview, Weber stated that he “believed that [Matt] and [Michael] were possibly added as [ESXi] administrators later.” CLASSIFIED JAS 010153 – 010159.
  • In a March 8, 2018 interview, Michael explained the relevant distinction in administrative privileges: “There is a difference between being considered an Atlassian administrator and having the root password for the ESXi server. The root password for the ESXi server was likely needed to create and control VMs, which are frequently used by developers for testing. [Michael] believed he used the ESXi root password to create VMs. The status of being an Atlassian administrator is reflected in the user’s domain credentials. [Michael] is not aware of how to get access to Atlassian as an administrator.” CLASSIFIED JAS _ O I 0514 ( emphasis added).

These reports make clear that Michael never had Atlassian administrator privileges, and thus did not have the ability to access or copy the Altabackups (from which the Vault 7 Information was stolen).

Still, that part of his testimony hasn’t changed. And CIA would have known about all this by August 2017, two years before they put Michael on administrative leave.

And curiously, having had this information for quite some time, Schulte never tried to suggest that Michael could have conducted the theft while using Schulte’s credentials.

Thus far, it looks like the CIA moved Michael to administrative leave not to change his pre-August 2019 testimony — because that hasn’t changed — but out of concern that Michael learned about Schulte’s actions in real time but didn’t tell anyone, not in 2016 when the CIA could have done something about it, nor immediately after the Vault 7 publication. It wasn’t until the FBI discovered the screen cap and asked Michael about it in August 2017 that he told this story.

Q. Is it fair to say, sir, by the time the FBI showed it to you, you had forgotten about the screenshot?

A. Yes.

Q. You had taken it on April 20, 2016, right?

A. Yes.

Michael similarly did not offer up to the FBI that Schulte contacted him after the first Vault 7 publication (presumably in March) until it came up in June 2017.

Q. It was during this meeting that you told them about Mr. Schulte reaching out to you after the leaks had become public; correct? Do you remember that?

A. I remember telling them about him reaching out to me. I don’t remember if it was this specific meeting.

Q. Okay. Take a look at the highlighted portion on page one, okay?

A. Okay.

Q. You told the FBI, did you not, that Mr. Schulte had sounded upset to you that people thought it was he who had done the leaks, correct?

A. Yes. I believe the word was he seemed concerned.

Q. Right. You would be concerned too if somebody accused you of something you didn’t do, correct?

A. Yes.

Q. And you also told them that you essentially blew him off, correct? You didn’t want to engage and talk to him, correct?

A. Yes, I ignored the initial text messages. And then in the phone call, I didn’t want to talk about that subject.

Q. Okay. And at first you didn’t report the fact that Mr. Schulte contacted you, correct?

A. Correct.

Q. And then somehow or the other, the deputy chief of EDG said if somebody’s contacted you, report it. And then you reported it, correct?

A. Correct.

The most likely explanation for CIA’s change in Michael’s personnel status, then (but not the timing), is that Michael did not alert security when he had the opportunity, and then when he discovered that his buddy was the lead suspect for a huge theft of CIA tools, he tried to downplay his knowledge, perhaps hoping to avoid suspicion himself (which, if true, backfired). As Michael said himself in one of his FBI interviews, it sucks when you’re the single guy the prime suspect for a crime has given credentials to his VM, by name.

Q. And then you kind of added that it kind of sucked that your name was on this VM, correct?

A. I don’t remember that.

Q. Take a look at the first paragraph, page two of eight. It sucks. I don’t mean to be rude, but that’s the word it says, “suck,” right?

A. Yes.

Q. That your name was on the virtual machine, correct?

A. Correct.

Q. And that you understood from the FBI that that put you under the microscope, correct?

A. Correct.

So, again, the most likely implication of all this is just that the CIA believes Michael had information about a data breach in real time that he offered unconvincing (and, possibly, technically false) explanations for why he didn’t alert anyone.

But, particularly given the delay in putting him on administrative leave, I wonder whether there’s not something more.

DOJ and CIA clearly suspect Michael is being less than forthcoming about what he witnessed in real time. That doesn’t undermine his value as a witness to having taken the screen shot, but it does raise questions about his trustworthiness to retain clearance at CIA. It does undermine his claims to the FBI, which Shroff portrayed as largely unique among CIA witnesses, that Schulte wasn’t the culprit (which he hasn’t yet explained in the presence of the jury).

That may, however, raise questions about his candor on other answers asked by the FBI, answers that may speak to how Schulte came to steal CIA’s hacking tools in the first place or even whether Michael knew more about it than he knows.

For example, the FBI asked Michael repeatedly about Schulte’s League of Legends habit.

Q. He played a lot of League of Legends or something?

A. Yes.

Q. Some kind of game?

A. Yes, it’s a video game.

Q. A lot of men, people play it; is that right?

A. It has a large user base.

Q. It is some kind of online game where you pretend to have avatars and kill each other online or something like that? Is that right, basically?

A. Yes.

Q. And you played that game, did you not, with Mr. Schulte? A. Yes.

In recent years the government has come to regard gaming communications systems as a means to communicate covertly (which Schulte would have known because his hacking tools targeted terrorists).

They also asked Michael whether Schulte was a “vigilante hacker” by night, and about his Tor usage (which, according to Michael, Schulte didn’t hide).

Q. You remember the FBI asking you if Mr. Schulte was a vigilante hacker by night? Do you remember that phrase they used?

A. I think I do actually, yes.

Q. You told them, no, you didn’t know him to be a vigilante hacker at night?

A. Correct.

Q. You in fact did not know him to be a vigilante hacker at night.

A. Correct. I did not know him to be a vigilante hacker.

This question is particularly relevant given Schulte’s claim, in communicating with a journalist from jail, that he had been involved with Anonymous.

The FBI asked Michael how he came to buy two hard drives for Schulte from Amazon, the same place Schulte bought a SATA adapter they think he used in the theft.

A. I only ever bought him hard drives this one time. But the reason, like, I wouldn’t normally just buy him hard drives, I would have told him to buy it himself. But the reason was there was some deal going on, and so he’s like, if I buy it and then you buy it, we all get the deal and I’ll just pay you back.

Q. Right. It’s normal, right?

A. Yeah.

Q. Yeah. Amazon had a cap on the sale, like everyone could only get two, and he wanted four or something like that?

A. Yes, it was something along those lines.

Of the hard drives the FBI seized from Schulte’s home in March 2017 (PDF 116), the ones he owned the most copies of — the 1TB Western Digital drives — are the ones they suspect were used in the theft because they were overwritten.

The FBI asked about a time when Michael worked over a weekend, when Schulte also happened to be working. Michael first explained he had been working on his performance review, but when he subsequently checked his records, discovered that couldn’t be right. Even though he recognized how unusual it was for him to be working the same weekend as Schulte without knowing Schulte was there, he concluded (like he had about the deleted log files) that it was normal.

Q. They asked you about that weekend because Mr. Schulte also happened to be working that weekend?

A. They mentioned that, yes.

Q. Did you think it was odd that Mr. Schulte was working that weekend or did the FBI think it was odd that Mr. Schulte was working that weekend or both?

A. At first I thought it was odd.

Q. Okay.

A. Just because —

Q. Go ahead.

A. Just because, you know, although it was normal to come in on the weekend, it was less common — rare, I would say, to come in on the weekend. One of us probably would have told each other, you know, we were going to come in on the weekend. But then I looked at my situation, I was like, well, I didn’t tell him I was coming in, so I guess this is normal.

The government may still be trying to figure out precisely when Schulte removed the files on hard drives from CIA — they also asked Michael about that repeatedly — which is why these questions are so important. Among the reasons CIA put him on leave, per the government response, is that he and Schulte left together that night; if Schulte had carried out hard drives that night Michael may have seen them.

The FBI asked about Michael’s role — apparently unplanned — in helping Schulte move to New York.

Q. Then they talked to you about your involvement in helping him move from Virginia to New York, correct?

A. Yes.

Q. They asked you a whole series of questions as to how you came about to help him move, correct?

A. Yes.

Q. And they asked you why you helped him move, correct?

A. I don’t remember specific questions, but I do remember questions about helping him move.

Q. And you explained to them that it was like a coincidence, right? You’d already planned a trip with another friend, he was moving at the same time, he needed help loading up luggage and moving stuff, correct?

A. Yes.

Q. It was not preplanned, right? It just happened, right?

A. Yeah.

Q. You told them that you had already planned to do this with another friend, right?

A. Yes.

Q. And then they asked you about that friend, correct? They asked you what the name of the friend was, correct?

A. Yes.

Q. Then they asked you for your friend’s number, correct?

A. I don’t remember specifically what information they asked for.

The FBI also asked Michael about the stuff he left with him when he moved to New York, which Michael explained was just furniture, though a lot of it.

Q. We’ll come back to that if we need to. Let’s move to the next point. They then asked you if Mr. Schulte had left any stuff with you, correct?

A. Yes.

Q. You told them that he had, correct?

A. Yes.

Q. It was normal, everyday stuff he left with you, correct?

A. I wouldn’t say it’s normal. It was a lot of furniture. So I don’t think that’s normal.

Again, it may well be that, two years after the FBI would have had real questions about Michael’s candor, the CIA concluded they had to reconsider his employment because he could have prevented the theft but did not.

But I wonder whether, by the time DOJ posed these questions anew in August 2019 (which, if I’ve got his interview dates correct, was the only interview he had after the time that Schulte had been formally charged with the theft), their doubts about his other answers had taken on greater significance.

Update: Clarified that the “pseudo” credentials in the transcript are a reference to “sudo” root access.

