Posts

31 Flavors of Stolen Classified Documents

In days ahead, there’ll be a heated discussion of what kind of sentence Espionage Act defendant Donald Trump might face. But even among the really experienced people — who correctly point out that Trump’s sentence would be a tiny fraction of the total 400 max he faces — I think the discussions are wrongly conceived. To explain why, I plan to return to my argument that the Mar-a-Lago indictment is tactical.

But first, I want to emphasize the magnitude of the fact DOJ charged Trump with hoarding 31 documents, each charged as an individual count and described, with classification markings, in the indictment. Virtually all of these documents are the type that the government is normally loathe to include at trial, and yet DOJ piled them on, compartmented document on top of compartmented document. The decision to commit to presenting all of them at trial is really remarkable, and must be (and is not being) accounted for in discussions of potential sentencing.

As background I’d like to review five similar prosecutions.

Daniel Hale

First consider two recent prosecutions (Chelsea Manning’s court martial, after which she was sentenced 35 years, is a third) where the indictments listed a long catalog of stolen documents like DOJ did with Trump: Hal Martin and Daniel Hale.

In Hale’s case, the indictment first listed all 23 documents he printed out from his job at a defense contractor, only four of which were as sensitive as most of the documents Trump was charged for hoarding.

DOJ only described the 11 documents that were published by The Intercept (document H, the fourth TS document, was not published by The Intercept and so not included in the charged documents). It then charged five counts:

  • 18 USC 793(c) for taking the 11 documents ultimately published
  • 18 USC 793(e) for taking and sharing the files with Jeremy Scahill
  • 18 USC 793(e) for causing to be published the files
  • 18 USC 798(a)(3) for sharing 4 SIGINT documents (documents A, D, E, and K, above)
  • 18 USC 641 for taking the files, charged to include the 11 that got published and a few other unclassified documents that they had proof he had taken

Hale pled guilty to one count without a plea agreement immediately before trial and got a 45 month sentence. He is due to be released in July 2024.

Had Hale gone to trial, the government wouldn’t have had to expose any new information (though it would need to declassify it), because every charged document had been published already. So DOJ really risked very little by charging all 11 documents published by The Intercept. Any damage was already done.

Hal Martin

The way DOJ charged Hal Martin, though, is more akin to how DOJ has charged Trump.

Martin, remember, was arrested, guns-a-blazing, immediately after Shadow Brokers pegged him as the source of the documents being released in 2016. When the FBI searched his home, they found stacks and stacks of documents, including in his car. It took six months to charge Martin, presumably because DOJ had to do an investigation into what and why he had taken — including whether he was Shadow Brokers or had wilfully leaked the documents to Shadow Brokers. Unlike Trump, he was in pre-trial custody that whole time.

In the end, there were no dissemination charges (ultimately, the public record in his case is inconclusive whether he wilfully leaked these documents or not, but if he did, DOJ either couldn’t prove it or chose not to try). As DOJ did with Trump, each of a bunch of documents, a total of 20, were charged as separate counts.

There are descriptions of each of these 20 documents in the indictment, but not classification markers. The indictment describes that they were a mix of Secret, Top Secret, and SCI.

DOJ presumably got sign-off from the agencies to present these documents at trial, but after a very long pre-trial process, Martin ultimately pled guilty in March 2019 to one count of 18 USC 793(e) as part of a plea agreement, with an agreed on sentence of 9 years, one year short of the 10-year max. He’s scheduled for release in May 2024.

Nghia Pho

By comparison, Nghia Pho — the other presumed source of Shadow Brokers, from whom hackers stole a bunch of NSA files loaded onto his home computer — entered into a plea agreement from the start. His Information didn’t describe any of the documents he took home, though suggested many were TS/SCI. Pho was sentenced to 66 months. Pho, who was in his 60s when he was sentenced and is now 72, is due for release in September.

This is the way DOJ normally prefers to treat those responsible for leaks and other compromises, because the prosecution does little additional damage. Of course, there was never a chance in hell such an approach would work for Trump.

Note that Thomas Windom, who is one of the lead January 6 prosecutors, was on the Pho prosecution team.

Jeremy Brown

Two other relevant cases involve Floridians prosecuted in the last year. With Oath Keeper Jeremy Brown, the government did list and present the five documents, all classified Secret, he was accused of hoarding. They used the Silent Witness rule to present the classified documents at trial, all of which were far more dated and less sensitive than the ones Trump is accused of stealing. Here’s how they described that process in the pre-trial process.

First, the government would provide each juror, the Court, and the defense with a binder of unredacted copies of the Classified Documents. The same process was followed in Mallory, 40 F.4th at 173, and it would enable the jurors to examine the Classified Documents while the government elicits unclassified testimony about the same from its expert witness. As in Mallory, the defense would be permitted to follow the same procedures during cross examination and/or with its own cleared expert, should the defense choose to retain one. Id. This procedure ensures that the jury has full access to the information it needs to fulfill its obligations. Id. at 178 (“But a review of the record reveals that the silent witness rule denied the jury none of the information on which Mallory based his defense.” (emphasis in original)). Second, the government will have Bates and line numbers added to the Classified Documents to enable the witness, the government, and the defense to direct the jurors to specific portions of the material.

Brown was only convicted of one of five Espionage Act counts, but nevertheless was sentenced to 87 months for the document as well as the illegal weapons he was convicted of hoarding.

Robert Birchum

Finally, there’s Robert Birchum, a retired Lieutenant Colonel who was just sentenced to 36 months a few weeks ago. Birchum was found hoarding over 300 documents he had collected before 2008, in 2017, six years ago. The Air Force declined to court martial him, and he was honorably discharged (it sounds like the Air Force really valued the counterinsurgency work he did). The first his case was made public was in January, when he was charged by Information with one count of 793(e). That Information did describe two documents he was charged with:

two documents classified at the TOP SECRET/SCI level from the National Security Agency (NSA) relating to the national defense that discuss the NSA’s capabilities and methods of collection of information.

The government asked for a bottom of guidelines sentence of 78 months, emphasizing Birchum’s abuse of a position of trust and the sensitivity of the documents he took. Among other things Birchum raised at sentencing is that he was so important to the Air Force, they sent him back to Afghanistan even after diagnosing him with PTSD. He also invoked all the high ranking people, including Trump, who had brought classified records home.

Among others, Mr. Birchum’s case now shares a stage with the current President of the United States, the former President and Vice-President of the United States, and a former Secretary of State. Looking a bit further back in time, one can see examples of other high-level government executives involved in the same type of offenses, including a former national security adviser who pled guilty to knowingly removing classified documents from the National Archives and a former CIA director and retired four-star general who pled guilty to sharing classified documents with his biographer and mistress. Both the former national security adviser and the former CIA director were sentenced to pay a fine and probation. No charges have been bought against any of the other individuals noted above. Similar cases involving lower-level government employees that did result in prison sentences typically involved attempts to obstruct the investigation or actual dissemination of the information or both.

He was sentenced to 36 months.

The reason I laid all this out is to suggest how remarkable it was that DOJ listed 31 documents Trump allegedly stole. Of the cases above, they did so with less sensitive, dated records that Brown was charged with, with the 11 documents already published in Hale’s case, and then the catalog of documents charged against Martin, some of which may also have been compromised as part of the Shadow Brokers release. If Martin’s charged documents were already compromised as part of the Shadow Brokers case, it means that among these cases, there is no precedent for the government choosing to charge a catalog of incredibly sensitive documents like they have with Trump.

That’s one reason I keep harping on the footnote in a DOJ filing in the Trump case from last September, invoking the Pho case (where we know the documents were badly compromised) to suggest that sometimes the Intelligence Community has to operate on the assumption that programs have been compromised and shut them down.

Once the government loses positive control over classified material, the government must often treat the material as compromised and take remedial actions as dictated by the particular circumstances. Depending on the type and volume of compromised classified material, such reactions can be costly, time consuming and cause a shift in or abandonment of programs. In this case, the fact that such a tremendous volume of highly classified, sophisticated collection tools was removed from secure space and left unprotected, especially in digital form on devices connected to the Internet, left the NSA with no choice but to abandon certain important initiatives, at great economic and operational cost.

We know one of the 31 documents charged against Trump — the document described in Count 8 that fell out of a box in the storage closet — would be treated as compromised, particularly if someone knocked the box over or is believed to have found it (remember that there are no cameras inside the storage room).

I can’t emphasize this point enough: One possible explanation for the catalog of charges against Trump is that the IC knows, or made a decision last September to assume, that all of these documents have been compromised. It’s one of the most likely ways to explain DOJ’s willingness to include all of them in charges, just like they did with the documents charged against Hale.

That possibility is not being factored into any of the discussions about sentencing, and it should be. The IC likely has to assume that the many intelligence services that targeted Mar-a-Lago, including two known Chinese infiltrators, found some of these documents, or maybe just the musicians and partygoers who could have had access while they were taking a shit.

Importantly, all the documents charged remained in an unsecured storage room after it became public that there were classified documents among the ones that Trump had delivered to NARA in January 2022. (Note, among the really sensitive documents that weren’t included in Trump’s charges are ones classified HCS-O, describing HUMINT operations.)

The Pho and Birchum examples show that DOJ would far prefer negotiating a plea agreement in advance, to minimize further damage to national security. But Trump made quite clear after the search last year, he was unwilling to go quietly.

