Posts

Joshua Schulte Keeps Digging: His Defensible Legal Defense Continues to Make a Public Case He’s Guilty

/5 Comments/in , , /by

To defend him against charges of leaking the CIA’s hacking tools to WikiLeaks, Sabrina Shroff has made it clear that Joshua Schulte is the author of the CIA’s lies about its own hacking.

In a motion to suppress all the earliest warrants against Schulte submitted yesterday, Shroff makes an unintentionally ironic argument. In general, Shroff (unpersuasively) argues some things the government admitted in a Brady letter sent last September are evidence of recklessness on the part of the affiant on those earliest warrants, FBI Agent Jeff Donaldson. She includes most of the items corrected in the Brady letter, including an assertion Donaldson made, on March 13, 2017, that Schulte’s name did not appear among those published by WikiLeaks: “The username used by the defendant was published by WikiLeaks,” the prosecutors corrected the record in September 2018. To support a claim of recklessness, Schroff asserted in the motion that someone would just have to search on that username on the WikiLeaks site to disprove the initial claim.

Finally, the Brady letter explained that a key aspect of the affidavit’s narrative—that Mr. Schulte was the likely culprit because WikiLeaks suspiciously did not publicly disclose his identity—was false. Mr. Schulte’s identity (specifically, his computer username “SchulJo”) was mentioned numerous times by WikiLeaks, as a simple word-search of the WikiLeaks publication would have shown. See Shroff Decl. Exh. F at 7

If you do that search on his username — SchulJo — it only readily shows up in one file, the Marble Framework source code.

That file was not released until March 31, 2017. So the claim that Schulte’s name did not appear in the WikiLeaks releases was correct when Donaldson made it on March 13. That claim — like most of the ones in the Brady letter — reflect the incomplete knowledge of an ongoing investigation, not recklessness or incompetence (Schulte has written elsewhere that he believed the FBI acted rashly to prevent him from traveling to Mexico, which given other details of this case — including that he hadn’t returned his CIA diplomatic passport and snuck it out of his apartment when the FBI searched his place, they were right to do).

By sending her reader to discover that Schulte’s name appears as the author of the Marble Framework, she makes his “signature” that of obfuscation — hiding who actually did a hack.

Marble is used to hamper forensic investigators and anti-virus companies from attributing viruses, trojans and hacking attacks to the CIA.

Marble does this by hiding (“obfuscating”) text fragments used in CIA malware from visual inspection.

[snip]

The source code shows that Marble has test examples not just in English but also in Chinese, Russian, Korean, Arabic and Farsi. This would permit a forensic attribution double game, for example by pretending that the spoken language of the malware creator was not American English, but Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators even more strongly to the wrong conclusion, — but there are other possibilities, such as hiding fake error messages.

Marble was one of the files WikiLeaks — and DNC hack denialists — would point to to suggest that CIA had done hacks (including the DNC one) and then blamed them on Russia. In other words, in her attempt (again, it is unpersuasive) to claim that FBI’s initial suspicions did not reach probable cause, she identifies Schulte publicly not just with obfuscation about a breach’s true culprits, but with the way in which the Vault 7 leak — ostensibly done out of a whistleblower’s concern for CIA’s proliferation of weapons — instead has served as one prong of the propaganda covering Russia’s role in the election year hack.

That’s just an ironic effect of Shroff’s argument, not one of the details in yesterday’s releases that — while they may legally serve to undermine parts of the case against her client — nevertheless add to the public evidence that he’s not only very likely indeed the Vault 7 culprit, but not a terribly sympathetic one at that.

Back when FBI first got a warrant on Schulte on March 13, 2017, they had — based on whatever advanced notice they got from Julian Assange’s efforts to use the files to extort a pardon from the US government and the week of time since WikiLeaks had released the first and to that date only set of files on March 7 — developed a theory that he was the culprit. The government still maintains these core details of that theory to be true (this Bill of Particulars Schulte’s team released yesterday gives a summary of the government’s theory of the case as of April 29):

  • The files shared with WikiLeaks likely came from the server backing up the CIA’s hacking tools, given that the files included multiple versions, by date, of the files WikiLeaks released
  • Not that many people had access to that server
  • Schulte did have access
  • Not only had Schulte left the CIA in a huff six months before the WikiLeaks release — the only  person known to have had access to the backup server at the time who had since left — but he had been caught during the period the files were likely stolen restoring his own administrator privileges to part of the server after they had been removed

But, after it conducted further investigation and WikiLeaks published more stolen files, the government came to understand that several other things that incriminated Schulte were not true.

[T]he government appears to have abandoned the central themes of the March 13 affidavit: namely, that the CIA information was likely stolen on March 7–8, 2016, that Mr. Schulte was essentially “one of only three people” across the entire CIA who could have taken it, and that WikiLeaks’s supposed effort to conceal his identity was telltale evidence of his culpability

There’s no indication, however, that Donaldson was wrong to believe what he did when he first obtained the affidavit; Shroff claims recklessness, but never deals with the fact that the FBI obtained new evidence. Moreover, for two of the allegations that the government later corrected — the date the files were stolen and the number of people who had access to the server, Donaldson admitted those were preliminary conclusions in his initial affidavit (which Shroff doesn’t acknowledge):

It is of course possible that the Classified Information was copied later than March 8, 2016, even though the creation/modification dates associated with it appear to end on March 7, 2016.

[snip]

Because the most recent timestamp on the Classified Information reflects a date of March 7, 2016, preliminary analysis indicates that the Classified Information was likely copied between the end of the day on March 7 and the end of the day on March 8.

[snip]

It is, of course, possible that an employee who was not a designated Systems Administrator could find a way to gain access to the Back-Up Server. For example, such an employee could steal and use–without legitimate authorization–the username and password of a designated Systems Administrator. Or an employee lacking Systems Administrator access could, at least theoretically, gain access to the Back-Up Server by finding a “back- door” into the Back-Up Server.

Between the two corrections, the revised information increases the number of possible suspects from two to five, out of 200 people who would have regular access to the files. A footnote to a later affidavit (PDF 138) describes that on April 5, 2017, FBI received information that suggested the number might be higher or lower. (I suspect Schulte argued in a classified filing submitted yesterday that even more people could have accessed it, not least because he has been arguing that in his various writings posted to dockets and other things,)

But, even though the Brady letter corrects the dates on which Schulte reinstated his administrator privileges for the Back-Up server slightly (he restored his own access on April 11, not April 14, which is when his managers discovered he had done so), Shroff only addresses his loss of privileges as innocent, without addressing that he got that access back on his own improperly.

More importantly, the motion doesn’t address, at all, that Schulte kicked everyone else off one of his programs, the Brutal Kangaroo tool used to hack air gapped networks using thumb drives. Nor does it address allegations against Schulte made in August 2016 as part of his clearance review, including that his demeanor changed for the worse around February 2016, he might be “subject to outside coercion,” and he tended not to abide by “guidelines concerning when and what kinds of media or data (such as external drives) could be connected or uploaded to CIA computer systems.” There are other details in the affidavit — such as Schulte’s attempt to learn what his former colleagues knew of the investigation — that support probable cause too (these may be among the things Shroff addresses in a classified filing).

That is, the probable cause that Schulte was the culprit was pretty strong even with the errors in the original affidavit, and none of the errors suggests malice or incompetence or even the recklessness Shroff alleges.

Shroff is right that the March 13 affidavit doesn’t offer as much probable cause to tie Schulte’s home to the crime; but that’s the magistrate’s fault and fairly standard for computer crimes, not the FBI’s. Shroff obscures the effect of FBI obtaining a second warrant to actually search the 150 storage media and computer devices they found in his home (a list of what they seized starts on PDF 116), as well as a second warrant to obtain child porn.

It is also true, as the defense argues, that the evidence to search for child porn was thin. But given that the government had a warrant to search the computer in question, and given precedents about child porn, that may not matter (though I think it is more likely to succeed than the rest of this). In any case, by the time of the main searches on child porn, three different magistrates had signed off on these searches.

This is a totally understandable attempt to get some of this evidence suppressed. But along the way the affidavits released yesterday provide a slew of damaging new details such as:

  • Schulte conducted a ton of searches on Google in April 2016 about detecting USB insertion, copying big files, deleting files, preventing other admins from seeing what someone was doing on a LAN
  • Schulte made a snapshot of (part of?) the LAN on April 20, 2016
  • In early May, Schulte researched how to use Tor and Tails, which the government alleges he used to send the files
  • On August 4, 2016 — the day after Snowden sent this tweet — Schulte did a Google search for WikiLeaks for the first time ever (note, I believe the Snowden tweet may have been preparation for the misleading IG report on him released the following month)

  • Between then and March 7, Schulte searched on WikiLeaks over 20 more times, reading hundreds of articles on it; but he didn’t visit WikiLeaks for the first time until March 7, 2017, the first day the files posted; he also searched for that Snowden tweet

In short, just Schulte’s Google searches alone provide very strong evidence that he’s the Vault 7 leaker. Which explains why his attorneys are making what will probably be an unsuccessful attempt to claim the Google searches were overly broad and lacked probable cause (something Schulte wrote elsewhere seems to reflect that he has been told this will be treated under a Good Faith exception).

Schulte has been trying to disclose all these materials for over a year. But they really don’t help his case.

Accused Vault 7 Leaker Joshua Schulte Planned to Have WikiLeaks Publish Disinformation to Help His Defense

/23 Comments/in /by

When WikiLeaks announced its publication of the CIA’s hacking tools in March 2017, the first tool it highlighted was an effort called Umbrage, which it claimed the CIA used to “misdirect attribution.”

UMBRAGE

The CIA’s hand crafted hacking techniques pose a problem for the agency. Each technique it has created forms a “fingerprint” that can be used by forensic investigators to attribute multiple different attacks to the same entity.

This is analogous to finding the same distinctive knife wound on multiple separate murder victims. The unique wounding style creates suspicion that a single murderer is responsible. As soon one murder in the set is solved then the other murders also find likely attribution.

The CIA’s Remote Devices Branch‘s UMBRAGE group collects and maintains a substantial library of attack techniques ‘stolen’ from malware produced in other states including the Russian Federation.

With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the “fingerprints” of the groups that the attack techniques were stolen from.

UMBRAGE components cover keyloggers, password collection, webcam capture, data destruction, persistence, privilege escalation, stealth, anti-virus (PSP) avoidance and survey techniques.

Experts noted at the time that Umbrage served mostly to save time by reusing existing code. Nevertheless, the representation that the CIA would sometimes use other nation’s tools was immediately integrated into conspiracy theories denying that Russia carried out the 2016 hacks on Democrats. Because the CIA sometimes obscured its own hacks, denialists have said since, the CIA must have been behind the 2016 hacks, part of a Deep State operation to frame Russia and in so doing, undermine Trump.

Documents released this week reveal that Joshua Schulte, who is accused of leaking those documents to WikiLeaks, believed he could get WikiLeaks to publish disinformation to help his case.

