Josh Schulte: CIA insider gone south or repugnant criminal?

For the past several months, Joshua (Josh) Schulte has been drowning in a legal quagmire. Schulte is being investigated for being the trusted insider from within the CIA’s cyber operations group who took it upon himself to post the CIA’s cyber toolbox, aka “Vault 7” online via Wikileaks.  

While investigating Schulte, Schulte provided the FBI with access to his devices, including his phone, desktop PC, and multiple virtual servers that he maintained and allowed public access. It was then that the FBI discovered illegal images on a virtual server that Schulte maintained.

Schulte was subsequently indicted, charged, arrested, and detained.

The three counts for which Schulte was arrested: Receipt of Child Pornography, Possession of Child Pornography, and Transportation of Child Pornography — his leaking of classified materials was not mentioned. Indeed, the court transcripts showed the prosecution declined to disclose what brought the FBI to Schulte’s residence in the first place.

It’s going to get murky.

So often we end up with more questions than answers.

This is one of those instances.  

Schulte and the CIA’s Vault 7

Is Schulte guilty of leaking the CIA “Vault 7” cyber toolbox?

Appears Schulte left a significant trail of digital breadcrumbs to show he was posting content over many years to online depositories, such as GitHub, which contained CIA tools. These posting by Schulte were discovered years later.

As the DailyBeast explains, Schulte was working with the CIA from 2010-2016 and posted 11 of his own coding projects to GitHub, including the “robust software development tool he developed, OSB Project Wizard.” It was only in 2017 when the Vault 7 leak occurred and the Department of Justice and FBI began searching for the lead to the information compromised that Schulte became of interest.

Schulte the server admin

Is Schulte guilty of these allegations surrounding the illegal images found on the servers he maintains? That is to be determined by the courts.

What we can observe, however, is the in-court discussion, which demonstrates a general lack of knowledge within the legal system about cyber technology of 2010, let alone 2018.  

This general ignorance extends to the basics of internet chat applications: What is IRC? The federal judge asks, and the prosecutor answers that he doesn’t know that IRC is Internet Relay Chat.

Furthermore, the prosecutor continually pushes the fact that Schulte had passwords to the virtual servers he maintained and that these passwords allowed Schulte to garner access to files within the servers. If you were an admin to a server(s), it makes sense you would have the passwords for personal access and to perform maintenance.

Schulte’s guilt or innocence

The judge and the prosecutor during oral arguments concerning the data on the virtual server danced around the concept of cryptography. The AUSA claims Schulte had three layers of encryption hiding the illegal images. The presence of multiple layers was considered “ultra-high-tech” and indicative of being “highly sophisticated” with computers.

While we (you and I) may have different levels of acumen on how things work, encrypting one’s hard drive and data on cloud servers isn’t one of the more nefarious acts that comes to mind — that’s basic InfoSec cyber hygiene and not indicative of a damning act or skullduggery. But when the defense attorney tried to explain each of the three passwords and the function they served, his lack of understanding of public/private keys and how they are used was on display.

I have faith that both the defense and the prosecution will bring aboard their own experts to provide a clean explanation of how encryption, asymmetrical encryption, virtual servers, a server, and a desktop are interconnected yet separate.

With such, it can be determined if Schulte is indeed guilty of the heinous crime of receipt, possession, and transport of child pornography. The court should also be able to shed light on — even if it is via classified testimony on the elephant in the room — Schulte’s alleged breaking trust with the CIA by sharing the CIA’s cyber tools with Wikileaks.

The wheels of justice continue to roll, just not very fast in this case.

Update:

On Jan. 18, 2018, Schulte was charged by the Department of Justice in a 13-count Superseding Indictment. In addition to the child pornography charges he was currently facing, charges were added in connection with his “alleged theft of classified national defense information from the Central Intelligence Agency (“CIA”) and the transmission of that material to an organization that purports to publicly disseminate classified, sensitive, and confidential information (“Organization-1”),” which has been identified as WikiLeaks.

In October 2017, WikiLeaks released 676 CIA files associated with “Marble Framework,” under the heading of “Vault 7.” Manhattan U.S. Attorney Geoffrey S. Berman said, “Unlawful disclosure of classified intelligence can pose a grave threat to our national security, potentially endangering the safety of Americans.”