The only one of these five who went to trial was Brown, and DOJ used the Silent Witness rule for him. That rule is rightly controversial even with disfavored shithole defendants like Brown (or Kevin Mallory, who was convicted of spying for China using it). I simply can’t imagine using the Silent Witness rule in a trial with a former President. The issues of legitimacy are too great. And so, if this thing goes to trial, I assume redacted copies of all these documents would be introduced as evidence that would get shared with the public.

Which is why I point to the Martin case as the one most similar to Trump. My read of that case is that DOJ charged so many documents — just 20, though, rather than 31 — as part of the coercion process to get Martin to plead.

The problem, in Donald Trump’s case, is that he has more incentive to start a civil war than plead guilty to these charges.

Those are some of the assumptions — not to mention that by charging this in West Palm Beach, where Aileen Cannon was likely to and did get the assignment — that Jack Smith must have had in mind when he charged the MAL case like he did.

With every other similarly situated defendant, DOJ has pursued strategies to get the defendant to plead before exacerbating the damage of the compromise at trial. But with Donald Trump, they’re facing a uniquely intransigent defendant. And that is what Jack Smith was facing when he decided to charge this case this way.

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

Trust: In Bid for Stay, DOJ Likened Trump to Catastrophic Intelligence Compromise

There’s a detail in DOJ’s request for a stay of Judge Aileen Cannon’s injunction on using stolen Trump documents to investigate Trump that hasn’t gotten enough attention.

A footnote modifying a discussion about the damage assessment the Intelligence Community is currently doing referenced a letter then-NSA Director Mike Rogers wrote in support of Nghia Pho’s sentencing in 2018. [This letter remains sealed in the docket but Josh Gerstein liberated it at the time.]

[I]n order to assess the full scope of potential harms to national security resulting from the improper retention of the classified records, the government must assess the likelihood that improperly stored classified information may have been accessed by others and compromised. 4

4 Departments and agencies in the IC would then consider this information to determine whether they need to treat certain sources and methods as compromised. See, e.g., Exhibit A to Sentencing Memorandum, United States v. Pho, No. 1:17-cr-631 (D. Md. Sept. 18, 2018), D.E. 20-1 (letter from Adm. Michael S. Rogers, Director, National Security Agency) (“Once the government loses positive control over classified material, the government must often treat the material as compromised and take remedial actions as dictated by the particular circumstances.”).

Even on its face, the comment suggests the possibility that the Intelligence Community is shutting down collection programs because Trump took documents home.

But the analogy DOJ made between Trump and Pho, by invoking the letter, is even worse.

I’ve written about Pho, who with Hal Martin, is believed to be the source of the files leaked by Shadow Brokers and, with them, two devastating global malware attacks, WannaCry and NotPetya.

Over a month ago, I suggested that the IC likely had Pho and Martin in mind as they considered the damage Trump may have done by doing the same thing; taking highly classified files home from work.

[T]he lesson Pho and Martin offer about how catastrophic it can be when someone brings classified files home and stores them insecurely, no matter their motives — are the background against which career espionage prosecutors at DOJ will be looking at Trump’s actions.

But with the footnote, I’m no longer the only one to make such an analogy. DOJ did so too, in an unsuccessful effort to get Judge Cannon to understand the magnitude of the breach she was coddling.

As you read this letter, replace Pho’s name with Trump’s. It reads almost seamlessly.

That’s the analogy DOJ made between Trump and someone his own DOJ prosecuted aggressively.

Pho retained classified information outside of properly secured spaces and by doing so caused very significant and long-lasting harm to the NSA, and consequently to the national security of the United States.

[snip]

[T]he exposure of the United States’ classified information outside of secure spaces may result in the destruction of intelligence-gathering efforts used to protect this nation. Mr. Pho, who voluntarily assumed this responsibility, ignored his oath to his country and the NSA by taking classified information outside of secure spaces, thereby placing that information in significant jeopardy.

[snip]

Mr. Pho’s conduct in improperly and unlawfully retaining national defense information, which included highly classified information, outside of secure space had significant negative impacts on the NSA mission.

[snip]

Techniques of the kind Mr. Pho was entrusted to protect, yet removed from secure space, are force multipliers, allowing for intelligence collection in a multitude of environments around the globe and spanning a wide range of national security topics. Compromise of one technique can place many opportunities for intelligence collection and national security at risk.

By removing such highly classified materials outside of secure space, Mr. Pho subjected those materials to compromise. It is a fundamental mandate in the Intelligence Community that classified material must be handled and stored in very specific and controlled ways. If classified material is not handled or stored according to strict rules, then the government cannot be certain that it remains secret. Once the government loses positive control over classified material, the government must often treat the material as compromised and take remedial actions as dictated by the particular circumstances. Depending on the type and volume of compromised classified material, such reactions can be costly, time consuming and cause a shift in or abandonment of programs. In this case, the fact that such a tremendous volume of highly classified, sophisticated collection tools was removed from secure space and left unprotected, especially in digital form on devices connected to the Internet, left the NSA with no choice but to abandon certain important initiatives, at great economic and operational cost.

In addition, NSA was faced with the crucial and arduous task of accounting for all of the exposed classified materials, including TOP SECRET information, the unauthorized disclosure of which, by definition, reasonably could be expected to cause exceptionally grave damage to the national security. Accounting for all of the exposed classified material was necessary so that NSA could attempt to assess the damage that resulted from the classified and diverted critical resources away from NSA’s intelligence-gathering mission.

The detrimental impacts of Mr. Pho’s activities are also felt in other less tangible ways, including a loss of trust among colleagues and essential partners who count on NSA to conduct its mission.

[snip]

Trust is an essential component of all of the work that is done by NSA employees. It is affirmed by our sworn oath to uphold and defend the Constitution, sealed by our signed obligations to protect national defense information.

[snip]

This trust extends to a circle with other U.S. intelligence agencies, who share valuable intelligence insights; military personnel, who share details of their operational plans; and international partners, who share their sovereign secrets with us, all for common objectives.

[snip]

Future decisions about sharing will be weighted with considerations of the breach of trust by one party.

There’s little that distinguishes Pho’s compromise from Trump’s. While Trump didn’t load all this stuff online like Pho did, he brought it to a thinly-protected country club aggressively targeted by foreign intelligence services — a more obvious target than Pho’s desktop computer.

And whether the IC knows about the extent of the compromise right now, or whether something he made available will shut down shipping and hospitals and drug manufacturing in two years time, as Pho’s compromises did, the IC has to act as if these files have already been compromised.

That’s what the footnote says.

As I said, Trump’s own DOJ ratcheted up prosecutions in the wake of the Pho and Martin compromises. And now Trump — along with a judge he appointed — are trying to make sure he evades the same justice that his own DOJ demanded of others.

Update: Clarified that Martin and Pho are believed to be the source of the files leaked by Shadow Brokers, but not the leakers themselves.

Go to emptywheel resource page on Trump Espionage Investigation.

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

18 USC 793e in the Time of Shadow Brokers and Donald Trump

Late last year, a Foreign Affairs article by former Principal Deputy Director of National Intelligence Sue Gordon and former DOD Chief of Staff Eric Rosenbach asserted that the files leaked in 2016 and 2017 by Shadow Brokers came from two NSA officers who brought the files home from work.

In two separate incidents, employees of an NSA unit that was then known as the Office of Tailored Access Operations—an outfit that conducts the agency’s most sensitive cybersurveillance operations—removed extremely powerful tools from top-secret NSA networks and, incredibly, took them home. Eventually, the Shadow Brokers—a mysterious hacking group with ties to Russian intelligence services—got their hands on some of the NSA tools and released them on the Internet. As one former TAO employee told The Washington Post, these were “the keys to the kingdom”—digital tools that would “undermine the security of a lot of major government and corporate networks both here and abroad.”

One such tool, known as “EternalBlue,” got into the wrong hands and has been used to unleash a scourge of ransomware attacks—in which hackers paralyze computer systems until their demands are met—that will plague the world for years to come. Two of the most destructive cyberattacks in history made use of tools that were based on EternalBlue: the so-called WannaCry attack, launched by North Korea in 2017, which caused major disruptions at the British National Health Service for at least a week, and the NotPetya attack, carried out that same year by Russian-backed operatives, which resulted in more than $10 billion in damage to the global economy and caused weeks of delays at the world’s largest shipping company, Maersk. [my emphasis]

That statement certainly doesn’t amount to official confirmation that that’s where the files came from (and I’ve been told that the scope of the files released by Shadow Brokers would have required at least one more source). But the piece is as close as anyone with direct knowledge of the matter — as Gordon would have had from the aftermath — has come to confirming on the record what several strands of reporting had laid out in 2016 and 2017: that the NSA files that were leaked and then redeployed in two devastating global cyberattacks came from two guys who brought highly classified files home from the NSA.

The two men in question, Nghia Pho and Hal Martin, were prosecuted under 18 USC 793e, likely the same part of the Espionage Act under which the former President is being investigated. Pho (who was prosecuted by Thomas Windom, one of the prosecutors currently leading the fake elector investigation) pled guilty in 2017 and was sentenced to 66 months in prison; he is processing through re-entry for release next month. Martin pled guilty in 2019 and was sentenced to 108 months in prison.

The government never formally claimed that either man caused hostile powers to obtain these files, much less voluntarily gave them to foreign actors. Yet it used 793e to hold them accountable for the damage their negligence caused.

There has never been any explanation of how the files from Martin would have gotten to the still unidentified entity that released them.