Several documents submitted this week provide much more clarity on Schulte’s case. On Monday, the government responded to a Schulte effort to have his communications restrictions (SAMs) removed; their brief not only admitted — for what I believe to be the first time in writing — that the CIA is the victim agency, but described an Information War Schulte attempted to conduct from jail using contraband phones and a slew of social media accounts.

Yesterday, in addition to requesting that Schulte’s child porn charges be severed from his Espionage ones, his defense team moved to suppress the warrants used to investigate his communication activities in jail based on a claim the FBI violated Schulte’s attorney-client privilege. During the initial search, agents reviewed notebooks marked attorney-client with sufficient attention to find non-privileged materials covered by the search warrant, and only then got a privilege team to go through the notebooks in more detail. The privilege team confirmed that 65% of the contents of the notebooks was privileged. In support of the suppression motion, Schulte’s lawyers released most of the warrants used to conduct those searches, including the downstream one used to access three ProtonMail accounts discovered by the government and another downstream one used to access his ten social media accounts (see below for a list of all of Schulte’s accounts). Effectively, they’re arguing that the FBI would have never found this unbelievably incriminating communications activity, which will make it fairly easy for the government to prove that Schulte is the Vault 7 leaker without relying on classified information, without accessing those notebooks marked privileged.

But along the way, the documents released this week show that the guy accused of leaking that Umbrage file that denialists have relied on to claim the 2016 hack was a false flag operation framing Russia himself planned false flag activities to proclaim his innocence.

The government’s SAMs response describes in cursory fashion and the affidavits for the warrants as a whole describe in more detail how Schulte planned to adopt two fake identities — a CIA officer and an FBI Agent — to proclaim his innocence. The idea behind the latter was to corroborate two claims Schulte posted on his JoshSchulte WordPress sites on October 1, 2018 — that the FBI had planted the child porn discovered on his computer.

i. “I now believe the government planted the CP after their search warrants turned up empty-not only to save their jobs and investigation, but also to target and decimate my reputation considering my involvement in significant information operations and covert action.”

As noted above, in the Fake FBI Document in the Schulte Cell Documents, a purported FBI “whistleblower” claimed that the FBI had placed child pornography on Schulte’s computer after its initial searches of the device were unsuccessful in recovering evidence. See supra~ 14(a)(iii).

ii. “So who’s responsible for Vault 7? The CIA’s own version of the FBI’s Peter Strzok and Lisa Page,”

As noted above, in the September Tweet in the Schulte Cell Documents, a purported former CIA colleague of Schulte (but who was in fact simply Schulte himself) claimed that two other CIA former colleagues, one of whom Schulte described as the “Peter Strzok of the CIA,” had conspired to blame Schulte for Vault 7, WikiLeaks’ disclosure of the CIA material.

As noted above, two of the documents found in Schulte’s cell mixed in with the attorney-client material show how Schulte planned to create false identities to spread the same stories. One was an article he planned to send to WikiLeaks, claiming to be from an FBI whistleblower describing how Schulte was framed.

iii. A document that appears to be an article for release by WikiLeaks.org (“WikiLeaks”), in which a purported FBI “whistleblower” claimed to have provided the discovery in this case to WikiLeaks and that the FBI had planted evidence of child pornography on Schulte’s computer to frame him (the “Fake FBI Document”).

The documents also include his plans to release a fake CIA tweet claiming he was framed for the Vault 7 leak.

iv. Drafts of a tweet (the “Fake CIA Tweet”) that appear to have been drafted around August 30, 2018,3 in which Schulte pretending to be a former CIA colleague claimed that two other former CIA colleagues, both of whom Schulte referred to by full name and one of whom he described as the “Peter Strzok of the CIA,” had “set up” Schulte and used him as a “scapegoat” for “Vault 7,” which is the name of WikiLeaks serial disclosures of CIA material that began on or about March 7, 2017 and which forms the basis of some of the current charges against Schulte. On the following page of the Schulte Cell Documents appears the text “Just to authenticate me fast” followed by other apparent draft tweets that discussed the CIA’s alleged activities and methods, some of which appear to be classified (the “Fake Authentication Tweets”).4 . . I believe that Schulte planned to potentially publish the Fake Authentication Tweet before the Fake CIA Tweet in an effort to purportedly verify the author’s employment with the CIA and knowledge of the information in the Fake CIA Tweet.

Finally, the FBI also found Schulte’s to do list of how he planned to share both the fake FBI document and his discovery with WikiLeaks.

What appears to be a “to-do” list dated September 12, 2018, in which Schulte wrote that on September 17 and 18, he would “DL Disc. UL WL,” and.that on September 19, 20, and 21, he would “schedule tweets[.]” I believe that here, “DL Disc. UL WL” means that Schulte planned to download his discovery (”DL Disc.”) from the Schulte Laptop and upload that discovery to WikiLeaks (“UL WL”). As noted above, in another place in the Schulte Cell Documents, Schulte drafted the Fake FBI Document, a purported statement by a supposed FBI “whistleblower” who provided Schulte’s discovery to WikiLeaks and claimed that the FBI had planted evidence of child pornography on Schulte’s computer.

From a legal standpoint, Schulte’s lawyers have disclosed all these warrant materials in an urgent effort to suppress everything the government found after first accessing his notebooks from jail. The FBI investigation proceeded from those notebooks to the WordPress site showing him claiming something identical to disinformation he was packaging up to share with WikiLeaks. They also got from those notebooks to ProtonMail accounts where Schulte offered to share what may or may not be classified information with a journalist. The reason why the defense is pushing to suppress this — one of the only challenges they’re making in his prosecution thus far — is because the stuff Schulte did in prison is utterly damning and seems to confirm both his familiarity with WikiLeaks and his belief that he needed to create disinformation to claim to be innocent.

We’ll see whether this Fourth and Sixth Amendment challenge works.

But along the way, the defense has released information — the provenance of which they’re not disputing in the least — that shows that Schulte planned to use WikiLeaks to conduct a disinformation campaign. But it wouldn’t be the first time Schulte had gotten WikiLeaks to carry out his messaging. A year ago today — in the wake of Schulte being charged with the Vault 7 leak — WikiLeaks linked to the diaries that Schulte was writing and posting from his jail cell, possibly showing that Schulte continued to communicate with WikiLeaks — either via a family member or directly — even after he had been put in jail. Those diaries are among the things seized in the search.

In a follow-up, I think I can show that Schulte did succeed in using WikiLeaks as part a disinformation campaign.

Social media accounts Joshua Schulte accessed from jail

ProtonMail: annon1204, presumedguilty, freejasonbourne

Twitter: @freejasonbourne (created September 1, 2018 and used through October 2, 2018)

Buffer (used to schedule social media posts): (created September 3, 2018, used through September 7, 2018)

WordPress: joshschulte.wordpress.com, presumptionofslavery.wordpress.com, presumptionofinnocence.net (all created August 14, 2018)

Gmail: [email protected], [email protected] (created April 15, 2018), [email protected],

Outlook: [email protected]

Facebook: ‘who is JOHN GALT? (created April 17, 2018)

Update: The government also believed at the time that an account in the name Conj Khyas was used by Schulte to receive classified information at his annon1204 account. It was not listed in these warrants, but would amount to a 14th account.

The Congressional Research Service’s (Dated) Take on Julian Assange’s Indictment: DOJ May Argue He Aided Russian Spying

/33 Comments/in , /by

Project on Government Secrecy just released a Congressional Research Service report, which was originally written on April 22, on Julian Assange’s arrest.

It’s a fairly balanced and thorough document, including quotes from The Intercept. But it’s dated, with the body of the report integrating neither his superseding indictment (though an update does note it happened) nor Sweden’s stance — reopening but not asking for extradition on — the rape investigation.

There’s one big thing that the report misses, which is relevant for its analysis, even dated as it is. It describes, correctly, that Assange was originally indicted in March 2018. But it doesn’t note that the complaint was obtained on December 21, 2017. That seems particularly pertinent given that it happened on the same day as (and therefore may be the legal reason why) the UK denied Ecuador’s attempt to make Assange a diplomat.

Ecuador previously had been unsuccessful in its attempts secure arrangements for Assange to leave the embassy through legal channels. In 2017, the country made Assange an Ecuadorian citizen. Later that year, Ecuador’s foreign minister designated Assange as a diplomat in what observers interpreted to be an effort to confer the VCDR’s personal diplomatic protections on Assange, allowing him to leave the embassy and take up a diplomatic post in Russia without fear of arrest during his travel. But U.K. officials denied Assange diplomatic accreditation, and Ecuador withdrew its diplomatic designation shortly thereafter. Ecuador also suspended Assange’s citizenship as part of its decision to allow his arrest.

For a document meant to provide Congress a balanced report on his arrest, it seems pertinent to suggest that Ecuador may have failed in its efforts to secure this diplomatic solution because the US intervened quickly.

And that, in turn, seems relevant to the one point that I haven’t seen discussed in other coverage of Assange’s arrest: whether DOJ got around cautions against indicting journalists in its media policy by relying on the language that such cautions do not apply when there are reasonable grounds to believe that the media person in question is aiding, abetting, or conspiring in illegal activities with a foreign power.

The news media policy also provides that it does not apply when there are reasonable grounds to believe that a person is a foreign power, agent of a foreign power, or is aiding, abetting, or conspiring in illegal activities with a foreign power or its agent. The U.S. Intelligence Community’s assessment that Russian state-controlled actors coordinated with Wikileaks in 2016 may have implicated this exclusion and other portions of the news media policy, although that conduct occurred years after the events for which Assange was indicted. The fact that Ecuador conferred diplomatic status on Assange, and that this diplomatic status was in place at the time DOJ filed its criminal complaint, may also have been relevant. Finally, even if the Attorney General concluded that the news media policy applied to Assange, the Attorney General may have decided that intervening events since the end of the Obama Administration shifted the balance of interests to favor prosecution. Whether the Attorney General or DOJ will publicly describe the impact of the news media policy is unclear.

That is, CRS suspects that DOJ may have gotten around cautions against arresting members of the media by using the exception in AG Guidelines,

(ii) The protections of the policy do not extend to any individual or entity where there are reasonable grounds to believe that the individual or entity is –

(A) A foreign power or agent of a foreign power, as those terms are defined in section 101 of the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801);

Which would in effect mean they were arguing that Assange fulfills this language from FISA.

(B) acts for or on behalf of a foreign power which engages in clandestine intelligence activities in the United States contrary to the interests of the United States, when the circumstances indicate that such person may engage in such activities, or when such person knowingly aids or abets any person in the conduct of such activities or knowingly conspires with any person to engage in such activities;

It would be unsurprising to see DOJ argue that for Assange’s activities in 2016. After all, they’ve described him in terms often used with co-conspirators in the GRU indictment (though didn’t obtain that indictment until long after Assange was charged and indicted). They similarly describe WikiLeaks as the recipient of Vault 7 documents in the Joshua Schulte superseding indictments; but while that gets perilously close to alleging Schulte was leaking documents on behalf of a foreign power, they don’t charge that (and, again, that superseding indictment was obtained months after the Assange one).

