The Commander-in-Chief Keeps Instructing His National Security Officials Not to Protect the Country

/235 Comments/in , , , , /by

One of the most alarming passages in the Mueller Report describes how, in an effort to get Corey Lewandowski to convince Jeff Sessions to reverse his recusal in the Russian investigation, Trump suggested that Mueller could be limited to investigating future election hacks. (h/t to TC who has been emphasizing this passage)

During the June 19 meeting, Lewandowski recalled that, after some small talk, the President brought up Sessions and criticized his recusal from the Russia investigation.605 The President told Lewandowski that Sessions was weak and that if the President had known about the likelihood of recusal in advance, he would not have appointed Sessions.606 The President then asked Lewandowski to deliver a message to Sessions and said “write this down.” 607 This was the first time the President had asked Lewandowski to take dictation, and Lewandowski wrote as fast as possible to make sure he captured the content correctly.608 The President directed that Sessions should give a speech publicly announcing:

I know that I recused myself from certain things having to do with specific areas. But our POTUS . .. is being treated very unfairly. He shouldn’t have a Special Prosecutor/Counsel b/c he hasn’t done anything wrong. I was on the campaign w/ him for nine months, there were no Russians involved with him. I know it for a fact b/c I was there. He didn’t do anything wrong except he ran the greatest campaign in American history.609

The dictated message went on to state that Sessions would meet with the Special Counsel to limit his jurisdiction to future election interference:

Now a group of people want to subvert the Constitution of the United States. I am going to meet with the Special Prosecutor to explain this is very unfair and let the Special Prosecutor move forward with investigating election meddling for future elections so that nothing can happen in future elections.610

The President said that if Sessions delivered that statement he would be the “most popular guy in the country.”6 11 Lewandowski told the President he understood what the President wanted Sessions to do.612

In June 2017, the Commander-in-Chief of the United States suggested that the FBI should not investigate a historic cyberattack by an adversary on the United States. The investigation Trump was obstructing was not just of his own conduct, but also that of Russia.

That revelation puts two other events in dramatically different light.

First, recall that when Congress was considering bills to ensure election integrity last year, Trump pre-empted the effort with an Executive Order imposing a two step review, after the fact, to see if foreign adversaries had attempted to interfere in the election. First, ODNI does a report on the election, then he delivers it to other Executive Branch Officials. Then DHS Secretary and the Attorney General deliver a report based on that describing whether the effort to interfere had had a material effect. That report, too, just gets delivered to Executive Branch officials.

Section 1. (a) Not later than 45 days after the conclusion of a United States election, the Director of National Intelligence, in consultation with the heads of any other appropriate executive departments and agencies (agencies), shall conduct an assessment of any information indicating that a foreign government, or any person acting as an agent of or on behalf of a foreign government, has acted with the intent or purpose of interfering in that election. The assessment shall identify, to the maximum extent ascertainable, the nature of any foreign interference and any methods employed to execute it, the persons involved, and the foreign government or governments that authorized, directed, sponsored, or supported it. The Director of National Intelligence shall deliver this assessment and appropriate supporting information to the President, the Secretary of State, the Secretary of the Treasury, the Secretary of Defense, the Attorney General, and the Secretary of Homeland Security.

(b) Within 45 days of receiving the assessment and information described in section 1(a) of this order, the Attorney General and the Secretary of Homeland Security, in consultation with the heads of any other appropriate agencies and, as appropriate, State and local officials, shall deliver to the President, the Secretary of State, the Secretary of the Treasury, and the Secretary of Defense a report evaluating, with respect to the United States election that is the subject of the assessment described in section 1(a):

(i) the extent to which any foreign interference that targeted election infrastructure materially affected the security or integrity of that infrastructure, the tabulation of votes, or the timely transmission of election results; and

(ii) if any foreign interference involved activities targeting the infrastructure of, or pertaining to, a political organization, campaign, or candidate, the extent to which such activities materially affected the security or integrity of that infrastructure, including by unauthorized access to, disclosure or threatened disclosure of, or alteration or falsification of, information or data.

The report shall identify any material issues of fact with respect to these matters that the Attorney General and the Secretary of Homeland Security are unable to evaluate or reach agreement on at the time the report is submitted. The report shall also include updates and recommendations, when appropriate, regarding remedial actions to be taken by the United States Government, other than the sanctions described in sections 2 and 3 of this order.

Predictably, when the deadlines for these reports came due after the mid-term elections last year, the Trump Administration balked at sharing all this reporting with the Senate Intelligence Committee.

Then there’s this NYT report revealing that the Mick Mulvaney told DHS Secretary Kirstjen Nielsen not to involve the Commander-in-Chief in any effort to keep this country’s elections safe, which (the report implicitly suggests) made it far more difficult for Nielsen to make protecting elections a priority.

Ms. Nielsen left the Department of Homeland Security early this month after a tumultuous 16-month tenure and tensions with the White House. Officials said she had become increasingly concerned about Russia’s continued activity in the United States during and after the 2018 midterm elections — ranging from its search for new techniques to divide Americans using social media, to experiments by hackers, to rerouting internet traffic and infiltrating power grids.

But in a meeting this year, Mick Mulvaney, the White House chief of staff, made it clear that Mr. Trump still equated any public discussion of malign Russian election activity with questions about the legitimacy of his victory. According to one senior administration official, Mr. Mulvaney said it “wasn’t a great subject and should be kept below his level.”

Even though the Department of Homeland Security has primary responsibility for civilian cyberdefense, Ms. Nielsen eventually gave up on her effort to organize a White House meeting of cabinet secretaries to coordinate a strategy to protect next year’s elections.

[snip]

Ms. Nielsen grew so frustrated with White House reluctance to convene top-level officials to come up with a governmentwide strategy that she twice pulled together her own meetings of cabinet secretaries and agency heads. They included top Justice Department, F.B.I. and intelligence officials to chart a path forward, many of whom later periodically issued public warnings about indicators that Russia was both looking for new ways to interfere and experimenting with techniques in Ukraine and Europe.

[snip]

A second senior administration official said Ms. Nielsen began pushing after the November midterms for the governmentwide efforts to protect the 2020 elections, but only after it became increasingly clear that she had fallen out of Mr. Trump’s favor for not taking a harder line against immigration.

That official said Ms. Nielsen wanted to make election security a top priority at meetings of Mr. Trump’s principal national security aides, who resisted making it a focus of the discussions given that the 2020 vote was, at the time, nearly two years away.