But there is part of an explanation how files from Pho got stolen. WSJ reported in 2017 that the Kaspersky Anti-Virus software Pho was running on his home computer led the Russian security firm to discover that Pho had the NSA’s hacking tools on the machine. Somehow (the implication is that Kaspersky alerted the Russian government) that discovery led Russian hackers to subsequently target Pho’s computer and steal the files. In response to the WSJ report, Kaspersky issued their own report (here’s a summary from Kim Zetter). It acknowledged that Kaspersky AV had pulled in NSA tools after triggering on a known indicator of NSA compromise (the report claimed, and you can choose to believe that or not, that Kaspersky had deleted the most interesting parts of the files obtained). But it also revealed that in that same period, Pho had briefly disabled his Kaspersky AV and downloaded a pirated copy of Microsoft Office, which led to at least one backdoor being loaded onto his computer via which hostile actors would have been able to steal the NSA’s crown jewels.

Whichever version of the story you believe, both confirm that Kaspersky AV provided a way to identify a computer storing known NSA hacking tools, which then led Pho — someone of sufficient seniority to be profiled by foreign intelligence services — to be targeted for compromise. Pho didn’t have to give the files he brought home from work to Russia and other malicious foreign entities. Merely by loading them onto his inadequately protected computer and doing a couple of other irresponsible things, he made the files available to be stolen and then used in one of the most devastating information operations in history. Pho’s own inconsistent motives didn’t matter; what mattered was that actions he took made it easy for malicious actors to pull off the kind of spying coup that normally takes recruiting a high-placed spy like Robert Hanssen or Aldrich Ames.

In the aftermath of the Shadow Brokers investigation, the government’s counterintelligence investigators may have begun to place more weight on the gravity of merely bringing home sensitive files, independent of any decision to share them with journalists or spies.

Consider the case of Terry Albury, the FBI Agent who shared a number of files on the FBI’s targeting of Muslims with The Intercept. As part of a plea agreement, the government charged Albury with two counts of 793e, one for a document about FBI informants that was ultimately published by The Intercept, and another (about an online terrorist recruiting platform) that Albury merely brought home. The government’s sentencing memo described the import of files he brought home but did not share with The Intercept this way:

The charged retention document relates to the online recruitment efforts of a terrorist organization. The defense asserts that Albury photographed materials “to the extent they impacted domestic counter-terrorism policy.” (Defense Pos. at 37). This, however, ignores the fact that he also took documents relating to global counterintelligence threats and force protection, as well as many documents that implicated particularly sensitive Foreign Intelligence Surveillance Act collection. The retention of these materials is particularly egregious because Albury’s pattern of behavior indicates that had the FBI not disrupted Albury and the threat he posed to our country’s safety and national security, his actions would have placed those materials in the public domain for consumption by anyone, foreign or domestic.

And in a declaration accompanying Albury’s sentencing, Bill Priestap raised the concern that by loading some of the files onto an Internet-accessible computer, Albury could have made them available to entities he had no intention of sharing them with.

The defendant had placed certain of these materials on a personal computing device that connects to the Internet, which creates additional concerns that the information has been or will be transmitted or acquired by individuals or groups not entitled to receive it.

This is the scenario that, one year earlier, was publicly offered as an explanation for the theft of the files behind The Shadow Brokers; someone brought sensitive files home and, without intending to, made them potentially available to foreign hackers or spies.

Albury was sentenced to four years in prison for bringing home 58 documents, of which 35 were classified Secret, and sending 25 documents, of which 16 were classified Secret, to the Intercept.

Then there’s the case of Daniel Hale, another Intercept source. Two years after the Shadow Brokers leaks (and five years after his leaks), he was charged with five counts of taking and sharing classified documents, including two counts of 793e tied to 11 documents he took and shared with the Intercept. Three of the documents published by The Intercept were classified Top Secret.

Hale pled guilty last year, just short of trial. As part of his sentencing process, the government argued that the baseline for his punishment should start from the punishments meted to those convicted solely of retaining National Defense Information. It tied Hale’s case to those of Martin and Pho explicitly.

Missing from Hale’s analysis are § 793 cases in which defendants received a Guidelines sentence for merely retaining national defense information. See, e.g., United States v. Ford, 288 F. App’x 54, 61 (4th Cir. 2008) (affirming 72-month sentence for retention of materials classified as Top Secret); United States v. Martin, 1:17-cr-69-RDB) (D. Md. 2019) (nine-year sentence for unlawful retention of Top Secret information); United States v. Pho, 1:17-cr-00631 (D. Md. 2018) (66-month sentence for unlawful retention of materials classified as Top Secret). See also United States v. Marshall, 3:17-cr-1 (S.D. TX 2018) (41-month sentence for unlawful retention of materials classified at the Secret level); United States v. Mehalba, 03-cr-10343-DPW (D. Ma. 2005) (20-month sentence in connection with plea for unlawful retention – not transmission – in violation of 793(e) and two counts of violating 18 U.S.C. 1001; court departed downward due to mental health of defendant).

Hale is more culpable than these defendants because he did not simply retain the classified documents, but he provided them to the Reporter knowing and intending that the documents would be published and made available to the world. The potential harm associated with Hale’s conduct is far more serious than mere retention, and therefore calls for a more significant sentence. [my emphasis]

Even in spite of a moving explanation for his actions, Hale was sentenced to 44 months in prison. Hale still has almost two years left on his sentence in Marion prison.

That focus on other retention cases from the Hale filing was among the most prominent national references to yet another case of someone prosecuted during the Trump Administration for taking classified files home from work, that of Weldon Marshall. Over the course of years of service in the Navy and then as a contractor in Afghanistan, Marshall shipped hard drives of classified materials home.

From the early 2000s, Marshall unlawfully retained classified items he obtained while serving in the U.S. Navy and while working for a military contractor. Marshall served in the U.S. Navy from approximately January 1999 to January 2004, during which time he had access to highly sensitive classified material, including documents describing U.S. nuclear command, control and communications. Those classified documents, including other highly sensitive documents classified at the Secret level, were downloaded onto a compact disc labeled “My Secret TACAMO Stuff.” He later unlawfully stored the compact disc in a house he owned in Liverpool, Texas. After he left the Navy, until his arrest in January 2017, Marshall worked for various companies that had contracts with the U.S. Department of Defense. While employed with these companies, Marshall provided information technology services on military bases in Afghanistan where he also had access to classified material. During his employment overseas, and particularly while he was located in Afghanistan, Marshall shipped hard drives to his Liverpool home. The hard drives contained documents and writings classified at the Secret level about flight and ground operations in Afghanistan. Marshall has held a Top Secret security clearance since approximately 2003 and a Secret security clearance since approximately 2002.

He appears to have been discovered when he took five Cisco switches home. After entering into a cooperation agreement and pleading guilty to one count of 793e, Marshall was (as noted above) sentenced to 41 months in prison. Marshall was released last year.

Outside DOJ, pundits have suggested that Trump’s actions are comparable to those of Sandy Berger, who like Trump stole files that belong to the National Archives and after some years pled guilty to a crime that Trump since made into a felony, or David Petraeus, who like Trump took home and stored highly classified materials in unsecured locations in his home. Such comparisons reflect the kind of elitist bias that fosters a system in which high profile people believe they are above the laws that get enforced for less powerful people.

But the cases I’ve laid out above — particularly the lesson Pho and Martin offer about how catastrophic it can be when someone brings classified files home and stores them insecurely, no matter their motives — are the background against which career espionage prosecutors at DOJ will be looking at Trump’s actions.

And while Trump allegedly brought home paper documents, rather than the digital files that Russian hackers could steal while sitting in Moscow, that doesn’t make his actions any less negligent. Since he was elected President, Mar-a-Lago became a ripe spying target, resulting in at least one prosecution. And two of the people he is most likely to have granted access to those files, John Solomon and Kash Patel, each pose known security concerns. Trump has done the analog equivalent of what Pho did: bring the crown jewels to a location already targeted by foreign intelligence services and store them in a way that can be easily back-doored. Like Pho, it doesn’t matter what Trump’s motivation for doing so was. Having done it, he made it ridiculously easy for malicious actors to simply come and take the files.

Under Attorneys General Jeff Sessions and Bill Barr, DOJ put renewed focus on prosecuting people who simply bring home large caches of sensitive documents. They did so in the wake of a costly lesson showing that the compromise of insecurely stored files can do as much damage as a high level recruited spy.

It’s a matter of equal justice that Trump be treated with the same gravity with which Martin and Pho and Albury and Hale and Marshall were treated under the Trump Administration, for doing precisely what Donald Trump is alleged to have done (albeit with far fewer and far less sensitive documents). But as the example of Shadow Brokers offers, it’s also a matter of urgent national security.

DOJ’s June Mar-a-Lago Trip Helps Prove 18 USC 793e

Everyone is squabbling over whether DOJ should release more information on the search of Mar-a-Lago, with entirely reasonable people saying they want DOJ to have to defend taking documents the government owns so we can learn more about what went down.

But we may get more clarity more easily than that. That’s because, if DOJ has any intention of actually charging Donald Trump for stealing classified information, then obtaining specific documents he stole may be one of the last things they need to do before charging him.

As I noted here and here, one of the statutes that’s likely on the table for the Former President is 18 USC 793(e), basically taking national defense information you’re not authorized to have and refusing to give it back.

