Gov't Says Accused CIA Hacking Tools Leaker Leaking Even More Classified Info From Behind Bars

from the I-guess-he's-just-on-a-roll... dept

The DOJ is still waiting for accused Vault 7 leaker Joshua Shulte's trial to begin, but that's not stopping it from adding to the long list of charges he already faces. The former NSA/CIA operative's house was raided last year by the feds who were looking for evidence of Shulte's leak of CIA hacking tools to Wikileaks. It found some of that, but also found 10,000 child porn images in the 5+ terabytes of data seized.

The child porn alone will likely see Shulte put away for a long time if the prosecution can secure a conviction. Leaking top secret tools isn't likely to be greeted with a wrist slap -- not with the forever War on Leakers still in progress. For some reason, the government felt compelled to add copyright infringement to the list of charges after discovering a few pieces of pirated content on Shulte's personal server.

Shulte -- who is locked up in a New York detention facility until he goes to trial -- must figure he has nothing to lose. That's one conclusion that can be drawn from the latest set of charges being brought by the DOJ. (via Slashdot)

According to new court documents filed late Wednesday, October 31, US prosecutors plan to file three new charges against Joshua Schulte for allegedly leaking more classified data while in detention at the New York Metropolitan Correctional Center (MCC).

The filing [PDF] is quite the read. According to the allegations, Shulte had access to multiple smuggled cellphones and was using them to disseminate classified info to "third parties" outside the prison walls. It appears the info Shulte smuggled out of the prison came from classified documents released to him as part of his pre-trial discovery. The DOJ has now stripped him of access to classified documents, restricting him to unclassified info released by the FBI.

A flurry of paperwork and a search of Shulte's housing unit turned up a number of things, including a new form of encryption.

In or about early October 2018, the Government learned that Schulte was using one or more smuggled contraband cellphones to communicate clandestinely with third parties outside of the MCC. The Government and the FBI immediately commenced an investigation into Schulte’s conduct at the MCC. That investigation involved, among other things, the execution of six search warrants and the issuance of dozens of grand jury subpoenas and pen register orders. Pursuant to this legal process, in the weeks following the Government’s discovery of Schulte’s conduct at the MCC, the FBI has searched, among other things, the housing unit at the MCC in which Schulte was detained; multiple contraband cellphones (including at least one cellphone used by Schulte that is protected with significant encryption); approximately 13 email and social media accounts (including encrypted email accounts); and other electronic devices.

Given the FBI's recent history, it probably should be more careful when it discusses encryption. A few years of "going dark" narrative was upended by the agency itself, which revealed it could not competently count physical devices in its possession. The ever-inflating number of impenetrable devices was suddenly, and embarrassingly, converted to an asterisk on multiple FBI/DOJ webpages with footnotes stating an updated number would be provided at the agency's convenience.

Now, there's this: a DOJ prosecutor relaying the FBI's message about "significant" encryption -- whatever the hell that is -- to the federal judge presiding over the case. What makes this particular encryption "significant" isn't explained, but it does seem to make this encryption appear far more nefarious than the regular, insignificant encryption used by citizens not currently under federal indictment.

Three more charges are headed Shulte's way, all of them related to unlawful disclosure of classified documents. This isn't charge stacking -- not if the government's allegations are true -- but it could definitely nudge Shulte towards a plea deal that will save the DOJ a lot of time, energy, and arguments over presenting sensitive information in open court.

Then again, Shulte appears to be anything but cooperative. Leaking classified documents directly under the fed's nose while in supervised detention is a bold move that bears a lot of resemblance to a middle finger extended in the direction of the government. This may end up being a very fun trial to watch.

Filed Under: cia, doj, encryption, hacking tools, joshua schulte, leaks, vault 7
Companies: wikileaks

Alleged Vault 7 Leaker Charged With Stealing Gov't Secrets, Child Porn Possession, And Copyright Infringement?

from the kitchen-sink-prosecution dept

The US government has taken down another alleged leaker. Joshua Schulte, a former NSA and CIA operative, had his apartment raided by the feds last March. The raid targeted documents showing Schulte had leaked CIA hacking tools to Wikileaks (the "Vault 7" collection). But it uncovered a whole lot of child porn -- 10,000 images on Schulte's personal computer and his file-sharing server that held another 5 terabytes of data.

