Joshua Schulte’s Plans from Jail: “#TopSecret#FuckYourTopSecret”

/10 Comments/in , , /by

In response to an order from Judge Paul Crotty, the government laid out what evidence it wants to use from prison notebooks seized from accused Vault 7 leaker Joshua Schulte’s jail cell. The whole filing is –as all descriptions of these notebooks have been — utterly damning.

For example, the filing explains a reference the government had earlier made: that Schulte had made reference to non-public information about what WikiLeaks had received in the Vault 7 leak. Schulte wrote a note sometime in July 2018 suggesting that if “you” needed help, they should ask WikiLeaks for Schulte’s “code.”

“Ask WikiLeaks” (014099) (undated): In the middle of the page, the defendant writes, “If you need help ask WikiLeaks for my code.”3 The defendant’s direction to consult WikiLeaks about his “code” is admissible as Nonpublic Information Evidence, because it is a statement that WikiLeaks is in possession of source code for tools upon which the defendant worked and that are contained in the back-up file that was stolen, even though WikiLeaks has not publicly disclosed that it possesses any source code for all of the tools. Schulte’s knowledge of non-public aspects of the information that was given to WikiLeaks helps to demonstrate that he was the one who gave that information to WikiLeaks in the first place.

Schulte wrote this in the second person, suggesting he was advising (or planning to advise) someone to use source code he wrote. He is known to have worked on obfuscation tools and a remote USB exfiltration tool. If he did intend that as instruction, he assumed the person in question would have been able to consult directly with WikiLeaks. It’s unclear to what end Schulte was imagining advising someone to use obfuscation or hacking tools written for the CIA.

In any case, the government claims that’s proof that Schulte knows exactly what was in WikiLeaks’ possession.

A later entry suggests Schulte and someone else — “we” — were trying to compromise email, possibly his own CIA email.

“What We Expect to Find in Emails” (014136) (undated): At the top of this page, the defendant writes “What we expect to find in emails.” On the remainder of the page, the defendant writes a list of items, many of which contained classified information. This portion of the Blue Notebook is admissible as Intent Evidence and MCC Classified Information Evidence, because it shows the defendant cataloguing classified information that, if publicly disclosed, would likely be harmful to the United States. Indeed, some of the categories of information identified by the defendant on this page—such as certain operations—is the same as the classified information contained in the Fake Authentication Tweet, which serves to show that the defendant’s intent was to collect these materials for dissemination, not for any legitimate purpose related to his defense.

Later, the letter describes a part of Schulte’s planned Information War on the United States, probably dating to late August or early September 2018, one he wanted to roll out in a tweet with the hash tag, “#TopSecret#FuckYourTopSecret.”

Over these three pages, Schulte wrote the following. At the top of the first page, Schulte wrote “#TopSecret#FuckYourTopSecret,” and under that draws an arrow to the phrase “or dump the secrets here:”. At the top of the page Schulte also wrote “establish credibility,” and, underneath that appears another version of the Fake Authentication Tweet. Later, the defendant recommends to U.S. intelligence agency employees to “send all your govt’s secrets here: WikiLeaks” until the U.S. government “honors” their service. As with the last entry, this is entry contains MCC Classified Information Evidence in the form of the Fake Authentication Tweet. In addition, the instruction to intelligence agency employees to give their “secrets” to WikiLeaks is Intent Evidence.

Effectively, the government seems to be arguing, Schulte planned to use a Twitter account in the name of Jason Bourne to encourage US intelligence agency employees to leak information to WikiLeaks, something Julian Assange did himself in a post-Snowden 2013 speech. Not only does this suggest Schulte was shifting into recruitment mode, but it validates the motive the government claims he himself had for leaking the CIA’s hacking tools, because the CIA didn’t “honor” his service. That’s one of the classic recruitment motives (of money, ideology, compromise, and ego, the latter).

These parts of Schulte’s prison notebooks, then, suggest he was doing more than just posting his blogposts and sharing a CIA network diagram from jail. He was at least imagining he might use tools he wrote for the CIA to steal emails full of classified secrets and also recruit others to feed WikiLeaks with more classified information over Twitter.

Schulte’s team, in one of the only filings they’ve submitted that makes a decent point in Schulte’s defense, finally offered an explanation for why this may not be as damning as it looks.

In yet another bid to get Paul Rosenzweig’s testimony showing how Schulte’s actions fit into a pattern that make look WikiLeaks look like a criminal organization, they argue that Rosenzweig’s testimony that leaking to WikiLeaks would exhibit an intent to damage the US could only work if the government first proved that Schulte knew how WikiLeaks worked.

The Court ruled, in relevant part, that “[a]n understanding of the WikiLeaks organization and how it operates is directly relevant to the allegation that, In transmitting Classified Information to WikiLeaks, Schulte intended or had reason to believe there would be injury to the United States.” Dkt. 256, at 4. This ruling makes sense only if the government first presents foundational evidence showing that Mr. Schulte knew how WikiLeaks was organized and operated. Absent such evidence showing what Mr. Schulte knew, expert testimony about these subjects would be totally disconnected from—and therefore would have no bearing on—Mr. Schulte’s state of mind.

[snip]

Here, absent proof that Mr. Schulte was aware of how WikiLeaks was organized or functioned, Mr. Rosenzweig’s testimony about those subjects, even if accurate and admissible under Fed. R. Evid. 702, would be irrelevant to what Mr. Schulte “intended or had reason to believe” when he allegedly leaked information to WikiLeaks in 2016. As in Kaplan, it would be error to admit this testimony without the required connection to what Mr. Schulte actually knew.

The same principle applies to Mr. Rosenzweig’s purported testimony about harm ostensibly caused by prior WikiLeaks revelations. If Mr. Schulte did not know in 2016 about the prior revelations or the harm they supposedly caused to the United States, any expert testimony about those revelations and resulting harm is irrelevant (and unfairly prejudicial under Rule 403).

In earlier filings, the government has made much of the fact that August 4, 2016 is the first or one of the first times Schulte ever searched Google for information on WikiLeaks. And, trust me, this guy recorded everything in his Google searches. So, the defense could argue, Schulte didn’t even begin to learn about the outlet he had leaked to until three months after he leaked the files to them (nevermind how he figured out how to get it to them).

This only works to limit the applicability of Rosenzweig’s testimony for the CIA leaks, not the leaks and attempted leaks from MCC. Plus, Schulte’s claim to have been part of Anonymous — whether or not it’s true — would amount to a claim that he operated in an environment where he would have learned of WikiLeaks in chatrooms. But it’s not clear the government could prove that.

Whether or not they can show Schulte’s actions are part of a longer campaign by WikiLeaks to encourage intelligence professionals to leak to WikiLeaks to avenge slights by the government, the notebooks are even more damning than the government has previously revealed.

As I disclosed in 2018, I provided information to the FBI on issues related to the Mueller investigation.

Joshua Schulte’s Carefully Crafted Plan to (Metaphorically) Blow Up His Trial

/18 Comments/in , /by

There’s an unintentionally ironic footnote in accused Vault 7 leaker Joshua Schulte’s response to the government motion in limine that, among other things, seeks to ensure the government can introduce evidence from Schulte’s prison notebooks to show he had a plan to conduct Information War from his jail cell.

In it, the defense objects to the government plan to use Schulte’s own writings to provide evidence of motive. In the angry tone the motion adopts throughout, the footnote argues that it’s not clear how Schulte’s “messy, ranting” notes could be evidence of a carefully crafted plan, then goes on to argue that the government’s reliance on a ruling in the Chelsea bomber’s case finding that the bombs he had planted in New Jersey reflected motive to bomb New York is inapt.

The government also says that the “MCC Evidence” is admissible of Mr. Schulte’s “motive, intent, preparation, and planning” with respect to the MCC counts. Gov. Mot. 45. The government does not define which pieces of evidence fall under this category, a phrase it uses for the first time at Gov. Mot. 38, and may refer to all information that was collected at MCC without limit. For example, the government says his notebooks are a “carefully crafted plan,” for an “information war.” Gov. Mot. 45. It is far from clear what evidence the government believes is part of this “careful[ ]” plan,” or why the government believes that messy, ranting, handwritten notes in notebooks labeled privileged could be part of any carefully crafted plan. In any event, the cases it cites, about an uncharged bomb threat being introduced to show intent to threaten a victim, and the planting of bombs in one location to be introduced to prove planning to plant bombs in another case, are nothing like this one. Id. This broad request should be denied.