Update: In a letter opposing any order to share the CIA’s determination to put Michael on paid leave, the government explains the basis for it:

  • Adverse polygraph results
  • His relationship with Schulte
  • His close proximity to the theft of the data and (what appears to be) reason to believe he witnessed more anomalies at the time Schulte was stealing it
  • “Recent inquiries” suggesting Michael may still be hiding information about the theft
  • His “unwillingness to cooperate with a CIA security investigation into his physical altercation with the defendant”

That is, the speculation above seems to be born out. The three questions that leaves are”

  • Why did they put him on leave rather than fire him?
  • Which of the questions above do they think he was not truthful about?
  • Why did they wait until August 2019 to put him on leave?

Joshua Schulte’s Hot and Cold Snowden Views

I’ve been tracking the government’s claims that the Vault 7 leaks “relate” to earlier WikiLeaks leaks — including Chelsea Manning’s and Anonymous‘ — Edward Snowden, and Shadow Brokers.

With respect to Snowden, specifically, in a warrant application submitted in 2017 (PDF 150) the government cited Schulte’s search for a specific Snowden tweet on August 4, 2016, just as he started searching for WikiLeaks information.

In a November filing laying out their theory of the crime, the government cited his searches on WikiLeaks and “related” topics in that same time period.

Around this time, Schulte also began regularly to search for information about WikiLeaks. In the approximately six years leading to August 2016, Schulte had conducted one Google search for WikiLeaks. Beginning on or about August 4, 2016 (approximately three months after he stole the Classified Information), Schulte conducted numerous Google searches for WikiLeaks and related terms and visited hundreds of pages that appear to have resulted from those searches. For example, in addition to searching for information about WikiLeaks and Julian Assange, its primary leader, Schulte also conducted searches using the search terms “narcissist snowden,” “wikileaks code,” “wikileaks 2017,” “shadow brokers,” and “shadow broker’s auction bitcoin.” “Snowden” was presumably a reference to Edward Snowden, the former NSA contractor who disclosed information about a purported NSA surveillance program, and “Shadow Brokers” was a reference to a group of hackers who disclosed online computer code that they purportedly obtained from the NSA, beginning in or about August 2016. Indeed, in contrast to the period before August 4, 2016, between that date and March 2017 (when the first of the Leaks occurred), Schulte conducted searches for Wikileaks and related information on at least 30 separate days.

Many of these searches, particularly the Snowden ones, could have been innocuous.

When Schulte’s lawyers tried to complain that Paul Rosenzweig’s inclusion of Manning, Anonymous, and Snowden in his expert testimony on WikiLeaks falsely assumed that Schulte knew of those earlier leaks, the government revealed that in contemporaneous chats, Schulte had commented on both Manning and Snowden.

Moreover, even setting aside the dubious assertion that a member of the U.S. intelligence community could have been completely unaware of WikiLeaks’ serial disclosures of classified and sensitive information and the resulting harm, the Government’s proof at trial will include evidence that the defendant himself was well aware of WikiLeaks’ actions and the harms it caused. For example, WikiLeaks began to disclose classified information Manning provided to the organization beginning in or about April 2010, including purported information about the United States’ activities in Afghanistan. In electronic chats stored on the defendant’s server, the defendant discussed these disclosures. For example, on August 10, 2010, the defendant wrote in a chat “you didn’t read the wikileaks documents did you?” and, after that “al qaeda still has a lot of control in Afghanistan.” In addition, on October 18, 2010, the defendant had another exchange in which he discussed Manning’s disclosures, including the fact that the information provided was classified, came from U.S. military holdings, and that (according to the defendant) it was easy for Manning to steal the classified information and provide it to WikiLeaks. Similarly, in a June 9, 2013 exchange, the defendant compared Manning to Edward Snowden, the contractor who leaked classified information from the National Security Agency, and stated, in substance and in part, that Snowden, unlike Manning, “didnt endanger in [sic] people.”

As I noted, that exchange the very day Snowden came forward might suggest Schulte had a much less critical view of Snowden’s leak than Manning’s.

But that’s not what he told his former CIA colleague, who testified this week under the pseudonym Jeremy Weber. To Weber, Schulte condemned Snowden’s behavior in the strongest terms, arguing Snowden was a traitor who should be executed.

A. I don’t believe so, no.

Q. You don’t remember him ever discussing leakers with you?

A. I, I do remember talking about leakers.

Q. Okay. What do you recall?

A. There was discussion around Snowden.

Q. Okay. And?

A. Schulte felt that Snowden was a — had betrayed his country.

Q. That doesn’t, you know, he seems to have strong opinions on everything. You sure he didn’t say more?

A. He probably would have call him a traitor. Said he should be executed for sure. I don’t remember specific verbiage, but he did express his typical strong opinions.

Q. Right. Then he had those same opinions about Chelsea Manning, correct?

A. Possibly. I don’t remember conversations about Chelsea Manning.

Q. And when he was talking about Snowden, it was clear to you that he strongly believed in the mission of the CIA, correct?

A. Yes.

Q. And he strongly believed that you should do nothing against America, correct?

A. Yes.

Q. And he thought Snowden should be executed, correct?

A. I believe I recall specifically him saying that.

Remarkably, Schulte’s lawyer Sabrina Shroff didn’t seem to expect this answer, even though she made much of the prior interviews Weber had had with what she called prosecutors, but which instead probably reflects having gotten 16 302s for Weber, many of them probably interviews with just FBI agents conducting early interviews as part of the investigation.

Q. You met with each one of these prosecutors, correct?

A. I don’t know if I talked to all of them, but, yes.

Q. You’ve talked to them somewhere between 11 and 15 times?

A. I have no idea what the number was.

Q. March 22, 2017, March 27, April 5, May 8th, May 22, June 1st, August 31. This was all in 2017.

A. Okay.

Q. Do you have any idea how many hours you spent with them in 2017?

A. No, I don’t.

Q. 2018, you met with them on January 12, June 1st, June 11, August 6, November 12, December 12, Any idea how many hours you spent with them?

MR. LAROCHE: Objection.

A. No.

THE COURT: Overruled.

Q. Then you met with them in January. Correct?

A. Yes.

Q. January 14, January 21, and January 29. Correct?

A. Possibly, yes.

Still, if Shroff has 16 302s from Weber and she didn’t know how he would answer this question, whether he and Schulte had ever spoken about Snowden’s leaks, it suggests the FBI and prosecutors never thought to ask someone who had worked side by side with Schulte for 6 years, starting around the same time as the Manning leaks and continuing through the Snowden leaks. Which is pretty remarkable.

The government responded by getting Weber to read from Schulte’s prison notebook where he seemingly advocated for sending top secret documents to WikiLeaks.

Q. Can you please read what the defendant wrote here?

A. “This is a huge wake-up call to U.S. intelligence officers. The Constitution you fight to defend will be” —

MS. SHROFF: Denied.

A. — “denied to you if, God forbid, you are ever accused of a crime. If your government has no allegiance in you, why do you have any allegiance towards your government or associates provided info to the NYT.”

MR. LAROCHE: Can we go up to the next, to the top of this page, please.

Q. Again, is this the defendant’s handwriting?

A. Yes.

Q. Can you please read what the defendant wrote?

A. “Your service in” — defense, maybe, “in” — I don’t recognize that word — “security investigations and pristine criminal history can’t even get you bail. As Joshua Schulte has said, you are denied a presumption of innocence. Ironic, you do your country’s dirty work, but when you — when your country accuses you of a crime, you are arrested and presumed guilty. And” — I don’t — “and” something, “your service. Send all of your secrets here: WikiLeaks.”

The chats from 2013 are not yet in evidence, so the government simply relied on what they had already entered with Weber based off his familiarity with Schulte’s handwriting.

But Shroff will — and already has — argued that you can’t argue the views Schulte expressed after he had been in jail for months were the same ones that motivated his actions in 2016, when he allegedly stole all these files. Weber couldn’t place his conversations about Snowden in time, so his views could have also changed before he leaked the files. But the 2018 prison notebooks cannot be said to reflect Schulte’s views in 2016.

The government seems intent on using Snowden et al to prove a level of mens rea that’s more than they need to prove to get convictions on the Espionage Act charges — that Schulte intended to do harm rather than had reason to know, based off his understanding of classification and the import of those hacking tools, that it would do harm. The varying things Schulte has said about Snowden and others may or may not support that, at least for the Espionage charges tied to the 2016 leaks.

That said, if and when Schulte is sentenced for all this, the testimony that he once claimed to believe leakers like Snowden should be executed may not help him avoid a life sentence.

Calyx Institute has generously funded obtaining these Schulte trial transcripts. Please consider a tax deductible donation to support that effort.

Joshua Schulte Wanted to Include Instructions to Contact WikiLeaks in a Pro Se Motion

The lawyers for accused Vault 7 leaker Joshua Schulte made a last ditch effort yesterday to limit how much information from his prison notebooks can be admitted as evidence in his trial starting next week. Perhaps inadvertently, the letter provides new details about why the government believes Schulte was trying to leak from jail, as well as some hints about why his lawyers claim they may be responsible for some of his exposure on those charges.

As I had noted, the government wants to include a passage from his notebooks instructing somebody to “ask WikiLeaks” if they need help to prove that Schulte had knowledge of what WikiLeaks had received.

“Ask WikiLeaks” (014099) (undated): In the middle of the page, the defendant writes, “If you need help ask WikiLeaks for my code.”3 The defendant’s direction to consult WikiLeaks about his “code” is admissible as Nonpublic Information Evidence, because it is a statement that WikiLeaks is in possession of source code for tools upon which the defendant worked and that are contained in the back-up file that was stolen, even though WikiLeaks has not publicly disclosed that it possesses any source code for all of the tools. Schulte’s knowledge of non-public aspects of the information that was given to WikiLeaks helps to demonstrate that he was the one who gave that information to WikiLeaks in the first place.

Schulte’s lawyers argue, unpersuasively, that this is not relevant, though they also argue that it is “privileged information or work product” because the passage is part of a pro se motion Schulte was trying to draft.