Trump’s refusal to protect elections accompanies a de-emphasis — one enforced by John Bolton — on cybersecurity generally.

This is, quite literally, a case where the Commander-in-Chief is refusing to take the action necessary to protect the country from being attacked in the same way were most recently were attacked.

Update: Earlier this week Politico reported on the effects of a reorganization in Office of Management and Budget’s cybersecurity office before Mulvaney left OMB to become Chief of Staff.

Few Americans may have heard of the Office of the Federal Chief Information Officer, but the unit inside the Office of Management and Budget coordinates tech improvements across the government, helping agencies boost cybersecurity and manage technology and cybersecurity budgets that totaled $105 billion in the past fiscal year.

But many OFCIO employees are overwhelmed by unclear and changing priorities, while others are simply checked out or feeling increasingly marginalized, according to an internal February staff survey that POLITICO obtained, along with data from an annual governmentwide report and interviews with a current OMB employee, five former OFCIO employees and three former senior federal officials familiar with the office.

The unit is grappling with “high turnover,” “a lot of infighting,” a “crushing workload” and “inaction from leadership,” said the current employee, who — like others interviewed for this story — requested anonymity to discuss sensitive personnel matters.

“Things do slip through the cracks,” the OMB employee said. OFCIO’s guidance “impacts the long-term implementation strategy out in the agencies,” and if that’s lacking, there will be “a debilitating effect on overall cybersecurity in the long run,” the person said, adding that there was “real concern at the staff level that if this continues, something bad will happen and we won’t be ready for it.”

[snip]

“This organization looks like it’s in free fall,” said a former senior federal IT official who worked closely with the office.

[snip]

[A] November reorganization appeared to cause significant confusion and discontent among employees. It replaced a structure built around three core units — agency oversight, cybersecurity and policy development — with one centered on “workstreams” for activities such as cybersecurity risk and data strategy.

But the reorganization was “built on the fly” and poorly explained, said a former staffer. More than 80 percent of survey respondents said it was unclear how the reorganization improved office communication.

Adding to these woes is significant frustration with OFCIO’s senior leaders, especially Kent, a former Ernst & Young consultant who took over the office in March 2018 after the team went more than a year without a leader.

Kent, who lacks a cybersecurity or IT background, has fostered “a closed-door culture,” the current OMB employee said.

As I disclosed last July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

Share this entry

MalwareTech Pleads Guilty

/19 Comments/in /by

Marcus Hutchins signed a plea agreement that was entered today. He pleads guilty to two charges of conspiracy, and the other eight charges are dismissed. If I’m doing the math on the sentencing guidelines correctly, he may be facing 6-12 months, though the government has the option of making a significant upward departure.

I’m still buried in the Mueller Report, so won’t have more on this now. It’s a sad result. And testament that justice is a lot different for people like MalwareTech than for Don Jr.

Share this entry

Three Things: Boeing Boing

/76 Comments/in , , , /by

[NB: The byline – check it. /~Rayne]

That U.S. flights of Boeing’s model 737 Max aircraft were suspended is a good thing, I think we can agree though perhaps not all for the same reasons. I’ve had suspicions about Boeing for some time now and not because of the company’s products or its management. Three things have bothered me and the deadly crash on March 10 has only added to previous concerns.

~ 3 ~

I’ve noted before that Boeing has been a possible target for stock manipulation; in fact I wrote about my suspicions a year ago:

You can imagine my surprise on December 6, 2016, when then-president-elect tweeted about Boeing’s contract for the next Air Force One, complaining it was too expensive. Was it Boeing the spies were discussing? But the company didn’t fit what I could see in the indictment, though Boeing’s business is exposed to Russia, in terms of competition and in terms of components (titanium, in particular).

It didn’t help that Trump tweeted before the stock market opened and Boeing’s stock plummeted after the opening bell. There was plenty of time for dark pool operators to go in and take positions between Trump’s tweet and the market’s open. What an incredible bonanza for those who might be on their toes — or who knew in advance this was going to happen. …

And while Boeing 737 Max equipment safety was under public debate after Sunday March 10th crash, Trump tweeted this Luddite position on contemporary aircraft complexity on March 12:

How interesting that he avoided naming Boeing specifically, but at the same time he managed to post the first of these two tweets at exactly 10:00 a.m.; the second tweet didn’t publish for another 12 minutes, leaving those following his tweets closely to assume he was going to discuss Boeing specifically during the interim.

I can’t help think Trump has an ulterior motive with regard to Boeing considering how often he has stepped into their business one way or another since December 6, 2016.

It’d be nice to know who’s been shorting NYSE:BA before his tweets and in which stock exchanges.


[Graphic: NYSE:BA moving average and trading volume from midday Monday 11-MAR-2019 to midday Tuesday 12-MAR-2019 via Barron’s.]

~ 2 ~

Trump’s personal demands have also affected Boeing directly with regard to system updates. The government shutdown delayed for five weeks work by the Federal Aviation Administration toward certification of a software “fix” for the 737 Max flight control system.

In other words, eight more American citzens traveling on the doomed flight this past weekend may have paid the ultimate price for Trump’s gross incompetence and corruption, not to mention the other truly marvelous human beings lost to the world when that flight met the earth two weeks ago.

Boeing’s business model needs to be revisited, though, if the flight control system “fix” wasn’t treated with adequate urgency based on feedback from Boeing to the FAA. There’s a fundamental question of a product’s safety for its intended purpose if it must have a software update to fly safely but that update is an additional feature outside the product’s purchase agreement and must bought before it can be added. Smells like product liability with a whiff of extortion.

Would we tolerate this business model in other situations where so much is at stake? Imagine your computer’s operating system needs a patch before you can use it — and you must pay for the patch, it’s not included in the licensing agreement for the operating system. Oh, and the computer runs your insulin pump or your pacemaker wihout which you are likely to die.

~ 1 ~

The FAA as well as Boeing need to be reevaluated based on complaints the government agency is too closely linked to the aerospace company to provide appropriate oversight. The FAA has been relying on Boeing to self-monitor via component safety inspections because the FAA doesn’t have adequate personnel or resources.

Recall recent reports of supply chain vulnerabilities — is it at all possible Boeing components have been as compromised as other military suppliers have been? How would the public know if it has relied on the FAA’s self-inspection “designee program”?

This sounds eerily familiar, like the claims related to firmware updates needed on servers when it was possible the Supermicro motherboard hardware had been compromised.