The footnote appears in a filing that is itself messy, making arguments at one point (for example, that the government shouldn’t be able to present evidence Schulte stuck a USB drive that likely had Tails on it into his CIA workstation right before he allegedly stole the CIA’s hacking tools) that contradict arguments made elsewhere (that the government shouldn’t be able to use Paul Rosenzweig as an expert witness to describe the import of WikiLeaks encouraging its sources to use Tails, because the significance of using Tails is clear).

Over and over again, the filing makes arguments that amount to saying, “you can’t argue that our client’s weaponization of CIA hacking tools and disinformation are at all akin to bombs, even though WikiLeaks argued those tools were newsworthy precisely because they pose that same kind of proliferation threat,” and “you can’t argue that WikiLeaks acts like an organized crime outfit,” because if you did it would make the gravity of our client’s alleged crimes clear.

As I read the manic tone of the argument — the most substantive public argument the defense has made in months, amid an extended period of making one after another process argument about why they can’t move to trial next month —  I wondered whether Schulte is driving his attorneys nuts. He is, undoubtedly, among the most confounding defendants I’ve covered — and I’ve covered plenty who exhibited far more signs that extended incarceration on top of underlying mental illness had made them unfit to stand trial.

Schulte may well be exhibiting signs of being jailed for an extended period under Special Administration Measures that limit his communication with outsiders. Though, as the government noted in one of their responses to this extended effort to avoid going to trial, Schulte apparently told Judge Paul Crotty last month he’s willing to undergo the SAMs he has twice challenged for at least another six months to be able to make the process arguments he claims, unconvincingly, he wants to make.

If the defendant’s strategy works, trial in this case would likely not begin until more than two years after the original national security charges in this case were filed, more than three and a half years from the WikiLeaks disclosure that began this investigation, and more than four years from when the Government alleges the defendant stole and transmitted to WikiLeaks the national defense information at issue in this case.

The defendant has claimed that he is willing to remain in prison for this extended period of time—even though he is, according to him, innocent of these charges and the victim of a campaign to frame him conducted by the U.S. Attorney’s Office, the Federal Bureau of Investigation, and the CIA—because Ms. Shroff and Mr. Larsen are “necessary” witnesses who would provide testimony that would help to exonerate him. The defendant has further stated, under oath, that he knows that relying on these witnesses’ testimony would lead to a potentially broad waiver of his attorney-client privilege. But despite acquiescing to even longer detention under special administrative measures, regardless of his purported innocence and the waiver of his privilege, all for the opportunity to present Ms. Shroff’s and Mr. Larsen’s testimony at trial, the defendant still maintains that his decision as to whether he will call either of these attorneys as witnesses remains so amorphous and theoretical that he should not be required to provide the Government even the most meager information about the substance of this purported testimony just weeks before the current trial date.

But ultimately, it’s clear that this is his defense strategy, as messy and stupid and self-destructive as it is.

In another of the government’s responses to this process defense — one that lays out what I did in a post arguing that Schulte is engaged in a con game of three card monte with his legal representation — they take three pages to lay out the timeline of Schulte’s efforts to prevent his virtual confessions in his prison notebooks from being used in the case against him. In my own similar timeline, I had missed that Sabrina Shroff had left the Public Defender’s office in sometime before December 3, rendering one of the claims about an institutional conflict she continues to make moot.

More importantly, there are several new details to that timeline. James Branden, who was appointed in October based on representations he could be ready for trial in January, who then made a request for a six month delay in November because he couldn’t be ready even while admitting he had a week vacation scheduled when he first took on the case, has only met Schulte twice (which must be two court hearings, including the Curcio hearing last month). That’s revealed in both a Schulte request to fire Branden and a Branden response saying he’s happy to be fired, neither of which have been docketed yet.

January 2, 2020: The defendant—despite not having raised any such concerns at the Curcio Hearing—submitted the Schulte Letter to the Court, in which the defendant claimed that he had only seen Mr. Branden twice and that the defendant has “no relationship or confidence in his ability to assist in my defense at trial next month.” The defendant asked that the Court to appoint the defendant a new attorney.

[snip]

January 7, 2019: Mr. Branden submitted a response to the Schulte Letter, in which Mr. Branden confirmed the defendant’s factual representations in the Schulte Letter and stated that Mr. Branden would not oppose being replaced as counsel— notwithstanding his prior representations to the Court regarding his availability to prepare for and participate in the trial as counsel appointed pursuant to the Criminal Justice Act.

I had been wondering whether Schulte’s team asked for Branden to be appointed to make it easier for them to quit, as they’ve tried to do in about three different ways since. I wonder, too, whether Branden hasn’t begun to worry the same thing (not least because he hasn’t signed any of the defense briefs since he was brought on), and he wants off now before — like Wile E. Coyote in virtually every Loony Tunes episode ever — he’s left holding an exploding bomb he set himself.

Basically, what happened over eighteen months ago is that Schulte’s lawyers told him to stop publishing attacks on the government’s case himself, as he kept including classified information that made his situation worse. So instead he wrote plans to publicly rebut the charges against him in a notebook — plans that (according to Schulte’s own recorded jail phone calls) Shroff opposed.

[T]he Government has described to the defense how, if the defendant offered his counsel’s testimony, the Government would likely rely on recorded prison calls in which the defendant criticized defense counsel’s advice, including, for example, calls in which the defendant stated that he would “go around” Ms. Shroff to disclose information to the media, despite her objections to this strategy.

In addition to this evidence that Schulte was ignoring Shroff’s warnings about going public, the stuff in his prison notebooks — including passwords for ProtonMail accounts — is in no way consistent with a public rebuttal that any defense attorney could legally agree to.

So instead, Schulte has just gotten his lawyers to claim they gave bad advice, have a conflict, and now might face criminal exposure for trying to get their client to stop breaking the law from an MCC jail cell. Which might be true, but only because his lawyers were trying to represent his desires, and ultimately his desire seems to be to blow the CIA up, using means that are illegal.

All this appears to be an effort to forestall being tried, indefinitely, out of a presumed recognition that the government already has what amounts to a written confession, and he’s willing to rot at MCC rather than go to trial with that apparent written confession.

In a filing from last month, the government catalogued thirteen different attorneys who have represented Schulte over the course of this prosecution.

Finally, it is also a case in which the defendant—over the course of those three adjournment requests—has cycled through at least 13 attorneys,1 including the instant defense team, which includes at least three attorneys who have represented the defendant for more than a year and a half.

Those 13 attorneys who have represented the defendant are Sabrina Shroff, Edward Zas, Allegra Glashausser, James Branden (all of whom currently represent the defendant, and three of whom have security clearances), Matthew Larsen, Lauren Dolecki, Jacob Kaplan, Mark Baker, Alex Spiro, Taylor Koss, Kenneth Smith, Sean Maher (who was recently appointed as Curcio counsel), and at least one attorney who has not filed a notice of appearance but who appears to be advising Schulte about constitutional arguments to make with respect to the Classified Information Procedures Act (“CIPA”).

There are a lot of reasons why Schulte has gone through so many lawyers, money and clearance, among others.

But at this point, Schulte’s strategy seems to be avoiding trial by ensuring he has no lawyers.

Schulte seems convinced he can’t win on the merits. So to avoid losing, he’s going to hack the legal system in an effort to ensure he never loses.

Joshua Schulte’s Three Lawyer Monte

/3 Comments/in , , , /by

For at least five months, accused Vault 7 leaker Joshua Schulte has been trying one after another ploy to avoid or delay his trial next month. But his latest move isn’t even very clever.

The problem, for Schulte, is that after he submitted a pro se filing attacking the government’s case that included classified information, his lawyers tried to get him to stop by telling him to write his complaints in notebooks instead. He did so and marked the notebooks “Attorney-Client,” but included things that could in no way be considered as such (such as passwords to Proton Mail accounts he used to email people outside of jail). So after the government discovered he had a cell phone in jail and searched his cell, they discovered the notebooks, where he had basically confessed to his past and ongoing crimes. As the government wrote in a later motion, that information includes:

(i) admissions by the defendant relating to his disclosure of classified information to WikiLeaks (such as the identification of information provided to WikiLeaks that has not yet been disclosed by WikiLeaks); (ii) admissions by Schulte with respect to his plan to disseminate additional classified information illegally from the MCC (such as his declaration of a so-called “information war” and notations of plans to, for example, schedule postings on various social media accounts he created from jail); (iii) false exculpatory statements; (iv) evidence connecting Schulte to contraband cellphones and electronic communications accounts (such as notations to install encrypted messaging applications on contraband cellphones or to delete “suspicious emails” from covert accounts used by Schulte while at the MCC); and (v) writings prepared for public dissemination that include classified information (such as draft tweets written by the defendant as one of his alleged former CIA colleagues who claimed to be able to exonerate the defendant and who recounted information about CIA activities to “authenticate” the author).