None of that means Assange was acting as — or abetting — the actions of a foreign power in 2010. That may ultimately be what they want to argue, that he was conspiring with Russia way back in 2010. But they haven’t charged or alleged that yet. Indeed, even Mike Pompeo’s accusations from 2017 — that WikiLeaks was a non-state intelligence service — don’t seem to reach the language in these exceptions.

And none of that makes this language any less dangerous for journalists. A lot of journalists published documents stolen from the DNC in 2016 long after it was broadly accepted that Russia had stolen them. That would mean any of those journalists might be accused of knowingly abetting Russia’s election year efforts.

In other words, prosecuting Assange because he knowingly abetted Russian efforts (especially if DOJ can only prove that for 2016, not the 2010 actions they’ve charged him with) still doesn’t pass the “New York Times” test.

On Joshua Schulte and Julian Assange’s 10 Year Old Charges

/19 Comments/in , /by

The WaPo has confirmed what Natasha Bertrand earlier reported: the extradition package for Julian Assange will only include the 10 year old charges related to the publication of Chelsea Manning’s leaks, not any of WikiLeaks more controversially handled charges. I’ve been meaning to write a post on how this is the stupidest available approach, which will satisfy neither those who regard him as a villain, will expose other journalists to similarly dangerous charges, and possibly even fuck up the security establishment’s entire effort to exact some revenge against Assange. I hope to return to that when I get some deadlines and travel done, but suffice it to say this is a big hot mess.

To be clear, I actually think it’s not eleven-dimensional chess on the part of Bill Barr to save Trump some embarrassment once Roger Stone’s trial reveals the extent to which Trump’s campaign tried to “collude” with WikiLeaks (though it will not only have that effect, but make it harder for DNC to sustain its lawsuit against the GOP and WikiLeaks for their actions in the 2016 election). Rather, I think this is an attempt to prosecute Assange with the least cost on the security establishment, being run by people who are utterly tone deaf to the costs it will incur elsewhere.

But I do want to say several things about why and how DOJ is not charging Assange in the Vault 7 leak.

Bertrand noted that I thought that the EDVA charges would be related to Vault 7.

Still, just several months ago, numerous experts felt confident that prosecutors would also hit Assange with charges over Vault 7. Prominent national security journalist Marcy Wheeler predicted in Februarythat DOJ would “very clearly go after Assange” for the Vault 7 disclosure, and that a sealed indictment against him in the Eastern District of Virginia was likely related to that leak — the CIA is, after all, headquartered in Virginia, as ABC noted. Assange himselfreportedly expressed concern that prosecutors would charge him with crimes related to Vault 7.

She didn’t provide even the full context of my tweet, much less my post, arguing that Assange’s efforts to extort a pardon using the Vault 7 files would be something obviously unconnected to journalism. The superseding indictment does mention Assange’s use of “insurance files” to ensure his ability to publish documents in his possession, but no charges were attached to that, which later uses of the tactic and the Vault 7 pardon effort would have supported.

Which is to say the government could have charged Assange for something specifically excluded from Bartnicki’s protection of the publication of stolen materials, but did not. Again, the government has chosen to go about this in the stupidest way possible.

That said, I’m not surprised they’re not going after Assange for the Vault 7 leak itself.

As it is, the CIA has been inexcusably uncooperative with Joshua Schulte’s discovery efforts. At times. some pretty aggressive prosecutors have seemed almost apologetic about it. Schulte has staked a lot on trying to expose details of his initial warrants, and while his later behavior seems to suggest there was something to their targeting of him (or, at the very least, his post-indictment behavior has been self-destructive), at the very least the CIA may have participated in some epically bad parallel construction. They may be trying to hide that as much as the actual details of CIA’s hacking program.

Meanwhile, the government and Schulte have been discussing severing his charges from last year — which include one charge of contempt and a charge of attempted leak of classified information — from everything else.

As the Court is aware, trial in this matter is currently set for April 8, 2019. (See Minute Entry for August 8, 2018 Conference). To afford the parties sufficient time to prepare the necessary pretrial motions, including suppression motions and motions pursuant to the Classified Information Procedures Act (“CIPA”), the parties respectfully request that the Court adjourn the trial until November 4, 2019. The parties are also discussing a potential agreement concerning severance, as well as the order of the potentially severed trials. The parties will update the Court on severance and a pretrial motion schedule at or before the conference scheduled for April 10, 2019.

That might be something they tried to base a plea off of: they’d have video evidence to back their case, so it might avoid the CIPA process CIA is unwilling to engage in.

Back in May, Schulte’s team submitted a motion to vacate his SAMs (Special Administrative Measures limit a prisoner’s communication with others). It was based off the case the government made prior to his superseding indictment and left out all the allegations the government made about the 13 email and social media accounts Schulte was allegedly running from his jail cell, and as such deliberately understated why the government wanted the SAMs. The government asked for and got an extension to respond until Monday — notably, after all decisions about Assange would have had to have been made. Any response (unless it’s sealed) will have to provide more details about what happened last fall, so if they’re trying to get a plea deal, it might come this week in lieu of that SAMs response.

But the question would be what that plea agreement would look like.

Finally, the government is going to have to provide some explanation for why Chelsea Manning remains in jail for contempt. Unless they can claim they’re going after other people related to WikiLeaks, they should not be able to keep her jailed.

What if Julian Assange Flipped?

/41 Comments/in , , , /by

I’ve said this before, I’ll say it again: I hope to hell Chelsea Manning’s advisors are cognizant of the ways her attempts to avoid testifying against Julian Assange may put her in unforeseen legal jeopardy.

I’m thinking of that anew given my consideration of what I consider to be a distant, but real, possibility: that the US government would offer Assange a plea deal on the current charge he faces in exchange for testimony in a range of other issues. The idea is crazy, but perhaps not as crazy as it sounds.

As I laid out in this post, it seems the US government has been carefully orchestrating the Assange arrest since Ecuador first applied for diplomatic status for him in 2017 in an attempt to exfiltrate him, possibly to Russia. They’re now on the clock, with (depending on which expert you ask) just 44 more days to lard on the additional charges multiple outlets have reported are coming. Meanwhile, he’s being held at Belmarsh, with conflicting stories about what kind of visitors he’s been permitted — though the UN Special Rapporteur for Privacy did visit him this week. Though I’ve asked some top experts, it’s not entirely clear whether, if he were being interrogated right now, that’d be under UK law or US law; the former has fewer protections against self-incrimination for people being detained.

One passage of the Mueller Report may provide an explanation for why his prosecutors didn’t obtain Julian Assange’s testimony.

The Office limited its pursuit of other witnesses and information-such as information known to attorneys or individuals claiming to be members of the media-in light of internal Department of Justice policies. See, e.g., Justice Manual §§ 9-13.400, 13.410.

Assange would fall squarely within DOJ policy covering people who are subjects or targets of an investigation for activities related to their news-gathering activities.

Member of the news media as subject or target. In matters in which a member of the Department determines that a member of the news media is a subject or target of an investigation relating to an offense committed in the course of, or arising out of, newsgathering activities, the member of the Department requesting Attorney General authorization to use a subpoena, 2703(d) order, or 3123 order to obtain from a third party the communications records or business records of a member of the news media shall provide all facts necessary to a determination by the Attorney General regarding both whether the member of the news media is a subject or target of the investigation and whether to authorize the use of such subpoena or court order. 28 C.F.R. 50.10(c)(5)(i). If the Attorney General determines that the member of the news media is a subject or target of an investigation relating to an offense committed in the course of, or arising out of, newsgathering activities, the Attorney General’s determination should take into account the principles reflected in 28 C.F.R. 50.10(a), but need not take into account the considerations identified in 28 C.F.R. 50.10(c)(5)(ii) – (viii). Id. Members of the Department must consult with the PSEU regarding whether a member of the news media is a subject or target of an investigation related to an offense committed in the course of, or arising out of, newsgathering activities.

The EDVA case appears to have gotten over this policy (perhaps by distinguishing the assistance on cracking a password from newsgathering activities); but it’s not clear Mueller did (especially given the discussion of First Amendment considerations in passages relating to WikiLeaks). In any case, this calculus may change given that he’s in British, not US custody.

And there has been very little reporting on what’s going on with him — or with US investigations into him.

There are a number of investigations the government would love to get his testimony on, including:

Testimony against Joshua Schulte

Schulte is the accused Vault 7 leaker. WikiLeaks has been far less circumspect about the possibility he’s their source than with other leakers (while also engaging in far less of an effort to lay the case that he’s a whistleblower). Plus, the government has video evidence of Schulte attempting to leak classified information.

But thus far, Schulte’s prosecution has been slowed by CIA’s reluctance to share the classified information Schulte needs to defend himself. Plus, the FBI apparently bolloxed up the initial search warrants for Schulte (in what I suspect was a sloppy effort at parallel construction), which Schulte has been trying to win the ability to speak publicly about for over a year; he recently appealed a decision denying him a request to exempt those initial warrants from his protective order.

To the extent that Assange and Schulte (if he is really the Vault 7 source) communicated — and there’s good reason to believe WikiLeaks did communicate in advance of this publication — then Assange might be able to provide testimony that would get beyond the classification problems.

Testimony about the response to his pardon requests (including Roger Stone’s role in it)

I also believe that DOJ continues to investigate the long effort — an effort that includes Roger Stone, whom prosecutors say is still under investigation — in brokering a pardon for Assange, possibly in part for Assange providing disinformation about where the Democratic documents came from. Consider that, as recently as November, Mueller was trying to learn whether Trump had discussed pardoning Assange before his inauguration, a question about which Trump was especially contemptuous, even given his overall contempt for responding to questions.

Then there’s a subtle point I find really interesting. When the Mueller Report lays out all the times Don Jr magnified Russian trolls, it noted that the failson’s fondness for Russian propaganda continued after the election.

96 See, e.g., @DonaldJTrumpJr 10/26/16 Tweet (“RT @TEN_GOP: BREAKING Thousands of names changed on voter rolls in Indiana. Police investigating #VoterFraud. #DrainTheSwamp.”); @DonaldJTrumpJr 11/2/16 Tweet (“RT @TEN_GOP: BREAKING: #VoterFraud by counting tens of thousands of ineligible mail in Hillary votes being reported in Broward County, Florida.”); @DonaldJTrumpJr 11/8/16 Tweet CRT @TEN_GOP: This vet passed away last month before he could vote for Trump. Here he is in his #MAGA hat. #voted #ElectionDay.”). Trump Jr. retweeted additional @TEN_GOP content subsequent to the election.