Whoever having unauthorized possession of, access to, or control over any document, writing, code book, signal book, sketch, photograph, photographic negative, blueprint, plan, map, model, instrument, appliance, or note relating to the national defense, or information relating to the national defense which information the possessor has reason to believe could be used to the injury of the United States or to the advantage of any foreign nation, willfully communicates, delivers, transmits or causes to be communicated, delivered, or transmitted, or attempts to communicate, deliver, transmit or cause to be communicated, delivered, or transmitted the same to any person not entitled to receive it, or willfully retains the same and fails to deliver it to the officer or employee of the United States entitled to receive it;

Regular readers of this site are familiar with this statute because I’ve covered tons of cases charging it: Reality Winner and Hal Martin and Joshua Schulte, among others.

But I went back and found some pattern jury instructions for the unlawful retention charge, and because of that meeting in June, DOJ has most of what they’d need to charge the Former President.

Here’s what jurors would be asked to decide:

Did the defendant, without authorization, have possession of, access to, or control over a document that was National Defense Information?

Yes. The Archives spent a year telling him he was not authorized to have it under the Presidential Records Act.

Did the document in question relate to the national defense?

We don’t know what the documents in question are, but given WaPo’s description in February, then absolutely.

Bonus fact: The jury decides if something was NDI, not the former Original Classification Authority (the fancy term for, “the President gets to decide whether something is classified or not”). So if the agency whose document Trump stole is still trying to protect it from hostile powers, if that agency still believes it is classified, if it remains secret, then a jury is likely to find that it’s NDI.

Did the defendant have reason to believe the information could be used to the injury of the United States or to the advantage of any foreign nation?

Trump is such a psychopath that the answer to this might normally be in question. After all, he routinely treated top secret intelligence like it was toilet paper or party favors for visiting Russians.

Except DOJ went to Trump’s residence in June and told him this information could harm the US. Then they wrote him a letter, saying that it could harm the US and could he please put a padlock on the basement room that had, up until that point, been accessible to all the suspected foreign assets who’ve paid the price of admission to Mar-a-Lago.

Did the defendant retain the above material and fail to deliver it to the officer or employee of the United States entitled to receive it?

Yes! The Archives asked and asked and asked. And then DOJ went to his home and asked again!

Did he keep this document willfully?

Yup. Again, DOJ asked and asked and asked. Trump exhibited awareness the Archives were asking. He stopped in to say “hi!” when Jay Bratt, the head of DOJ’s espionage section, came to visit. And he still hoarded the document.

This may be why Trump claims that nothing was in the hotel safe in his bridal suite, by the way. Keeping these documents at Mar-a-Lago was willful by itself. But keeping such documents in his safe would be proof that he, personally, was hoarding it.

If the FBI really did scoop up highly sensitive documents when they were at Mar-a-Lago the other day, then there may be relatively few steps left to charging him — aside from cataloging the 12 new boxes of stolen documents. DOJ may only need permission from the agencies that own these documents to make the declassifications required to prosecute it.

By going to Mar-a-Lago and asking for these documents in person on June 3, DOJ made it very easy to prove that Trump had been asked, but refused, to give any classified documents found in Trump’s possession on Monday back.

Update: Here’s an indictment from the 793 case that’s most similar to the evidence that may be present with Trump. Hal Martin kept taking highly classified documents home from CIA and NSA, just like Trump took documents home. In Martin’s case, they charged him for 20 documents out of the great swath of documents he stole. He ultimately pled guilty. With good behavior he might get released next April.

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

Hal Martin Sentencing Leaves All Questions Unanswered

Hal Martin was sentenced Friday. He received the nine years agreed upon as part of his plea agreement. But — as the many reports of his sentencing emphasize — closure on this case still doesn’t offer closure on the Shadow Brokers case. Of course the sentencing hasn’t solved the Shadow Brokers case, which has been true since Martin was charged in 2018 but was recently reiterated by AP.

But it also hasn’t provided much clarity on some of the other issues about this case. For example, his lawyer Jim Wyda seems to have confirmed that the cryptic DMs sent to some Kaspersky researchers in advance of the original Shadow Brokers release were his, denying that Martin intended the “Shelf life, three weeks,” DM to be an offer to sell the NSA’s exploits that would be offered for sale less than an hour later. [Note: this sentencing was difficult to cover remotely because the filings weren’t released in PACER, so I’m particularly grateful for other’s coverage, especiall this excellent CyberScoop story on it.]

Jim Wyda, Martin’s public defender, said Friday there was no indication Martin intended for any transaction to take place by that tweet.

I had noted that, given the lack of 2FA at the time of the DMs, hacking Martin’s Twitter account to send the DMs would have been child’s play, something an account claiming to be Shadow Brokers responded to fairly aggressively.

The government, however, offered no comment on those DMs. In response to Judge Richard Bennett’s reminder that the Tweets had been the subject of a Martin challenge to the warrants searching his house, prosecutor Zachary Myers refused to comment, even though classification wouldn’t prevent comment.

Bennett reminded U.S. attorneys of the tweet and the timeline on Friday in court. Assistant U.S. Attorney Zachary Myers said the U.S. government would not be commenting further than noting that the timeline is, indeed, in the facts of the case.

Then there’s the question of whether Martin was a hoarder or a thief. His attorneys insisted his collection of documents was an expression of mental health issues. But the government pointed to how organized it all was (which is hard to square with the descriptions of the chaos of his house from the time of the arrest).

“This is not a case of hoarding, this is stealing,” Myers said Friday at a federal court house in Baltimore. The stolen information “was not in a disorganized manner,” he said, adding what the government found was “logical” and “repetitive.”

Bennett noted Friday he had concerns about the case regarding whether Martin’s alleged hoarding problem, noting that for someone who is a hoarder, he seemed well organized.

Martin’s wife described to CBS how he had recognized his illness before his arrest, but was afraid that if he sought treatment, he would lose clearance and his job.

Mental illness may explain why parts of Martin’s statement expressing remorse make no sense. WaPo:

Martin spoke for about 20 minutes, his voice calm, soft and sometimes difficult to hear as he read nearly verbatim from a letter he’d written earlier this month to the judge.

He made clear that what he’d done was wrong.

“The manner and method of my approach was unorthodox, unconventional, uncanny,” he wrote. “But also unauthorized, illegal and just plain wrong. One step beyond black. Please do not copy this. It is not the easy or correct path. I took shortcuts, went backwards, sideways and around things, crossing major borders and boundaries. It is not good, it’s very, very BAD.”

NYT:

He stood in a striped jersey labeled “Inmate” and read for nearly 30 minutes a rambling statement apologizing to family, friends and his former colleagues at the N.S.A.

“I have been called a walking encyclopedia,” he said, describing himself at another point as “an intellectually curious adventurer.” His words were often cryptic, at one point addressed to “that cool dude in a loose mood” and at another citing the N.S.A. motto, “They serve in silence.”

All that said, one of the most telling details from coverage of yesterday’s sentencing is in the the government’s press release on the sentencing. It emphasizes the resources diverted to investigating Martin’s activities, which sure makes it sound like they don’t think he’s the culprit behind the Shadow Brokers leak.

In court documents and at today’s sentencing hearing, the government noted that crimes such as Martin’s not only create a risk of unauthorized disclosure of, or access to, highly classified information, but often require the government to treat the stolen material as compromised, resulting in the government having to take remedial actions including changing or abandoning national security programs.  In addition, Martin’s criminal conduct caused the government to expend substantial investigative and analytical resources.  The diversion of those resources resulted in significant costs.

Bennett believes the nine year sentence will serve as deterrent for other intelligence personnel. But it’s not clear whether those are the people who need to be deterred.

The Logistics of the Julian Assange Indictment

The extradition request and indictment have been pending while Vault 7 and Roger Stone have percolated

According to a BuzzFeed report from yesterday’s bail hearing in London, Julian Assange’s extradition warrant was dated December 22, 2017.

That means the extradition request came amid an effort by Ecuador to grant him diplomatic status after which he might be exfiltrated to Ecuador or Russia; the extradition request came the day after the UK denied him diplomatic status.

Ecuador last Dec. 19 approved a “special designation in favor of Mr. Julian Assange so that he can carry out functions at the Ecuadorean Embassy in Russia,” according to the letter written to opposition legislator Paola Vintimilla.

“Special designation” refers to the Ecuadorean president’s right to name political allies to a fixed number of diplomatic posts even if they are not career diplomats.

But Britain’s Foreign Office in a Dec. 21 note said it did not accept Assange as a diplomat and that it did not “consider that Mr. Assange enjoys any type of privileges and immunities under the Vienna Convention,” reads the letter, citing a British diplomatic note.

Both events came in the wake of the revocation of Joshua Schulte’s bail after he got caught using Tor, in violation of his bail conditions. And the events came days before Donald Trump’s longtime political advisor Roger Stone told Randy Credico he was about to orchestrate a blanket pardon for Assange.

In early January, Roger Stone, the longtime Republican operative and adviser to Donald Trump, sent a text message to an associate stating that he was actively seeking a presidential pardon for WikiLeaks founder Julian Assange—and felt optimistic about his chances. “I am working with others to get JA a blanket pardon,” Stone wrote, in a January 6 exchange of text messages obtained by Mother Jones. “It’s very real and very possible. Don’t fuck it up.” Thirty-five minutes later, Stone added, “Something very big about to go down.”