Since then, he has been trying to make that evidence unavailable for trial.

First, last June, he tried to suppress it (and the Proton Mail emails accessed with the passwords he stored in there) on Fourth Amendment grounds, which Judge Paul Crotty denied last October, in part because the FBI’s use of a wall team to sort out the non-privileged material demonstrated good faith.

Then, in August, Schulte’s lawyers informed the judge they had provided some kind of advice that led him to believe he could write down classified information in his prison notebooks, and asked that the judge sever the charges tied to his attempts to leak classified information from jail from the charges tied to his alleged leak of the Vault 7 documents to WikiLeaks, something that would have made the MCC admissions of guilt unavailable for his main trial. In September, Judge Crotty denied that motion, pointing out that the lawyer who gave the purportedly bad advice is not on Schulte’s trial team and so could testify.

Then, in October, his lawyers asked to be relieved of defending Schulte altogether, or at least asked for the judge to appoint a Curcio counsel to determine whether there is a conflict. On November 6, Judge Crotty appointed a Curcio counsel.

Meanwhile, also in October, Schulte’s lawyers said they were buried preparing for trial and needed help and asked that he appoint another lawyer to help them, James Branden, which Judge Crotty immediately did. That soon looked like a ploy, because Branden — who had said he’d be able to handle the schedule — wrote a letter in November asking for a six month adjournment saying he couldn’t handle the schedule. In the letter, he said he had not, in the interim month, met with Schulte. He also said he couldn’t elaborate on the need for a delay until December 9 because he was on vacation until then. Crotty was none too impressed with that, and denied that motion in December (though extended the trial date by three weeks.

On December 13, Schulte’s public defenders wrote the judge and said they decided their advice to Schulte meant they had to be relieved on ineffective assistance of counsel grounds.

On December 18, they held the Curcio hearing, and Judge Crotty (who had previously described ways to get the exculpatory evidence admitted at trial) denied the request to be relieved.

Last week, Schulte’s public defenders wrote Judge Crotty saying they could no longer defend Schulte because it would mean providing ineffective counsel, and also noting that they may have engaged in misconduct, meaning that Schulte’s decision to present the evidence would reflect badly on his trial lawyers. (Again, the lawyer who gave the bad advice will not be his trial lawyer.)  The next day they wrote against stating that, even though to adopt this ineffective assistance of counsel defense, he’d have to waive privilege on the current set of lawyers, he did not waive privilege.

The government responded to this second letter laying out all the case law that says if you’re going to argue ineffective counsel, you need to share what the bad advice is. In it, they called bullshit on Schulte’s claim that he really relied on his lawyers’ counsel.

For example, the Government has described to the defense how, if the defendant offered his counsel’s testimony, the Government would likely rely on recorded prison calls in which the defendant criticized defense counsel’s advice, including, for example, calls in which the defendant stated that he would “go around” Ms. Shroff to disclose information to the media, despite her objections to this strategy.

They also note that Schulte claims he needs this testimony to prove his innocence but is willing to wait years, under SAMs, to get it.

The Curcio counsel, Sean Maher, wrote as well last week, repeating that he believes the public defenders need to be relieved, because he can’t advise Schulte on whether or not he should call both lawyers to testify, thereby waiving privilege and necessitating getting new lawyers. He argues Schulte needs new lawyers to decide whether he needs to jettison his current lawyers. He ends his letter by explaining that he doesn’t have enough information to advise Schulte on that point.

Only conflict-free counsel who has a full sense of the case — the classified and unclassified discovery, the complicated forensic information, and knowledge of what other witnesses, including rebuttal witnesses, might say — should advise Mr. Schulte on this matter.

What seems to have dropped out of this conversation is that Schulte has another lawyer who can’t fathomably be said to have this conflict, James Branden, who in spite of his December vacation has nevertheless had over two months to get up to speed, the amount of time he originally said it’d take to prepare for trial. Branden is in a position to decide whether Schulte’s claim he got bad advice and so did what he said on recorded jail house conversations that he would ignore he wouldn’t do will hold with a jury.

Schulte is pretending he has two sets of lawyers: the ones he claims gave him shitty advice, which led him to try to record what he must be preparing to claim is just an imaginary Information War entirely within the bounds of his prison notebooks, and the Curcio counsel appointed to tell him — absent any context — whether that means they can’t represent him anymore.

But he’s got a third lawyer who has curiously dropped out of this discussion, Branden, who hasn’t signed his name to a filing since he asked for an adjournment (though he attended the Curcio hearing, so would be competent to provide the kind of advice that Maher says no one is available to provide).

Likely, if asked, Branden would note that claiming his lawyers told him to commit everything to his prison notebooks wouldn’t much help him (even ignoring his Non-Disclosure Agreements that commit him alone to protecting classified information), because Schulte allegedly shared classified information in public documents outside of his prison notebooks, in defiance of the advice the government says he got and ignored from Shroff.

I guess Schulte is hoping if he moves the three cards in his hand around fast enough, Judge Crotty — who he has attacked in a pro se filing Shroff probably told him not to file — won’t see that there are actually three and not two cards in his hand.

Three lawyer monte, with all the lawyers paid for by taxpayers, ostensibly in the name of a fair defense.

Snowden Needs a Better Public Interest Defense: Disposing of the Journalist Filter

/15 Comments/in , , , /by

Some weeks ago, I wrote what was meant to be the second part of a three part review of Edward Snowden’s book, Permanent Record, in which I argued that his use of the Bildungsroman genre raised more questions than it answered about the timing of the moment he came to decide to reveal NSA’s files. I argued that the narrative did not present a compelling story that he had the maturity or the knowledge of the NSA’s files needed to sustain a public interest defense before the time he decided to take those files.

I’ve been struggling to write what was meant to be the first part of that review. That first part was meant to assess what I will treat as Snowden’s “cosmopolitan defense,” showing that his leaks have since been judged by neutral authorities to have revealed legal or human rights violations. As that first part has evolved, it has shifted into a more of a reflection on the failures of the surveillance community as a whole (and therefore my own failures) and of limits to an investment in whistleblowing as exposure. That part is not ready yet, but I hope the release of the FISA IG Report tomorrow will serve as a sounding board to pull those thoughts together.

But since this, the intended third part of the review, was mostly done, I wanted to release it to get it out of the way.

In addition to my other reactions about how this book fails to offer what Snowden has always claimed he wanted to do — offer a defense that he leaked the files in the public interest that could withstand cross-examination — this book harms the version of public interest defense Snowden has always offered. Snowden says that by sharing the NSA files with journalists, he made sure he wasn’t imposing his judgment for society. Given how unpersuasive his explanation for picking (especially) Glenn Greenwald as the journalist to make those choices is, which I addressed in my last post, and given Glenn’s much-mocked OpSec failures, there’s only so far Snowden can take that claim, because it’s always possible adversaries will steal the files or already have from journalists. The Intercept, in particular, went through very rigorous efforts to keep those files secure, but it took them some time to implement and that’s just one set of the files that are out there. 

Still, it is a claim that has a great deal of merit. It distinguishes Snowden from WikiLeaks. It mitigates a lot of concerns about the vast quantity of documents he took (or the degree to which they may relate to core national security concerns). I’m a journalist who once lost a battle to release Snowden documents that showed a troubling use of NSA authorities and who a second time chose not to rely on a Snowden document because its demonstrative value did not overcome the security damage releasing it might do. My experience working directly with the Snowden files is really quite limited and rather comical in its frustrations, but I will attest that there was a rigorous process put in place to protect the files and assess whether or not to publish them.

So I’m utterly biased about the value that journalists’ judgment might have served here. But if it ever comes to it, I will happily explain at length how Snowden’s choice to leak to journalists really does distinguish his actions.

Having made that argument, though, Snowden then violates precisely that principle by writing this book. 

There hasn’t been a lot of discussion about the disclosures Snowden makes in this book. They pale in comparison to what got disclosed with his NSA files. Nevertheless, I’m certain that Snowden revealed things that have forced CIA to mitigate risks if they hadn’t already done so before the book came out. In particular, Snowden describes the infrastructure of four different IC facilities, mostly CIA ones, in a way that would be useful for adversaries. Sure, our most skilled adversaries likely already knew what he disclosed in the book, but this book makes those details (if they haven’t already been mitigated) accessible to a wider range of adversaries.

