Months-long trial of alleged CIA Vault 7 exploit leaker ends with hung jury: Ex-sysadmin guilty of contempt, lying to FBI

Mystery still surrounds saga of top-secret tools spillage

what has been seen? pic by SHutterstock

The extraordinary trial of a former CIA sysadmin accusing of leaking top-secret hacking tools to WikiLeaks has ended in a mistrial.

In Manhattan court on Monday morning, jurors indicated to Judge Paul Crotty they had been unable to reach agreement on the eight most serious counts, which included illegal gathering and transmission of national defense information: charges that would have seen Schulte, 31, sent to jail for most of the rest of his life.

They did however find him guilty on two counts – contempt of court, and making false statements to the FBI – although he has already spent more time behind bars awaiting trial than he would be required to serve under those counts.

The two sides will meet later this month to decide what to do next. Schulte’s lawyer, Sabrina Shroff, has already asked for an extended deadline in order to file additional motions.

CIA logo

Alleged Vault 7 leaker trial finale: Want to know the CIA's password for its top-secret hacking tools? 123ABCdef

READ MORE

Some of those motions will ask for information from the prosecution that was kept from her during the trial, most controversially the case of “Michael,” a co-worker of Schulte who was put on administrative leave by the CIA when evidence emerged linking him to the theft of the Vault 7 hacking tools. Michael also refused to discuss the matter with the FBI.

The prosecution only informed Shroff that Michael had been suspended after he gave testimony in the courtroom – something she stressed heavily in her closing arguments, implying that there was a lot more going on behind-the-scenes than the jurors realized. It would appear that some jurors at least were persuaded by that line of argument, which is not surprising given the nature of the trial: a leak of classified exploit code and manuals from America’s top spy agency.

The mistrial will be a significant embarrassment for the US government which spent years pulling the case together, and spent most of the past four weeks walking the jury through what it said was a well-planned theft by Schulte of various software tools that can be used to snoop on a wide range of modern electronics from smartphones to laptop computers. The government is expected to push for a retrial.

Evidence

At the center of the case is the extraordinary fact that the CIA had a hard time proving it was Schulte who stole the tools from a secure server in the heart of spies' headquarters.

The agency produced a complicated forensic explanation for how it believes Schulte did it – he saved a backup to a thumb drive and then reverted the system to a previous state to cover his tracks – but it couldn’t hide the fact there was only circumstantial evidence against him, and so the prosecution spent a lot of time highlighting his behavior before and after the theft to fill the gaps.

The irony, of course, is that Schulte was hired for the very skills that he may have employed to hide the theft in the first place. It didn’t help that during the course of the trial, the CIA was found to have appalling security measures in place: multiple people used the same admin username and password to access the critical servers. Not only that, but the passwords used were weak – 123ABCdef and mysweetsummer being the main two – and on top of that, they were published on the department’s intranet.

Schulte’s lawyer successfully argued that the evidence against her client was not sufficient for them to say, beyond a reasonable doubt, that he was the person who stole the materials. There is no evidence that Schulte had the tools on him outside the work environment, and no evidence that he sent them to WikiLeaks.

The prosecution pointed out, however, that Schulte downloaded the very software that WikiLeaks recommends people use to send it files because, you guessed it, it deletes any traces of the file transfer from your machine.

Jail time

The strongest evidence against Schulte was his behavior in jail while awaiting trial: he was clearly being closely watched, and one point his cell was raided and a contraband phone was seized along with a notebook; both of which made plain that he was trying to communicate confidential information to outside the jail.

The prosecution argued this was evidence that Schulte was willing to damage US interests to further his own goals. His defense argued he was simply trying to get word of his innocence out to the wider world after he’d been pulled in a government black hole.

Most compelling of the evidence against the CIA/FBI’s case was the fact that co-worker Michael had a screengrab of the very server the Vault 7 tools were stolen from at the time that they were allegedly being stolen. Even the government admits this was unusual.

Michael never mentioned the fact he was actively monitoring the server at the time, and the screengrab was found many months later in a forensic deep dive by the Feds. When asked about it, Michael refused to cooperate, and the next day the CIA suspended him.

That evidence raises all kinds of questions of what was really going on inside the Operational Support Branch (OSB) of the CIA: its elite exploit programming unit. Clearly those questions were sufficient for the jury to be unable to reach agreement on whether Schulte was guilty or not. ®

Sponsored: Webcast: Why you need managed detection and response

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER


Biting the hand that feeds IT © 1998–2020