The indictment used to submit an extradition request yesterday was approved by an EDVA grand jury on March 6, 2018, 13 months ago and just a few months after the extradition request.

That means the indictment has been sitting there at EDVA since a few days before Mueller obtained warrants to obtain the contents of five AT&T cell phones, one of which I suspect belongs to Roger Stone (see this post for a timeline of the investigation into Stone). The indictment has been sitting there since a few weeks before Ecuador first limited visitors for Julian Assange last March. It has been sitting there for three months before the government finally indicted Joshua Schulte, in June 2018, for the leak of Vault 7 files they had been pursuing for over a year (see this post for a timeline of the investigation into Schulte). It was sitting there when, in July, Mueller rolled out an indictment referring to WikiLeaks as an unindicted co-conspirator with GRU on the 2016 election hacks, without charging the organization. It was also sitting there last July when David House testified about publicizing Chelsea Manning’s case to the grand jury under a grant of immunity. It was sitting there when Schulte got videotaped attempting to leak classified information from jail, making any prosecution far easier from a classified information standpoint; that happened right around the time Ecuador ratcheted up the restrictions on Assange. It had been sitting there for 10 months by the time Mueller indicted Roger Stone for lying about optimizing the WikiLeaks release of documents stolen by Russia, again while naming but not charging WikiLeaks. It had been sitting there for 11 months when Chelsea Manning first got a subpoena to testify before an EDVA grand jury, and a full year before she went public with her subpoena. It had been sitting there for over a year when Mueller announced he was finishing on March 22; likewise it has been sitting there ever since Bill Barr announced Trump’s team hadn’t coordinated with the Russian government but remained silent about coordination with WikiLeaks.

In short, the indictment has been sitting there for quite some time and the extradition warrant even longer, even as several different more recent investigations appear to be relentlessly moving closer to WikiLeaks. It has been sealed, assuming it’s the same as the complaint the existence of which was accidentally revealed late last year because, “due to the sophistication of the defendant and the publicity surrounding the case, no other procedure is likely to keep confidential the fact that Assange has been charged.”

There’s a somewhat obvious reason why it got indicted when it did. As WaPo and others have pointed out, the eight year statute of limitations on the CFAA charges in the indictment would have run last year on March 7, 2018.

But that doesn’t explain why DOJ decided to charge Assange in this case, when Assange’s actions with Vault 7 appear far more egregious, or why the indictment is just being unsealed now. And it doesn’t explain why it got released — without any superseding allegations — now, even while WaPo and CNN report more charges against Assange are coming.

Here’s what I suspect DOJ is trying to do with this indictment.

The discussion of cracking the password takes place as Manning runs out of files to share

First, consider these details about the indictment. As I noted earlier, the overt act it charges as a conspiracy is an agreement to crack a password.

On or about March 8, 2010, Assange agreed to assist Manning in cracking a password stored on United States Department of Defense computers connected to the Secret Internet Protocol Network, a United States government network used for classified documents and communications, as designated according to Executive Order No. 13526 or its predecessor orders.

[snip]

The portion of the password Manning gave to Assange to crack was stored as a “hash value” in a computer file that was accessible only by users with administrative-level privileges. Manning did not have administrative-level privileges, and used special software, namely a Linux operating system, to access the computer file and obtain the portion of the password provided to Assange.

Cracking the password would have allowed Manning to log onto the computers under a username that did not belong to her. Such a measure would have made it more difficult for investigators to identify Manning as the source of disclosures of classified information.

More specifically, the overt act relates to some exchanges revealed in chat logs that have long been public, dating to March 2010 (see this post for a timeline of some related activities from this period, but not this chat; this post describes a chronology of Manning’s alleged leaks). This is a period when Manning had already leaked things to WikiLeaks, including the Collateral Murder video they’re in the process of editing during the conversation and the Iraq and Afghan war logs that were apparently a focus of the David House grand jury testimony.

In the logs, Manning asks whether WikiLeaks wants Gitmo detainee files (a file that, in my opinion, was one of the most valuable leaked by Manning). Assange isn’t actually all that excited because “gitmo is mostly over,” but suggests the files may be useful to defense attorneys (they were! to some of the same defense attorneys defending Assange now!) or if Afghanistan heats up.

Manning says she’s loading one more archive of interesting stuff.

This appears to be the Gitmo files.

Manning explicitly says that’s all she’s got, and then talks about taking some years off to let heat die down, even while gushing about the current rate of change.

Some hours later, amid a discussion about the status of the upload of the Gitmo files that are supposed to be the last file she’s got, Manning then asks Assange if he’s any good at cracking passwords.

He says he has, “passed it onto our lm guy.”

Two days later Assange asks for more information on the hash, stating (as the indictment notes) that he’s had no luck cracking it so far. Then there’s a six day break in the chat logs, at least as presented.

The next day Assange floats getting Manning a crypto phone but then thinks better of it.

These chat logs end the next day, March 18, 2010. As the indictment notes, however, it’s not until ten days later, on March 28, 2010, that Manning starts downloading the State cable files.

Following this, between March 28, 2010, and April 9, 2010, Manning used a United States Department of Defense computer to download the U.S. Department of State cables that WikiLeaks later released publicly.

It’s unclear whether Assange ever cracked the password — but the chat log suggests he involved another person in the conspiracy

Most people have assumed, given what the indictment lays out, that Assange never succeeded in cracking the password. I have no idea whether he did or not, but I’m seeing people base that conclusion on several faulty assumptions. (Update: HackerFantastic notes that Assange couldn’t have broken this password, but goes on to describe how using other code it might be possible; that’s interesting because Manning was alleged to have added additional software onto the network after the initial Linux device, on May 4, 2010.)

First, some people assume that if Assange had succeeded in cracking the password, the indictment would say so. I’m not so sure. The indictment only needs to allege that Assange and Manning entered into a conspiracy — which the indictment deems a password cracking conspiracy — and took an overt act, whether or not the conspiracy itself was successful. The government suggests that Assange’s comment that he’s had “no luck so far” shows that he has taken an overt act, trying to crack it. Nothing else is required for the purposes of the indictment.

Further, several things about the chat log, as received, suggests there may be more going on in the background. There’s the six day gap after that conversation. There’s the contemplation of getting Manning a crypto phone. And then the chat logs as the government has chosen to release them end, though as the government notes, ten days after they end, Manning starts downloading the State cables.

But the record at least suggests that this conspiracy involves at least one more person, the “lm guy.” Maybe Assange was just falsely claiming to have a guy who focused on cracking certain kinds of hashes. Or maybe the government knows who he is.

The reference to him, however, suggests that there’s at least one more person in this conspiracy. The indictment notes there are “other co-conspirators known and unknown to the Grand Jury,” which is the norm for conspiracy indictments. But there are no other details of who else might be included.

Yes, this particular conspiracy is incredibly narrowly conceived, focused on just that password decryption. But there’s also the “Manner and Means of the Conspiracy” language that has (rightly) alarmed journalists so much, describing the goal of acquiring and sharing classified information that WikiLeaks could disseminate, and describing the operational security (Jabber and deleted chat logs) and inducement to accomplish that goal.

In other words, this indictment seems to be both an incredibly narrow charge, focused on a few Jabber conversations between Assange and Manning, and a much larger conspiracy in which Assange and other unnamed co-conspirators help her acquire and transmit classified documents about the US.

The logistics of the conspiracy prosecution(s)

Which brings me back to how this indictment might fit in amidst several larger, parallel efforts to prosecute WikiLeaks in the last 16 months.

This indictment may be the formalization of a complaint used as the basis for what seems to be a hastily drawn extradition request in December 2017, at a time when Ecuador and Russia were attempting to spring Assange, possibly in the wake of the government’s move to detain Schulte.

The indictment does not allege the full Cablegate conspiracy. David House testified months ago. And the government currently has Manning in jail in an attempt to coerce her to cooperate. That coercive force, by the way, may be the point of referencing the Espionage Act in the indictment: to add teeth to the renewed legal jeopardy that Manning might face if she doesn’t cooperate.

But what the indictment does — and did do, yesterday — is serve as the basis to get Assange booted from the embassy and moved into British custody, kicking off formal extradition proceedings.

As a number of outlets have suggested, any extradition process may take a while. Although two things could dramatically abbreviate it. First, Sweden could file its own extradition on the single remaining rape charge against Assange, which might get priority over the US request. Ironically, that might be Assange’s best bet to stay out of US custody for the longest possible time. Alternately, Assange could simply not contest extradition to the US, which would leave him charged in this bare bones indictment that even Orin Kerr suggests is a fairly aggressive charging of CFAA.

Barring either of those things happening, however, the US government now has one suspect in any conspiracy it wants to charge in the custody of a friendly country. It has accomplished that with entirely unclassified allegations, which means any other suspects won’t know anything more than they knew on Wednesday. Anything else it wants to charge — or any other moving parts it needs to pursue — it can now do without worrying too much that Assange will be put in the “boot” of a Russian diplomatic vehicle to be exfiltrated to Russia.

It has between now and at least May 2 — when Assange has his next hearing — to add any additional charges against Assange, while still having them charged under the Rule of Specialty before any possible extradition. It has maybe a month left on the Mueller grand jury.

Meanwhile, several things have happened recently.