~ 0 ~

Treat this as a open thread. We could use a break from what will continue to be a flood of news relate to the Special Counsel’s Office report, especially after the Golfer-in-Chief parks his cart for the weekend and begins shit posting on Twitter in earnest again.

Share this entry

The Future of Regulation in the Perma-Cyber-Infowar

/137 Comments/in , /by

[NB: Check the byline, thanks! /~Rayne]

Looks like we could use an open thread to discuss all the stuff not directly related to the Trump-Russia investigation.

I do want to toss out a topic we should visit given the transition of power in the House from one political party to another and the sea change over the last several years in public awareness about information security.

Most regular readers here have been aware of the dynamic tension between civil liberties and national security, individuals’ rights to privacy and autonomy too frequently falling victim to the state’s efforts to surveil and control.

This site has wrestled with the threats to privacy and security posed by hardware (like cell phones and servers) and software (like vulnerabilities, ransomware, cyberweapons).

But how do we address the threats social media and other information platforms pose? Can we really ignore that Facebook has been weaponized against its country of origin let alone other host nations from the U.K. to Myanmar? Does Sen. Elizabeth Warren’s proposal to break up the largest social media platforms and label them ‘platform utilities’ under a new regulatory structure adequately address users’ privacy rights, information security, and national security?

How far should we push for disclosure of proprietary intellectual property like the platforms’ algorithms? How do we regulate the operation of these without jeopardizing their viability?

Do we need a mandatory ethical standard to which startups must build and existing platforms must comply? Facebook’s iffy interpretation of user consent to use in academic research, for example, was key to its weaponization. What regulatory standard would have prevented the abuse of users’ trust and their data?

Does the likely permanence of cyber warfare as well as information warfare require more or less than Warren has proposed?

Hash it out here in comments. Bring all the stray dog-and-cat issues as well.

Share this entry

MalwareTech’s Judge Seems More Sympathetic to Hutchins about the Intent of Prosecution than the Law

/12 Comments/in /by

JP Stadtmueller, the judge who will preside over MalwareTech (Marcus Hutchins’) case, last week denied his pretrial motions to get his post-arrest interview and all the charges of his indictment thrown out. The order starts this way:

On March 30, 2018, Hutchins filed a motion to suppress the statement that he made to Federal Bureau of Investigation (“FBI”) agents immediately following his arrest, as well as any evidence the government may have obtained as a result. (Docket #55)

We are almost 11 months into the pre-trial process and we’re virtually the same place we started. Just two things have happened in that time: the FBI Agents who arrested Hutchins had badly damaged their credibility, and Stadtmueller has given a read of how he views the case.

Stadtmueller scolds the already discredited FBI Agents for violating Federal Rule of Criminal Procedure

As to the first issue, in ruling against Hutchins on his Miranda claim (which I’ve always suggested was a way to discredit Hutchins’ incriminating comments at trial), Stadtmueller makes it clear he finds the conduct of the FBI agents problematic. He sides with Hutchins on the dispute whether Agent Chartier showed him an arrest warrant in a stairwell exchange that appears to have been improperly referenced in his 302.

The Court notes that the agents’ testimony is somewhat contradictory on this point. Chartier stated that they showed Hutchins the warrant before the interrogation was recorded. By contrast, Butcher stated that they first showed Hutchins the warrant over an hour into the interrogation. The recording of the interrogation suggests that Butcher is correct. Specifically, over an hour into the recording, Chartier says: “Okay. Well, here’s the arrest warrant. And just to be honest—just to be honest, hey, now I’m going to tell you the truth…If I’m being honest with you, Marcus, this has absolutely nothing to do with WannaCry.” The balance of the evidence strongly suggests that Hutchins was not shown the arrest warrant until over an hour into the interrogation.

More importantly, he criticizes the Agents for what he calls an “abject failure of the agents to abide by the Federal Rules of Criminal Procedure.”

At one point in the interrogation, he made a comment that showed that he did not realize he had even been indicted. There is no reason why the government could not have told him exactly why he was arrested, as he requested, and as was required of them by Federal Rule of Criminal Procedure 4(c), unless they were concerned that he would not be cooperative with them. There is certainly an element of deception to this set of events that the Court does not endorse.

[snip]

The Court is concerned by the abject failure of the agents to abide by the Federal Rules of Criminal Procedure 4(c), but their obvious interest in Kronos—including providing Hutchins with a string of code related to Kronos—leads the Court to conclude that there is not clear and convincing evidence that they acted with intent to deceive.

[snip]

Hutchins does not argue the effect of the violation of Federal Rule of Criminal Procedure 4(c)(3)(A), which governs execution of a warrant:

Upon arrest, an officer possessing the original or a duplicate original warrant must show it to the defendant. If the officer does not possess the warrant, the officer must inform the defendant of the warrant’s existence and of the offense charged and, at the defendant’s request, must show the original or a duplicate original warrant to the defendant as soon as possible.

Few courts have had moment to consider whether a violation of this rule would warrant exclusion of evidence, though it certainly might, for deterrent purposes, if the violation compromised a substantive constitutional right and the officers acted bad faith. Bryson v. United States, 419 F.2d 695, 701–02 (D.C. Cir. 1969); Murray v. United States, 855 P.2d 350, 353–56 (Wyo. 1993); United States v. Hamilton, 2017 WL 9476881, at *5 (N.D. Ga. Jan. 3, 2017). However, Hutchins did not raise this issue, so the Court will not consider it. Additionally, even if his statements were excluded, it is likely that the physical evidence still would be admissible. See United States v. Patane, 542 U.S. 630, 637–38 (2004) (failure to give Miranda warnings requires suppression of voluntary statements, but does not require suppression of physical evidence acquired as a result of those voluntary statements).

Taking Stadtmueller’s hint, Hutchins’ lawyers have renewed their motion to suppress the statements on that ground, but it may be too late. Whatever happens, though, this adds to the list of the things the FBI agents whose credibility will be deployed to enter Hutchins’ statements fucked up during his arrest. And that’s before you get into their technical knowledge.

Stadtmueller shows sympathy for the stupidity of prosecuting the guy who killed WannaCry

Along the way, Stadtmueller seems to get how stupid prosecuting the guy who killed WannaCry is.