  • “If you need help ask WikiLeaks for my code.” Gov. Ltr. 8. The government says that this sentence means that “WikiLeaks is in possession of source code for tools upon which the defendant worked and that are continued in the backup file that was stolen, even though WikiLeaks has not publicly disclosed that it possesses any source code for all of the tools.”

Nothing in the unredacted portion of Page JAS_022627 (classified #014099) is relevant to the government’s case. On the contrary, the beginning of the page is clearly part of a legal motion that Mr. Schulte was drafting. The top of the page states: “You can create a forensic copy of the device & then have control over it. There has been no reason over this past year that we would not have had access to this critical evidence except that the prosecutors have lied to your honor & played games.” This is privileged information or work product and is therefore not admissible.

Obviously, Schulte’s lawyers are wrong that this is not relevant to the government’s case, either on the MCC charges or the charges in chief. They don’t deny that this reflects knowledge that WikiLeaks has source code that Schulte wrote; they simply remain silent about it.

They’re instead making a half-hearted attempt to argue that it pertains to Schulte’s defense. That is, they’re arguing that in a pro se motion addressed to Judge Crotty, Schulte included instructions about how to use the code he wrote for the CIA to do something, possibly obtain forensic evidence from the CIA that the government had not yet turned over.

While the privilege claim, half-hearted as it is, is an interesting one, Schulte’s argument in some ways makes this passage more damning. After all, he had already, by this point, included allegedly classified information in a pro se bail motion. Around this period he tried to release information publicly via a pro se motion again, though the government pulled it from PACER before most people could access it. Schulte eventually would submit a pro se lawsuit challenging his SAMs designation that happened to make many of the same claims he had made in his “Presumption of Innocence” blog and alluded to some of the same challenges he had tried to make to warrants by leaking protected or classified information (though the government has not claimed it included classified information). That is, the record suggests that Schulte was using his pro se motions to communicate publicly as much as to mount legal arguments (though his pro se motion raises some important points about our shitty criminal justice system amid a lot of dreck and lies).

That makes the second part of what Schulte’s lawyers claim was a planned pro se motion all the more interesting. The government wants to present a page that appears 37 Bates stamp numbers later in Schulte’s notebook which lists a bunch of potentially classified topics.

“What We Expect to Find in Emails” (014136) (undated): At the top of this page, the defendant writes “What we expect to find in emails.” On the remainder of the page, the defendant writes a list of items, many of which contained classified information. This portion of the Blue Notebook is admissible as Intent Evidence and MCC Classified Information Evidence, because it shows the defendant cataloguing classified information that, if publicly disclosed, would likely be harmful to the United States. Indeed, some of the categories of information identified by the defendant on this page—such as certain operations—is the same as the classified information contained in the Fake Authentication Tweet, which serves to show that the defendant’s intent was to collect these materials for dissemination, not for any legitimate purpose related to his defense.

As noted, Schulte claims that this passage was not part of Schulte’s planned “New Articles,” which appears 22 pages earlier in the notebook, but instead the pro se motion. His defense claims this was a Fifth Amendment one, which I’m not sure I understand; it seems more like a selective prosecution challenge, but then they’re not engaging with the substance here.

What We Expect to Find in Emails (014136) (undated). This page is clearly part of Mr. Schulte’s pro se motion to dismiss under the Fifth Amendment for prosecutorial misconduct. The Fifth Amendment is referenced at the top of the right-hand page. As such it is privileged work product. In addition, the government has not specified which part of this page contains classified information and because the handwriting is not always legible the defense cannot fairly guess the offending part. Again this seems more a statement of Mr. Schulte’s political viewpoint, now as a wrongfully charged and detained defendant, and even were it not privileged, it would be irrelevant and unduly prejudicial.

In any case, even Schulte’s own lawyers are saying that Schulte wanted to submit a pro se motion that, first, instructed someone to use a tool he wrote for the CIA that could be obtained by asking WikiLeaks, possibly to find a bunch of email that includes classified information about CIA operations.

I can see how, in the wake of being busted once trying to spread protected information via pro se motion, his attorneys might advise him to draft any pro se motions in his notebook (at the time he had a classified discovery computer, but it’s not clear what he could write and save on it), which they could then review to make sure he wasn’t getting himself in more legal trouble. But then, when it was discovered, the government used it to claim he intended to leak more classified information.

Yet Schulte’s letter — in conjunction with evidence the government has said they’d submit at trial if the attorney-client advice issue came up — makes it clear that he was unhappy with his lawyer, Sabrina Shroff’s advice.

Finally, the government’s more general assertion that the conflict surrounding the MCC notebooks has somehow “disappear[ed]” based on the court’s ruling over objection that Mr. Schulte may not raise an advice-of-counsel defense is also incorrect. Gov. Ltr. 1. Indeed, the specific pages the government seeks to introduce include work product in preparation for Mr. Schulte’s defense. Some the pages that the government seeks to introduce also specifically mention “Sabrina” and refer to his family reaching out to different defense lawyers, strongly implying that Mr. Schulte had concerns about his current defense team. These portions of the notebooks only highlight the inherent conflict that the current defense team faces in representing Mr. Schulte. Additionally, if Mr. Schulte is convicted, this issue will surely be taken up on appeal, and may well cause a reversal of a conviction. The issue will only begin to “disappear” if the notebooks are excluded from the trial.

The government could easily show — and will, when Schulte appeals based on this argument — that at the time Shroff was trying to get him to stop trying to go public, he was threatening to go around her.

For example, the Government has described to the defense how, if the defendant offered his counsel’s testimony, the Government would likely rely on recorded prison calls in which the defendant criticized defense counsel’s advice, including, for example, calls in which the defendant stated that he would “go around” Ms. Shroff to disclose information to the media, despite her objections to this strategy.

In other words, written at a time when Schulte was trying to bypass Shroff, submitting a pro se motion including instructions on how to get and use one of the hacking tools he wrote, possibly to obtain classified emails, it could be seen as an attempt to use the pro se motion to leak information (or instruct others how to get and leak it). There’s no chance that that address, “If you need help ask WikiLeaks for my code,” was intended for Judge Crotty (who, in his writings, Schulte describes in very unfavorable terms), after all. Nor is it clear how someone as smart as Schulte is would include information confirming his role in the leak in a pro se motion claiming that prosecutors had unfairly targeted him.

All of which makes it interesting, to me, that this last-ditch letter addressing Schulte’s notebooks mounts an effort to get all reference to Anonymous, specifically, excluded from trial.

The government also again makes repeated reference to the “Anonymous” group. Dkt 257, at 5, 12, 17. As explained in our response to the motions in limine, all reference to Anonymous should be excluded under Rule 404(b).

[snip]

The defense continues to object to any mention of Autonomous [sic] as unduly prejudicial and because it may confuse the jury.

The government has said it will introduce evidence that Schulte, in real time in 2010, opined that Chelsea Manning’s leaks to WikiLeaks had done damage, which not only proves that he followed historical WikiLeaks releases but believed that the way WikiLeaks had released her leaks did some damage. That piece of evidence is utterly damning in support of a claim that Schulte intended to damage the US with his alleged leaks. And the defense is focusing, instead, on Schulte’s self-proclaimed reference to Anonymous?!?!?

While Schulte’s team doesn’t specifically reference which arguments it relies on here, weeks ago, the defense made this argument about why mentioning Anonymous would be prejudicial.

The government has provided no justification to introduce comments about Anonymous, which must be excluded under Rule 404(b). The government offers no support why it should be allowed to introduce “additional communications with the Reporter, including encrypted communications in which [Mr.] Schulte claims to have been [a] member of the group Anonymous, which is a group known for conducting cyber-attacks that has provided documents to WikiLeaks in the past.” Gov. Mot. 33. This “additional” evidence is clearly not part of the charged offenses nor is it inextricably intertwined with them. The jury will discern no gaps in the government’s case if it is not included in the proof. Instead, it is just classic “bad act” evidence that would be purely prejudicial. The evidence of claimed participation in a shadowy, underground group infamous for cyber-attacks and dumping on WikiLeaks is unduly prejudicial as it suggests concerted activity of a type even more disturbing than what is charged.

[snip]

The government also states that Mr. Rosenzweig will testify that in 2012 “Anonymous and WikiLeaks worked together to release information.” Gov. Res. 13. This testimony will “aid the jury in understanding the hacking group’s relationship with WikiLeaks” and that Mr. Schulte had “contact with access to WikiLeaks. Gov. Res. 13. As explained above, supra Point II(C)(1), information about Anonymous should be excluded from the trial.

That is, when Schulte’s team wrote this weeks ago (when they were trying unsuccessfully to exclude Paul Rosenzweig’s testimony about what Anonymous is and its past relationship with WikiLeaks), they focused only on the prejudicial aspect. Now, they’re claiming that discussion of Anonymous will confuse the jury, except that’s precisely why the government wanted Rosenzweig to explain what Anonymous is.

But we now know how inadequate this argument is.

Remember: the letter Schulte sent yesterday is an attempt to get Schulte’s notebooks (or at least the most damning parts of them) excluded from trial. But their reference to the government’s plan to introduce references to Anonymous in the letter actually draws from four different kinds of evidence: his notebooks, the Samsung phone he used in jail, and Signal texts and ProtonMail he used to contact a reporter (who warrant affidavits and recent filings have confirmed is WaPo’s Shane Harris).

Partly, the references to Anonymous prove that Schulte used the Samsung phone and the Annon ProtonMail account (the passwords for the ProtonMail accounts were also in the notebook), and that therefore the Signal texts that remain on the phone were sent by him.