First, in recent weeks two things have happened in the Schulte case. His lawyers made yet another bid to get the warrants that justified the initial searches excluded from the protective order. Schulte and his lawyers have been complaining about these warrants from the start, and Schulte’s public comments or leaks about them are part of what got him charged with violating his protective order. From description, it sounds like FBI was parallel constructing other information tying him to the Vault 7 leaks, and fucked up royally in doing so, introducing errors in the process (though the Hal Martin case makes me wonder whether the errors aren’t still more egregious). The government objected to this request, arguing that the warrants would disclose how the CIA stored its hacking documents and asserting that the investigation is definitely ongoing.

The Search Warrant Materials discuss, among other things, the way that the U.S. Intelligence Agency maintained a classified computer system that was integral to the Agency’s intelligence-gathering mission. Broadly disseminating that information would permit a host of potentially hostile actors to glean valuable intelligence about the way the U.S. Intelligence Agency maintained its computer systems or its security protocols, which would harm national security.

[snip]

The defendant’s abbreviated argument for de-designating the Search Warrant Materials is speculative, conclusory, and misguided. First, the defendant claims that the “time for investigation is long gone.” (Def. Let. at 1). The defendant is neither in a position to judge nor the arbiter of when it is appropriate for the Government to end its investigation into one of the largest-ever illegal disclosures of classified information. Simply put, while details are not appropriate for discussion in a public letter, the Government confirms that its investigation is not done and can supply the Court with additional information on an ex parte basis if the Court wishes.

Meanwhile, the government suggested severing the most recent charges — in which it has video surveillance showing Schulte leaking classified or protected information — from the underlying child porn and Vault 7 leaks.

As the Court is aware, trial in this matter is currently set for April 8, 2019. (See Minute Entry for August 8, 2018 Conference). To afford the parties sufficient time to prepare the necessary pretrial motions, including suppression motions and motions pursuant to the Classified Information Procedures Act (“CIPA”), the parties respectfully request that the Court adjourn the trial until November 4, 2019. The parties are also discussing a potential agreement concerning severance, as well as the order of the potentially severed trials. The parties will update the Court on severance and a pretrial motion schedule at or before the conference scheduled for April 10, 2019.

The defense didn’t weigh in on this plan, which (it would seem) would go a long way to eliminating the government’s parallel construction problem. They were supposed to talk about the severance issue in a hearing Monday, but it sounds like the only thing that got discussed was CIA’s refusal to comply with discovery. My guess is that Schulte will try to get those initial warrants and any fruit of them thrown out, and if that doesn’t work then maybe plead down to prevent a life sentence.

Meanwhile, Ecuador has taken steps to roll up people it claims have ties to Assange.

Tuesday, it fired a staffer in the embassy who had been extremely close to Assange (which may be how he learned about the plans to arrest him last week). Then, yesterday, Ecuador detained Swedish coder Ola Bini, alleging he was involved in some of the hacking they’ve accused Assange of. They also claim to know of two Russian hackers involved.

I have no idea if these developments are just Ecuador trying to cover-up corruption or real ties to WikiLeaks or perhaps something in between. There are no trustworthy actors here.

But — as William Arkin also notes — there’s an effort to test whether WikiLeaks has been at the front end of many of these leaks. Aside from WikiLeaks’ reported source for its Saudi Leaks files from Russia, Arkin focuses less on the reasons there are real questions about WikiLeaks’ relationship with Russia. I think we honestly won’t know which of the untrustworthy sides is being more trustworthy until we see the evidence.

Whichever it is, it seems that DOJ is poised to start building out whatever it can on at least one conspiracy indictment against WikiLeaks. The indictment and its implementation yesterday seems primarily to have served as a way to lock down one part — the most volatile one — of the equation. What comes next may assuage concerns about the thinness of this indictment or it may reveal something far more systematic.

In the meantime, Assange is represented by some great lawyers, both in the UK and here. Which at least increases the chances any larger claims DOJ plans to roll out will be tested aggressively.

As I disclosed last July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

Twitter Only Had SMS 2FA When Hal Martin’s Twitter Account DMed Kaspersky

In a post late last month, I suggested that the genesis of FBI’s interest in Hal Martin may have stemmed from a panicked misunderstanding of DMs Martin sent.

What appears to have happened is that the FBI totally misunderstood what it was looking at (assuming, as the context seems to suggest, that this is a DM, it would be an account they were already monitoring closely), and panicked, thinking they had to stop Martin before he dropped more NSA files.

Kim Zetter provides the back story — or at least part of one. The FBI didn’t find the DMs on their own. Amazingly, Kaspersky Lab, which the government has spent much of the last four years demonizing, alerted NSA to them.

As Zetter describes, the DMs were cryptic, seemingly breaking in mid-conversation. The second set of DMs referenced the closing scenes of both the 2016 version of Jason Bourne and Inception.

The case unfolded after someone who U.S. prosecutors believe was Martin used an anonymous Twitter account with the name “HAL999999999” to send five cryptic, private messages to two researchers at the Moscow-based security firm. The messages, which POLITICO has obtained, are brief, and the communication ended altogether as abruptly as it began. After each researcher responded to the confusing messages, HAL999999999 blocked their Twitter accounts, preventing them from sending further communication, according to sources.

The first message sent on Aug. 13, 2016, asked for him to arrange a conversation with “Yevgeny” — presumably Kaspersky Lab CEO Eugene Kaspersky, whose given name is Yevgeny Kaspersky. The message didn’t indicate the reason for the conversation or the topic, but a second message following right afterward said, “Shelf life, three weeks,” suggesting the request, or the reason for it, would be relevant for a limited time.

The timing was remarkable — the two messages arrived just 30 minutes before an anonymous group known as Shadow Brokers began dumping classified NSA tools online and announced an auction to sell more of the agency’s stolen code for the price of $1 million Bitcoin. Shadow Brokers, which is believed to be connected to Russian intelligence, said it had stolen the material from an NSA hacking unit that the cybersecurity community has dubbed the Equation Group.

[snip]

The sender’s Twitter handle was not familiar to the Kaspersky recipient, and the account had only 104 followers. But the profile picture showed a silhouette illustration of a man sitting in a chair, his back to the viewer, and a CD-ROM with the word TAO2 on it, using the acronym of the NSA’s Tailored Access Operations. The larger background picture on the profile page showed various guns and military vehicles in silhouette.

The Kaspersky researcher asked the sender, in a reply message, if he had an email address and PGP encryption key they could use to communicate. But instead of responding, the sender blocked the researcher’s account.

Two days later, the same account sent three private messages to a different Kaspersky researcher.

“Still considering it..,” the first message said. When the researcher asked, “What are you considering?” the sender replied: “Understanding of what we are all fighting for … and that goes beyond you and me. Same dilemma as last 10 min of latest Bourne.” Four minutes later he sent the final message: “Actually, this is probably more accurate” and included a link to a YouTube video showing the finale of the film “Inception.”

As it is, it’s an important story. As Zetter lays out, it makes it clear the NSA didn’t — couldn’t — find Martin on its own, and the government kept beating up Kaspersky even after they helped find Martin.

But, especially given the allusions to the two movies, I wonder whether these DMs actually came from Martin at all. There’s good reason to wonder whether they actually come from Shadow Brokers directly.

Certainly, that’d be technically doable, even though court filings suggest Martin had far better operational security than your average target. It would take another 16 months before Twitter offered Authenticator 2 factor authorization. For anyone with the profile of Shadow Brokers, it would be child’s play to break SMS 2FA, assuming Martin used it.

Moreover, the message of the two allusions fits solidly within both the practice of cultural allusions as well as the themes employed by Shadow Brokers made over the course of the operation, allusions that have gotten far too little notice.

Finally, that Kaspersky would get DMs from someone hijacking Martin’s account would be consistent with other parts of the operation. From start to finish, Shadow Brokers used Kaspersky as a foil, just like it used Jake Williams. With Kaspersky, Shadow Brokers repeatedly provided reason to think that the security company had a role in the leak. In both cases, the government clearly chased the chum Shadow Brokers threw out, hunting innocent people as suspects, rather than looking more closely at what the evidence really suggested. And (as Zetter lays out), Martin would be a second case where Kaspersky was implicated in the identification of such chum, the other being Nghia Pho (the example of whom might explain why the government responded to Kaspersky’s help in 2016 with such suspicion).

Mind you, there’s nothing in the public record — not Martin’s letter asking for fully rendered versions of his social media so he could prove the context, and not Richard Bennett’s opinion ruling the warrants based off Kaspersky’s tip were reasonable, even if the premise behind them proved wrong — that suggests Martin is contesting that he sent those DMs. That said, virtually the entire case is sealed, so we wouldn’t know (and the government really wouldn’t want us to know if it were the case).

As Zetter also lays out, Martin had a BDSM profile that might have elicited attention from hostile entities looking for such chum.

A Google search on the Twitter handle found someone using the same Hal999999999 username on a personal ad seeking female sex partners. The anonymous ad, on a site for people interested in bondage and sado-masochism, included a real picture of Martin and identified him as a 6-foot-4-inch 50-year-old male living in Annapolis, Md. A different search led them to a LinkedIn profile for Hal Martin, described as a researcher in Annapolis Junction and “technical advisor and investigator on offensive cyber issues.” The LinkedIn profile didn’t mention the NSA, but said Martin worked as a consultant or contractor “for various cyber related initiatives” across the Defense Department and intelligence community.

And when Kaspersky’s researchers responded to Martin’s DM, he blocked their accounts, suggesting he treated the communications unfavorably (or, if someone had taken over the account, they wanted to limit any back-and-forth, though Martin would presumably have noted that).