More curious still is what Snowden makes a big show of not disclosing. In the book, Snowden describes how he took the files. While he describes sneaking the NSA’s files out on SD cards, he pointedly doesn’t explain how he transferred the files onto those SD cards.

I’m going to refrain from publishing how exactly I went about my own writing—my own copying and encryption—so that the NSA will still be standing tomorrow.

If Snowden really is withholding this detail out of some belief that sharing it would bring the NSA down tomorrow, he effectively just put a target on his back, walking as that back is around Moscow, to be coerced to answer precisely this question. And if Snowden really believes this detail is that damaging to the NSA, his assurances that he destroyed his encryption key to the files before he left Hong Kong and so could not be coerced, once he arrived in Russia, to share damaging information on the US falls flat. By his own estimation, Snowden did not destroy some of the most valuable knowledge he had that might be of interest, information he claims could bring the NSA down tomorrow. 

I actually doubt that’s why he’s withholding that detail. After all, the HPSCI Report on Snowden has a three page section that describes this process, including this entirely redacted passage (PDF 18) describing a particular vulnerability he used to make copies of the files, one the unredacted part of the HPSCI report suggests may have been unknown to NSA when Snowden exploited it.

Assuming the NSA, focusing all its forensic powers on understanding what had been, to that point, the agency’s worst breach ever, managed to correctly assess the vulnerability Snowden used by October 29, 2014, the date the NSA wrote a report describing “Methods Used by Edward Snowden To Remove Documents from NSA Networks,” then the NSA has presumably already fixed the vulnerability.

I honestly don’t know why, then, Snowden kept that detail secret. It’s possible it’s something banal, an effort to avoid sharing the critical forensic detail that would be used to prosecute him if he ever were to stand trial (though it’s not like there’s any doubt he took the documents). I can think of other possible reasons, but why he withheld this detail is a big question about the choices he made about what to disclose and what not to disclose in this book.

But that’s the challenge for Snowden, after investing much of a public interest defense in using journalists as intermediaries, now making choices personally about what to disclose and what to withhold. It accords Snowden a different kind of responsibility for the choices he makes in this book. And it’s not clear that, having assumed that role, Snowden met his own standards.

The Trump-John Solomon Attempts to Blame Others for the Vault 7 Leak

/17 Comments/in , , /by

As I noted some weeks ago, there was a detail revealed in the Roger Stone trial that cast Donald Trump’s answers to Robert Mueller in significant new light. It wasn’t the evidence that Trump lied when he said he could not recall talking to his rat-fucker about WikiLeaks; there was already far more compelling evidence that Trump lied under oath to Mueller. Rather, it was the evidence that Trump may have lied when he said he didn’t recall discussing pardoning Julian Assange.

The trial revealed discussions on a pardon involving Stone were more extensive than previously known. Even before the election, Randy Credico interspersed his responses to Stone’s demands for information about Assange’s plans with a push for Trump to give Assange asylum.

It was previously known that Credico and Stone continued to discuss their shared support for an Assange pardon into 2018. The new information on this topic revealed at trial was that Credico introduced Margaret Kunstler to Stone in late December 2016 in pursuit of a pardon.

Given how that makes any pardon for Assange look much more like payoff for help getting elected, I wanted to pull together evidence about how Trump and others responded to the Vault 7 leak in early 2017 and afterwards. What follows is speculative. But the significance of it is bolstered by the fact that Trump’s favorite propagandist, John Solomon, has a role.

Back in early January 2017, the lawyer that Assange shared with Oleg Deripaska and Christopher Steele, Adam Waldman, reached out to DOJ organized crime official Bruce Ohr to broker information from Assange about the CIA hacking files he was preparing to release; Assange never committed to holding the release, but he did offer to make redactions.  Waldman met in person with Ohr on February 3. That same day, Waldman reached out to David Laufman, the head of counterintelligence at the time, presumably off a referral from Ohr. The next day, Assange first pitched Vault 7, effectively giving Waldman more leverage to make a deal with DOJ.

At the same time, Waldman started reaching out to Mark Warner, ultimately discussing possible testimony to SSCI with all his clients — Steele, Deripaska, and Assange. In his discussions about Assange with Warner on February 16, Waldman claimed he was trying to protect Democrats, as if a damaging leak would hurt just one or the other party.

Just two days later, however, Warner broke off that part of discussions with Waldman on instructions from Jim Comey. Ultimately, the frothy right would slam Comey for making this call, complaining that he disrupted, “constructive, principled discussions with DOJ that occurred over nearly two months.” By the time of Comey’s call, however, CIA was already conducting their own internal investigation and  had a pretty good idea that Joshua Schulte had leaked the documents.

On March 7, WikiLeaks released the first of a long series of dumps pertaining to CIA’s hacking tools. While WikiLeaks claimed to have redacted damaging information, within days the FBI and CIA identified that WikiLeaks had actually left damaging information that would have required inside information to know to leave in the files (that is, communications with the source, possibly directly with Schulte).

On March 9, Donald Trump called Jim Comey — the single communication he had with Comey that (at least on the surface) did not relate to the Russian investigation — to ask about ” our, an ongoing intelligence investigation,” per later Comey testimony.

On March 9, 2017, Comey had a secure one-on-one telephone call with President Trump. Comey told the OIG that the secure telephone call was “only business,” and that there was “nothing untoward” about the call, other than it was “unusual for the President to call the Director directly.” Comey said he did not prepare a memo to document this call with the President, but said he had [Jim] Rybicki arrange a secure call to Attorney General Sessions immediately afterwards to inform the Attorney General about the telephone call from the President in an effort “to keep the Attorney General in the chain of command between [Comey] and the President.”

I haven’t confirmed that this pertained to Schulte, though the timing suggests it’s a high likelihood.

Even after the first release, David Laufman made some kind of counteroffer to Waldman in mid-March (these files come from Solomon, so can be assumed to be missing key parts).

But then, days later, the FBI obtained the first warrants targeting Joshua Schulte, obtaining a covert search warrant and a warrant for his Google account on March 13. When the FBI arrived at Schulte’s apartment to search it, however, they discovered so many devices they decided they could not conduct the search covertly (they were under a time crunch, because Schulte had a plane ticket for Mexico on March 16). So overnight on March 14, they obtained an overt search warrant.

Mid-day on what appears to be the same day FBI prepared to search Schulte’s apartment, Tucker Carlson accompanied Trump on a trip to Detroit. During the interview, Tucker challenges Trump, asking why he claimed — 11 days earlier — that Obama had “tapped” Trump Tower without offering proof, Trump blurted out that the CIA was hacked during the Obama Administration.

Tucker: On March 4, 6:35 in the morning, you’re down in Florida, and you tweet, the former Administration wiretapped me, surveilled me, at Trump Tower during the last election. Um, how did you find out? You said, I just found out. How did you learn that?

Trump: I’ve been reading about things. I read in, I think it was January 20th, a NYT article, they were talking about wiretapping. There was an article, I think they used that exact term. I read other things. I watched your friend Bret Baier, the day previous, where he was talking about certain very complex sets of things happening, and wiretapping. I said, wait a minute, there’s a lot of wiretapping being talked about. I’ve been seeing a lot of things. Now, for the most part I’m not going to discuss it because we have it before the committee, and we will be submitting things before the committee very soon, that hasn’t been submitted as of yet. But it’s potentially a very serious situation.

Tucker: So 51,000 people retweeted that, so a lot of people thought that was plausible, they believe you, you’re the president. You’re in charge of the agencies, every intelligence agency reports to you. Why not immediately go to them and gather evidence to support that?

Trump: Because I don’t want to do anything that’s going to violate any strength of an agency. You know we have enough problems. And by the way, with the CIA, I just want people to know, the CIA was hacked and a lot of things taken. That was during the Obama years. That was not during, us, that was during the Obama situation. Mike Pompeo is there now, doing a fantastic job. But we will be submitting certain things, and I will be perhaps speaking about this next week. But it’s right now before the Committee, and I think I want to leave it at that. I have a lot of confidence in the committee.

The search on Schulte did not end until hours after this interview was broadcast. After it was broadcast, but before FBI had confiscated Schulte’s passport, he had gone to his office at Bloomberg to access his computer there. That means, Trump provided non-public information that — because it would have made it clear to Schulte that FBI knew the hacking tools had been stolen under Obama — might have confirmed Schulte’s suspicions that he was the target.