[snip]

103 @DonaldJTrumpJr 11/7/16 Tweet (“RT @Pamela jetonc13. Detroit residents speak out against the failed policies of Obama, Hillary & democrats . . . . “) [my emphasis]

The page-long section (page 60) that lays out Don Jr’s innocuous pre-election interactions (which is how I described them when they were first published) does not, similarly, note the President’s son’s more damning interactions with WikiLeaks that took place after the election, where Assange once privately

Hi Don. Hope you’re doing well! In relation to Mr. Assange: Obama/Clinton placed pressure on Sweden, UK and Australia (his home country) to illicitly go after Mr. Assange. It would be real easy and helpful for your dad to suggest that Australia appoint Assange ambassador to DC “That’s a really smart tough guy and the most famous australian you have! ” or something similar. They won’t do it, but it will send the right signals to Australia, UK + Sweden to start following the law and stop bending it to ingratiate themselves with the Clintons. 12/16/16 12:38PM

And then publicly asked for an Ambassadorship that would amount to a pardon.

Given the thoroughness of the report, I find the silence about these exchanges to be notable.

Admittedly, one aspect of the pardon campaign implicates Assange far more than (at least given the public details) it does Trump: his seeming attempt at extortion using the CIA’s hacking tools. But that doesn’t mean the government wouldn’t like his testimony about the larger effort, and I have reason to suspect that is something they were pursuing via other channels as well.

WikiLeaks’ ongoing interactions with Russia

Finally, I’m sure the US government would be willing to give Assange some consideration if he offered to describe his interactions with Russia over the years. The most public aspect of that was the WikiLeaks effort to get Snowden safely out of Hong Kong, which ended unexpectedly in Russia. But there are also credible allegations WikiLeaks engaged in some catch-and-kill of damning documents, most publicly with an incriminating document from the Syria Files. Emma Best looks more closely at that incident in a longer profile of a Russian hacker, Maksym Igor Popov, who seemed to shift loyalties back and forth from the US to Russia even while cultivating Anonymous.

Simultaneously, Sabu, who had been boasting about an alleged breach of Iranian systems, pivoted to the then-pending Syria files. “We owned central syrian bank and got all their emails,” he told Popov. There were “a lot of scandals” in those emails. In the 2012 exchange, Popov is told about an alleged email revealing that Syria had secretly sent Russia billions of Euros. Sabu appears to confuse the amount, which was 2 billion, with an amount from a similar transfer involving an Austrian bank. Reporting by The Daily Dot implies that the two emails were often discussed in the same conversation, while also revealing that the email Sabu was describing to the alleged Russian contractor was omitted from WikiLeaks’ eventual release.

WikiLeaks responded to the reporting by claiming that they “either never had the data or [that it was] in some strange MIME format so it isn’t indexed,” and that the reporting was an attack on WikiLeaks that was meant “to help HRC.”

Popov was impressed by Sabu’s description of the Syria emails, though he briefly confused them with another, unspecified cache that Sabu hinted Popov helped release. “If you want real access to the emails, I can [give it to you],” Sabu offered. Popov responded ecstatically, saying he could use it to create disinformation and fabricate conspiracies. Undaunted by Popov’s intended use for the emails, Sabu said he’d “try to set it all up soon.”

This exchange occurred several months after WikiLeaks received the first batch of the Syria files and several weeks after WikiLeaks gave the LulzSec hackers private access to a search engine to help parse the Stratfor emails which the group had also provided to WikiLeaks.

19:16 <Sabu> though we did very well on syria.. we owned central syrian bank and got all their emails 19:16 <LoD> and Nepalese hack 19:16 <Sabu> a lot of scandals ... like syria sending russia 5 billion euros before civil unrest and when russia sent warsip to trait of whateves its called 19:16 <LoD> Ive actually checked it RESPECT syria gave me some things to mastermind my next operations those email accounts were of much help to improve our strategy 19:17 <LoD> i give you thumbs up 19:17 <Sabu> well we didn't realease it yet ... that was another small hack you released. if you want real access to emails I can ive you 19:17 <LoD> really? 19:17 <LoD> can you? 19:17 <LoD> man I WILL BE in DEBT 19:17 <LoD> I can utilize it in my release 19:18 <LoD> to create a conspiracy 19:18 <Sabu> ya I'll try to set it all up soon

If Popov acquired early access to the Syria files, it would have been the score of a lifetime, giving him an exclusive early inside look at corporations and governments. However, as any later logs of discussions between Popov and Sabu aren’t part of the leaked file, it’s unclear if Popov actually received early access to the Syria files.

Already by this time period in 2011, some former Anons were expressing concern that their operations were being facilitated by Russian infrastructure.

Some followers came to believe that the leaders sought only personal aggrandisement or were effectively in cahoots with the organised criminals who may have raided Sony’s credit-card hoard after Anonymous knocked down the door. Even stalwarts such as Housh are unhappy that much of Anonymous’s infrastructure is now housed on computers used by Russian criminals. “It’s not like the Russians wanted us to get HBGary, but I want to know personally why they are doing this,” he says of the chat hosts. “Where is the money coming from?”

To be sure: a tie with Anonymous is different than a tie directly with WikiLeaks, even if Anonymous was serving as one of WikiLeaks’ important source streams at the time. Further, Best notes that there’s no evidence in available files that Popov interacted directly with WikiLeaks — nor would there be, given the scope of the publicly available chat logs.

But, particularly given the allegations that Assange fed the Seth Rich hoax as part of an effort to deny that he knew he had gotten the Democratic files from Russia, I’m sure the US government would love to know from him about any ties between WikiLeaks and Russia.

Offering Assange a plea deal might be one way to close the book on WikiLeaks without the political controversy of a trial.

The question, of course, is whether Assange would take one. Admittedly, it’s highly unlikely.

Still, as noted, he repeatedly claimed he’d love to tell all if he could avoid prison altogether. But even in a best case scenario, he’s looking at a long extradition fight from Belmarsh in conditions that are reportedly pretty shitty. A plea deal might be one way to limit how much more time in custody he faces.

Which could bode poorly for people like Chelsea Manning, making significant sacrifices to protect Assange.

As I disclosed last July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

The Assange Complaint Was Filed the Day the UK Rejected Assange’s Diplomatic Status

/19 Comments/in /by

EDVA has released the affidavit and original complaint charging Julian Assange with conspiring with Chelsea Manning to crack a password. Two things support the likelihood that this extradition request arose in response to Ecuador’s attempt to get Assange diplomatic status that would allow it or Russia to exfiltrate him from London.

As I noted earlier, the extradition warrant itself dates to December 22. But the complaint and supporting affidavit date to December 21, 2017. That’s the day, according to multiple reports, that the British government denied Ecuador’s request to grant Assange “special designation” as a diplomat.

Ecuador last Dec. 19 approved a “special designation in favor of Mr. Julian Assange so that he can carry out functions at the Ecuadorean Embassy in Russia,” according to the letter written to opposition legislator Paola Vintimilla.

“Special designation” refers to the Ecuadorean president’s right to name political allies to a fixed number of diplomatic posts even if they are not career diplomats.

But Britain’s Foreign Office in a Dec. 21 note said it did not accept Assange as a diplomat and that it did not “consider that Mr. Assange enjoys any type of privileges and immunities under the Vienna Convention,” reads the letter, citing a British diplomatic note.

The Guardian (which is less reliable when it pertains to stories about Assange) claims that this effort was meant to support an exfiltration attempt, possibly to Russia.

Russian diplomats held secret talks in London last year with people close to Julian Assange to assess whether they could help him flee the UK, the Guardian has learned.

A tentative plan was devised that would have seen the WikiLeaks founder smuggled out of Ecuador’s London embassy in a diplomatic vehicle and transported to another country.

One ultimate destination, multiple sources have said, was Russia, where Assange would not be at risk of extradition to the US. The plan was abandoned after it was deemed too risky.

The operation to extract Assange was provisionally scheduled for Christmas Eve in 2017, one source claimed, and was linked to an unsuccessful attempt by Ecuador to give Assange formal diplomatic status.

The supporting affidavit is notable because it is even more troubling than the indictment itself is for its description of Assange’s work with Manning to publish classified documents.

But it’s also notable for the case it makes that Assange took refuge in the Ecuadorian embassy not to hide from the Swedish prosecution but from US prosecution.

Assange has made numerous comments reflecting that he took refuge in the Ecuadorian embassy to avoid extradition and charges in the United States.

For example, in 2013, the WikiLeaks website posted an affidavit by Assange concerning alleged monitoring of his activities and the search and seizure of his property. In the affidavit, Assange acknowledged that he was “granted asylum after a formal assessment by the government of Ecuador in relation to the current and future risks of persecution and cruel, inhuman and degrading treatment in the United States in response to my publishing activities and my political opinion. I remain under the protection of Ecuador in London for this reason.” See https://wikileaks.org/IMG/html/Affidavit_of_Julian_Assange.html.

On May 19, 2017, in response to Sweden’s decision to discontinue its investigation regarding suspected rape by Julian Assange, Assange publicly stated, “While today was an important victory and an important vindication … the road is far from over The war, the proper war, is just commencing. The UK has said it will arrest me regardless. Now the United States, CIA Director Pompeo, and the U.S. Attorney General have said that I and other WikiLeaks staff have no rights … we have no first amendment rights.. .and my arrest and the arrest of our other staffis a priority…. The U.K. refuses to confirm or deny at this stage whether a U.S. extradition warrant is already in the U.K. territory. So, this is a dialogue that we want to happen. Similarly, with the United States, while there have been extremely threatening remarks made, I am always happy to engage in a dialogue with the Department of Justice about what has occurred.” https://www.bloomberg.eom/news/articles/2017-05-19/swedishprosecutors-to-drop-rape-investigation-against-assange.

It seems likely that the UK rejected Ecuador’s request, in part, because the US lodged an extradition request, possibly because they learned of the exfiltration plan.

If so, that may change the extradition calculus significantly, even if Sweden refiles its request. The UK may have already agreed that Assange was only ever fleeing US prosecution. Indeed, their decision back in December 2017 may have served precisely to enable the arrest that occurred last Thursday.

If that’s right, there’s little chance the UK will give precedence to Sweden — though Labour within the UK and a number of entities in the EU are fighting this extradition request.

As I’ve noted, this all took place against the background of the Vault 7 prosecution which implicated Assange in far more activities unrelated to journalism, ones that the United States’ Five Eyes partner would likely be very sympathetic to. And that may well be what this indictment was always a placeholder for. Yes, the government may fill in a larger conspiracy in-between 2010 and 2017. But this action seems to have as much to do with what Assange did in 2017 as he was doing in 2010.

Update: Corrected indictment dating to December 22; I meant the extradition warrant.

The Logistics of the Julian Assange Indictment

/137 Comments/in , , , /by

The extradition request and indictment have been pending while Vault 7 and Roger Stone have percolated

According to a BuzzFeed report from yesterday’s bail hearing in London, Julian Assange’s extradition warrant was dated December 22, 2017.

That means the extradition request came amid an effort by Ecuador to grant him diplomatic status after which he might be exfiltrated to Ecuador or Russia; the extradition request came the day after the UK denied him diplomatic status.