After each researcher responded to the confusing messages, HAL999999999 blocked their Twitter accounts, preventing them from sending further communication, according to sources.

Martin’s attorneys claim he has a mental illness that leads him to horde things, which is the excuse they give for his theft of so many government files. That’s different than suggesting he’d send strangers out-of-context DMs that, at the very least, might make him lose his clearance.

So I’d like to suggest it’s possible that Martin didn’t send those DMs.

Hal Martin Manages to Obtain a Better Legal Outcome than Reality Winner, But It Likely Doesn’t Matter

I’d like to comment on what I understand happened in a Hal Martin order issued earlier this month. In it, Judge Richard Bennett denied two requests from Martin to throw out the warrants for the search of his house and cell site tracking on his location, but granted an effort to throw out his FBI interrogation conducted the day they raided his house.

Hal Martin did not tweet to Shadow Brokers

The filing has received a bit of attention because of a redaction that reveals how the government focused on Martin so quickly: a Tweet (apparently a DM) he had sent hours before the Shadow Brokers files were first dropped on August 13, 2016.

The passage has been taken to suggest that Martin DMed with Shadow Brokers before he published any files.

That’s impossible, for two reasons.

First, it is inconsistent with Shadow Brokers’ known timeline. Shadow Brokers didn’t set up a Twitter account until after the first batch of files were initially posted. And both the Martin warrant — dated August 25 — and the search — which took place the afternoon of August 27 — preceded the next dump from Shadow Brokers on August 28.

But it’s also impossible for how Bennett ruled.

While the underlying motion remains sealed (like virtually everything else in this case), Martin was arguing the warrant used to obtain his Twitter content and later search his house was totally unreasonable under the Fourth Amendment. It’s clear from a letter Martin sent the judge asking for his social media accounts as they actually appeared that he believes the FBI read the content of his Tweet out of context. And the judge actually considered the argument that the search was unreasonable to have merit, and in ruling that the FBI did have substantial basis for the search warrant, conceded that in another context the Tweet would not appear to be so damning.

Significantly, the Fourth Amendment exclusionary rule does not bar the admission of evidence obtained by officers acting in reasonable reliance on a search warrant issued by a magistrate later,found to be invalid. United States v. Leon, 468 U.S. 897,913-14 (1984). The evidence will be suppressed only if (1) the issuing judge was misled by information that the affiant knew or should have known was false, (2) the judge “wholly abandoned” her neutral role, (3) the affidavit was “so lacking in indicia of probable cause as to render official belief in its existence entirely unreasonable,” or (4) the warrant is so facially deficient that no reasonable officer could presume it to be valid. !d. at 923 (citations omitted).

[snip]

In this case, there was a substantial basis for the Magistrate’s fInding of probable cause to issue the search warrant for information associated with the Defendant’s Twitter account. See Upton, 466 U.S. at 728. The affIdavit provides that the Defendant’s Twitter messages [redacted] in which he requested a meeting [redacted] and stated “shelf life, three weeks” – were sent just hours before what was purported to be stolen government property was advertised and posted on multiple online content-sharing sites, including Twitter. (ECF No. 140-1 ~~ 14-23.) Further, and signifIcantly,the affIant averred that the Defendant was a former government contractor who had accessto the information that appeared to be what was purported to be stolen government property that was publicly posted on the Internet. (Id. ~~ 25-27.) Thus, although the Defendant’s Twitter messages could have had any number of innocuous meanings in another setting, these allegations regarding the context of Defendant’s messages provide a substantial basis for the Magistrate’s conclusion that there was a “fair probability” that evidence of the crime of Theft of Government Property, in violation of 18 U.S.c. ~ 641, would be found in information associated with the Defendant’s Twitter account. See Gates, 462 U.S. at 238.

You would never see language like this if Martin really were tweeting with Shadow Brokers, particularly not given the timeline (as it would suggest that he knew of Shadow Brokers before he ever posted). The warrant would, in that case, not be a close call at all. Indeed, the language is inconsistent with Martin’s interlocutor having anything to do with Shadow Brokers.

What appears to have happened is that the FBI totally misunderstood what it was looking at (assuming, as the context seems to suggest, that this is a DM, it would be an account they were already monitoring closely), and panicked, thinking they had to stop Martin before he dropped more NSA files.

Hal Martin got a similar FBI interrogation to Reality Winner’s thrown out

The sheer extent of FBI’s panic is probably what made Martin’s effort to get his FBI interrogation thrown out more successful than Reality Winner’s effort.

Their interrogations were similar. Ten FBI Agents came to Winner’s house, whereas nine SWAT team members, plus eight other FBI Agents, and a few Maryland State Troopers came to Martin’s. In both cases, the FBI segregated the NSA contractors in their home while Agents conducted a search. In Winner’s case, they also segregated her from her pets. In Martin’s case, they segregated him from his partner, Deborah Shaw, and when they did finally let him talk to her, they told Martin “you can’t touch her or any of that stuff.” When the NSA contractors wanted to get something from another part of their home, the FBI accompanied them.

Aside from the even greater number of FBI Agents and that Martin had a partner to be separated from, the biggest difference in Martin’s case is that that they set off a flash-bang device to disorient Martin, and the FBI originally put him face down on the ground and handcuffed him. Those factors, Bennett judged, meant it was reasonable for Martin to believe he was under arrest, and therefore the FBI should have given him a Miranda warning.

That is, on the afternoon of the interrogation, approximately 17-20 law enforcement officers swarmed the Defendant’s property. The Defendant was initially approached by nine armed SWAT agents, handcuffed, and forced to lay on the ground. During the four-hour interrogation, the Defendant was isolated from his partner, his freedom of movement was significantly restricted, and he was confronted with incriminating evidence discovered on his property. In this police dominated environment, a reasonable person in the Defendant’s position would have believed he was not free to leave, notwithstanding the agents’ statements to the contrary.

So unlike Winner, Martin will have his interrogation (in which he admitted to taking files home from his job as a contractor and explained how he did so) thrown out.

But it probably won’t matter.

As a reminder, the FBI charged Martin with taking home 20 highly classified files in February 2017, but they included no allegation that he (willfully) served as a source for Shadow Brokers. It’s possible they know he was an inadvertent source for Shadow Brokers (unlike Nghia Pho, who was likely also a source for Shadow Brokers, they charged Martin for 20 files, larding on the legal exposure; they charged Pho with taking home just one file, while getting him to admit that he could have been charged for each individually). But an earlier opinion in this case ruled that the government only has to prove that by taking hordes of files from of his employers that included National Defense Information, he knowingly possessed the ones he got charged for.

In any case, Martin has already been in jail for 28 months, almost half the amount of time that Pho will serve for doing the same thing, and his trial is not due to start on June 17, a full 34 months after he was arrested. As with Winner, the delay stems from the Classified Information Protection Act process, which ensures that — once the government successfully argues that the secrets in your head make it impossible to release you on bail for fear a foreign intelligence agency will steal those secrets — you serve the equivalent of a sentence before the government even has to prove your guilt.

Again, it may be that Martin unwittingly served as a source for Shadow Brokers. But if he didn’t, then the heavy hand they’re taking with him appears to stem from sheer embarrassment at fucking up with the initial panicked pursuit of him.

Update: Corrected the post to reflect that the search actually preceded the August 28 dump.

Has Hal Martin Finally Gotten the Government to Admit He Didn’t Feed Shadow Brokers?

Hal Martin may finally get a plea deal.

On Tuesday, Martin’s (excellent) public defender James Wyda asked to cancel a guilty plea to one of the 20 charges against him which had been scheduled for next week, stating that continuing negotiations may settle the whole case.

The defense requests a cancellation of the Rule 11 guilty plea hearing currently scheduled for January 22, 2018. The parties are continuing negotiations with the hope of resolving the entire case.

As John Gerstein had previously reported, last month Martin unilaterally moved to plead guilty to retaining one document described as “a March 2014 NSA leadership briefing outlining the development and future plans for a specific NSA organization,” though the government still threatened to ask for the maximum sentence on that one charge. But something changed since then to reinvigorate plea discussions.

I’m particularly interested in the schedule Judge Marvin Garbis had set in response to Martin’s bid to plead to one charge. The plea would have triggered a CIPA review, the process by which judges decide what classified information is necessary for a criminal trial, often in substitute form.

This is to confirm, as stated at the conference held this date:

1. On January 8, 2018, Defendant shall file a letter including its version of the statement of facts as to Count One of the Indictment.

2. Defendant Martin intends to plead guilty to Count One on January 22, 2018 at 10:00 A.M.

3. Defendant Martin expects to file a CIPA § 4 submission on January 26, 2018.

4. The Government shall make an ex parte presentation regarding its contentions and its pending CIPA § 4 motion in an on-the-record sealed proceeding on February 1, 2018 commencing at 10:00 A.M.

5. Defendant Martin shall make an ex parte presentation regarding its contentions and its forthcoming CIPA § 4 submission in an on-the-record sealed proceeding at a time to be scheduled by further Order.

That’s presumably an indication that Martin wanted to use classified evidence to mitigate his sentence. And all of this has happened in a six week extension Martin’s lawyers asked for on December 8, explaining that they had only just gotten access to information seized (back in August 2016) from Martin’s car and home.