In his correspondence with the Reporter, the defendant, pretending to be the defendant’s family and friends, asked the Reporter to send him the versions of the defendant’s articles that the defendant and his family had previously provided to the Reporter. When the Reporter demurred and sought confirmation from the defendant’s family whether the Reporter could provide the defendant’s articles to the user of the Annon Account, the defendant, posing as a member of his family, used a secure messaging application, Signal, to authorize release of the articles. In these Signal communications (the “Signal Messages”), the defendant claimed that the user of the Annon Account was a member of the hacktivist group Anonymous, of which, according to the defendant, the defendant was once a member. Anonymous has collaborated in the past with WikiLeaks to disclose stolen sensitive information.

[snip]

Signal and Twitter to Send Articles and Tweets (014327) (Sept. 2, 2018): In this portion of the Red Notebook, Schulte writes, among other things, “Well its September now. Locked in all day. Hopefully tonight I can setup Signal from my cell & msg [last name of the Reporter] to confirm anon’s permission and get my fucking articles. I also need to confirm my twitter.” This page contains Use Evidence. In particular, the defendant references setting up Signal “from my cell”—which supports that the defendant was using Signal on the Samsung Phone—to confirm “anon’s permission”—which shows that the defendant was using the Anon Account to “get [his] fucking articles.” The defendant also made clear that he had created a Twitter account when he wrote “I also need to confirm my twitter.”

[snip]

The Samsung Phone: Although the Samsung Phone was not found in the defendant’s cell, the Government intends to show that it was one of the cellphones that the defendant used at the MCC through various pieces of evidence, including by comparing identifying information appearing on the Samsung Phone to one of the images taken by CW-1 of one of the cellphones the defendant used in prison. The Samsung Phone contains, among other things, evidence that Encrypted Email Accounts were accessed on the cellphone, but not the actual communications from those accounts. The Samsung Phone also contains the Signal Messages in which the defendant, among other things, pretended to be a third person and attempted to convince the Reporter that the user of one of the Encrypted Email Accounts with whom the Reporter was corresponding (but who was in fact the defendant) is a member of the online hacktivist group Anonymous who is trying to help the defendant.

The Encrypted Email Accounts: The Annon Account contains the defendant’s correspondence with the Reporter, including the September 2018 Emails that attached the classified Network Structure Document and the Protected Search Warrant. The other Encrypted Email Accounts also contain records related to the defendant’s use and control of the Social Media Accounts, such as, for example, email notifications when the defendant modified the Social Media Accounts.

If I understand all this correctly, not only did Schulte use a ProtonMail account claiming to be a member of Anonymous to send details of CIA’s network structure to Harris (one of the charged pieces of classified information), but also used it to try to get him to send Schulte the original copies of his blog posts. Schulte was pretending to be a member of Anonymous on ProtonMail and a member of his family on Signal. And Schulte documented that scheme in his notebook in some of the references that Schulte’s lawyers want to exclude (though which they don’t lay out in such a way to show how it glues everything Schulte was doing from jail together).

But there’s still one more reference of Anonymous, tying it directly to the content that Schulte wanted to release: the Malware of the Mind article that reportedly discussed what he did at CIA.

Identifying Malware of the Mind as Article 10 (014319): On this page, the defendant identifies the Malware Article as article 10: “I’m hoping to write /edit my 9 articles. I don’t know how I can them—oh I may text [the Reporter] from [my cousin’s] number. Omar claims that some service exists to do this – I’m dubious. [Redacted]. Although I feel this may not work either . . . IDK Basically on hold for my publication. Secondly, I want to rewrite article #10: Malware of the Mind!” After a line drawn on the page, the page also includes, among other things, the phrase “Anonymous,” and the phrase “classified information.” This entry includes Intent Evidence, in that it shows that the defendant plans to re-draft his articles, including the Malware Article. Furthermore, the defendant’s statement that he might text the Reporter from his cousin’s telephone number, thus continuing to conceal his identity during those communications, is Guilty Conscience Evidence. Finally, the defendant’s reference to “Anonymous” and “classified information” is consistent with the defendant’s claims in his Signal messages that Anonymous is seeking to help prove his innocence by providing information to the Reporter.

The defense claims all this is prejudicial because, “it suggests concerted activity of a type even more disturbing than what is charged.” Except, by claiming that Schulte planned to include instructions in a pro se motion that people other than Judge Crotty — people with access to WikiLeaks — might use go get the code he wrote from WikiLeaks, possibly to obtain emails of classified information suggests that may well be what Schulte was attempting.

The government and Schulte are also arguing over what measures the government can use to protect the identities of a slew of CIA witnesses who will testify. Schulte has good reason to complain. In past trials (Jeffrey Sterling’s trial is being cited as precedent), the government engaged in a great deal of theater to make CIA witnesses — including witnesses whose CIA tie had already been declassified, as some of the witnesses here have been — seem especially momentous. Some of that is undoubtedly going on here. But if the government believes (and this letter from his defense does nothing to rebut that belief) that Schulte is using every opportunity in his prosecution to leak more information, there’s actually a solid case for some of those measures.

As I disclosed in 2018, I provided information to the FBI in 2017. The government recently stated publicly that matters on which I shared information are related to Schulte. Aside from two press inquiries, I have not spoken with the government about Schulte.

Joshua Schulte’s Carefully Crafted Plan to (Metaphorically) Blow Up His Trial

There’s an unintentionally ironic footnote in accused Vault 7 leaker Joshua Schulte’s response to the government motion in limine that, among other things, seeks to ensure the government can introduce evidence from Schulte’s prison notebooks to show he had a plan to conduct Information War from his jail cell.

In it, the defense objects to the government plan to use Schulte’s own writings to provide evidence of motive. In the angry tone the motion adopts throughout, the footnote argues that it’s not clear how Schulte’s “messy, ranting” notes could be evidence of a carefully crafted plan, then goes on to argue that the government’s reliance on a ruling in the Chelsea bomber’s case finding that the bombs he had planted in New Jersey reflected motive to bomb New York is inapt.

The government also says that the “MCC Evidence” is admissible of Mr. Schulte’s “motive, intent, preparation, and planning” with respect to the MCC counts. Gov. Mot. 45. The government does not define which pieces of evidence fall under this category, a phrase it uses for the first time at Gov. Mot. 38, and may refer to all information that was collected at MCC without limit. For example, the government says his notebooks are a “carefully crafted plan,” for an “information war.” Gov. Mot. 45. It is far from clear what evidence the government believes is part of this “careful[ ]” plan,” or why the government believes that messy, ranting, handwritten notes in notebooks labeled privileged could be part of any carefully crafted plan. In any event, the cases it cites, about an uncharged bomb threat being introduced to show intent to threaten a victim, and the planting of bombs in one location to be introduced to prove planning to plant bombs in another case, are nothing like this one. Id. This broad request should be denied.

The footnote appears in a filing that is itself messy, making arguments at one point (for example, that the government shouldn’t be able to present evidence Schulte stuck a USB drive that likely had Tails on it into his CIA workstation right before he allegedly stole the CIA’s hacking tools) that contradict arguments made elsewhere (that the government shouldn’t be able to use Paul Rosenzweig as an expert witness to describe the import of WikiLeaks encouraging its sources to use Tails, because the significance of using Tails is clear).

Over and over again, the filing makes arguments that amount to saying, “you can’t argue that our client’s weaponization of CIA hacking tools and disinformation are at all akin to bombs, even though WikiLeaks argued those tools were newsworthy precisely because they pose that same kind of proliferation threat,” and “you can’t argue that WikiLeaks acts like an organized crime outfit,” because if you did it would make the gravity of our client’s alleged crimes clear.

As I read the manic tone of the argument — the most substantive public argument the defense has made in months, amid an extended period of making one after another process argument about why they can’t move to trial next month —  I wondered whether Schulte is driving his attorneys nuts. He is, undoubtedly, among the most confounding defendants I’ve covered — and I’ve covered plenty who exhibited far more signs that extended incarceration on top of underlying mental illness had made them unfit to stand trial.

Schulte may well be exhibiting signs of being jailed for an extended period under Special Administration Measures that limit his communication with outsiders. Though, as the government noted in one of their responses to this extended effort to avoid going to trial, Schulte apparently told Judge Paul Crotty last month he’s willing to undergo the SAMs he has twice challenged for at least another six months to be able to make the process arguments he claims, unconvincingly, he wants to make.

If the defendant’s strategy works, trial in this case would likely not begin until more than two years after the original national security charges in this case were filed, more than three and a half years from the WikiLeaks disclosure that began this investigation, and more than four years from when the Government alleges the defendant stole and transmitted to WikiLeaks the national defense information at issue in this case.

The defendant has claimed that he is willing to remain in prison for this extended period of time—even though he is, according to him, innocent of these charges and the victim of a campaign to frame him conducted by the U.S. Attorney’s Office, the Federal Bureau of Investigation, and the CIA—because Ms. Shroff and Mr. Larsen are “necessary” witnesses who would provide testimony that would help to exonerate him. The defendant has further stated, under oath, that he knows that relying on these witnesses’ testimony would lead to a potentially broad waiver of his attorney-client privilege. But despite acquiescing to even longer detention under special administrative measures, regardless of his purported innocence and the waiver of his privilege, all for the opportunity to present Ms. Shroff’s and Mr. Larsen’s testimony at trial, the defendant still maintains that his decision as to whether he will call either of these attorneys as witnesses remains so amorphous and theoretical that he should not be required to provide the Government even the most meager information about the substance of this purported testimony just weeks before the current trial date.

But ultimately, it’s clear that this is his defense strategy, as messy and stupid and self-destructive as it is.

In another of the government’s responses to this process defense — one that lays out what I did in a post arguing that Schulte is engaged in a con game of three card monte with his legal representation — they take three pages to lay out the timeline of Schulte’s efforts to prevent his virtual confessions in his prison notebooks from being used in the case against him. In my own similar timeline, I had missed that Sabrina Shroff had left the Public Defender’s office in sometime before December 3, rendering one of the claims about an institutional conflict she continues to make moot.