Ecuador last Dec. 19 approved a “special designation in favor of Mr. Julian Assange so that he can carry out functions at the Ecuadorean Embassy in Russia,” according to the letter written to opposition legislator Paola Vintimilla.

“Special designation” refers to the Ecuadorean president’s right to name political allies to a fixed number of diplomatic posts even if they are not career diplomats.

But Britain’s Foreign Office in a Dec. 21 note said it did not accept Assange as a diplomat and that it did not “consider that Mr. Assange enjoys any type of privileges and immunities under the Vienna Convention,” reads the letter, citing a British diplomatic note.

Both events came in the wake of the revocation of Joshua Schulte’s bail after he got caught using Tor, in violation of his bail conditions. And the events came days before Donald Trump’s longtime political advisor Roger Stone told Randy Credico he was about to orchestrate a blanket pardon for Assange.

In early January, Roger Stone, the longtime Republican operative and adviser to Donald Trump, sent a text message to an associate stating that he was actively seeking a presidential pardon for WikiLeaks founder Julian Assange—and felt optimistic about his chances. “I am working with others to get JA a blanket pardon,” Stone wrote, in a January 6 exchange of text messages obtained by Mother Jones. “It’s very real and very possible. Don’t fuck it up.” Thirty-five minutes later, Stone added, “Something very big about to go down.”

The indictment used to submit an extradition request yesterday was approved by an EDVA grand jury on March 6, 2018, 13 months ago and just a few months after the extradition request.

That means the indictment has been sitting there at EDVA since a few days before Mueller obtained warrants to obtain the contents of five AT&T cell phones, one of which I suspect belongs to Roger Stone (see this post for a timeline of the investigation into Stone). The indictment has been sitting there since a few weeks before Ecuador first limited visitors for Julian Assange last March. It has been sitting there for three months before the government finally indicted Joshua Schulte, in June 2018, for the leak of Vault 7 files they had been pursuing for over a year (see this post for a timeline of the investigation into Schulte). It was sitting there when, in July, Mueller rolled out an indictment referring to WikiLeaks as an unindicted co-conspirator with GRU on the 2016 election hacks, without charging the organization. It was also sitting there last July when David House testified about publicizing Chelsea Manning’s case to the grand jury under a grant of immunity. It was sitting there when Schulte got videotaped attempting to leak classified information from jail, making any prosecution far easier from a classified information standpoint; that happened right around the time Ecuador ratcheted up the restrictions on Assange. It had been sitting there for 10 months by the time Mueller indicted Roger Stone for lying about optimizing the WikiLeaks release of documents stolen by Russia, again while naming but not charging WikiLeaks. It had been sitting there for 11 months when Chelsea Manning first got a subpoena to testify before an EDVA grand jury, and a full year before she went public with her subpoena. It had been sitting there for over a year when Mueller announced he was finishing on March 22; likewise it has been sitting there ever since Bill Barr announced Trump’s team hadn’t coordinated with the Russian government but remained silent about coordination with WikiLeaks.

In short, the indictment has been sitting there for quite some time and the extradition warrant even longer, even as several different more recent investigations appear to be relentlessly moving closer to WikiLeaks. It has been sealed, assuming it’s the same as the complaint the existence of which was accidentally revealed late last year because, “due to the sophistication of the defendant and the publicity surrounding the case, no other procedure is likely to keep confidential the fact that Assange has been charged.”

There’s a somewhat obvious reason why it got indicted when it did. As WaPo and others have pointed out, the eight year statute of limitations on the CFAA charges in the indictment would have run last year on March 7, 2018.

But that doesn’t explain why DOJ decided to charge Assange in this case, when Assange’s actions with Vault 7 appear far more egregious, or why the indictment is just being unsealed now. And it doesn’t explain why it got released — without any superseding allegations — now, even while WaPo and CNN report more charges against Assange are coming.

Here’s what I suspect DOJ is trying to do with this indictment.

The discussion of cracking the password takes place as Manning runs out of files to share

First, consider these details about the indictment. As I noted earlier, the overt act it charges as a conspiracy is an agreement to crack a password.

On or about March 8, 2010, Assange agreed to assist Manning in cracking a password stored on United States Department of Defense computers connected to the Secret Internet Protocol Network, a United States government network used for classified documents and communications, as designated according to Executive Order No. 13526 or its predecessor orders.

[snip]

The portion of the password Manning gave to Assange to crack was stored as a “hash value” in a computer file that was accessible only by users with administrative-level privileges. Manning did not have administrative-level privileges, and used special software, namely a Linux operating system, to access the computer file and obtain the portion of the password provided to Assange.

Cracking the password would have allowed Manning to log onto the computers under a username that did not belong to her. Such a measure would have made it more difficult for investigators to identify Manning as the source of disclosures of classified information.

More specifically, the overt act relates to some exchanges revealed in chat logs that have long been public, dating to March 2010 (see this post for a timeline of some related activities from this period, but not this chat; this post describes a chronology of Manning’s alleged leaks). This is a period when Manning had already leaked things to WikiLeaks, including the Collateral Murder video they’re in the process of editing during the conversation and the Iraq and Afghan war logs that were apparently a focus of the David House grand jury testimony.

In the logs, Manning asks whether WikiLeaks wants Gitmo detainee files (a file that, in my opinion, was one of the most valuable leaked by Manning). Assange isn’t actually all that excited because “gitmo is mostly over,” but suggests the files may be useful to defense attorneys (they were! to some of the same defense attorneys defending Assange now!) or if Afghanistan heats up.

Manning says she’s loading one more archive of interesting stuff.

This appears to be the Gitmo files.

Manning explicitly says that’s all she’s got, and then talks about taking some years off to let heat die down, even while gushing about the current rate of change.

Some hours later, amid a discussion about the status of the upload of the Gitmo files that are supposed to be the last file she’s got, Manning then asks Assange if he’s any good at cracking passwords.

He says he has, “passed it onto our lm guy.”

Two days later Assange asks for more information on the hash, stating (as the indictment notes) that he’s had no luck cracking it so far. Then there’s a six day break in the chat logs, at least as presented.

The next day Assange floats getting Manning a crypto phone but then thinks better of it.

These chat logs end the next day, March 18, 2010. As the indictment notes, however, it’s not until ten days later, on March 28, 2010, that Manning starts downloading the State cable files.

Following this, between March 28, 2010, and April 9, 2010, Manning used a United States Department of Defense computer to download the U.S. Department of State cables that WikiLeaks later released publicly.

It’s unclear whether Assange ever cracked the password — but the chat log suggests he involved another person in the conspiracy

Most people have assumed, given what the indictment lays out, that Assange never succeeded in cracking the password. I have no idea whether he did or not, but I’m seeing people base that conclusion on several faulty assumptions. (Update: HackerFantastic notes that Assange couldn’t have broken this password, but goes on to describe how using other code it might be possible; that’s interesting because Manning was alleged to have added additional software onto the network after the initial Linux device, on May 4, 2010.)

First, some people assume that if Assange had succeeded in cracking the password, the indictment would say so. I’m not so sure. The indictment only needs to allege that Assange and Manning entered into a conspiracy — which the indictment deems a password cracking conspiracy — and took an overt act, whether or not the conspiracy itself was successful. The government suggests that Assange’s comment that he’s had “no luck so far” shows that he has taken an overt act, trying to crack it. Nothing else is required for the purposes of the indictment.

Further, several things about the chat log, as received, suggests there may be more going on in the background. There’s the six day gap after that conversation. There’s the contemplation of getting Manning a crypto phone. And then the chat logs as the government has chosen to release them end, though as the government notes, ten days after they end, Manning starts downloading the State cables.

But the record at least suggests that this conspiracy involves at least one more person, the “lm guy.” Maybe Assange was just falsely claiming to have a guy who focused on cracking certain kinds of hashes. Or maybe the government knows who he is.

The reference to him, however, suggests that there’s at least one more person in this conspiracy. The indictment notes there are “other co-conspirators known and unknown to the Grand Jury,” which is the norm for conspiracy indictments. But there are no other details of who else might be included.

Yes, this particular conspiracy is incredibly narrowly conceived, focused on just that password decryption. But there’s also the “Manner and Means of the Conspiracy” language that has (rightly) alarmed journalists so much, describing the goal of acquiring and sharing classified information that WikiLeaks could disseminate, and describing the operational security (Jabber and deleted chat logs) and inducement to accomplish that goal.

In other words, this indictment seems to be both an incredibly narrow charge, focused on a few Jabber conversations between Assange and Manning, and a much larger conspiracy in which Assange and other unnamed co-conspirators help her acquire and transmit classified documents about the US.

The logistics of the conspiracy prosecution(s)

Which brings me back to how this indictment might fit in amidst several larger, parallel efforts to prosecute WikiLeaks in the last 16 months.

This indictment may be the formalization of a complaint used as the basis for what seems to be a hastily drawn extradition request in December 2017, at a time when Ecuador and Russia were attempting to spring Assange, possibly in the wake of the government’s move to detain Schulte.

The indictment does not allege the full Cablegate conspiracy. David House testified months ago. And the government currently has Manning in jail in an attempt to coerce her to cooperate. That coercive force, by the way, may be the point of referencing the Espionage Act in the indictment: to add teeth to the renewed legal jeopardy that Manning might face if she doesn’t cooperate.

But what the indictment does — and did do, yesterday — is serve as the basis to get Assange booted from the embassy and moved into British custody, kicking off formal extradition proceedings.

As a number of outlets have suggested, any extradition process may take a while. Although two things could dramatically abbreviate it. First, Sweden could file its own extradition on the single remaining rape charge against Assange, which might get priority over the US request. Ironically, that might be Assange’s best bet to stay out of US custody for the longest possible time. Alternately, Assange could simply not contest extradition to the US, which would leave him charged in this bare bones indictment that even Orin Kerr suggests is a fairly aggressive charging of CFAA.

Barring either of those things happening, however, the US government now has one suspect in any conspiracy it wants to charge in the custody of a friendly country. It has accomplished that with entirely unclassified allegations, which means any other suspects won’t know anything more than they knew on Wednesday. Anything else it wants to charge — or any other moving parts it needs to pursue — it can now do without worrying too much that Assange will be put in the “boot” of a Russian diplomatic vehicle to be exfiltrated to Russia.

It has between now and at least May 2 — when Assange has his next hearing — to add any additional charges against Assange, while still having them charged under the Rule of Specialty before any possible extradition. It has maybe a month left on the Mueller grand jury.

Meanwhile, several things have happened recently.

First, in recent weeks two things have happened in the Schulte case. His lawyers made yet another bid to get the warrants that justified the initial searches excluded from the protective order. Schulte and his lawyers have been complaining about these warrants from the start, and Schulte’s public comments or leaks about them are part of what got him charged with violating his protective order. From description, it sounds like FBI was parallel constructing other information tying him to the Vault 7 leaks, and fucked up royally in doing so, introducing errors in the process (though the Hal Martin case makes me wonder whether the errors aren’t still more egregious). The government objected to this request, arguing that the warrants would disclose how the CIA stored its hacking documents and asserting that the investigation is definitely ongoing.