However, Hutchins’s recent triumph with WannaCry had vaulted him into the public eye as a “white hat” hacker. Thus, Hutchins could have been reasonably confused about the FBI’s interest in him. In assessing whether he voluntarily waived his rights, some consideration must be given to the fact that white hat hacking is a complex and relatively novel field that can toe an already blurry line vis-à-vis online criminal activity. The agents did not tell Hutchins why he was under arrest, and did nothing to explain the nature of the charges against him until the end of his interrogation. Hutchins, who had no cause for concern regarding his role in WannaCry, and who had distanced himself from nefarious internet activity, cooperated.

And, having reviewed the interrogation, he seems to regard Hutchins’ attempts to help the FBI Agents identify the real criminals they are pursuing as good faith.

Almost eighty minutes into the recorded interrogation, the agents finally provided him with the warrant, and told him that it had “nothing to do with WannaCry.” The interrogation continued for about twenty minutes after that. Throughout the remainder of the interrogation, Hutchins tried to be helpful but noted that he had been “out” of so-called “black hat” hacking for so long that he did not have any helpful connections.

In comments throwing out the statutory challenges, Stadtmueller generally favors the prosecution

That said, in his language rejecting Hutchins’ attempt to throw out his indictment charge by charge, Stadtmueller significantly sides with the prosecution, as follows:

Counts One and Seven: Whether the malware in question damaged computers

Stadtmueller argues the requisite details are there for the CFAA damage charges, but suggests the government may not be able to prove their case.

These terms are sufficient to allege intent to cause damage. The burden will be on the government to prove this at trial.

Counts One Through Six: Whether software counts as a device

Perhaps Stadtmueller’s most troubling ruling is that the wiretapping charges were sound (I say that because some very smart lawyers had suggested this was problematic from the start). He argues that the Seventh Circuit precedent doesn’t cite case law and a bunch of cases (from other circuits) do.

The majority of courts to consider this issue have entertained the notion that software may be considered a device for the purposes of the Wiretap Act. See Luis v. Zang, 833 F.3d 619, 630 (6th Cir. 2016) (accepting that a software could be a “device” for the purpose of the Wiretap Act); In re Carrier IQ, Inc., 78 F. Supp. 3d 1051, 1087 (N.D. Cal. 2015) (concluding that a software was an “electronic, mechanical or other device”); Klumb v. Goan, 884 F. Supp. 2d 644, 661–62 (E.D. Ten. 2012) (analyzing spyware software as a device under Wiretap Act); Rene v. G.F. Fishers, Inc., 817 F. Supp. 2d 1090, 1094 (S.D. Ind. 2011) (holding that keystrokes are not electronic communications for the purpose of the Wiretap Act, but accepting the notion that software could be a device); Shefts v. Petrakis, 2012 WL 4049484, at *8–9 (C.D. Ill. 2012) (analyzing software as a device under the Wiretap Act); see also United States v. Barrington, 648 F.3d 1178, 1203 (11th Cir. 2011) (accepting that a keylogger software could be considered a scanning receiver, or a device, under 18 U.S.C. § 1029(e)(8)).

The Court is in accord with the majority of courts to consider this issue. The Court also agrees with the government’s position that Section 2510(5)’s reference to “mechanism,” which is commonly defined as a “process, technique, or system for achieving a result” seems to encompass software. Mechanism, Merriam-Webster Dictionary, https://www.merriamwebster.com/dictionary/mechanism (accessed Jan. 22, 2019); see also United States v. Mitra, 405 F.3d 492, 495 (7th Cir. 2005) (acknowledging that general technology statute should be read broadly in order to accommodate new developments).

Counts One, Four Through Eight, and Ten: Whether malware researcher MalwareTech intended to hack and wiretap

There are a bunch of problems with the way prosecutors claim Hutchins intended to do something it’s not clear he did. To this complaint, Stadtmueller basically punts to trial, without hinting how he feels about the issue.

These are arguments that go to the merits of the case, i.e., whether Hutchins had the requisite intent to commit the crimes charged.

Counts Two and Three: Whether you can charge wiretapping left and right

In its superseding indictment, the government tried to cover itself by charging both of two advertising related wiretapping charges. Hutchins challenged this, arguing they were trying to do the same thing (they are, practically). Stadtmueller ruled they weren’t, legally.

Each count contains an element required to prove the offense that is not required in the other count, and the counts require proof of different facts. There is no multiplicity.

Count Seven: Whether aid and abet without intent counts

This challenge is another intent based one, arguing that you can’t aid and abet a crime that you didn’t intend to accomplish in the first place. Stadtmueller seems skeptical but finds it passes this level of muster.

Hutchins argues that he cannot be charged with attempt to aid and abet an attempt to violate the CFAA because Count Seven is pled “without reference to the intentional causing of damage,” as stated in the statute. (Docket #92 at 5). The superseding indictment alleges that Hutchins attempted to cause damage, which encompasses the intent element. Whether the government can actually prove this at trial is a question for another time.

Counts Two and Three: Whether Hutchins can be charged in the UK for a YouTube

Stadtmueller dismisses Hutchins’ extraterritoriality challenge by saying that the government has at least alleged facts that meet this bar. In some of these details he gets the facts wrong, such as when he says that Hutchins himself pushed Kronos on YouTube.

It also alleges that Hutchens used a YouTube video to promote the sale of Kronos, and referred interested purchasers of Kronos to Individual A.

This YouTube ploy by prosecutors was a key complaint by Hutchins’ lawyers. Nevertheless, Stadtmueller rules that the government has at least alleged activities in EDWI.

However, as stated, the charges sufficiently allege activity in the United States, specifically in the Eastern District of Wisconsin. There is no extraterritorial activity at issue.

That said, Stadtmueller lays this marker, disputing the government’s view of extraterritoriality.

However, because there is confusion about the proper standard to apply in the extraterritorial analysis, the Court takes this opportunity to clarify the issue in case it should arise in the future. There is a presumption against applying statutes extraterritorially because “Congress generally legislates with domestic concerns in mind.” Small v. United States, 544 U.S. 385, 388 (2005) (quotations and citations omitted). This broad presumption applies in all cases, “preserving a stable background against which Congress can legislate with predictable effects.” Morrison v. Nat’l Australian

Therefore, the proper rule to apply is that of RJR Nabisco: if Congress has not evinced an affirmative intent to apply the statute extraterritorially, the Court must assess the focus of the statute, and determine whether the conduct relevant to the focus occurred in the United States. Under RJR Nabisco, some conduct could occur outside of the United States as long as the conduct relevant to the focus of the statute occurred inside the United States. However, as stated above, the conduct that the superseding indictment alleges took place in the United States. Therefore, the Court need not evaluate Sections 2512, 1343, or 1001 for extraterritorial application.