On November 28, 2017, we had the opportunity to conduct an evidence review at the Baltimore FBI Field Office’s Sensitive Compartmented Information Facility for the first time of some of the items allegedly seized from Mr. Martin’s car and residence. In light of the volume of material made available for our review, we expect to return to the FBI multiple more times to review the remainder of the items.

All of which suggests the defense saw something in their classified discovery that made them think they can mitigate Martin’s sentence and, possibly, eliminate the government’s interest in trying him for those other 19 retained documents.

So to recap: on December 8, Martin’s lawyers ask for more time. On December 22, he moves to plead guilty. In the last few weeks, the judge set in motion the process to allow Martin to use classified information in his sentencing (and his lawyers submitted their version of what he would plead guilty to). And now a plea deal may be in the offing.

All that happened in the wake of Nghia Hoang Pho pleading guilty on December 1, after some interesting timing delays as well, timing which I laid out here.

The actual plea deal is dated October 11. It states that “if this offer has not been accepted by October 25, 2017, it will be deemed withdrawn.” The information itself was actually signed on November 29. Friday, the actual plea, was December 1.

So while there’s not a substantial cooperation component in the plea deal, certainly a substantial amount of time took place in that window, enough time to cooperate.

And consider the news coverage that has happened during that period. The initial plea offer was made in the week following a big media blitz of stories blaming Pho (and through him Kaspersky) for the Russian theft of NSA tools. In the interim period between the offer and the acceptance of the plea deal, Kaspersky confirmed both verbally and then in a full incident report that his AV had found the files in question, while noting that a third party hacker had compromised Pho’s machine during the period he had TAO’s tools on it.

In other words, after at least an 18 month investigation, Pho finally signed a plea agreement as the media started blaming him for the compromise of these tools.

In that plea deal, the government noted that they could have charged Pho as they had charged Martin, with one count for each retained file (though in reality Martin got charged for a tiny fraction of what he brought home).

During much of that period, Harold Martin was in custody and under investigation for a similar crime: bringing a bunch of TAO tools home and putting them on his computer. Only, unlike Pho, Martin got slammed with a 20-count indictment, laying a range of files, and not just files from NSA. Indeed, the Pho plea notes,

This Office and the Defendant agree that the Defendant’s conduct could have been charged as multiple counts. This Office and the Defendant further agree that had the Defendant been convicted of additional counts, … those counts would not group with the count of conviction, and the final offense level would have increased by 5 levels.

That is, the government implicity threatened Pho to treat him as Martin had been, with a separate charge tied to the individual files he took.

Now, perhaps that’s all that Martin’s lawyers were going to note, that a similarly situated defendant in the same district had been able to plead guilty to a single charge.

But I wonder if there’s not more, specifically related to that plea, pertaining to the real source of the Shadow Brokers files. That is, if Pho was permitted to plead guilty after having making the Shadow Brokers files accessible to third party hackers coming in after Kaspersky’s AV got shut down, then why couldn’t Martin, whose files were air gapped from such measures, obtain a similar plea?

The Spooks Struggle with Reciprocity

I’ve written a lot about the norms (or lack thereof) that the US might set by indicting nation-state hackers for their spying. Notably, I was the first to formally note that Shadow Brokers had doxed some NSA hackers in his April release.

On Friday, along with details about previously unknown, very powerful Microsoft vulnerabilities and details on the 2013 hacking of the SWIFT financial transfer messaging system, ShadowBrokers doxed a number of NSA hackers (I won’t describe how or who it did so — that’s easy enough to find yourself). Significantly, it exposed the name of several of the guys who personally hacked EastNets SWIFT service bureau, targeting (among other things) Kuwait’s Fund for Arab Economic Development and the Palestinian al Quds bank. They also conducted reconnaissance on at least one Belgian-based EastNets employee. These are guys who — assuming they moved on from NSA into the private sector — would travel internationally as part of their job, even aside from any vacations they take overseas.

In other words, ShadowBrokers did something the Snowden releases and even WikiLeaks’ Vault 7 releases have avoided: revealing the people behind America’s state-sponsored hacking.

Significantly, in the context of the SWIFT hack, it did so in an attack where the victims (particularly our ally Kuwait and an apparent European) might have the means and the motive to demand justice. It did so for targets that the US has other, legal access to, via the Terrorist Finance Tracking Program negotiated with the EU and administered by Europol. And it did so for a target that has subsequently been hacked by people who might be ordinary criminals or might be North Korea, using access points (though not the sophisticated techniques) that NSA demonstrated the efficacy of targeting years earlier and which had already been exposed in 2013. Much of the reporting on the SWIFT hack has claimed — based on no apparent evidence and without mentioning the existing, legal TFTP framework — that these hacks were about tracking terrorism finance. But thus far, there’s no reason to believe that’s all that the NSA was doing, particularly with targets like the Kuwait development fund.

Yesterday, the spook site Cipher Brief considered the issue (though mostly by calling on CIA officers rather than NSA hackers).

But I was surprised by a number of things these men (seemingly, Cipher Brief couldn’t find women to weigh in) missed.

First (perhaps predictably given the CIA focus), there’s a bias here on anonymity tied to location, the concern that a hacker might have to be withdrawn, as in this comment from Former Acting Assistant Secretary of Defense for Homeland Defense and Americas’ Security Affairs Todd Rosenblum.

It can lead to the recall of exposed and vulnerable officers that are hard to train and embed in the first place.

And this, from John Sipher.

They can arrest or intimidate the officer, they can kick the officer out of the country or can look to publicly shame or embarrass the officer and his/her country.

But the former NSA spooks who’ve been most vocal about being outed — notably Jake Williams, whom Shadow Brokers exposed even before he released documents with more NSA hackers identified in the metadata, but also Dave Aitel — are concerned about traveling. They largely hacked from the comfort of the US, so being doxed primarily will implicate their freedom of movement going forward (which is directly analogous to Russian hackers, who keep getting arrested while on vacation in US friendly countries). In addition to making vacation planning more complicated, doxing former NSA hackers may limit their consulting options going forward.

These spooks struggle with reciprocity. Consider these two passages in the post:

Russian, Chinese and Iranian governments might seek to retaliate in-kind – which among authoritarian governments often rhymes, rather than duplicates, Western actions.

[snip]

Perhaps most importantly, the intention is part of a larger attempt to create a false moral equivalence between U.S. offensive cyber operations and those perpetrated by adversarial nation-states such as Russia, whose cyber operations leading up Western elections have grabbed the media spotlight.

And this comment from former Chief of Station in Russia Steven Hall:

The Russians live and die by reciprocity. For them, that is one of the linchpins of how they deal with issues like these, and basic diplomatic and policy issues. Typically it has been that if we expel five of their guys, they are going to turn around and expel five of ours. They are always going to look for a reciprocal way to push back. But there are times were they do things that aren’t always clear to us why they consider it reciprocal. And this might be one of those things.

It’s clear they’d like to distinguish what Russia does from what US hackers do. But aside from noting that US doxing of foreign nation-state hackers comes in indictments rather than leaked documents, nothing in this post presents any explanation, at all, about what would distinguish our hackers. That’s remarkable especially since there is one distinction: except where the FBI flips criminal hackers (as in the case of Sabu), our former spook hackers generally don’t use their skills for their own profit while also working for the state. Though perhaps that’s because defense contractors make such a killing in this country: why steal when Congress will just hand over the money?

Other than that, though, I can think of no distinction. And until our spooks and policy makers understand that, we’re going to be the ones impeding any norm-setting about this, not other countries.

But I’m most struck by the rather thin conclusions about the purpose of Shadow Brokers’ doxing, which the post sees as about fear.

If the Shadow Brokers are in fact linked to the Kremlin, then the doxing of NSA hackers is designed to similarly impede current and former U.S. cyber operators from traveling and engaging in clandestine operations abroad – particularly should targeted countries, including allies, take legal action against the individuals for their past involvement in NSA operations. It is also designed to instill fear, as the information could potentially inspire violence against the individuals and their families.

I’m sure the doxing is about fear — and also making it even more difficult for the Intelligence Community to recruit skilled hackers.

But there are at least two other purposes the Shadow Brokers doxing appears to have served.

First, as I noted, the release itself revealed that the US continued to hack SWIFT even after Edward Snowden’s leaks. It hacked SWIFT in spite of the fact that the US has front-door access to SWIFT data under the TFTP agreement with the US. Hypothetically, the US is only supposed to access the data for counterterrorism purposes, but I’ve been assured that the US is in violation of the agreement with the EU on that front. That is, NSA was hacking SWIFT even after the international community had capitulated to the US on access.

By IDing the hackers behind one of the SWIFT hacks, the NSA may have made it easier for other entities to target SWIFT themselves, which has increasingly happened.

More important, still, by doxing NSA hackers, Shadow Brokers likely influenced the direction of the investigation, leading the NSA and FBI to focus on individuals doxed, distracting from other possible modes of compromise (such as the Kaspersky aided third person hacks that appears to have happened with Nghia Hoang Pho and possible even Hal Martin).

More than seven months have passed since Shadow Brokers doxed some NSA hackers, even as he bragged that he had gone nine months by that point without being caught. We still have no public explanation (aside from the Pho plea, if that is one) for how Shadow Brokers stole the NSA’s crown jewels, much less who he is. I’d suggest it might be worth considering whether Shadow Brokers’ doxing — on top of whatever else it did to support Russia’s bid for reciprocity — may have served as incredibly effective misdirection that fed on America’s obsession about insider threats.