The Search Warrant Materials discuss, among other things, the way that the U.S. Intelligence Agency maintained a classified computer system that was integral to the Agency’s intelligence-gathering mission. Broadly disseminating that information would permit a host of potentially hostile actors to glean valuable intelligence about the way the U.S. Intelligence Agency maintained its computer systems or its security protocols, which would harm national security.

[snip]

The defendant’s abbreviated argument for de-designating the Search Warrant Materials is speculative, conclusory, and misguided. First, the defendant claims that the “time for investigation is long gone.” (Def. Let. at 1). The defendant is neither in a position to judge nor the arbiter of when it is appropriate for the Government to end its investigation into one of the largest-ever illegal disclosures of classified information. Simply put, while details are not appropriate for discussion in a public letter, the Government confirms that its investigation is not done and can supply the Court with additional information on an ex parte basis if the Court wishes.

Meanwhile, the government suggested severing the most recent charges — in which it has video surveillance showing Schulte leaking classified or protected information — from the underlying child porn and Vault 7 leaks.

As the Court is aware, trial in this matter is currently set for April 8, 2019. (See Minute Entry for August 8, 2018 Conference). To afford the parties sufficient time to prepare the necessary pretrial motions, including suppression motions and motions pursuant to the Classified Information Procedures Act (“CIPA”), the parties respectfully request that the Court adjourn the trial until November 4, 2019. The parties are also discussing a potential agreement concerning severance, as well as the order of the potentially severed trials. The parties will update the Court on severance and a pretrial motion schedule at or before the conference scheduled for April 10, 2019.

The defense didn’t weigh in on this plan, which (it would seem) would go a long way to eliminating the government’s parallel construction problem. They were supposed to talk about the severance issue in a hearing Monday, but it sounds like the only thing that got discussed was CIA’s refusal to comply with discovery. My guess is that Schulte will try to get those initial warrants and any fruit of them thrown out, and if that doesn’t work then maybe plead down to prevent a life sentence.

Meanwhile, Ecuador has taken steps to roll up people it claims have ties to Assange.

Tuesday, it fired a staffer in the embassy who had been extremely close to Assange (which may be how he learned about the plans to arrest him last week). Then, yesterday, Ecuador detained Swedish coder Ola Bini, alleging he was involved in some of the hacking they’ve accused Assange of. They also claim to know of two Russian hackers involved.

I have no idea if these developments are just Ecuador trying to cover-up corruption or real ties to WikiLeaks or perhaps something in between. There are no trustworthy actors here.

But — as William Arkin also notes — there’s an effort to test whether WikiLeaks has been at the front end of many of these leaks. Aside from WikiLeaks’ reported source for its Saudi Leaks files from Russia, Arkin focuses less on the reasons there are real questions about WikiLeaks’ relationship with Russia. I think we honestly won’t know which of the untrustworthy sides is being more trustworthy until we see the evidence.

Whichever it is, it seems that DOJ is poised to start building out whatever it can on at least one conspiracy indictment against WikiLeaks. The indictment and its implementation yesterday seems primarily to have served as a way to lock down one part — the most volatile one — of the equation. What comes next may assuage concerns about the thinness of this indictment or it may reveal something far more systematic.

In the meantime, Assange is represented by some great lawyers, both in the UK and here. Which at least increases the chances any larger claims DOJ plans to roll out will be tested aggressively.

As I disclosed last July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

Fun with Dr. Corsi’s “Forensics”!

/39 Comments/in , /by

By far the most ridiculous part of Jerome Corsi’s book is where he spends an entire chapter pretending that he figured out on his own that WikiLeaks had John Podesta’s emails rather than being told that by someone whose identity he’s trying to avoid sharing with Mueller’s team.

The chapter is one of three in the book that he presents as having been written in real time, effectively as diary entries. Corsi presents it as the fevered narrative he writes on November 18, 2018, at a time when Mueller’s team was cracking down on him for his continued lies but before he refused the plea deal, after a night of nightmares.

Last night, I was plagued by nightmares that caused me to sleep very poorly.

His change in voice is followed with an even more direct address to readers, which he returns to as an interjection in the middle of his crazed explanation.

I am going to write this chapter to explain to you, the reader, how I used my basic intuitive skills as a reporter to figure out in August 2016 that Assange had Podesta’s emails, that Assange planned to start making the Podesta file public in October 2016, and that Assange would release the emails in a serial, day-by-day fashion, right up to election day.

[snip]

Now, I know this is tedious and will tax many readers, so I’ve decided here to take a break. You have to understand what I am going through is a roller-coaster. Sometimes I feel like everything is normal and that the federal government will understand that I am a reporter and should be protected by the First Amendment. Then, I realize that the next ring of the doorbell could be the FBI seeking to handcuff me and arrest me in full view of my family.

Resuming after a much-needed break, we need only a few more dates to complete the analysis.

The chapter consists of three things, none of which even remotely presents a case for how he could have concluded WikiLeaks was sitting on John Podesta’s emails:

  • An argument that claims he simply reasoned it all out, without proof
  • A chronology that makes no sense given the July and August 2016 emails he’s trying to explain away
  • Other crap theories designed to undermine Mueller’s argument about Russian involvement, most of which post-date the date when Corsi claims to have figured out the Podesta emails were coming

Corsi’s “argument”

Corsi’s main argument is this:

Clearly, I reasoned there had to have been Podesta emails on that server that would have discussed the Clinton/DNC plot to deny Bernie Sanders the Democratic Party presidential nomination in 2016. Where were these Podesta emails, I wondered?

[snip]

I felt certain that if Assange had Podesta’s emails he would wait to drop them in October 2016, capturing the chance to stage the 2016 “October Surprise,” a term that had been in vogue in U.S. presidential politics since 1980 when Jimmy Carter lost re-election to Ronald Reagan, largely because the Reagan camp finessed Ayatollah Khomeini to postpone the release of the hostages from the American embassy in Tehran until after that year’s November election. I also figured that Assange would release the Podesta emails in drip-drip fashion, serially, over a number of days, stretching right up to the Election Day. In presidential politics, the news cycle speeds up, such that what might take a month or a week to play out in a normal news cycle might take only a day or two in the heightened intensity of a presidential news cycle—especially a presidential news cycle in October, right at Election Day is nearing.

In spite of his claims, elsewhere, to have done forensic analysis that told him John Podesta’s emails were coming, ultimately his argument boils down to this: he figured out that Podesta’s emails (which he purportedly hadn’t read) would be the most damning possible thing and therefore WikiLeaks must have and intend to release them in a serial release because it made sense.

Corsi’s chronology

From there, Corsi proceeds to spin out the following bullshit about how he came to that conclusion:

  • Starting in February 2016, a woman named LH whose ex-husband was a former top NSA figure told him [why?] incorrect things about how the Democrats organize their servers. This information seems to be inflected by the flap over VAN space the previous December, but Corsi doesn’t mention that. This information is wrong in many of the ways later skeptics of the Russian hack would be wrong, but Corsi claims he had that wrong understanding well in advance of the crowd.
  • When Assange announced on June 12 that he had upcoming Hillary leaks, Corsi was “alerted to the possibility Assange had obtained emails from the DNC email server,” which he took to mean VAN.
  • When the WaPo reported on the DNC hack on June 14, 2016, Corsi took Democrats’ (false) reassurances about financial data to be true, matched it to his incorrect claimed understanding of how the Democrats organized their data, and assumed VAN had been hacked (this is the day before Guccifer 2.0 would claim he got in through VAN, remember). Corsi also claims to have noted from the WaPo story that Perkins Coie and Crowdstrike were involved, the latter of which he tied to Google’s Eric Schmidt (who was helping Dems on tech), which together he used to suggest that in real time he believed the Democrats had “manufactured” evidence to pin the hack on the Russians. Again, Corsi is suggesting he got to the conspiracy theories it took the rest of Republicans a year to get to, but in real time.
  • Corsi incorrectly read the Crowdstrike white paper (on which the WaPo story was obviously based and which Ellen Nakashima had had for about a week, and which includes an update written in response to the appearance of Guccifer 2.0) as a response to Guccifer 2.0’s post on June 15 and — in spite of the WaPo report that Cozy Bear had been “monitoring DNC’s email and chat communications” — concluded that the hackers had not taken email.
  • After the DNC emails were released, Corsi had what he claims was his big insight: that these emails largely came from DNC’s Comms Director and their finance staffers, which meant Podesta’s (and DWS’, which he logically should but did not, pursue) had to be what was left. Mind you, the former point is something WikiLeaks made clear on its website:

On July 22, 2016, Wikileaks began releasing over two days a total of 44,053 emails and17,761 email attachments from key figures in the DNC. What I noticed immediately was that the largest number of emails by far came from DNC Communications Director Luis Miranda (10,520 emails), who had approximately three-times the emails released for the next highest on the list, National Finance Director Jordon Kaplan (3,799 emails) and Finance Chief of Staff Scott Corner (3,095 emails). What I noticed immediately was that emails from Debbie Wasserman Schultz and John Podesta were missing. Yet, by analyzing the addresses in the emails, it was clear the “From,” “To,” and or “CC” listings indicate the email was sent by or to an addressee using the DNC email server, identified as @dnc.org.

  • In his narrative of how he “figured out” there must be Podesta emails, he relies not on the July 25 NBC story he cites earlier in his book, quoting Assange saying there was “no proof” the emails came from Russia (and suggesting his set were a different one than the ones analyzed by cybersecurity experts), but a CNN story he dates to July 26 but which got updated early morning July 27, citing Assange saying, “Perhaps one day the source or sources will step forward and that might be an interesting moment some people may have egg on their faces. But to exclude certain actors is to make it easier to find out who our sources are;” Corsi also cites a July 27 NYMag story citing the CNN one. Corsi claims that as he was listening to this interview, he realized that Assange had Podesta emails “lifted from the DNC server,” which would be incorrect even if it were true, given that Podesta’s emails were from his Gmail account.

Listening to this interview on CNN, all the pieces fit in place for me. Assange had Podesta emails that were also lifted from the DNC server and these were the emails he was holding to drop later in the campaign.

  • Corsi describes “the last piece of the puzzle” to be Seth Rich’s death on July 10, 2016, but which occurred before Assange’s post DNC release interviews, in one of which Assange suggested his sources were still alive to “step forward,” then points to Assange’s offer of a reward for information leading to a conviction on August 9. This happened after he had already suggested to Stone that Podesta’s emails were coming.

None of this explains how Corsi would not have decided that Clinton Foundation emails were what was missing, which is what Stone believed when he instructed Corsi to reach out to Ted Malloch on July 25, the day before the Assange interviews Corsi says led him to conclude WikiLeaks instead had Podesta’s emails. And much of it assumes that a unified hack occurred (otherwise it would be impossible to decide what was coming from what had already been released), an assumption he claims not to believe in much of the rest of his crap.