For example, if, as it is alleged, Hutchins promoted his malware to individuals in the Eastern District of Wisconsin, then he could reasonably foresee being haled before this Court for trial on that issue.

Counts One Through Eight and Ten: Whether Hutchins can be charged in EDWI

Similarly, Stadtmueller dismisses another jurisdictional claim based on language that may get back to the intent issue.

For example, if, as it is alleged, Hutchins promoted his malware to individuals in the Eastern District of Wisconsin, then he could reasonably foresee being haled before this Court for trial on that issue.

Count Nine: He’s fucked on false statements until the other challenges work

This one, claiming that he can’t be charged with false statements if he shouldn’t be under FBI’s jurisdiction in the first place, unsurprisingly fails so long as those Stadtmueller other charges.

The Court finds that the FBI was properly within its jurisdiction to investigate these claims. Therefore, the charge that Hutchins lied to the FBI must also go forward.

It’s hard to read what to take from all this. Stadtmueller clearly views some of these charges as flimsy. His views on the wiretap charge are the most surprising to me, and probably the most legally problematic for Hutchins (because of the advertising charges).

That said, Stadtmueller seems to have read this appropriately for what it is, the government effort to use any means available to punish Hutchins for being unable or unwilling to become the FBI’s informant solely because he came to their attention for killing WannaCry.

Share this entry

FBI Finally Moves to Fix Its Text Retention Problem — and Mobile Phone Security

/10 Comments/in , /by

Back when DOJ IG released a report explaining its efforts to ensure it had reconstructed all of Peter Strzok and Lisa Page’s text messages, I pointed out that most people were missing the really important part of the story: FBI was making do with a vendor who — even after that scandal — still missed 10% of texts.

And in trying to invent an obstruction claim out of normal bureaucratic thriftiness, they are ignoring the really damning part of the IG Report. The government contractor whose “bug” was responsible for the text messages that weren’t originally archived (but which were later recovered) still can’t ensure more than 90% of FBI’s texts are recovered.

Among the other excuses FBI offers for implementing a fix to a 20% failure with one that still results in a 10% failure is to say, “complete collection of text messages is neither required nor necessary to meet the FBI’s legal preservation obligations” (which goes back to how they’re requiring retention via policy, but not technologically-assisted procedure). The FBI also says that it “is not aware of any solution that closes the collection gap entirely on its current mobile device platforms,” which makes me wonder why they keep buying new Samsungs if the Samsungs aren’t serving their needs? Aside from the question of why we’d ask FBI Agents to use less secure Korean phones rather than more secure American ones (note, Mueller’s team is using iPhones)?

This is a huge problem in discovery in criminal prosecutions. Just as an example, DOJ claims it didn’t have texts between the Agents who were officially staking MalwareTech out in Las Vegas before they arrested him in 2017 and … other Agents. But if FBI doesn’t actually competently archive those texts, how can they make that claim?

More troubling still, FBI didn’t have a handle on what privileges their unnamed and squirrely data retention vendor had onto FBI Agents’ phones.

As DOJ IG was trying to puzzle through why they couldn’t find all of Strzok and Page’s texts, the unnamed vendor got squirrelly when asked how the retention tool interacts with administrative privileges.

Upon OIG’s request, ESOC Information Technology Specialist [redacted] consulted with the FBl’s collection tool vendor, who informed the FBI that the collection application does not write to enterprise.db. [Redacted] further stated that ESOC’s mobile device team and the vendor believed enterprise.db is intended to track applications with administrative privileges and may have been collecting the logs from the collection tool or another source such as the Short Message Service (SMS) texting application. The collection tool vendor preferred not to share specific details regarding where it saves collected data, maintaining that such information was proprietary; however, [redacted] represented that he could revisit the issue with the vendor if deemed necessary.

Maybe it’s me, but I find it pretty sketchy that this unnamed collection tool vendor doesn’t want to tell the FBI precisely what they’re doing with all these FBI Agents’ texts. “Proprietary” doesn’t cut it, in my opinion.

DOJ IG has now done what I was hoping they would: use the Strzok-Page incident as an opportunity to identify recommendations to fix the problem more generally. Most alarmingly, it says that the Subject Matter Expert it consulted in this process identified security vulnerabilities in its collection process.

[D]uring the OIG’s forensic examination of FBI mobile devices that were used by the two employees, the OIG discovered a database on the mobile devices containing a plain text repository of a substantial number of text messages sent and received by those devices.

Neither ESOC nor the vendor of the application was aware of the existence, origin, or purpose of this database. OIG analysis of the text messages in the database compared to ESOC productions of text messages during the same time periods when the collection tool was functional identified a significant number of text messages found in the database that were missing from the ESOC production. Furthermore, the Subject Matter Expert with whom the OIG consulted in connection with its forensic analysis of the devices identified additional potential security vulnerabilities regarding the collection application. The OIG has provided these findings to the FBI.

Remember: these phones were used by people read into the most sensitive counterintelligence investigations. They weren’t texting a lot about those investigations on those phones, but they were texting unclassified information about the investigations.

So now, two years after these texts were identified, DOJ’s Inspector General is recommending that FBI fix what even I recognized was a security vulnerability — as well as the other, unnamed ones their SME identified.

Coordinate with the collection tool vendor to ensure that data collected by the tool and stored on the device is saved to a secure or encrypted location.

Verify and address the security vulnerabilities identified by the Subject Matter Expert with whom the OIG consulted, which have been provided to the FBI. Current and future mobile devices and data collection and preservation tools should be tested for security vulnerabilities in order to ensure the security of the devices and the safekeeping of the sensitive data therein.

Accused defendants should not have to guess whether or not the FBI Agents investigating them discussed their case via texts that have disappeared forever. And the country, generally, should not have to worry that the phone of its top counterintelligence Agent might be compromised because of a dodgy vendor FBI hired to collect (some of) his texts.

Sadly, DOJ IG doesn’t include another recommendation that seems like a no-brainer: that FBI switch to iPhones over the Samsungs they currently issue, both because iPhones have better security, but also because there is better visibility on the supply chain.