WikiLeaks released a second dump two weeks after the first, on March 23. Then Waldman made a proffer on March 28, offering to discuss Russian infiltration of WikiLeaks and ways to mitigate the damage from Vault 7 for safe passage to the US (and possibly immunity, though that may have been only for that discussion). Laufman couldn’t make sense of the demand for “safe passage,” and asked for clarity, which he appears never to have gotten.

Then on April 7, with the third dump and Mike Pompeo’s subsequent naming of Vault 7 as a hostile non-state actor, the negotiations with Laufman may have ceased. Thus ended what appears to be Assange’s efforts to leverage the CIA’s hacking tools and a false show of reasonableness to obtain a way out of the embassy.

To be fair, Trump didn’t successfully undermine the entire Schulte investigation; he was probably just blabbing his mouth. Unsurprisingly, DOJ refused to grant the expansive concessions Assange was demanding.

But there are a few details of these events of particular interest.

First, Trump’s public comments seem to perfectly parrot what Waldman was saying back in February. Both asserted, ridiculously, that Democrats were uniquely to blame for the theft of CIA’s hacking tools and Trump used that fact almost gleefully, to absolve himself of any concern about the leak.

Similarly, because Jim Comey intervened (presumably to preserve the integrity of at least the investigation into Vault 7 but possibly more), someone teed up John Solomon to blame Comey for the leak the week after Schulte was eventually charged for it. Specifically, Solomon “blames” Comey for not agreeing to free Assange temporarily back in early 2017.

Some of the characters are household names, thanks to the Russia scandal: James Comey, fired FBI director. Sen. Mark Warner (D-Va.), vice chairman of the Senate Intelligence Committee. Department of Justice (DOJ) official Bruce Ohr. Julian Assange, grand master of WikiLeaks. And American attorney Adam Waldman, who has a Forrest Gump-like penchant for showing up in major cases of intrigue.

Each played a role in the early days of the Trump administration to try to get Assange to agree to “risk mitigation” — essentially, limiting some classified CIA information he might release in the future.

The effort resulted in the drafting of a limited immunity deal that might have temporarily freed the WikiLeaks founder from a London embassy where he has been exiled for years, according to interviews and a trove of internal DOJ documents turned over to Senate investigators.

But an unexpected intervention by Comey — relayed through Warner — soured the negotiations, multiple sources tell me. Assange eventually unleashed a series of leaks that U.S. officials say damaged their cyber warfare capabilities for a long time to come.

John Solomon has been the go-to defense propagandist for Trump from the start. This article is an outlier for its topic. Nevertheless, someone loaded Solomon up with documents to selectively release to fit a particular narrative, which attests to the perceived import of it.

Again, some of this is speculative. But tied to the fact that pardon discussions with Trump may have gone further than previously known, it provides a curious pattern, where Trump responded to the most damaging breach in CIA’s history by instead looking for partisan advantage.

Update: According to a Jim Comey 302 newly liberated by BuzzFeed, he diverted into ODNI to call Trump regarding the March 9 call. (PDF 248)

Note that nothing was withheld for classification reasons, though the call was clearly Top Secret when it occurred. That limits the possible topic still further (though by no means confirms that it is Schulte).

Timeline (all dates 2017)

January 12: Bruce Ohr considers Waldman’s offer

February 3: Laufman reaches out to Waldman

February 4: Wikileaks first pitches Vault 7

February 6: Steele tells Ohr that Oleg Deripaska is upset at being treated like a criminal

February 14: Steele probably shares more information on his relationship with Deripaska

February 15: Waldman reaches out to Warner

February 16: Waldman issues extortion threat against Democrats

February 17: Warner says he’s got important call (with Comey), relays stand down order

March 7: Wikileaks releases first Vault 7 documents

March 9: Trump asks Jim Comey about an intelligence investigation

March 13: Covert search warrant on Schulte’s home and Google account

March 14: FBI obtains overt search warrant for Schulte’s home

Mid-March: Waldman contacts Laufman, suggests Assange is interested

March 15, mid-day: During Tucker Carlson interview, Trump reveals non-public information about Vault 7 leak

March 15: FBI interviews Schulte several times as part of first interview

March 15, 9PM: Probable first airing of Carlson interview

March 16: Adam Schiff warns against Trump leaking about Vault 7

March 20, 2017: Search on Schulte (including of cell phone, from which passwords to his desktop obtained)

March 23: Second Vault 7 release

March 28: Safe passage offer not including details about hack

March 31: Third Vault 7 release

April 5: Laufman asks whether Assange wants safe passage into London or to the US

April 7: Wikileaks posts third dump, which Solomon suggests was the precipitating leak for Mike Pompeo’s declaration of Wikileaks as non-state intelligence service (these are weekly dumps by this point)

White House Putting Political Appointees in Charge of Presidential Records Act Compliance

/27 Comments/in , , /by

Axios has a story about how the White House is gutting the CISO staff put into place in the wake of the 2014 APT 29 operation in which Russia targeted the White House. They story is based off the October 17 resignation letter of Dimitrios Vastakis, who was in charge of White House computer network defense, which describes how hostility towards CISO staff has led most of the senior people to resign.

What Axios doesn’t describe, however, is Vastakis’ expressed concern about the effect: that political appointees will be in charge of everything, including compliance with the Presidential Records Act.

I have seen the planned organizational structure for the cybersecurity mission going forward. It essentially transfers the entire mission to the White House Communications Agency (WHCA). All key decision making roles and leadership positions will no longer by [sic] staffed EOP individuals. To me, this is in direct conflict with the recommendations made by the OA Office of General Counsel (OA GC). The main concern of OA GC was the oversight of PRA data and records. Considering the level of network access and privileged capabilities that cybersecurity staff have, it is highly concerning that the entire cybersecurity apparatus is being handed over to non-PRA entities.

That is, it’s not just that Russia will be able to hack the White House again. It’s also that some SysAdmin who knows fuckall about security but who knows how badly Trump needs to suppress or alter key records of his Administration will have the direct access to do that.

In the wake of Trump’s attempt to bury his recent efforts to hide potentially criminal conversations with foreign leaders in a particularly secure server (and in the wake of email or social media retention scandals going back to the first President that Bill Barr helped cover up crimes, Poppy Bush), this concern seems unbelievably important.

[Some of] Where Trump Wants to Go with the Server in Ukraine Story

/127 Comments/in , , , /by

As I emphasized in this post, before Trump pushed Volodymyr Zelensky to frame Hunter Biden, he first pressed Ukraine’s president to “get to the bottom” of the “what happened with this whole situation with Ukraine.”

The President: I would like you to do us a favor though because our country has been through a lot and Ukraine knows a lot about it. I would like you to find out what happened with this whole situation with Ukraine, they say Crowdstrike … I guess you have one of your wealthy people… The server, they say Ukraine has it. There are a lot of things that went on, the whole situation. I think you are surrounding yourself with some of the same people. I would like to have the Attorney General call you or your people and I would like you to get to the bottom of it. As you saw yesterday, that whole nonsense ended with a very poor performance by a man named Robert Mueller, an incompetent performance, but they say a lot of it started with Ukraine. Whatever you can do, it’s very important that you do it if that’s possible.

Contrary to virtually all the coverage on this, there is reason to believe that Bill Barr can get information from Ukraine that will feed the disinformation about the Russian operation. Trump has obviously been told — and not just by Rudy Giuliani (as Tom Bossert believes) — to ask for this, but some of this is probably part of the disinformation that Russia built in to the operation.

Rudy Giuliani wants to frame Alexandra Chalupa

This morning, Rudy Giuliani explained that he wants to know who in Ukraine provided information damning to Trump during the 2016 campaign.

GIULIANI: I have never peddled it. Have you ever hear me talk about Crowdstrike? I’ve never peddled it. Tom Bossert doesn’t know what he’s talking about. I have never engaged in any theory that the Ukrainians did the hacking. In fact, when this was first presented to me, I pretty clearly understood the Ukrainians didn’t do the hacking, but that doesn’t mean Ukraine didn’t do anything, and this is where Bossert…

STEPHANOPOULOS: So, why does the president keep repeating it?

GIULIANI: Let’s get on to the point…

STEPHANOPOULOS: Well, this was in the phone call.