Corsi’s crap

In addition to that chronology, though, Corsi throws in a bunch of crap meant to discredit the evidence laid out in the Mueller GRU indictment. Much of this evidence post-dates the moment he claims he figured out that WikiLeaks had Podesta’s emails, which makes it irrelevant to his theory, nevertheless Corsi throws it out there.

  • Corsi takes the Guccifer 2.0 leak of DCCC files to Aaron Nevins — which didn’t happen until over a month after he told Stone that WikiLeaks had Podesta emails — to be “proof” not just that Guccifer 2.0 only hacked DNC files, which he again asserts incorrectly came from VAN, but also that Guccifer 2.0 had not hacked emails.
  • Corsi claims that Guccifer 2.0 “never bragged that he hacked the DNC email server that contained the Podesta emails,” even though Guccifer 2.0 did brag that WikiLeaks had published documents he gave them after the DNC leak.
  • Corsi claims that Guccifer 2.0 published donor lists and voter analysis at DCLeaks, which is generally inaccurate (indeed, some Podesta files came out via DCLeaks!), but also admits a tie between Guccifer 2.0 and DCLeaks that would either rely on contemporary reporting that asserted a tie, the GRU indictment, or some personal knowledge not otherwise explained.
  • Corsi claims that, unlike Marcel Lazar, “Guccifer 2.0 has never been positively identified let alone arrested,” without explaining how he’s sure that the 12 GRU officers Mueller indicted don’t amount to positively identifying the people running Guccifer 2.0. Indeed, rather than addressing that indictment, Corsi instead tries to rebut the Intelligence Community Assessment’s “high confidence” attribution of Guccifer 2.0 to GRU, which he claims relies on ‘tradecraft’ that relies on circumstantial evidence at best, presuming a hacker leaves a signature.” In the ICA, that discussion appears in a section that also notes that “Some analytic judgments are based directly on collected information,” as the Mueller indictment makes clear the GRU one was.
  • Corsi claims the Vault 7 release suggesting the CIA has a tool to falsely attribute its own hacks “undermined” the IC’s attribution of Cozy Bear and Fancy Bear, without realizing that’s a different issue from whether the CIA, NSA, and FBI can correctly attribute the hack (though if the Russians obtained those files in the weeks after Joshua Schulte allegedly stole them in 2016, it would have made it harder for CIA to chase down the Russians).
  • Corsi initially argues, providing no evidence except that he’s sure the DNC emails come from the DNC email server and not NGP-VAN or Hillary’s private server, that, “While the DNC email server could have been hacked by an outside agent, what is equally plausible is that the emails could have been stolen by someone on the inside of the DNC, perhaps an employee with their own @dnc.org email address.” He then feeds the Seth Rich conspiracy.
  • Corsi uses what he claims to have learned about serialization in a college course covering Dickens (but details of which, regarding the history of Dickens’ serialization, he gets entirely wrong) to explain how he knew the Podesta emails would come out in a serialized release.
  • Corsi dismisses the possibility the Russians used a cut-out with this garble:

The attempt to distinguish is disingenuous, suggesting the Russians may have been responsible for the hack, turning the information to a third party, not the Russians or a state actor, who handed WikiLeaks the emails and thus became “the source.”

  • Corsi cites the Nation’s August 9, 2017 version of the Bill Binney theory purportedly proving that a set of files purporting to be from the DNC — which were never released by WikiLeaks — were copied inside the US and also noting that the Russian metadata in the first Guccifer 2.0 documents was placed there intentionally. As I noted at the time, the two theories actually don’t — at all — disprove the claim that Russia hacked the DNC. But they’re even worse for Corsi’s claims, because (even though the set of files were called NGP/VAN) they undermine his false claim about the Democrats’ servers and they acknowledge that the files he said disproved that Guccifer 2.0 had Podesta files actually were Podesta files.

These things are utterly irrelevant to the soundness of Corsi’s own claim to have been able to guess that the Podesta emails were coming and — as I note — a number of them sharply contradict what he claims to believe.

Corsi’s mistaken notion of his role in proving “collusion”

But the crap does serve Corsi’s larger point, which is to undermine what he imagines Mueller’s theory of “collusion” to be.

Mueller & Company had decided the Trump campaign somehow encouraged Russia to steal the DNC emails and give them to Assange, so WikiLeaks could publish them. Then to establish “Russian collusion” with the Trump campaign, Mueller was out to connect his own dots. The Mueller prosecutors had been charged with the mission to grill me until

I would “give up” my source to Assange. I was their critical “missing link.” If Rhee, Zelinsky, and Goldstein only got me to confess, Mueller figured he could connect the dots from Roger Stone to me to Assange, and from Assange back again to me, and from me to Roger Stone, who would feed the information to Steve Bannon, then chairing the Trump campaign.

The final dots, the Mueller prosecutors assumed, would connect Bannon to Trump and the “Russian collusion” chain of communication would be complete. The only problem was that I did not have a source connecting me to Assange, so Mueller’s chain-link narrative does not connect.

While I actually think it possible that Corsi’s shenanigans may have harmed the neatness of Mueller’s case against Stone, perhaps even leading Mueller to charge Stone only with the obstruction charges rather than in a larger conspiracy, it doesn’t affect the understanding with which Mueller seems to be approaching the Don Jr side of any conspiracy, in which Trump’s son accepted a meeting offering dirt, thinking the family might make $300 million off it, and promised policy considerations that — even before he was sworn into office — his father took steps to pay off.

That conspiracy remains, even if Mueller can’t show that at the same time, Trump was maximizing the advantage of the WikiLeaks releases via his old political advisor Roger Stone.

But who knows? Perhaps Mueller may one day prove that, too?

One other thing that’s worth noting, however: As I laid out above, Corsi doesn’t just attempt to explain how he came to guess that WikiLeaks would release John Podesta’s emails. In the guise of doing that, he lays out what amounts to the Greatest Hits of the Denialist Conspiracies, throwing every possible claim mobilized to undermine the conclusion that Russia hacked the Democrats out there, even the ones that undermine Corsi’s own claimed beliefs.

And, as Corsi himself notes, Mueller has Corsi’s Google searches.

Truthfully, I was astounded because it seemed as if the FBI had studied me down to knowing the key strokes that I had used on my computer to do Google searches for articles. I realized my Google file would have much information about my locations and my Internet searches, but the way Zelinsky drilled down on how I wrote this article was shocking.

Repeatedly Zelinsky had warned me that I had no idea how truly extensive the Special Counselor’s investigation had been. Now, I imagined an army of FBI computer specialists at Quantico mapping out my every electronic communication in 2016, including my emails, my cellphone calls, and my use of the laptop and the Internet to conduct my research and write my various articles and memos.

They actually know whether he read this stuff (notably, the NBC, CNN, and NYMag articles he cites from late July 2016) in real time or only after the fact. They know when Corsi downloaded a bunch of other things (including the Guccifer 2.0 releases), and they know whether he read the GRU indictment. The FBI has also likely obtained what he was doing in November, 2018, as he was writing this stuff.

So it may be that when Corsi’s book comes out in hard cover on March 12, Mueller’s team will  already have put together the forensic evidence to prove that Corsi’s claims about how he came by his own forensic analysis — and the rest of these conspiracies — are absolute bullshit. It is, admittedly, frightening how much the government can obtain about our contemporaneous thinking.

But it would be an ironic and just outcome for Corsi if Mueller’s best demonstration about the power of FBI’s forensic analysis comes not in the GRU indictment Corsi so studiously avoided mentioning in the entire book attempting to discredit it, but in proving Corsi’s own claims about forensics to be utterly false.

Corsi’s Timeline

March 16, 2016: WikiLeaks indexes FOIAed Hillary emails

June 12, 2016: Assange announces he has more information on Hillary

In that interview, Assange disclosed that WikiLeaks has “upcoming leaks in relation to Hillary Clinton,” though Assange distinguished the Hillary Clinton emails WikiLeaks possessed pending publication came from a different source than the emails from Hillary’s private email server. This alerted me to the possibility Assange had obtained emails from the DNC email server.

June 14, 2016: WaPo announces the DNC hack

June 15, 2016: Crowdstrike publicly releases white paper on DNC hack and Guccifer 2.0 first posts

July 10, 2016: Seth Rich’s murder

July 22, 2016: WikiLeaks releases the DNC emails

July 25, 2016: Stone emails Corsi asking him to Get to Assange to “get the pending WikiLeaks emails;” Corsi forwards the email to Ted Malloch

July 26, 2016: Assange tells CNN a lot more material is coming and refuses to exclude Russia as a source because “to exclude certain actors is to make it easier to find out who our sources are”

July 28, 2016: Corsi and his wife leave for Italy

July 31, 2016: Stone emails Corsi to “call me MON” instructing him to get Malloch to see Assange

August 2, 2016: Corsi emails Stone,

Word is friend in embassy plans 2 more dumps. One shortly after I’m back. 2nd in Oct. Impact planned to be very damaging.… Time to let more than Podesta to be exposed as in bed w enemy if they are not ready to drop HRC. That appears to be the game hackers are now about. Would not hurt to start suggesting HRC old, memory bad, has stroke — neither he nor she well. I expect that much of next dump focus, setting stage for Foundation debacle.

August 9, 2016: WikiLeaks offers $20,000 reward for information leading to conviction for murder of Seth Rich

August 12, 2016: Corsi returns from Italy

March 7, 2017: WikiLeaks starts to release Vault 7 documents, including an Umbrage file showing that CIA uses disinformation to hide which attacks it launches

May 25, 2017: WSJ reports on Aaron Nevins files that Guccifer 2.0 noted in real time; Corsi deems this (in a Murdoch paper) to be part of the anti-Stone narrative

As I disclosed last July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

It Is False and Defamatory to Accuse WikiLeaks of a Bunch of Things that Aren’t the Key Allegations against It

/42 Comments/in , /by

WikiLeaks decided it was a good idea to release a long list of claims about Julian Assange and WikiLeaks that it considers defamatory. Emma Best obtained and liberated the list. Given that the list clearly attempts (unsuccessfully in some places, and hilariously in other places where they deem matters of opinion defamatory) to be factually correct, I’m interested in the way WikiLeaks uses the list to try to deny a bunch of things that might end up in a US criminal indictment.

The US is only angry with Assange because Ecuador has lots of debt

Pretty far down the list, WikiLeaks denies being gagged for claims made about Sergey Skripal in such a way as to falsely suggest the only concerns the US had over Assange came to do with debt pressure.

It is false and defamatory to suggest that Ecuador isolated and gagged Mr. Assange due to his comments on Sergei Skripal [in fact, he was isolated over his refusal to delete a factually accurate tweet about the arrest of the president of Catalonia by Spain in Germany, along with U.S. debt pressure on Ecuador. The president of Ecuador Lenin Moreno admitted that these two countries were the issue, see https://defend.wikileaks.org/about-julian/].