Share this entry

Twitter Only Had SMS 2FA When Hal Martin’s Twitter Account DMed Kaspersky

/11 Comments/in /by

In a post late last month, I suggested that the genesis of FBI’s interest in Hal Martin may have stemmed from a panicked misunderstanding of DMs Martin sent.

What appears to have happened is that the FBI totally misunderstood what it was looking at (assuming, as the context seems to suggest, that this is a DM, it would be an account they were already monitoring closely), and panicked, thinking they had to stop Martin before he dropped more NSA files.

Kim Zetter provides the back story — or at least part of one. The FBI didn’t find the DMs on their own. Amazingly, Kaspersky Lab, which the government has spent much of the last four years demonizing, alerted NSA to them.

As Zetter describes, the DMs were cryptic, seemingly breaking in mid-conversation. The second set of DMs referenced the closing scenes of both the 2016 version of Jason Bourne and Inception.

The case unfolded after someone who U.S. prosecutors believe was Martin used an anonymous Twitter account with the name “HAL999999999” to send five cryptic, private messages to two researchers at the Moscow-based security firm. The messages, which POLITICO has obtained, are brief, and the communication ended altogether as abruptly as it began. After each researcher responded to the confusing messages, HAL999999999 blocked their Twitter accounts, preventing them from sending further communication, according to sources.

The first message sent on Aug. 13, 2016, asked for him to arrange a conversation with “Yevgeny” — presumably Kaspersky Lab CEO Eugene Kaspersky, whose given name is Yevgeny Kaspersky. The message didn’t indicate the reason for the conversation or the topic, but a second message following right afterward said, “Shelf life, three weeks,” suggesting the request, or the reason for it, would be relevant for a limited time.

The timing was remarkable — the two messages arrived just 30 minutes before an anonymous group known as Shadow Brokers began dumping classified NSA tools online and announced an auction to sell more of the agency’s stolen code for the price of $1 million Bitcoin. Shadow Brokers, which is believed to be connected to Russian intelligence, said it had stolen the material from an NSA hacking unit that the cybersecurity community has dubbed the Equation Group.

[snip]

The sender’s Twitter handle was not familiar to the Kaspersky recipient, and the account had only 104 followers. But the profile picture showed a silhouette illustration of a man sitting in a chair, his back to the viewer, and a CD-ROM with the word TAO2 on it, using the acronym of the NSA’s Tailored Access Operations. The larger background picture on the profile page showed various guns and military vehicles in silhouette.

The Kaspersky researcher asked the sender, in a reply message, if he had an email address and PGP encryption key they could use to communicate. But instead of responding, the sender blocked the researcher’s account.

Two days later, the same account sent three private messages to a different Kaspersky researcher.

“Still considering it..,” the first message said. When the researcher asked, “What are you considering?” the sender replied: “Understanding of what we are all fighting for … and that goes beyond you and me. Same dilemma as last 10 min of latest Bourne.” Four minutes later he sent the final message: “Actually, this is probably more accurate” and included a link to a YouTube video showing the finale of the film “Inception.”

As it is, it’s an important story. As Zetter lays out, it makes it clear the NSA didn’t — couldn’t — find Martin on its own, and the government kept beating up Kaspersky even after they helped find Martin.

But, especially given the allusions to the two movies, I wonder whether these DMs actually came from Martin at all. There’s good reason to wonder whether they actually come from Shadow Brokers directly.

Certainly, that’d be technically doable, even though court filings suggest Martin had far better operational security than your average target. It would take another 16 months before Twitter offered Authenticator 2 factor authorization. For anyone with the profile of Shadow Brokers, it would be child’s play to break SMS 2FA, assuming Martin used it.

Moreover, the message of the two allusions fits solidly within both the practice of cultural allusions as well as the themes employed by Shadow Brokers made over the course of the operation, allusions that have gotten far too little notice.

Finally, that Kaspersky would get DMs from someone hijacking Martin’s account would be consistent with other parts of the operation. From start to finish, Shadow Brokers used Kaspersky as a foil, just like it used Jake Williams. With Kaspersky, Shadow Brokers repeatedly provided reason to think that the security company had a role in the leak. In both cases, the government clearly chased the chum Shadow Brokers threw out, hunting innocent people as suspects, rather than looking more closely at what the evidence really suggested. And (as Zetter lays out), Martin would be a second case where Kaspersky was implicated in the identification of such chum, the other being Nghia Pho (the example of whom might explain why the government responded to Kaspersky’s help in 2016 with such suspicion).

Mind you, there’s nothing in the public record — not Martin’s letter asking for fully rendered versions of his social media so he could prove the context, and not Richard Bennett’s opinion ruling the warrants based off Kaspersky’s tip were reasonable, even if the premise behind them proved wrong — that suggests Martin is contesting that he sent those DMs. That said, virtually the entire case is sealed, so we wouldn’t know (and the government really wouldn’t want us to know if it were the case).

As Zetter also lays out, Martin had a BDSM profile that might have elicited attention from hostile entities looking for such chum.

A Google search on the Twitter handle found someone using the same Hal999999999 username on a personal ad seeking female sex partners. The anonymous ad, on a site for people interested in bondage and sado-masochism, included a real picture of Martin and identified him as a 6-foot-4-inch 50-year-old male living in Annapolis, Md. A different search led them to a LinkedIn profile for Hal Martin, described as a researcher in Annapolis Junction and “technical advisor and investigator on offensive cyber issues.” The LinkedIn profile didn’t mention the NSA, but said Martin worked as a consultant or contractor “for various cyber related initiatives” across the Defense Department and intelligence community.

And when Kaspersky’s researchers responded to Martin’s DM, he blocked their accounts, suggesting he treated the communications unfavorably (or, if someone had taken over the account, they wanted to limit any back-and-forth, though Martin would presumably have noted that).

After each researcher responded to the confusing messages, HAL999999999 blocked their Twitter accounts, preventing them from sending further communication, according to sources.

Martin’s attorneys claim he has a mental illness that leads him to horde things, which is the excuse they give for his theft of so many government files. That’s different than suggesting he’d send strangers out-of-context DMs that, at the very least, might make him lose his clearance.

So I’d like to suggest it’s possible that Martin didn’t send those DMs.

Share this entry

Prosecutors Cite Osiris in an Attempt to Resuscitate Dead Law against Marcus Hutchins

/12 Comments/in , /by

I’ve been meaning to do an update on a series of filings in the MalwareTech (Marcus Hutchins’) case in which his defense challenged the magistrate’s recommendations, the government responded, and MalwareTech replied. As I’ll get to, those filings reveal a bit more about what the government was really up to in their prosecution of Hutchins.