GIULIANI: I agree with Bossert on one thing, it’s clear: there’s no evidence the Ukrainians did it. I never pursued any evidence and he’s created a red herring. What the president is talking about is, however, there is a load of evidence that the Ukrainians created false information, that they were asked by the Obama White House to do it in January of 2016, information he’s never bothered to go read. There are affidavits that have been out there for five months that none of you have listened to about how there’s a Ukrainian court finding that a particular individual illegally gave the Clinton campaign information. No one wants to investigate that. Nobody cared about it. It’s a court opinion in the Ukraine. The Ukrainians came to me. I didn’t go to them. The Ukrainians came to me and said…

STEPHANOPOULOS: When did they first come to you?

GIULIANI: November of 2016, they first came to me. And they said, we have shocking evidence that the collusion that they claim happened in Russia, which didn’t happen, happened in the Ukraine, and it happened with Hillary Clinton. George Soros was behind it. George Soros’ company was funding it.

This is an effort to frame Alexandra Chalupa, who while working as a DNC consultant in 2016 raised alarms about Paul Manafort. This is an effort that Trump has pursued since 2017 in part with a story first floated to (!!) Ken Vogel, an effort that key propagandist John Solomon was pursuing in May. Remember, too, that Chalupa was hacked separately in 2016, and believed she was being followed.

Peter Smith’s operation may have asked for help from a hacker in Ukraine

But per the transcript, this is not about Rudy, it’s about Barr. And even leaving Rudy’s antics aside, there is more that Trump may be after.

First, a fairly minor point, but possibly important. According to Charles Johnson, he advised Peter Smith to reach out to Weev for help finding Hillary’s deleted emails.

Johnson said he also suggested that Smith get in touch with Andrew Auernheimer, a hacker who goes by the alias “Weev” and has collaborated with Johnson in the past. Auernheimer—who was released from federal prison in 2014 after having a conviction for fraud and hacking offenses vacated and subsequently moved to Ukraine—declined to say whether Smith contacted him, citing conditions of his employment that bar him from speaking to the press.

At the time (and still, as far as I know), Weev was living in Ukraine. The Mueller Report says that his investigators never found evidence that Smith or Barbara Ledeen (or Erik Prince or Mike Flynn, who were also key players in this effort) ever contacted Russian hackers.

Smith drafted multiple emails stating or intimating that he was in contact with Russian hackers. For example, in one such email, Smith claimed that, in August 2016, KLS Research had organized meetings with parties who had access to the deleted Clinton emails, including parties with “ties and affiliations to Russia.”286 The investigation did not identify evidence that any such meetings occurred. Associates and security experts who worked with Smith on the initiative did not believe that Smith was in contact with Russian hackers and were aware of no such connection.287 The investigation did not establish that Smith was in contact with Russian hackers or that Smith, Ledeen, or other individuals in touch with the Trump Campaign ultimately obtained the deleted Clinton emails.

Weev is a hacker, but not Russian. So if Smith had reached out to Weev — and if Weev had given him any reason for optimism in finding the emails or even the alleged emails that Ledeen obtained — it might explain why Trump would believe there was information in Ukraine that would help him.

CrowdStrike once claimed its certainty on Russian attribution related to a problematic report on Ukraine

But that’s not the CrowdStrike tie.

At least part of the CrowdStrike tie — and what Zelensky actually could feed to Trump — pertains to a report they did in December 2016. They concluded that one of the same tools that was used in the DNC hack had been covertly distributed to Ukrainian artillery units, which (CrowdStrike claimed) led to catastrophic losses in the Ukranian armed forces. When the report came out — amid the December 2016 frenzy as President Obama tried to figure out what to do with Russia given the Trump win — CrowdStrike co-founder Dmitri Alperovitch pitched it as further proof that GRU had hacked the DNC. In other words, according to CrowdStrike, their high confidence on the DNC attribution was tied to their analysis of the Ukrainian malware.

In a now deleted post, infosec researcher Jeffrey Carr raised several problems with the CrowdStrike report. He correctly noted that CrowdStrike vastly overstated the losses to the Ukranian troops, which both an outside analyst and then the Ukranian Defense Ministry corrected. CrowdStrike has since updated its report, correcting the claim about Ukrainian losses, but standing by its analysis that GRU planted this malware as a way to target Ukrainian troops.

Carr also claimed to know of two instances — one, another security company, and the other, a Ukrainian hacker — where the tool was found in the wild.

Crowdstrike, along with FireEye and other cybersecurity companies, have long propagated the claim that Fancy Bear and all of its affiliated monikers (APT28, Sednit, Sofacy, Strontium, Tsar Team, Pawn Storm, etc.) were the exclusive developers and users of X-Agent. We now know that is false.

ESET was able to obtain the complete source code for X-Agent (aka Xagent) for the Linux OS with a compilation date of July 2015. [5]

A hacker known as RUH8 aka Sean Townsend with the Ukrainian Cyber Alliance has informed me that he has also obtained the source code for X-Agent Linux. [11]

Carr argued that since CrowdStrike’s attribution of the DNC hack assumed that only GRU had access to that tool, their attribution claim could no longer be trusted. At the time I deemed Carr’s objections to be worthwhile, but not fatal for the CrowdStrike claim. It was, however, damning for CrowdStrike’s public crowing about attribution of the DNC hack.

Since that time, the denialist crowd has elaborated on theories about CrowdStrike, which BuzzFeed gets just parts of here. Something that will be very critical moving forward but which BuzzFeed did not include, is that the president of CrowdStrike, Shawn Henry, is the guy who (while he was still at FBI) ran the FBI informant who infiltrated Anonymous, Sabu. Because the FBI reportedly permitted Sabu to direct Antisec to hack other countries as a false flag, the denialist theory goes, Henry and CrowdStrike must be willing to launch false flags for their existing clients. [See update below, which makes it clear FBI did not direct this.] The reason I say this will be important going forward is that these events are likely being reexamined as we speak in the grand jury that has subpoenaed both Chelsea Manning and Jeremy Hammond.

So Trump has an incentive to damage not just CrowdStrike’s 2016 reports on GRU, but also CrowdStrike generally. In 2017, Ukraine wanted to rebut the CrowdStrike claim because it made it look bad to Ukranian citizens. But if Trump gives Zelensky reason to revisit the issue, they might up the ante, and claim that CrowdStrike’s claims did damage to Ukraine.

I also suspect Trump may have been cued to push the theory that the GRU tool in question may, indeed, have been readily available and could have been used against the DNC by someone else, perhaps trying to frame Russia.

As I’ve noted, the GRU indictment and Mueller Report list 30 other named sources of evidence implicating the GRU in the hack. That list doesn’t include Dutch hackers at AIVD, which provided information (presumably to the Intelligence Community generally, including the FBI). And it doesn’t include NSA, which Bossert suggested today attributed the hack without anything from CrowdStrike. In other words, undermining the CrowdStrike claims would do nothing to undermine the overall attribution to Russia (though it could be useful for Stone if it came out before his November 5 trial, as the four warrants tied to his false statements relied on CrowdStrike). But it would certainly feed the disinformation effort that has already focused on CrowdStrike.

That’s just part of what Trump is after.

Update: Dell Cameron, who’s one of the experts on this topic, says that public accounts significantly overstate how closely Sabu was being handled at this time. Nevertheless, the perception that FBI (and Henry) encouraged Sabu’s attacks is out there and forms a basis for the claim that CrowdStrike would engage in a false flag attack. Here’s the chatlog showing some of this activity. Hammond got to the Brazilian target by himself.

Government Confirms that WikiLeaks Didn’t Release All the Vault 7 Files

/4 Comments/in , , /by

Accused Vault 7 hacker Joshua Schulte’s lawyers seem really intent on preventing the government from using evidence obtained while he was using a contraband phone at MCC in his trial for the main leak of CIA’s hacking tools to WikiLeaks.

They’ve already challenged warrants obtained using evidence found in notebooks marked as attorney-client privileged information but then released after a wall team review; in my NAL opinion, that challenge is the most likely of any of his motions to succeed. Last week, they also moved to sever the two MCC charges from the main Espionage ones (they’ve already severed the child porn and copyright violation charges from the Espionage ones), explaining that two of his attorneys, including his lead attorney Sabrina Shroff, would testify to something about discussions from May and June 2018 that would address his state of mind when he leaked and tried to leak CIA materials later in 2018.

To defend against the government’s allegations, Mr. Schulte would call two of his attorneys—Matthew B. Larsen and Sabrina P. Shroff—to present favorable testimony bearing on his state of mind.

This pertains, in some way, to the government’s claim that Schulte wrote classified information in his prison notebooks as part of a plan to leak it.