More importantly, there are several new details to that timeline. James Branden, who was appointed in October based on representations he could be ready for trial in January, who then made a request for a six month delay in November because he couldn’t be ready even while admitting he had a week vacation scheduled when he first took on the case, has only met Schulte twice (which must be two court hearings, including the Curcio hearing last month). That’s revealed in both a Schulte request to fire Branden and a Branden response saying he’s happy to be fired, neither of which have been docketed yet.

January 2, 2020: The defendant—despite not having raised any such concerns at the Curcio Hearing—submitted the Schulte Letter to the Court, in which the defendant claimed that he had only seen Mr. Branden twice and that the defendant has “no relationship or confidence in his ability to assist in my defense at trial next month.” The defendant asked that the Court to appoint the defendant a new attorney.

[snip]

January 7, 2019: Mr. Branden submitted a response to the Schulte Letter, in which Mr. Branden confirmed the defendant’s factual representations in the Schulte Letter and stated that Mr. Branden would not oppose being replaced as counsel— notwithstanding his prior representations to the Court regarding his availability to prepare for and participate in the trial as counsel appointed pursuant to the Criminal Justice Act.

I had been wondering whether Schulte’s team asked for Branden to be appointed to make it easier for them to quit, as they’ve tried to do in about three different ways since. I wonder, too, whether Branden hasn’t begun to worry the same thing (not least because he hasn’t signed any of the defense briefs since he was brought on), and he wants off now before — like Wile E. Coyote in virtually every Loony Tunes episode ever — he’s left holding an exploding bomb he set himself.

Basically, what happened over eighteen months ago is that Schulte’s lawyers told him to stop publishing attacks on the government’s case himself, as he kept including classified information that made his situation worse. So instead he wrote plans to publicly rebut the charges against him in a notebook — plans that (according to Schulte’s own recorded jail phone calls) Shroff opposed.

[T]he Government has described to the defense how, if the defendant offered his counsel’s testimony, the Government would likely rely on recorded prison calls in which the defendant criticized defense counsel’s advice, including, for example, calls in which the defendant stated that he would “go around” Ms. Shroff to disclose information to the media, despite her objections to this strategy.

In addition to this evidence that Schulte was ignoring Shroff’s warnings about going public, the stuff in his prison notebooks — including passwords for ProtonMail accounts — is in no way consistent with a public rebuttal that any defense attorney could legally agree to.

So instead, Schulte has just gotten his lawyers to claim they gave bad advice, have a conflict, and now might face criminal exposure for trying to get their client to stop breaking the law from an MCC jail cell. Which might be true, but only because his lawyers were trying to represent his desires, and ultimately his desire seems to be to blow the CIA up, using means that are illegal.

All this appears to be an effort to forestall being tried, indefinitely, out of a presumed recognition that the government already has what amounts to a written confession, and he’s willing to rot at MCC rather than go to trial with that apparent written confession.

In a filing from last month, the government catalogued thirteen different attorneys who have represented Schulte over the course of this prosecution.

Finally, it is also a case in which the defendant—over the course of those three adjournment requests—has cycled through at least 13 attorneys,1 including the instant defense team, which includes at least three attorneys who have represented the defendant for more than a year and a half.

Those 13 attorneys who have represented the defendant are Sabrina Shroff, Edward Zas, Allegra Glashausser, James Branden (all of whom currently represent the defendant, and three of whom have security clearances), Matthew Larsen, Lauren Dolecki, Jacob Kaplan, Mark Baker, Alex Spiro, Taylor Koss, Kenneth Smith, Sean Maher (who was recently appointed as Curcio counsel), and at least one attorney who has not filed a notice of appearance but who appears to be advising Schulte about constitutional arguments to make with respect to the Classified Information Procedures Act (“CIPA”).

There are a lot of reasons why Schulte has gone through so many lawyers, money and clearance, among others.

But at this point, Schulte’s strategy seems to be avoiding trial by ensuring he has no lawyers.

Schulte seems convinced he can’t win on the merits. So to avoid losing, he’s going to hack the legal system in an effort to ensure he never loses.

Joshua Schulte’s Three Lawyer Monte

For at least five months, accused Vault 7 leaker Joshua Schulte has been trying one after another ploy to avoid or delay his trial next month. But his latest move isn’t even very clever.

The problem, for Schulte, is that after he submitted a pro se filing attacking the government’s case that included classified information, his lawyers tried to get him to stop by telling him to write his complaints in notebooks instead. He did so and marked the notebooks “Attorney-Client,” but included things that could in no way be considered as such (such as passwords to Proton Mail accounts he used to email people outside of jail). So after the government discovered he had a cell phone in jail and searched his cell, they discovered the notebooks, where he had basically confessed to his past and ongoing crimes. As the government wrote in a later motion, that information includes:

(i) admissions by the defendant relating to his disclosure of classified information to WikiLeaks (such as the identification of information provided to WikiLeaks that has not yet been disclosed by WikiLeaks); (ii) admissions by Schulte with respect to his plan to disseminate additional classified information illegally from the MCC (such as his declaration of a so-called “information war” and notations of plans to, for example, schedule postings on various social media accounts he created from jail); (iii) false exculpatory statements; (iv) evidence connecting Schulte to contraband cellphones and electronic communications accounts (such as notations to install encrypted messaging applications on contraband cellphones or to delete “suspicious emails” from covert accounts used by Schulte while at the MCC); and (v) writings prepared for public dissemination that include classified information (such as draft tweets written by the defendant as one of his alleged former CIA colleagues who claimed to be able to exonerate the defendant and who recounted information about CIA activities to “authenticate” the author).

Since then, he has been trying to make that evidence unavailable for trial.

First, last June, he tried to suppress it (and the Proton Mail emails accessed with the passwords he stored in there) on Fourth Amendment grounds, which Judge Paul Crotty denied last October, in part because the FBI’s use of a wall team to sort out the non-privileged material demonstrated good faith.

Then, in August, Schulte’s lawyers informed the judge they had provided some kind of advice that led him to believe he could write down classified information in his prison notebooks, and asked that the judge sever the charges tied to his attempts to leak classified information from jail from the charges tied to his alleged leak of the Vault 7 documents to WikiLeaks, something that would have made the MCC admissions of guilt unavailable for his main trial. In September, Judge Crotty denied that motion, pointing out that the lawyer who gave the purportedly bad advice is not on Schulte’s trial team and so could testify.

Then, in October, his lawyers asked to be relieved of defending Schulte altogether, or at least asked for the judge to appoint a Curcio counsel to determine whether there is a conflict. On November 6, Judge Crotty appointed a Curcio counsel.

Meanwhile, also in October, Schulte’s lawyers said they were buried preparing for trial and needed help and asked that he appoint another lawyer to help them, James Branden, which Judge Crotty immediately did. That soon looked like a ploy, because Branden — who had said he’d be able to handle the schedule — wrote a letter in November asking for a six month adjournment saying he couldn’t handle the schedule. In the letter, he said he had not, in the interim month, met with Schulte. He also said he couldn’t elaborate on the need for a delay until December 9 because he was on vacation until then. Crotty was none too impressed with that, and denied that motion in December (though extended the trial date by three weeks.

On December 13, Schulte’s public defenders wrote the judge and said they decided their advice to Schulte meant they had to be relieved on ineffective assistance of counsel grounds.

On December 18, they held the Curcio hearing, and Judge Crotty (who had previously described ways to get the exculpatory evidence admitted at trial) denied the request to be relieved.

Last week, Schulte’s public defenders wrote Judge Crotty saying they could no longer defend Schulte because it would mean providing ineffective counsel, and also noting that they may have engaged in misconduct, meaning that Schulte’s decision to present the evidence would reflect badly on his trial lawyers. (Again, the lawyer who gave the bad advice will not be his trial lawyer.)  The next day they wrote against stating that, even though to adopt this ineffective assistance of counsel defense, he’d have to waive privilege on the current set of lawyers, he did not waive privilege.

The government responded to this second letter laying out all the case law that says if you’re going to argue ineffective counsel, you need to share what the bad advice is. In it, they called bullshit on Schulte’s claim that he really relied on his lawyers’ counsel.

For example, the Government has described to the defense how, if the defendant offered his counsel’s testimony, the Government would likely rely on recorded prison calls in which the defendant criticized defense counsel’s advice, including, for example, calls in which the defendant stated that he would “go around” Ms. Shroff to disclose information to the media, despite her objections to this strategy.

They also note that Schulte claims he needs this testimony to prove his innocence but is willing to wait years, under SAMs, to get it.

The Curcio counsel, Sean Maher, wrote as well last week, repeating that he believes the public defenders need to be relieved, because he can’t advise Schulte on whether or not he should call both lawyers to testify, thereby waiving privilege and necessitating getting new lawyers. He argues Schulte needs new lawyers to decide whether he needs to jettison his current lawyers. He ends his letter by explaining that he doesn’t have enough information to advise Schulte on that point.

Only conflict-free counsel who has a full sense of the case — the classified and unclassified discovery, the complicated forensic information, and knowledge of what other witnesses, including rebuttal witnesses, might say — should advise Mr. Schulte on this matter.

What seems to have dropped out of this conversation is that Schulte has another lawyer who can’t fathomably be said to have this conflict, James Branden, who in spite of his December vacation has nevertheless had over two months to get up to speed, the amount of time he originally said it’d take to prepare for trial. Branden is in a position to decide whether Schulte’s claim he got bad advice and so did what he said on recorded jail house conversations that he would ignore he wouldn’t do will hold with a jury.

