Trial Of Alleged “Vault 7” CIA Leaker Ends In Hung Jury

The trial of a former CIA computer engineer accused of the largest leak of classified information in the spy agency’s history has ended with a hung jury.

On Monday, a federal jury in Manhattan could not agree on whether to convict 31-year-old Joshua Schulte on eight counts, including illegal gathering and transmission of national defense information, according to the New York Times. Schulte was convicted on two other counts; contempt of court and making false statements to the FBI.

The motivation for the alleged theft, prosecutors said, was Mr. Schulte’s belief that C.I.A. management did not take his workplace complaints seriously. His feuding with co-workers led to his resignation in November 2016 to join Bloomberg L.P. as a software engineer.

The partial verdict came after six days of chaotic deliberations. One juror was dismissed in the middle of the discussions because she violated the judge’s orders by researching the case, and the lawyers involved, on her own, and then shared that information with the jury. The judge declined to replace her with an alternate, leaving a panel of 11 people. –New York Times

The jury reportedly complained about one juror who was not cooperating with the rest, causing concern over “her attitude.” One juror described the deliberations as a “horrible experience” – her eyes welling with tears as she finished talking to reporters.

Schulte, who created malware for the U.S. Government to break into adversaries computers, was named as the prime suspect in the cyber-breach one week after WikiLeaks published the “Vault 7” series of classified files.

As we noted in 2018, Vault 7 – a series of 24 documents which were released beginning on March 7, 2017 – revealed that the CIA had a wide variety of tools to use against adversaries, including the ability to “spoof” its malware to appear as though it was created by a foreign intelligence agency, as well as the ability to take control of Samsung Smart TV’s and surveil a target using a “Fake Off” mode in which they appear to be powered down while eavesdropping.

The CIA’s hand crafted hacking techniques pose a problem for the agency. Each technique it has created forms a “fingerprint” that can be used by forensic investigators to attribute multiple different attacks to the same entity.

…

The CIA’s Remote Devices Branch’s UMBRAGE group collects and maintains a substantial library of attack techniques ‘stolen’ from malware produced in other states including the Russian Federation.

With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the “fingerprints” of the groups that the attack techniques were stolen from.

UMBRAGE components cover keyloggers, password collection, webcam capture, data destruction, persistence, privilege escalation, stealth, anti-virus (PSP) avoidance and survey techniques. –WikiLeaks

Vault 7 also revealed:

• The Frankfurt consulate is a major CIA hacking base of operations.

In addition to its operations in Langley, Virginia the CIA also uses the U.S. consulate in Frankfurt as a covert base for its hackers covering Europe, the Middle East and Africa.

CIA hackers operating out of the Frankfurt consulate ( “Center for Cyber Intelligence Europe” or CCIE) are given diplomatic (“black”) passports and State Department cover. 

• Instant messaging encryption is a joke.

These techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman by hacking the “smart” phones that they run on and collecting audio and message traffic before encryption is applied.

• The CIA laughs at Anti-Virus / Anti-Malware programs.

CIA hackers developed successful attacks against most well known anti-virus programs. These are documented in AV defeats, Personal Security Products, Detecting and defeating PSPs and PSP/Debugger/RE Avoidance. For example, Comodo was defeated by CIA malware placing itself in the Window’s “Recycle Bin”. While Comodo 6.x has a “Gaping Hole of DOOM”.

• iPads / iPhones / Android devices and Smart TV’s are all susceptible to hacks and malware. The agency’s “Dark Matter” project reveals that the CIA has been bugging “factory fresh” iPhones since at least 2008 through suppliers. Another, “Sonic Screwdriver” allows the CIA to execute code on a Mac laptop or desktop while it’s booting up.

Schulte previously worked for the NSA before joining the CIA, then “left the intelligence community in 2016 and took a job in the private sector,” according to a statement reviewed in May of 2018 by The Washington Post.

The verdict showed that the jury had doubts about the government’s most important evidence, which came from a C.I.A. server. Trial witnesses guided jurors through a complicated maze of forensic analysis that, according to prosecutors, showed Mr. Schulte’s work machine accessing an old backup file one evening in April 2016.

He did so, prosecutors said, by reinstating his administrator-level access that the C.I.A. had removed after his workplace disputes. The file matched the documents posted by WikiLeaks nearly a year later, according to the government.

The defense argued that the C.I.A. computer network had weak passwords and widely known security vulnerabilities, and that it was possible other C.I.A. employees or foreign adversaries had breached the system. –New York Times

As the Times notes, Schulte’s legal troubles are far from over, as the government could retry the case. He also faces a separate trial after federal agents found over 10,000 images and videos of child pornography on electronic devices in his home.