The government has indicated that its evidence on the MCC Counts will include portions of notebooks seized from Mr. Schulte’s cell, in which he allegedly documented his plans to transmit classified information.

[snip]

Defense counsel expects that at trial, the government will seek to introduce excerpts of Mr. Schulte’s writings in his notebooks as evidence of his specific intent to violate the law.

If they succeed at severing count four from the main Espionage charges, it might make it harder to link what Schulte was doing in jail with what he was allegedly doing over two years earlier. As I noted when Schulte’s team first challenged the MCC warrants, it’s clear why they’re doing this: the MCC evidence indicates he had an ongoing relationship with WikiLeaks.

The FBI investigation proceeded from those notebooks to the WordPress site showing him claiming something identical to disinformation he was packaging up to share with WikiLeaks. They also got from those notebooks to ProtonMail accounts where Schulte offered to share what may or may not be classified information with a journalist. The reason why the defense is pushing to suppress this — one of the only challenges they’re making in his prosecution thus far — is because the stuff Schulte did in prison is utterly damning and seems to confirm both his familiarity with WikiLeaks and his belief that he needed to create disinformation to claim to be innocent.

The government, in a fairly scathing response to Schulte’s motion to sever the trials, confirms that it believes the MCC charges include evidence that help support the main charges on leaking the files to WikiLeaks (what the government calls CIA counts). The government had a “reverse proffer” on December 18, 2018 and laid out all the evidence against Schulte, including pointing out that (as I described) the material seized from MCC helped prove the CIA charges.

About six weeks later, on December 18, 2018, the Government met with defense counsel (the “Reverse Attorney Proffer”). At this meeting, the Government described for defense counsel the theory of the Government’s case with respect to the charges in the Second Superseding Indictment, and answered defense counsel’s questions about the charged counts, including the new counts. The Government also explicitly noted during the Reverse Attorney Proffer that it believed that the material recovered pursuant to the MCC Warrants was relevant evidence with respect to not only the MCC Counts, but also the CIA Counts.

Having laid out the interconnectedness of these charges, the government then explains at some length why having different attorneys defend Schulte in the CIA and MCC counts would cause delays in both, because replacement counsel would need to familiarize themselves with both sets of charges. Now, as I noted, there’s unclassified information that Schulte clearly shared with WikiLeaks both before and while he was in jail. But right there in the middle of this passage is the revelation that Schulte identified classified information in his prison notebooks that he shared with WikiLeaks but that WikiLeaks has not yet published.

Regardless, Schulte’s proposal—further severed trials and new counsel for the MCC Counts—would neither prevent trial delay nor resolve the ethical issue. Rather, it is likely to exacerbate both. First, appointing new counsel on the MCC Counts is likely to cause, rather than prevent, further trial delay and would complicate Schulte’s defense across all counts. Because of the interconnectedness of the MCC Counts and the CIA Counts, as well as the child pornography and copyright counts, new counsel would need to become familiar with the evidence as to all counts in order to appropriately advise and defend Schulte. Indeed, new counsel might determine that the best course with respect to the MCC Counts would be to seek to negotiate a plea that resolves those charges along with some combination of the CIA Counts, child pornography counts, and/or copyright count. Those negotiations could not occur until new counsel was fully familiar with all aspects of the case. This would take a substantial amount of time given that new counsel would have to be cleared and that a substantial portion of the evidence is classified and, thus, must be reviewed in sensitive compartmented information facilities. Moreover, even after new counsel became familiar with the case, it is possible that new counsel might have different views than current counsel concerning a variety of trial strategy decisions, including, among others, the desirability of Schulte testifying, which could impact one or all of the severed trials and would need to be coordinated among all of Schulte’s attorneys. As a result, trial on the CIA Counts could not proceed until new counsel for the MCC Counts was familiar with the entire case. In short, the appointment of new counsel would likely further complicate this case and lead to substantial delays.

Second, severing the CIA Counts from the MCC Counts also would not resolve the purported ethical issue. Even if the trials were severed, evidence of Schulte’s prison conduct, including the Schulte Cell Documents, would still be admissible at the trial addressing the CIA Counts as both direct evidence and Rule 404(b) evidence of those crimes. For example, in the Schulte Cell Documents, Schulte specifically identifies certain classified information that was provided to WikiLeaks but which WikiLeaks has not yet published, which is direct evidence that Schulte transmitted classified information to WikiLeaks as charged in the WikiLeaks Counts. Similarly, Schulte’s prison conduct is also admissible as to the WikiLeaks Counts for a variety of Rule 404(b) purposes including to show, among other things, consciousness of guilt, motive, opportunity, intent, absence of mistake, and modus operandi.5

5 Similarly, during a trial addressing the MCC Counts, the Government would introduce evidence relating to the CIA Counts as direct evidence to complete the story of the crime and, in the alternative, as Rule 404(b) evidence. For example, evidence related to the CIA Counts would establish Schulte’s motive for committing and ability to commit the MCC Counts, as well as his knowledge that the information he unlawfully transmitted was classified national defense information. As a result, even a trial on the MCC Counts would entail introduction of much of the evidence from the Espionage Trial. [my emphasis]

The government doesn’t say whether it knows that WikiLeaks received this information because it found it after seizing Julian Assange’s computers or some other way.

The detail that Schulte referred to information that the government apparently knows WikiLeaks received — but that WikiLeaks has never published — is interesting for an entirely different reason.

On top of asking to sever two more charges, Schulte is also asking for a delay in trial, from November to January. The government says it’s cool with that delay, so long as there won’t be any further delay.

The Government understands that the defendant is seeking to adjourn the Espionage Trial until January 13, 2020. Although the Government is prepared to start trial as scheduled on November 4, 2019, the Government does not oppose the defendant’s adjournment request with the understanding that the defendant will not seek another adjournment of the Espionage Trial absent exceptional and unforeseen circumstances[.]

This story on Jeremy Hammond’s subpoena in EDVA clarifies something about which there has been a great deal of confusion. The US can still add charges against Julian Assange at least until his extradition hearing, which starts on February 25.

Nick Vamos, former head of extradition at the Crown Prosecution Service in England, said the treaty between the two countries still allows for the U.S. to add charges to the Assange case, but that will become more difficult and problematic for the American prosecutors as they get closer to the scheduled extradition hearing in February.

The discussion today has focused on the Stratfor hacks that Hammond is serving time for. Because the five year statute of limitations for CFAA would normally have tolled by now, they are likely pursuing some kind of conspiracy charges, for a conspiracy that continued past 2012.

But given the seeming cooperation while Schulte was in jail and the knowledge that WikiLeaks sat on — or used — one of the other files provided by Schulte, if the government is planning on more conspiracy charges, chances are good that Vault 7 will eventually be included in them.

There Were Two Dick-Waggings Directed at Iran This Week

/93 Comments/in , /by

By all appearances President Trump casually released highly classified information yesterday, as he has done repeatedly in the past.

Within hours of this tweet, CNBC confirmed that this image comes from one of Trump’s intelligence briefings, which led experts to assume Trump had been careless.

A U.S. defense official told CNBC that the picture in Trump’s tweet, which appeared to be a snapshot of a physical copy of the satellite image, was included in a Friday intelligence briefing.

[snip]

But the quality of the photograph quickly raised the eyebrows of national security experts, who say that images this clear are rarely made public.

“I’m not supposed to see stuff this good. He’s not supposed to share it. I’ve honestly never seen an image this sharp,” said Melissa Hanham, deputy director of the Open Nuclear Network and director of the Datayo Project at the One Earth Future Foundation.

Hanham suspected the shot was taken from a high-altitude aerial vehicle using tracking technology, such as an RC-135S Cobra Ball or a similar aircraft.

“This will have global repercussions,” said Joshua Pollack, a nuclear proliferation expert and editor of the Nonproliferation Review.

“The utter carelessness of it all,” Pollack said. “So reckless.”

Even before the NYT weighed in last night, I had my doubts whether this was reckless, or whether it was a calculated decision to dick-wag over the sabotage of a missile program the Iranians deny.

First, the tweet was almost certainly not written by Trump. It has no grammatical errors or typographical anomalies. It uses technical terms and consists of full sentences.

In other words, the tweet has none of the hallmarks of Trump’s reflexive tweeting. Someone helped him tweet this out.

Then there’s the fact that, earlier this week, the US dick-wagged about another successful operation against Iran, a cyberattack that took out the IRGC database that they were using to target western shipping.