Schulte is pretending he has two sets of lawyers: the ones he claims gave him shitty advice, which led him to try to record what he must be preparing to claim is just an imaginary Information War entirely within the bounds of his prison notebooks, and the Curcio counsel appointed to tell him — absent any context — whether that means they can’t represent him anymore.

But he’s got a third lawyer who has curiously dropped out of this discussion, Branden, who hasn’t signed his name to a filing since he asked for an adjournment (though he attended the Curcio hearing, so would be competent to provide the kind of advice that Maher says no one is available to provide).

Likely, if asked, Branden would note that claiming his lawyers told him to commit everything to his prison notebooks wouldn’t much help him (even ignoring his Non-Disclosure Agreements that commit him alone to protecting classified information), because Schulte allegedly shared classified information in public documents outside of his prison notebooks, in defiance of the advice the government says he got and ignored from Shroff.

I guess Schulte is hoping if he moves the three cards in his hand around fast enough, Judge Crotty — who he has attacked in a pro se filing Shroff probably told him not to file — won’t see that there are actually three and not two cards in his hand.

Three lawyer monte, with all the lawyers paid for by taxpayers, ostensibly in the name of a fair defense.

Judge Crotty Should Let Joshua Schulte Test His Theory of Defense Forensically

At a hearing on July 25, accused Vault 7 leaker Joshua Schulte’s lawyer, Sabrina Shroff, argued that it’s possible if the government provides some forensic evidence that the CIA maintains is too classified to share, this case might avoid trial, either by identifying alternate culprits or leading her to advise her client to plead.

Mr. Kamaraju says that I would be forced anyway to then make a Section 5 motion to show relevance, etc. Well, maybe not. Maybe if I got the forensics, I would be able to say, hey, I think the government is completely wrong, Mr. Schulte is completely innocent, and you should go back and relook at your charging decisions because of X, Y, and Z in the forensics.

On the flip side, I could look at the forensics and say to my client, you know, maybe this isn’t the strongest case. Maybe we shouldn’t be going to trial. Not all discovery is asked for or relevant because it is only going to be used at trial. We asked for discovery because it is proper Rule 16 information that the defendant should have that would tell him about the charges and help him make proper decisions in the most serious or the most benign of cases.

At issue, per an order Judge Paul Crotty issued days before the hearing (but which got released publicly afterwards) is evidence that would exist if a narrative Schulte seeded before he left the CIA were true. In addition to all the email he wrote at CIA (the government is giving him what he wrote, but not the responses), he wants “a complete forensic copy of the Schulte Workstation and DevLAN, so that his expert can conduct a comprehensive forensic analysis.” Ultimately, Crotty did not grant Schulte’s request, noting that he “has been accused of leaking information he obtained from his employment at CIA both before he was arrested and from his cell at MCC after his arrest.” Instead, he directed the defense to “submit[] a more tailored request [that] provides good reason for further forensic discovery in a motion to compel. In this context, it would also be helpful, for example, if Schulte would communicate his thinking of how others are responsible for the theft.”

Yet that didn’t work, at least not immediately. In the aftermath of that order, Schulte’s team said the Wall Counsel hasn’t responded substantively to a previously written request. That seems to be a justifiable complaint about the difficulties of working with Classified Information Protect Act and Wall Counsel (to say nothing of really complex technical issues which none of the lawyers fully understand). It’s like a giant game of telephone and Schulte’s right to a fair trial is at stake.

Which is why the government should take this offer from Shroff more seriously than they appear to have done: giving Schulte’s expert direct access to the full set of data he seeks.

We have offered to limit the access to either counsel or go even further and limit the access to just the expert. We have even offered that the CIA need not give it to us. We would go to the CIA or the expert would go to the CIA to review the forensics.

Even while it could use CIPA to limit what they give Schulte’s team, it would serve the government to give his expert this access.

I say that, first of all, because of who Schulte’s expert is: Columbia University CompSci professor Steve Bellovin. He’s not just some forensics guy with clearance. He’s someone who has served in governmental positions (most notably as PCLOB’s tech expert for a year). That means he has already seen government spying in action, and what he’d see here would be a server that got replaced, probably before April, and some hacking tools and targets there were in no way exceptional.

Just as importantly, Bellovin is well-respected in the activist community, both on technical matters and judgment. If Bellovin were to test Schulte’s alternative explanation for the leak of the Vault 7 files and Schulte subsequently pled (suggesting that Shroff had counseled that he not take his theories to trial), it would suggest that Schulte’s story didn’t hold up to Bellovin’s scrutiny.

If that happened, it would be a key statement about not just what Schulte has claimed, but about what WikiLeaks did, in releasing the files in 2017.

As the government tells it, Schulte got in a fight with a colleague in December 2015, which led him to sour on the CIA as early as February 2016. When the agency didn’t respond in the way he wanted to Schulte’s claim that the colleague had threatened him, he started to retaliate in April 2016 by first copying the backup server holding all the CIA’s hacking tools, then sending it to WikiLeaks. In short, the government’s story is that Schulte simply burned the CIA’s hacking capabilities to the ground because he felt like they wronged him, a fairly breathtaking claim for one of the most damaging leaks to the government in history.

Schulte’s story is harder to suss out for a number of reasons: the defense has avoided putting this in writing, in part in an attempt to protect their theory of defense, some of what Schulte has argued is classified and still sealed, and other parts consist of rants he has published online or in dockets, not coherent arguments. Plus, some of Schulte’s claims are clearly lies, most demonstrably his claim that, “Federal Terrrorists [sic] had no evidence of plaintiff actually using cell phone” before they got a warrant relying on an affidavit that included pictures of him using the phone he had in MCC.

Schulte’s theory, as available, consists of three parts:

  • More people had access to the backup server from which the files were stolen than the government claims
  • The files were relatively easier to steal from an offsite backup server than the onsite one the government alleges Schulte stole them from
  • The likely culprits used security vulnerabilities he (claims to have) identified to CIA managers to steal the files

Evidence he’s making the first argument appears in his lawsuit against the Attorney General, where he claims the government has lied about the number of people who could access the server with the hacking tools.

AG lies about the number of people who had access to the classified information

Given a passage from the government’s response to his motion to suppress, Schulte must be referring to the claim that 200 people had access to the servers themselves, not the claim that 3-5 people had access to the backup server from which FBI claims the files were stolen. Schulte’s sealed filing appears to have argued that a second CIA group had access to the server.

Schulte does not dispute that the CIA Group was responsible for using and maintaining the LAN, that as of March 2016 fewer than 200 employees were assigned to the CIA Group, or that only these employees had access to the LAN. (See id. ,r 8(b)). Rather, Schulte argues that Agent Donaldson failed to note in the Covert Affidavit that a second CIA group (“CIA Group-2”), [redacted], allegedly also had access to the LAN.

For what it’s worth, the government disputes this claim outright. They introduce and conclude an otherwise redacted discussion by twice asserting this claim is false.

Schulte’s assertions about CIA Group-2’s access to the LAN are untrue [seven lines redacted] In short, Schulte is simply wrong.

Schulte’s claim that the files were more easily stolen from an offsite backup server may be more of a throwaway, based on what the government provided in discovery, reflecting what a contractor said almost a year into the investigation. (Remember that the government is not meaning to restate Schulte’s theories here, but instead to refute his claim that the initial affidavit against him included reckless errors.)

Schulte does not challenge that the Classified Information was taken from a back-up file, but instead argues that the back-up files were also stored at an offsite location (the “Offsite Server”), based on a network diagram of the LAN, and that, in one CIA Group contractor’s opinion, the “easiest” way to steal those back-up files was from the Offsite Server. None of this information, however, renders Agent Donaldson’s assessment misleading. Initially, while it is true that the back-up files were also stored in an Offsite Server, Agent Donaldson never suggested that the only place that the back-up files existed was the Back-up Server. Nor did Agent Donaldson opine in the abstract on the easiest method of exfiltrating the Classified Information from the LAN. Rather, he merely stated that it was “likely” that the Classified Information had come from the Back-Up Server, an eminently reasonable conclusion, given that the Back-Up Server contained the back-up files that mirrored the Classified Information, and Schulte–whom the FBI properly identified as a likely perpetrator of the theft–had access to it. Gates, 462 U.S. at 230-31 (courts do not isolate each factor of suspicion but look at the totality of the circumstances). The opinion of the contractor–who did not have access to all of the information and who had no relevant investigatory experience–in no way undermines that assessment, particularly when (i) that opinion is contradicted by [redacted], a LAN system administrator and a witness upon whom Schulte relies in his motion, who stated that “the easiest way to steal the data leaked by WikiLeaks” was for someone with administrative access to the LAN to “simply remov[e] the backup file from the network application” (i.e., the Back-Up Server) (Shroff C. Decl., Ex. I); and (ii) even if the contractor’s opinion was relevant, it was not conveyed to the FBI until February 2018, nearly a year after the date of the Covert Affidavit, see Garrison, 480 U.S. at 85.

Significantly, the government bases its claim that Schulte leaked classified information from jail in part on him sharing a “Network Structure Document” with someone (probably a reporter); given that some of the other information he is alleged to have leaked in violation of classification or protective orders was meant to sustain his claims of innocence, this probably does too. If so, that would suggest he was floating this theory about a year ago.

Finally, in his Presumption of Innocence blog, Schulte maintains that the CIA network was vulnerable in ways that he claims he raised with the CIA before he left.

I reported numerous security vulnerabilities that I discovered within our network and particularly issues with system administration, backup, and protection of some of our prominent tool sets. I was continually met with pushback and retaliatory responses that ultimately forced me to resign. My final acts were to file complaints with the OIG and the House Select Committee on Intelligence to hopefully prevent future retaliatory actions against others.

So while the government claims that Schulte retaliated by leaking the CIA’s hacking tools because the CIA wasn’t treating him with the respect he thought he deserved, Schulte appears to be claiming that possibly members of CIA’s Group-2 or perhaps even outsiders stole the files via vulnerabilities he identified before he left.