It’s nonsensical to claim that Assange was gagged just because of debt pressure, but it’s a good way to hide how the timing of his gag correlated with actions he took to piss of the US government, including by releasing a live CIA malware file.

The US charged Assange for actions it already decided not to charge him for, on which statutes of limitation have expired

The rest of the list is sprinkled with efforts to spin the US government’s legal interest in Assange. There’s an extended series of items that attempt to claim, as WikiLeaks has since DOJ accidentally revealed the existence of a recently filed complaint against Assange, that the charges instead relate to long-past publications (like Cablegate).

It is false and defamatory to deny that Julian Assange has been formally investigated since 2010 and charged by the U.S. federal government over his publishing work [it is defamatory because such a claim falsely imputes that Mr. Assange’s asylum is a sham and that he is a liar, see https://defend.wikileaks.org/].

It is false and defamatory to suggest that such U.S. charges have not been confirmed [in fact, they have, most recently by Associated Press (AP) and the Washington Post in November 2018].
– It is false and defamatory to suggest that the U.S. government denies the existence of such charges.
– It is false and defamatory to suggest that Julian Assange is not wanted for extradition by the U.S. government [in fact, public records from the Department of Justice show that the U.S. government says it had been intentionally concealing its charges against Mr. Assange from the public specifically to decrease his ability to “avoid arrest and extradition”].
– It is false and defamatory to suggest that the U.S. government has not publicly confirmed that it has an active grand jury, or pending or prospective proceedings, against Julian Assange or WikiLeaks, each year since 2010.

These claims are all true. WikiLeaks has been under investigation since well before 2010. There are charges that the US would like to extradite Assange for.

But all the public evidence suggests those charges relate to WikiLeaks’ recent actions, almost certainly involving Vault 7 and probably involving Russia’s election year operation.

Julian Assange is not a hacker, which is different from being someone who solicits or assists in hacks

WikiLeaks makes repeated claims that might appear to deny that the organization has solicited or assisted in hacks. The list denies that the DNC (which doesn’t have all the evidence Mueller does) has accused Assange of soliciting hacks of the DNC or Podesta. (Everywhere, this list is silent about the DCCC and other election year targets).

It is false and defamatory to suggest that the Democratic National Committee has claimed that Julian Assange directed, conspired, or colluded to hack the Democratic National Committee or John Podesta [in fact, the DNC makes no such claim: https://www.courthousenews.com/wp-content/uploads/2018/12/WikiLeaksDNC.pdf].

It denies that France has claimed that the MacronLeaks came from Russia (which again stops short of saying that the MacronLeaks came from Russia).

It is false and defamatory to suggest that the French government found that “MacronLeaks” were hacked by Russia [in fact, the head of the French cyber-security agency, ANSSI, said that they did not have evidence connecting the hack with Russia, see https://wikileaks.org/macron-emails/].

It denies that Assange has hacked the state of Ecuador (but not the Embassy of Ecuador or other states, including the US or Iceland).

It is false and defamatory to suggest that Julian Assange has ever hacked the state of Ecuador.

And it denies that Assange is, himself, a hacker.

It is false and defamatory to suggest that Julian Assange is a “hacker”.

All of these hacking denials stop well short of denying that WikiLeaks has solicited hacks before, including by publicizing a “most wanted” list that Russian hackers might respond to.

Mueller described WikiLeaks as an unindicted co-conspirator but that doesn’t mean Mueller has any interest in the organization

Close to the top of the list, WikiLeaks makes two claims to suggest the organization and Assange are not targets in the Mueller investigation.

It is false and defamatory to suggest that WikiLeaks or Julian Assange has ever been contacted by the Mueller investigation.

It is false and defamatory to suggest that there is any evidence that the U.S. charges against Julian Assange relate to the Mueller investigation.

This is misdirection hiding a great deal of evidence that WikiLeaks is a target in the Mueller investigation. The list is silent, for example, on whether Congressional investigators have contacted Assange, whether Assange ultimately did accept SSCI’s renewed request last summer to meet with Assange, and whether Assange demanded immunity to travel to the US to respond to such inquiries.

Nor does WikiLeaks deny having been described — in a fashion usually reserved for unindicted co-conspirators — in a Mueller indictment.

WikiLeaks doesn’t deny that WikiLeaks denied Russians were its source for 2016 materials

WikiLeaks twice denies, in very similar language, that it suggested that Seth Rich was its source for the DNC emails.

It is false and defamatory to suggest that WikiLeaks or Julian Assange claimed that any person or entity was their source for WikiLeaks’ 2016 U.S. election publications [it is defamatory because Julian Assange’s professional reputation is substantially based on source protection].

[snip]

It is false and defamatory to suggest that WikiLeaks or Julian Assange has ever stated or suggested that any particular person was their source for any publication, including Seth Rich.

A good lawyer would be able to sustain a claim that Assange had indeed “suggested” that Rich was his source, though it would make an interesting legal battle.

But when WikiLeaks denies feeding Seth Rich conspiracies, it does so only by denying the most extreme conspiracy, that the Democrats had Rich killed.

It is false and defamatory to suggest that WikiLeaks or Julian Assange has ever published, uttered or tried to promote alleged conspiracy theories claiming “John Podesta engaged in satanic rituals”, the “Democratic Party had Seth Rich Killed”, “Clinton wore earpieces to the 2016 US election debates”, on “Clinton’s health” or “Clinton kidnapping children”.

All of this, of course, dodges the way that WikiLeaks repeatedly tried to claim that Russia was not its ultimate source for the 2016 files.

Should we take the silence on this point as an admission?

Marcy Wheeler is false and defamatory

Finally, there are four claims relating to Vault 7, three of which pertain to my coverage of the way WikiLeaks attempted to leverage the Vault 7 releases in conversations with the Trump Administration. WikiLeaks denies that the two times Assange suggested to the President’s spawn that he should be made an ambassador to the US constituted an effort by WikiLeaks to get Trump to appoint Assange ambassador (note, this is also a denial that Assange tried to serve in another diplomatic role, which is different than being Ambassador).

It is false and defamatory to suggest that WikiLeaks tried to have the Trump administration appoint Julian Assange as an ambassador or to have any other person or state appoint him as an ambassador.

I find it notable that this claim departs from the form used in many of these denials, speaking for both Assange and WikiLeaks.

Then the list twice denies that Assange suggested he wouldn’t release the Vault 7 files if the Trump Administration provided him immunity.

It is false and defamatory to suggest that Julian Assange has ever extorted the United States government.

It is false and defamatory to suggest that Julian Assange has ever proposed that he not publish, censor or delay a publication in exchange for any thing.

Assange would and will claim that the discussions with Adam Waldman where just this arrangement was floated are protected by Attorney-Client privilege. But Waldman may have said enough to people at DOJ to refute this denial regardless.

Finally, WikiLeaks insisted it has never retracted any of the bullshit claims it made about its Vault 7 files.

It is false and defamatory to suggest that any of WikiLeaks’ claims about its 2017 CIA leak, Vault 7, “were later retracted”.

Given that one of the claims directly parroted the bullshit claims Shadow Brokers was making, a claim it made in a release that will probably be part of the charges against it, this non-retraction doesn’t necessarily help it much.

Note that one other thing WikiLeaks is silent about here are its public statements about Joshua Schulte, whose attempts to continue leaking from jail the FBI got on video. I find that interesting both for WikiLeaks’ attempt to corroborate Schulte’s thin excuse for using Tor after he was charged, and for its relative silence about whether he would be a whistleblower if he were its source for CIA’s hacking tools.

Update: WikiLeaks has released a revised version that takes out, among other things, the Ambassador claim, the Seth Rich claims, and also a denial that it is close to Russia.

As I disclosed last July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

Government Requests Harsh New Conditions Governing Joshua Schulte’s Access to Classified Discovery

/11 Comments/in , , /by

When we last heard from Joshua Schulte, he had been thrown in solitary in response to FBI’s discovery that he had a cellphone in his jail cell at Metropolitan Correctional Center, after which FBI discovered he had other devices and 13 email and social media accounts.

In or about early October 2018, the Government learned that Schulte was using one or more smuggled contraband cellphones to communicate clandestinely with third parties outside of the MCC. The Government and the FBI immediately commenced an investigation into Schulte’s conduct at the MCC. That investigation involved, among other things, the execution of six search warrants and the issuance of dozens of grand jury subpoenas and pen register orders. Pursuant to this legal process, in the weeks following the Government’s discovery of Schulte’s conduct at the MCC, the FBI has searched, among other things, the housing unit at the MCC in which Schulte was detained; multiple contraband cellphones (including at least one cellphone used by Schulte that is protected with significant encryption); approximately 13 email and social media accounts (including encrypted email accounts); and other electronic devices.

Today, the government asked for supplemental protective order governing Schulte’s access to a special secure facility from which he can review classified discovery. Among other things, it requires his attorney to be searched for devices upon entering the facility, it requires him to remain in manacles throughout the time he is there, and sets up a clean team to monitor both what happens in the room and the computer the defense uses to review discovery.

The defense council will be screened for electronic devices prior to entering the SCIF when she meets with her client. Once inside the Secure Area, the defendant will be allowed to meet with cleared counsel during normal business hours. The Secure Area contains equipment (the “Computer Equipment”) to allow the defendant and cleared defense counsel to review the Classified Information produced by the Government. The Computer Equipment shall be used only for purposes of preparing the defense, and is enabled to log computer activity occurring on the equipment and is equipped with security measures. These logs may be reviewed by law enforcement agents or personnel who are not involved in the prosecution of the defendant (the “Wall Team”). In the event the Wall Team determines the Computer Equipment has been used in an unauthorized manner, including by attempting to circumvent any security measures or logging features, the Wall Agent will report that information to the CISO, who will notify the Court for further action.

When the defendant is present in the Secure Area, the Secure Area will be monitored for security purposes through closed circuit television (“CCTV”) by the Marshals and an authorized FBI agent for all scheduled productions. The CCTV will allow only for visual monitoring of the defendant and cleared defense counsel, and will not include audio. The CCTV will not be recorded. Should any Marshal or member of the Wall Team hear any conversation between the defendant and any of his counsel, those conversations will not be communicated to any member of the government prosecution team, including, but not limited to attorneys, agents, and support staff.

The Defendant will be in full restraints during the time he is in the SCIF and secured to a bolt in the floor. The Defendant will be stripped searched after departing the SCIF at the conclusion of each session. The Defense attorney will sign a waiver of liability due to the fact she will be alone and in close proximity to the defendant. The USMS reserves the right to terminate these meetings if security issues arise during any session.

While there’s no hint that one of Schulte’s defense attorneys was responsible for the past acquisition of contraband, the FBI sure seems intent on making sure that avenue isn’t possible going forward.

I believe when Schulte was arraigned on the new charge of leaking from jail, the government said that CIA hadn’t continued to give Schulte access to classified information after he left. Which suggests the stuff he tried to leak from jail included information he saw in discovery (presumably including how the FBI figured out he was the one leaking CIA’s tools).

As I disclosed in July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post.