First, however, I want to look at something the government does in the first paragraph of their response. The paragraph starts with a succinct statement about the case that smooths over a lot of legally suspect moves they make in the case.

Marcus Hutchins is charged with developing and distributing malware capable accessing and damaging computers without the owners’ knowledge and stealing personal information. See Doc. #86. As set forth in the superseding indictment, he worked with others to sell this malware in online forums. Doc. #86. Hutchins did this to earn money for himself. He essentially admitted his crimes in online “chats” that were later obtained by law enforcement.

Effectively, this statement obscures all the problems with charging Hutchins for making malware that he never intended to use to damage computers as understood by the Computer Fraud and Abuse Act and which doesn’t equate to a device that might amount to wiretapping.

Immediately after having done that, the government points to an entirely different generation of malware than Hutchins wrote — which has since been dubbed Osiris — to suggest Hutchins’ own work has led to damage.

The malware developed and sold by Hutchins and his coconspirators, and variants of that malware, particularly Kronos, have been used to compromise computers around the world for years. See, e.g., “Kronos Reborn,” Proofpoint, July 24, 2018, available at https://www.proofpoint.com/us/threat-insight/post/kronos-reborn (last visited November 30, 2018) (discussing 2018 campaigns involving Kronos variants).

The link describes a much later version of the underlying malware used in campaigns in Germany, Poland, and Japan.

In April 2018, the first samples of a new variant of the banking Trojan appeared in the wild [2]. The most notable new feature is that the command and control (C&C) mechanism has been refactored to use the Tor anonymizing network. There is some speculation and circumstantial evidence suggesting that this new version of Kronos has been rebranded “Osiris” and is being sold on underground markets. In this blog, we present information on the German, Japanese, and Polish campaigns as well as a fourth campaign that looks to be a work in progress and still being tested.

Even if Hutchins’ code formed a key part of this module (I’m sure if this ever gets to trial Hutchins’ team will be able to mock this as a possibility), attacks in three other countries do not justify a prosecution of a British citizen in Milwaukee.

Remember, early on in this case, the government admitted they don’t believe Hutchins continues to engage in criminal activity.

Effectively, Hutchins is on trial for code he wrote years ago, some of it while he was a minor. Because people associated with later generations of that code — with its literal rebirth as a new product — are causing havoc, the government is intent on holding him accountable.

Share this entry

Hal Martin Manages to Obtain a Better Legal Outcome than Reality Winner, But It Likely Doesn’t Matter

/61 Comments/in /by

I’d like to comment on what I understand happened in a Hal Martin order issued earlier this month. In it, Judge Richard Bennett denied two requests from Martin to throw out the warrants for the search of his house and cell site tracking on his location, but granted an effort to throw out his FBI interrogation conducted the day they raided his house.

Hal Martin did not tweet to Shadow Brokers

The filing has received a bit of attention because of a redaction that reveals how the government focused on Martin so quickly: a Tweet (apparently a DM) he had sent hours before the Shadow Brokers files were first dropped on August 13, 2016.

The passage has been taken to suggest that Martin DMed with Shadow Brokers before he published any files.

That’s impossible, for two reasons.

First, it is inconsistent with Shadow Brokers’ known timeline. Shadow Brokers didn’t set up a Twitter account until after the first batch of files were initially posted. And both the Martin warrant — dated August 25 — and the search — which took place the afternoon of August 27 — preceded the next dump from Shadow Brokers on August 28.

But it’s also impossible for how Bennett ruled.

While the underlying motion remains sealed (like virtually everything else in this case), Martin was arguing the warrant used to obtain his Twitter content and later search his house was totally unreasonable under the Fourth Amendment. It’s clear from a letter Martin sent the judge asking for his social media accounts as they actually appeared that he believes the FBI read the content of his Tweet out of context. And the judge actually considered the argument that the search was unreasonable to have merit, and in ruling that the FBI did have substantial basis for the search warrant, conceded that in another context the Tweet would not appear to be so damning.

Significantly, the Fourth Amendment exclusionary rule does not bar the admission of evidence obtained by officers acting in reasonable reliance on a search warrant issued by a magistrate later,found to be invalid. United States v. Leon, 468 U.S. 897,913-14 (1984). The evidence will be suppressed only if (1) the issuing judge was misled by information that the affiant knew or should have known was false, (2) the judge “wholly abandoned” her neutral role, (3) the affidavit was “so lacking in indicia of probable cause as to render official belief in its existence entirely unreasonable,” or (4) the warrant is so facially deficient that no reasonable officer could presume it to be valid. !d. at 923 (citations omitted).

[snip]

In this case, there was a substantial basis for the Magistrate’s fInding of probable cause to issue the search warrant for information associated with the Defendant’s Twitter account. See Upton, 466 U.S. at 728. The affIdavit provides that the Defendant’s Twitter messages [redacted] in which he requested a meeting [redacted] and stated “shelf life, three weeks” – were sent just hours before what was purported to be stolen government property was advertised and posted on multiple online content-sharing sites, including Twitter. (ECF No. 140-1 ~~ 14-23.) Further, and signifIcantly,the affIant averred that the Defendant was a former government contractor who had accessto the information that appeared to be what was purported to be stolen government property that was publicly posted on the Internet. (Id. ~~ 25-27.) Thus, although the Defendant’s Twitter messages could have had any number of innocuous meanings in another setting, these allegations regarding the context of Defendant’s messages provide a substantial basis for the Magistrate’s conclusion that there was a “fair probability” that evidence of the crime of Theft of Government Property, in violation of 18 U.S.c. ~ 641, would be found in information associated with the Defendant’s Twitter account. See Gates, 462 U.S. at 238.

You would never see language like this if Martin really were tweeting with Shadow Brokers, particularly not given the timeline (as it would suggest that he knew of Shadow Brokers before he ever posted). The warrant would, in that case, not be a close call at all. Indeed, the language is inconsistent with Martin’s interlocutor having anything to do with Shadow Brokers.

What appears to have happened is that the FBI totally misunderstood what it was looking at (assuming, as the context seems to suggest, that this is a DM, it would be an account they were already monitoring closely), and panicked, thinking they had to stop Martin before he dropped more NSA files.

Hal Martin got a similar FBI interrogation to Reality Winner’s thrown out

The sheer extent of FBI’s panic is probably what made Martin’s effort to get his FBI interrogation thrown out more successful than Reality Winner’s effort.