While not exactly the same, WikiLeaks made related claims when they released the files, in part as rationale for publishing them.

Compare what we can make out of Schulte’s defense with what WikiLeaks published in its “press release” accompanying the first Vault 7 release. WikiLeaks describes CIA “losing control” of its hacking tools, not someone leaking them.

Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized “zero day” exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.

While it mentions former US government hackers (which could include Schulte), it also invokes contractors (the press release elsewhere mentions Hal Martin), and contractors were the presumed source for Vault 7 files at the time. While WikiLeaks acknowledges that the files came from “an isolated, high-security network situated inside the CIA’s Center for Cyber Intelligence in Langley, Virgina [sic]” the description of the archive circulating in unauthorized fashion suggests that WikiLeaks is claiming the files were more broadly accessible.

The “press release” also suggests CIA’s hacking division had 5,000 users, implying all were involved in the production of hacking tools.

By the end of 2016, the CIA’s hacking division, which formally falls under the agency’s Center for Cyber Intelligence (CCI), had over 5000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other “weaponized” malware.

While that may or may not be the CIA Group-2 Schulte claims had access to the servers, it certainly suggests a far larger universe of potential sources for the stolen files than the 200 the government claims, much less the around 5 SysAdmins who had privileges to the backup server.

The purported motive for releasing these tools — both that of the source and of Assange — is partly the insecurity of having such tools lying around.

In a statement to WikiLeaks the source details policy questions that they say urgently need to be debated in public, including whether the CIA’s hacking capabilities exceed its mandated powers and the problem of public oversight of the agency. The source wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyberweapons.

Once a single cyber ‘weapon’ is ‘loose’ it can spread around the world in seconds, to be used by rival states, cyber mafia and teenage hackers alike.

Julian Assange, WikiLeaks editor stated that “There is an extreme proliferation risk in the development of cyber ‘weapons’.

[snip]

Securing such ‘weapons’ is particularly difficult since the same people who develop and use them have the skills to exfiltrate copies without leaving traces — sometimes by using the very same ‘weapons’ against the organizations that contain them.

[snip]

Once a single cyber ‘weapon’ is ‘loose’ it can spread around the world in seconds, to be used by peer states, cyber mafia and teenage hackers alike.

In other words, WikiLeaks justified posting development notes for a significant portion of CIA’s hacking tools — and ultimately the source code for one — to prevent “teenage hackers” from obtaining such weapons and using them. (By this February, a security researcher had made his own hacking module based off what WikiLeaks had released.) A key part of that claim is the risk that CIA itself had not sufficiently secured its own tools, that they were “circulat[ing] … in an unauthorized manner.” That is, WikiLeaks purports to be the fulfillment of and remedy for precisely the risk Schulte claims — in his Presumption of Innocence blog — he warned the CIA about.

Except the government claims that’s not true.

It is true, as the affidavit in dispute in Schulte’s motion to suppress lays out, that Schulte wrote a “draft resignation letter” purporting to warn about these dangers and, on his last day, sent the CIA’s Inspector General a letter raising the same issues. The government reviews what he did at length in their response to his motion to suppress.

Agent Donaldson discussed the circumstances of Schulte’s resignation from the CIA in November 2016, including a letter and email he wrote complaining about his treatment. (Id. ,i,i 19-20). On October 12, 2016, Schulte sent an email to another CIA Group employee with the subject line “ROUGH DRAFT of Resignation Letter *EYES ONLY*,” which attached a three-page, single-spaced letter (the “Letter”). (Id. ,i 19(a)). In the Letter, Schulte stated that the CIA Group management had unfairly “veiled” CIA leadership from various of Schulte’s “concerns about the network security of the CIA Group’s LAN” and that “[t]hat ends now. From this moment forward you can no longer claim ignorance; you can no longer pretend that you were not involved.” (Id. ~ 19(a)(ii)). The Letter also stated that Schulte was resigning because management had “‘ignored'” issues he had raised about ‘”security concerns,”‘ including that the LAN was ‘”incredibly vulnerable’ to the theft of sensitive data.” (Id. ~ 19(a)(iii)). In particular, Schulte stated that the “inadequate CIA security measures had ‘left [the CIA Group’s LAN] open and easy for anyone to gain access and easily download [from the LAN] and upload [sensitive CIA Group computer code] in its entirety to the [public] internet.”‘ (Id.~ 19(a)(iv)).

[snip]

However, on November 10, 2016, Schulte’s last day at the CIA, Schulte sent an internal email to the CIA’s Office of Inspector General (“OIG”), which Schulte marked “Unclassified,” advising that he had been in contact with the U.S. House of Representatives’ Permanent Select Committee on Intelligence regarding his complaints about the CIA (the “OIG Email”). (Id ~ 19(c)). The OIG Email raised many of the same complaints in the Letter, including “the CIA’s treatment of him and its failure to address the ‘security concerns’ he had repeatedly raised in the past.” (Id ~ 19(c)(i)). Although Schulte had labeled the OIG Email “Unclassified,” the CIA determined that the OIG Email did in fact contain classified information. (Id.~ 19(c)(iii)). Schulte nevertheless printed and removed the email from the CIA when he left that day. (Id ~ 19( c )(ii)).

As the government response notes, the affidavit describes that Schulte never actually sent the resignation letter.

Agent Donaldson noted that Schulte did not appear to send the Letter. (Id. ~ 19(b)).

A later discussion of the resignation letter as part of a summary of the probable cause against Schulte goes still further, claiming that there is no record that Schulte raised security concerns with CIA management (which is presumably one reason he asked for all his emails).

(iv) drafted a purported “resignation email,” in which he claimed essentially that he had warned CIA management about security concerns with the LAN7 that were so significant that the LAN’s contents could be posted online–precisely what happened four months later (see id. ,r 19);

7 There is no record of Schulte reporting any such security concerns to CIA management.

The government makes Schulte’s allegedly false claim to have raised concerns about the security of the CIA tools a key part of its short summary of the probable cause against Schulte, insinuating that Schulte wrote both the resignation letter and the letter to the IG (which he wrote five and six months, respectively, after the government alleges he stole the files) as a way to create a cover story for the leaked documents.

Thus, even if the Covert Affidavit was rewritten to Schulte’s (incorrect) specifications, it would still establish probable cause by showing that Schulte was a CIA employee with a grudge against the CIA and a track record of improperly accessing and taking classified information, who left the CIA claiming that classified information from the LAN would one day be sprayed across the Internet and who worried about the investigation when his “prophecy” came to pass.

Of course, the government — especially intelligence agencies like the NSA and CIA — always dismiss the claims to be whistleblowers of leakers. The CIA claimed Jeffrey Sterling only leaked details of the Merlin operation because he was disgruntled about an EEOC complaint they had denied. NSA denied that Edward Snowden had raised concerns — first at CIA about its security, then at NSA about the boundaries of EO 12333 and Section 702. In the former case, however, the government knows of at least three other people who thought Sterling’s concerns had merit, and the actual details around Merlin’s own activities were a clusterfuck. In the latter, even a really problematic HPSCI report acknowledges that both incidents occurred, and NSA ultimately released enough of the backup to show that the NSA undersold the latter instance (though Snowden’s claims were not as substantive as he claimed).

Thus far, Schulte has presented no such counterevidence (indeed, the docket does not show his team submitted a reply to the government’s response before their August 16 deadline, though a reply could be held up in classification review). [Update: This letter asking to sever the MCC charges from the WikiLeaks charges says they’re still working on their replies.]

There may be a very good reason why Schulte’s defense didn’t go there: because one of the lies the government claims he told to FBI Agents on March 20 and 21, 2017 involves making CIA systems more vulnerable to the theft of data.

On or about March 20 and 21, 2017, Schulte … denied ever making CIA systems vulnerable to the theft of data.

Aside from this mention, this allegation doesn’t otherwise appear in public documents I’m aware of. But the implication is that before Schulte wrote two documents that — the government claims — served to establish a cover story claiming he leaked the documents because CIA’s server was vulnerable to theft, he tampered with the CIA’s server to make it more vulnerable to theft.

There actually is evidence that the server was vulnerable to theft. In Crotty’s opinion, he overruled the government’s effort to withhold some internal reports on the leak under CIPA. He explained,

These documents [redacted] might help Schulte advance a theory that DevLAN’s vulnerabilities could have allowed someone else to have taken the leaked data. They also support the defense’s theory that Schulte’s behavior while an employee of the CIA was consistent with someone who was trying to help the agency address security flaws, rather than someone who was a disgruntled employee.

That’s why it’d be worthwhile for Bellovin to have access to the server directly: to test not just how vulnerable the servers really were (I bet he’d be willing to help improve their security along the way!), but also to test himself whether there’s any evidence that someone besides Schulte exploited those vulnerabilities.

The government’s reliance on CIPA in this case is an attempt to try Schulte for an unbelievably sensitive leak without (as Crotty laid out) giving him opportunity to leak some more.

But the case goes beyond Schulte’s actions, to implicate WikiLeaks’ actions (court filings make it clear that WikiLeak’s claims around this leak were false in another manner, one which I’m not describing at the government’s request). And while details of CIA’s unexceptional hacking program are useful for researchers to have, it would matter if the stated rationale for releasing them was bullshit manufactured after the fact. That’s all the more true if WikiLeaks — which used to boast its perfect record on verification — knew the claim to be false, particularly given how and when it released these files, with an attempt to extort the US government and in the wake of the Russian hacks, at a time CIA would have needed these tools to prevent follow-ups.