The first criminal complaint [PDF] by the DOJ contained nothing but child porn charges. It suggests the former government spook didn't practice much opsec when not on the clock. One IRC chat shows Schulte's aware encryption is sometimes only a temporary deterrent if the government really wants to find out what's been sent or shared. But then he apparently went on to provide the government with some easily-accessible evidence.

Based on my review of those Google Searches, I have learned, among other things, that on a number of occasions in or about 2011 and in or about 2012, SCHULTE appeared to search the Internet for child pornography. For example: (i) on or about April 9, 2011, SCHULTE conducted a Google Search for "child pornography" on at least three occasions; (ii) on or about October 15, 2011, SCHULTE conducted Google Searches for "movie where father videos daughter and friend sex" and "movie where father videos child porn"; and (iii) on or about May 15, 2012, SCHULTE conducted a Google Search for "female teenage body by year."

The recently-released superseding indictment [PDF] really starts stacking the charges. In addition to the child porn charges carried over from the original complaint, the government adds charges related to the leaked hacking tools, including unauthorized access with the intent of gathering classified info and theft of government property.

Then the charges get interesting. Schulte is charged with "causing transmission of a harmful computer program" for allegedly altering an intelligence agency "computer system" to give himself access to restricted areas of the system and cover up any evidence he had accessed these files. Apparently, this alteration resulted in other users being denied access.

There's the expected "lying to the feds" charges (making false statements, obstruction of justice) which show Schulte was very cooperative when being questioned about the child porn but apparently not so much when asked about purloined CIA data.

Rolling past the copy-pasted child porn charges, one reaches the most unexpected charge in the indictment: criminal copyright infringement.

From at least in or about September 2015, up to and including at least in or about August 2017, in the Southern District of New York and elsewhere, JOSHUA ADAM SCHULTE, the defendant, unlawfully, willfully, and knowingly did infringe copyrights by the reproduction and distribution, including by electronic means and by making it available on a computer network accessible to members of the public, during a 180-day period, of ten and more copies and phonorecords, of one and more copyrighted works, which had a total retail value of more than $2,500, to wit, without authorization, SCHULTE maintained a computer server that housed thousands of copyrighted movies, television shows, and audio recordings, which SCHULTE shared with others by electronic means and using the Internet.

This appears to refer to the server Schulte set up for IRC chat buddies. It's mentioned in a couple of chat transcripts and was, until 2017, accessible at cryptm.org. There's plenty archived at the Wayback Machine [click at your own risk, I suppose] but this server seems to be the source of the copyright infringement charge. Whether or not any of these files were actually downloaded isn't clear, but they were uploaded and accessible to site visitors. This short list of a small portion of the files hosted by Schulte on his server was put together by Jason Koebler and Lorenzo Franceschi-Bicchierai of Motherboard.

An archived version of his page there shows that he had files related to chess, an episode of South Park, a copy of The 40 Year Old Virgin, textbooks, C Programming textbooks, and a folder called “Facebook Convos.”

Speaking of Facebook, Schulte was apparently maintaining a diary of his criminal justice system experience. (Spoiler alert: it's unpleasant and broken.) The documents are worth reading for a firsthand look at the federal arraignment process and the unpleasant realities of being sentenced to house arrest (with no internet access privileges) while still supposedly an "innocent" person in the eyes of the Constitution. It does get a little weird when he claims he's only been charged with "victimless" crimes given what he's been charged with (leaking CIA hacking tools, child porn). But nothing's been proven beyond a reasonable doubt at this point, so maybe only the copyright infringement charge that will make the final cut.

As Parker Higgins points out on Twitter, this supremely weird addition should be viewed with apprehension. Copyright infringement happens all the time. Much of it has zero profit motive, but the government is apparently more than willing to selectively enforce this law if it seems it might push someone towards a plea deal and save it the trouble of having to prove its case.

Filed Under: child porn, cia, copyright, hacking tools, joshua schulte, leaks, nsa, vault 7