Their interrogations were similar. Ten FBI Agents came to Winner’s house, whereas nine SWAT team members, plus eight other FBI Agents, and a few Maryland State Troopers came to Martin’s. In both cases, the FBI segregated the NSA contractors in their home while Agents conducted a search. In Winner’s case, they also segregated her from her pets. In Martin’s case, they segregated him from his partner, Deborah Shaw, and when they did finally let him talk to her, they told Martin “you can’t touch her or any of that stuff.” When the NSA contractors wanted to get something from another part of their home, the FBI accompanied them.

Aside from the even greater number of FBI Agents and that Martin had a partner to be separated from, the biggest difference in Martin’s case is that that they set off a flash-bang device to disorient Martin, and the FBI originally put him face down on the ground and handcuffed him. Those factors, Bennett judged, meant it was reasonable for Martin to believe he was under arrest, and therefore the FBI should have given him a Miranda warning.

That is, on the afternoon of the interrogation, approximately 17-20 law enforcement officers swarmed the Defendant’s property. The Defendant was initially approached by nine armed SWAT agents, handcuffed, and forced to lay on the ground. During the four-hour interrogation, the Defendant was isolated from his partner, his freedom of movement was significantly restricted, and he was confronted with incriminating evidence discovered on his property. In this police dominated environment, a reasonable person in the Defendant’s position would have believed he was not free to leave, notwithstanding the agents’ statements to the contrary.

So unlike Winner, Martin will have his interrogation (in which he admitted to taking files home from his job as a contractor and explained how he did so) thrown out.

But it probably won’t matter.

As a reminder, the FBI charged Martin with taking home 20 highly classified files in February 2017, but they included no allegation that he (willfully) served as a source for Shadow Brokers. It’s possible they know he was an inadvertent source for Shadow Brokers (unlike Nghia Pho, who was likely also a source for Shadow Brokers, they charged Martin for 20 files, larding on the legal exposure; they charged Pho with taking home just one file, while getting him to admit that he could have been charged for each individually). But an earlier opinion in this case ruled that the government only has to prove that by taking hordes of files from of his employers that included National Defense Information, he knowingly possessed the ones he got charged for.

In any case, Martin has already been in jail for 28 months, almost half the amount of time that Pho will serve for doing the same thing, and his trial is not due to start on June 17, a full 34 months after he was arrested. As with Winner, the delay stems from the Classified Information Protection Act process, which ensures that — once the government successfully argues that the secrets in your head make it impossible to release you on bail for fear a foreign intelligence agency will steal those secrets — you serve the equivalent of a sentence before the government even has to prove your guilt.

Again, it may be that Martin unwittingly served as a source for Shadow Brokers. But if he didn’t, then the heavy hand they’re taking with him appears to stem from sheer embarrassment at fucking up with the initial panicked pursuit of him.

Update: Corrected the post to reflect that the search actually preceded the August 28 dump.

Share this entry

Government Requests Harsh New Conditions Governing Joshua Schulte’s Access to Classified Discovery

/11 Comments/in , , /by

When we last heard from Joshua Schulte, he had been thrown in solitary in response to FBI’s discovery that he had a cellphone in his jail cell at Metropolitan Correctional Center, after which FBI discovered he had other devices and 13 email and social media accounts.

In or about early October 2018, the Government learned that Schulte was using one or more smuggled contraband cellphones to communicate clandestinely with third parties outside of the MCC. The Government and the FBI immediately commenced an investigation into Schulte’s conduct at the MCC. That investigation involved, among other things, the execution of six search warrants and the issuance of dozens of grand jury subpoenas and pen register orders. Pursuant to this legal process, in the weeks following the Government’s discovery of Schulte’s conduct at the MCC, the FBI has searched, among other things, the housing unit at the MCC in which Schulte was detained; multiple contraband cellphones (including at least one cellphone used by Schulte that is protected with significant encryption); approximately 13 email and social media accounts (including encrypted email accounts); and other electronic devices.

Today, the government asked for supplemental protective order governing Schulte’s access to a special secure facility from which he can review classified discovery. Among other things, it requires his attorney to be searched for devices upon entering the facility, it requires him to remain in manacles throughout the time he is there, and sets up a clean team to monitor both what happens in the room and the computer the defense uses to review discovery.

The defense council will be screened for electronic devices prior to entering the SCIF when she meets with her client. Once inside the Secure Area, the defendant will be allowed to meet with cleared counsel during normal business hours. The Secure Area contains equipment (the “Computer Equipment”) to allow the defendant and cleared defense counsel to review the Classified Information produced by the Government. The Computer Equipment shall be used only for purposes of preparing the defense, and is enabled to log computer activity occurring on the equipment and is equipped with security measures. These logs may be reviewed by law enforcement agents or personnel who are not involved in the prosecution of the defendant (the “Wall Team”). In the event the Wall Team determines the Computer Equipment has been used in an unauthorized manner, including by attempting to circumvent any security measures or logging features, the Wall Agent will report that information to the CISO, who will notify the Court for further action.

When the defendant is present in the Secure Area, the Secure Area will be monitored for security purposes through closed circuit television (“CCTV”) by the Marshals and an authorized FBI agent for all scheduled productions. The CCTV will allow only for visual monitoring of the defendant and cleared defense counsel, and will not include audio. The CCTV will not be recorded. Should any Marshal or member of the Wall Team hear any conversation between the defendant and any of his counsel, those conversations will not be communicated to any member of the government prosecution team, including, but not limited to attorneys, agents, and support staff.

The Defendant will be in full restraints during the time he is in the SCIF and secured to a bolt in the floor. The Defendant will be stripped searched after departing the SCIF at the conclusion of each session. The Defense attorney will sign a waiver of liability due to the fact she will be alone and in close proximity to the defendant. The USMS reserves the right to terminate these meetings if security issues arise during any session.

While there’s no hint that one of Schulte’s defense attorneys was responsible for the past acquisition of contraband, the FBI sure seems intent on making sure that avenue isn’t possible going forward.

I believe when Schulte was arraigned on the new charge of leaking from jail, the government said that CIA hadn’t continued to give Schulte access to classified information after he left. Which suggests the stuff he tried to leak from jail included information he saw in discovery (presumably including how the FBI figured out he was the one leaking CIA’s tools).

As I disclosed in July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

Share this entry