Three months after Schulte’s trial (if this does go to trial), the government will be embroiled in attempting to extradite Julian Assange under charges that are rightly being attacked as an assault on the press. The government is never going to reveal all it knows about Assange (including, pertinent to this case, whether there’s any evidence Assange used some of the CIA’s own tools for his own benefit). Bellovin, if he were permitted to review the CIA server, would never be in a position to reveal what he learned; but his role in this case provides a rare opportunity for a trusted outsider to weigh in on a controversial case.

Effectively, a guy who authored CIA’s obfuscation tool and purportedly planned an information war from jail — complete with fake FBI and CIA personas — may have created the vulnerability he claimed to be exposing by leaking the files. If Bellovin were able to test that possibility, it would go a long way to shift an understanding about WikiLeaks recent intentions with the US government.

Joshua Schulte Keeps Digging: His Defensible Legal Defense Continues to Make a Public Case He’s Guilty

To defend him against charges of leaking the CIA’s hacking tools to WikiLeaks, Sabrina Shroff has made it clear that Joshua Schulte is the author of the CIA’s lies about its own hacking.

In a motion to suppress all the earliest warrants against Schulte submitted yesterday, Shroff makes an unintentionally ironic argument. In general, Shroff (unpersuasively) argues some things the government admitted in a Brady letter sent last September are evidence of recklessness on the part of the affiant on those earliest warrants, FBI Agent Jeff Donaldson. She includes most of the items corrected in the Brady letter, including an assertion Donaldson made, on March 13, 2017, that Schulte’s name did not appear among those published by WikiLeaks: “The username used by the defendant was published by WikiLeaks,” the prosecutors corrected the record in September 2018. To support a claim of recklessness, Schroff asserted in the motion that someone would just have to search on that username on the WikiLeaks site to disprove the initial claim.

Finally, the Brady letter explained that a key aspect of the affidavit’s narrative—that Mr. Schulte was the likely culprit because WikiLeaks suspiciously did not publicly disclose his identity—was false. Mr. Schulte’s identity (specifically, his computer username “SchulJo”) was mentioned numerous times by WikiLeaks, as a simple word-search of the WikiLeaks publication would have shown. See Shroff Decl. Exh. F at 7

If you do that search on his username — SchulJo — it only readily shows up in one file, the Marble Framework source code.

That file was not released until March 31, 2017. So the claim that Schulte’s name did not appear in the WikiLeaks releases was correct when Donaldson made it on March 13. That claim — like most of the ones in the Brady letter — reflect the incomplete knowledge of an ongoing investigation, not recklessness or incompetence (Schulte has written elsewhere that he believed the FBI acted rashly to prevent him from traveling to Mexico, which given other details of this case — including that he hadn’t returned his CIA diplomatic passport and snuck it out of his apartment when the FBI searched his place, they were right to do).

By sending her reader to discover that Schulte’s name appears as the author of the Marble Framework, she makes his “signature” that of obfuscation — hiding who actually did a hack.

Marble is used to hamper forensic investigators and anti-virus companies from attributing viruses, trojans and hacking attacks to the CIA.

Marble does this by hiding (“obfuscating”) text fragments used in CIA malware from visual inspection.

[snip]

The source code shows that Marble has test examples not just in English but also in Chinese, Russian, Korean, Arabic and Farsi. This would permit a forensic attribution double game, for example by pretending that the spoken language of the malware creator was not American English, but Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators even more strongly to the wrong conclusion, — but there are other possibilities, such as hiding fake error messages.

Marble was one of the files WikiLeaks — and DNC hack denialists — would point to to suggest that CIA had done hacks (including the DNC one) and then blamed them on Russia. In other words, in her attempt (again, it is unpersuasive) to claim that FBI’s initial suspicions did not reach probable cause, she identifies Schulte publicly not just with obfuscation about a breach’s true culprits, but with the way in which the Vault 7 leak — ostensibly done out of a whistleblower’s concern for CIA’s proliferation of weapons — instead has served as one prong of the propaganda covering Russia’s role in the election year hack.

That’s just an ironic effect of Shroff’s argument, not one of the details in yesterday’s releases that — while they may legally serve to undermine parts of the case against her client — nevertheless add to the public evidence that he’s not only very likely indeed the Vault 7 culprit, but not a terribly sympathetic one at that.

Back when FBI first got a warrant on Schulte on March 13, 2017, they had — based on whatever advanced notice they got from Julian Assange’s efforts to use the files to extort a pardon from the US government and the week of time since WikiLeaks had released the first and to that date only set of files on March 7 — developed a theory that he was the culprit. The government still maintains these core details of that theory to be true (this Bill of Particulars Schulte’s team released yesterday gives a summary of the government’s theory of the case as of April 29):

  • The files shared with WikiLeaks likely came from the server backing up the CIA’s hacking tools, given that the files included multiple versions, by date, of the files WikiLeaks released
  • Not that many people had access to that server
  • Schulte did have access
  • Not only had Schulte left the CIA in a huff six months before the WikiLeaks release — the only  person known to have had access to the backup server at the time who had since left — but he had been caught during the period the files were likely stolen restoring his own administrator privileges to part of the server after they had been removed

But, after it conducted further investigation and WikiLeaks published more stolen files, the government came to understand that several other things that incriminated Schulte were not true.

[T]he government appears to have abandoned the central themes of the March 13 affidavit: namely, that the CIA information was likely stolen on March 7–8, 2016, that Mr. Schulte was essentially “one of only three people” across the entire CIA who could have taken it, and that WikiLeaks’s supposed effort to conceal his identity was telltale evidence of his culpability

There’s no indication, however, that Donaldson was wrong to believe what he did when he first obtained the affidavit; Shroff claims recklessness, but never deals with the fact that the FBI obtained new evidence. Moreover, for two of the allegations that the government later corrected — the date the files were stolen and the number of people who had access to the server, Donaldson admitted those were preliminary conclusions in his initial affidavit (which Shroff doesn’t acknowledge):

It is of course possible that the Classified Information was copied later than March 8, 2016, even though the creation/modification dates associated with it appear to end on March 7, 2016.

[snip]

Because the most recent timestamp on the Classified Information reflects a date of March 7, 2016, preliminary analysis indicates that the Classified Information was likely copied between the end of the day on March 7 and the end of the day on March 8.

[snip]

It is, of course, possible that an employee who was not a designated Systems Administrator could find a way to gain access to the Back-Up Server. For example, such an employee could steal and use–without legitimate authorization–the username and password of a designated Systems Administrator. Or an employee lacking Systems Administrator access could, at least theoretically, gain access to the Back-Up Server by finding a “back- door” into the Back-Up Server.

Between the two corrections, the revised information increases the number of possible suspects from two to five, out of 200 people who would have regular access to the files. A footnote to a later affidavit (PDF 138) describes that on April 5, 2017, FBI received information that suggested the number might be higher or lower. (I suspect Schulte argued in a classified filing submitted yesterday that even more people could have accessed it, not least because he has been arguing that in his various writings posted to dockets and other things,)

But, even though the Brady letter corrects the dates on which Schulte reinstated his administrator privileges for the Back-Up server slightly (he restored his own access on April 11, not April 14, which is when his managers discovered he had done so), Shroff only addresses his loss of privileges as innocent, without addressing that he got that access back on his own improperly.

More importantly, the motion doesn’t address, at all, that Schulte kicked everyone else off one of his programs, the Brutal Kangaroo tool used to hack air gapped networks using thumb drives. Nor does it address allegations against Schulte made in August 2016 as part of his clearance review, including that his demeanor changed for the worse around February 2016, he might be “subject to outside coercion,” and he tended not to abide by “guidelines concerning when and what kinds of media or data (such as external drives) could be connected or uploaded to CIA computer systems.” There are other details in the affidavit — such as Schulte’s attempt to learn what his former colleagues knew of the investigation — that support probable cause too (these may be among the things Shroff addresses in a classified filing).

That is, the probable cause that Schulte was the culprit was pretty strong even with the errors in the original affidavit, and none of the errors suggests malice or incompetence or even the recklessness Shroff alleges.

Shroff is right that the March 13 affidavit doesn’t offer as much probable cause to tie Schulte’s home to the crime; but that’s the magistrate’s fault and fairly standard for computer crimes, not the FBI’s. Shroff obscures the effect of FBI obtaining a second warrant to actually search the 150 storage media and computer devices they found in his home (a list of what they seized starts on PDF 116), as well as a second warrant to obtain child porn.

It is also true, as the defense argues, that the evidence to search for child porn was thin. But given that the government had a warrant to search the computer in question, and given precedents about child porn, that may not matter (though I think it is more likely to succeed than the rest of this). In any case, by the time of the main searches on child porn, three different magistrates had signed off on these searches.

This is a totally understandable attempt to get some of this evidence suppressed. But along the way the affidavits released yesterday provide a slew of damaging new details such as:

  • Schulte conducted a ton of searches on Google in April 2016 about detecting USB insertion, copying big files, deleting files, preventing other admins from seeing what someone was doing on a LAN
  • Schulte made a snapshot of (part of?) the LAN on April 20, 2016
  • In early May, Schulte researched how to use Tor and Tails, which the government alleges he used to send the files
  • On August 4, 2016 — the day after Snowden sent this tweet — Schulte did a Google search for WikiLeaks for the first time ever (note, I believe the Snowden tweet may have been preparation for the misleading IG report on him released the following month)

  • Between then and March 7, Schulte searched on WikiLeaks over 20 more times, reading hundreds of articles on it; but he didn’t visit WikiLeaks for the first time until March 7, 2017, the first day the files posted; he also searched for that Snowden tweet

In short, just Schulte’s Google searches alone provide very strong evidence that he’s the Vault 7 leaker. Which explains why his attorneys are making what will probably be an unsuccessful attempt to claim the Google searches were overly broad and lacked probable cause (something Schulte wrote elsewhere seems to reflect that he has been told this will be treated under a Good Faith exception).

Schulte has been trying to disclose all these materials for over a year. But they really don’t help his case.