The head of United States Cyber Command, Army Gen. Paul M. Nakasone, describes his strategy as “persistent engagement” against adversaries. Operatives for the United States and for various adversaries are carrying out constant low-level digital attacks, said the senior defense official. The American operations are calibrated to stay well below the threshold of war, the official added.

The strike on the Revolutionary Guards’ intelligence group diminished Iran’s ability to conduct covert attacks, said a senior official.

The United States government obtained intelligence that officials said showed that the Revolutionary Guards were behind the limpet mine attacks that disabled oil tankers in the Gulf in attacks in May and June, although other governments did not directly blame Iran. The military’s Central Command showed some of its evidence against Iran one day before the cyberstrike.

[snip]

The database targeted in the cyberattacks, according to the senior official, helped Tehran choose which tankers to target and where. No tankers have been targeted in significant covert attacks since the June 20 cyberoperation, although Tehran did seize a British tanker in retaliation for the detention of one of its own vessels.

Though the effects of the June 20 cyberoperation were always designed to be temporary, they have lasted longer than expected and Iran is still trying to repair critical communications systems and has not recovered the data lost in the attack, officials said.

Officials have not publicly outlined details of the operation. Air defense and missile systems were not targeted, the senior defense official said, calling media reports citing those targets inaccurate.

In the aftermath of the strike, some American officials have privately questioned its impact, saying they did not believe it was worth the cost. Iran probably learned critical information about the United States Cyber Command’s capabilities from it, one midlevel official said.

That story described the views of CyberCommand head General Nakasone, who did some dick-wagging in February over CyberCommand’s role in thwarting Russia’s efforts to tamper in the elections.

Whatever else Nakasone has done with his command, he seems to have made a conscious decision that taking credit for successful operations adds to its effectiveness. There certainly was some debate, both within the NYT story and in discussions of it, whether he’s right. But Nakasone is undoubtedly a professional who, when stories boasting of successful CyberCommand operations get released, has surely thought through the implications of it.

But as I said, last night NYT weighed in on the destroyed missile launch, with a story by long-standing scribes for the intelligence community, David Sanger and William Broad and — listed at the end in the actual story but given equal billing in Sanger’s tweet of it — Julian Barnes, the guy who broke Nakasone’s dick-wagging earlier in the week. It’s a funny story — as it was bound to be, given that virtually no one reported on the explosion itself and while this spends a line doing that, it’s really a story exploring what kind of denial this is.

Trump Denies U.S. Responsibility in Iranian Missile Base Explosion

[snip]

As pictures from commercial satellites of a rocket’s smoking remains began to circulate, President Trump denied Friday on Twitter that the United States was involved.

[snip]

Mr. Trump also included in his tweet a high-resolution image of the disaster, immediately raising questions about whether he had plucked a classified image from his morning intelligence briefing to troll the Iranians. The president seemed to resolve the question on Friday night on his way to Camp David when he told reporters, “We had a photo and I released it, which I have the absolute right to do.”

There is no denying that, even if it runs the risk of alerting adversaries to American abilities to spy from high over foreign territory. And there is precedent for doing so in more calculated scenarios: President John F. Kennedy declassified photographs of Soviet missile sites during the Cuban Missile Crisis in 1962, and President George W. Bush declassified pictures of Iraq in 2003 to support the faulty case that Saddam Hussein was producing nuclear and chemical weapons.

[snip]

Mr. Trump’s denial and the satellite image he released seemed meant to maximize Iran’s embarrassment over the episode.

[snip]

If the accident was linked to a covert action by the United States — one that Mr. Trump would have been required to authorize in a presidential “finding” — he and other American officials would be required by law to deny involvement.

The laws governing covert actions, which stretch back to the Truman administration, focus on obscuring who was responsible for the act, not covering up the action itself. Most American presidents have fulfilled that requirement by staying silent about such episodes, but Mr. Trump does not operate by ordinary rules — and may have decided that an outright denial was his best course. [my emphasis]

Not everyone agrees with the claim that Trump would be required by law to deny a covert operation. He’s the President. He can do what he wants with classified information.

That said, the story may be an attempt to use official scribes to reframe this disclosure to make it closer to the way the intelligence community likes to engage in plausible deniability, with a lot of wink wink and smirking. Amid all the discussion of deny deny deny, after all, the NYT points to several pieces of evidence that this explosion was part of a successful program to sabotage Iran’s missile capabilities.

Two previous attempts at launching satellites — on Jan. 15 and on Feb. 5 — failed. More than two-thirds of Iran’s satellite launches have failed over the past 11 years, a remarkably high number compared with the 5 percent failure rate worldwide.

[snip]

It was the third disaster to befall a rocket launching attempt this year at the Iranian space center, a desert complex east of Tehran named for the nation’s first supreme leader. The site specializes in rocket launchings meant put satellites into orbit.

Tehran announced its January rocket failure but said nothing the one in February that was picked up by American intelligence officials. It has also said nothing officially about Thursday’s blast. Like many closed societies, Iran tends to hide its failures and exaggerate its successes.

The NYT also helpfully links earlier stories on on Iran’s missile program, including one from February by Sanger and Broad that states as fact that the US has accelerated a program to sabotage Iran’s missile program.

The Trump White House has accelerated a secret American program to sabotage Iran’s missiles and rockets, according to current and former administration officials, who described it as part of an expanding campaign by the United States to undercut Tehran’s military and isolate its economy.

Officials said it was impossible to measure precisely the success of the classified program, which has never been publicly acknowledged. But in the past month alone, two Iranian attempts to launch satellites have failed within minutes.

Those two rocket failures — one that Iran announced on Jan. 15 and the other, an unacknowledged attempt, on Feb. 5 — were part of a pattern over the past 11 years. In that time, 67 percent of Iranian orbital launches have failed, an astonishingly high number compared to a 5 percent failure rate worldwide for similar space launches.

Every astute reader who read the earlier Sanger and Broad story would have assumed this explosion was part of the American operation they described. Trump’s tweet would not have changed the extent to which the US could plausibly deny its sabotage operation.

Which means, among all the coyness and winking, this is the most interesting line of the NYT story.

It was unclear if Mr. Trump was using the explosion and the lurking suspicions among Iranians that the United States was again deep inside their nuclear and missile programs to force a negotiation or to undermine one.

Not discussed, however, is the other risk to Trump’s tweet: it has effectively given Iran and our other adversaries a sense of what kind of imagery capabilities we’ve got. That’s what some of the proliferation experts are most troubled by, the possibility that by tweeting out the image, Trump will make it easier for others to evade our surveillance.

But that should be discussed in the same breath as the earlier dick-wagging. While Iran surely suspected the database strike was US work, the earlier NYT story confirms it.

Yes, it’s clear that Trump’s tweet yesterday was dick-wagging. But so was the earlier report on the database hack. So this could reflect a broader change in the US approach to deniability.

The Classified Conversation Trump Had with Comey Was Two Days after the Vault 7 Leak

/45 Comments/in , /by

The other day, I did a long post showing that Trump blabbed details about the FBI’s investigation into the theft of CIA’s hacking tools the same day that the FBI was preparing to take the first step that would alert Joshua Schulte he was FBI’s suspect, a search of his apartment. While in fact, Trump’s comments probably were broadcast after the search had commenced, he made the comments at a time when they could have tipped off Schulte.

In the post, I noted that Jim Comey had had one classified conversation about an intelligence investigation with Trump. “I had one conversation with the president that was classified where he asked about our, an ongoing intelligence investigation, it was brief and entirely professional,” Comey testified to the Senate Intelligence Committee.

The DOJ IG Report on Comey’s memos released today (which I’ll cover at length later) reveals that that conversation took place on March 9, 2017.

On March 9, 2017, Comey had a secure one-on-one telephone call with President Trump. Comey told the OIG that the secure telephone call was “only business,” and that there was “nothing untoward” about the call, other than it was “unusual for the President to call the Director directly.” Comey said he did not prepare a memo to document this call with the President, but said he had [Jim] Rybicki arrange a secure call to Attorney General Sessions immediately afterwards to inform the Attorney General about the telephone call from the President in an effort “to keep the Attorney General in the chain of command between [Comey] and the President.”

That means the conversation took place just two days after the March 7 initial release of the Vault 7 files. The timing makes it far more likely that that’s what they two men spoke about.

More crazy, however, is the detail that Trump initiated that call.

If Trump were calling the FBI Director for information about an investigation into a leak to WikiLeaks (at a time a long effort to get Julian Assange a pardon had already begun), that would change the import of the call significantly.