The Bizarre Case of a CIA Hacker’s Revenge

Joshua Adam Schulte is the accused leaker of the CIA’s vault 7 material to Wikileaks. He is currently in prison and claims to be subject to daily torturous conditions.

A background of Schulte’s story was published in the New Yorker.

Excerpts:

The New Yorker

Nestled west of Washington, D.C., amid the bland northern Virginia suburbs, are generic-looking office parks that hide secret government installations in plain sight. Employees in civilian dress get out of their cars, clutching their Starbucks, and disappear into the buildings. To the casual observer, they resemble anonymous corporate drones. In fact, they hold Top Secret clearances and work in defense and intelligence. One of these buildings, at an address that is itself a secret, houses the cyberintelligence division of the Central Intelligence Agency. The facility is surrounded by a high fence and monitored by guards armed with military-grade weapons. When employees enter the building, they must badge in and pass through a full-body turnstile. Inside, on the ninth floor, through another door that requires badge access, is a C.I.A. office with an ostentatiously bland name: the Operations Support Branch. It is the agency’s secret hacker unit, in which a cadre of élite engineers create cyberweapons.

“O.S.B. was focused on what we referred to as ‘physical-access operations,’ ” a senior developer from the unit, Jeremy Weber—a pseudonym—explained. This is not dragnet mass surveillance of the kind more often associated with the National Security Agency. These are hacks, or “exploits,” designed for individual targets. Sometimes a foreign terrorist or a finance minister is too sophisticated to be hacked remotely, and so the agency is obliged to seek “physical access” to that person’s devices. Such operations are incredibly dangerous: a C.I.A. officer or an asset recruited to work secretly for the agency—a courier for the terrorist; the finance minister’s personal chef—must surreptitiously implant the malware by hand. “It could be somebody who was willing to type on a keyboard for us,” Weber said. “It often was somebody who was willing to plug a thumb drive into the machine.” In this manner, human spies, armed with the secret digital payloads designed by the Operations Support Branch, have been able to compromise smartphones, laptops, tablets, and even TVs: when Samsung developed a set that responded to voice commands, the wizards at the O.S.B. exploited a software vulnerability that turned it into a listening device.

……There was banter, plenty of it, much of it jocular, some of it juvenile. The coders were mostly young men, and they came up with nicknames for one another. One unit member, who got braces as an adult, became known as Train Tracks. When another brought food into the office one day, but didn’t share it with some members of the team, his colleagues bestowed a new handle: Dick Move. The group’s ultimate manager was a more senior C.I.A. official, named Karen, who acknowledged that the members could get “boisterous,” adding, “Folks could get a little loud, a little bit back and forth.” Some O.S.B. guys brought Nerf guns to work—not mere pistols but big, colorful machine guns—and they would occasionally shoot darts at one another from their desks. Sometimes people got carried away, and work was paused for some sustained bombardment. But Silicon Valley was known for tricking out offices with foosball tables and climbing walls, and it’s likely that the C.I.A. wanted to foster a loose culture on the hacking team, to help engineers remain innovative and, when necessary, blow off steam.

One of the Nerf gunfighters was Joshua Schulte—his real name. A skinny Texan in his twenties, he had a goatee and a shaved head. In what may have been a preemptive gambit, Schulte gave himself the nickname Bad Ass, going so far as to make a fake nameplate and stick it on his cubicle. But others in the office called him Voldemort—a reference to the hairless villain in the Harry Potter books. Schulte and his colleagues worked on sophisticated malware with such code names as AngerQuake and Brutal Kangaroo. The hackers christened their exploits with names that reflected personal enthusiasms. Several programs were named for brands of whiskey: there was Wild Turkey, and Ardbeg, and Laphroaig. One was called McNugget. Though there was something dissonantly adolescent about naming highly classified digital hacking tools in such a fashion, it seemed harmless enough: if the tools worked as planned, none of the code would ever be detected. And, if the target of an operation did discover that some nasty bit of malware had infiltrated her device, a silly name would offer no clue that it had been created by the United States government. Deniability was central to what the O.S.B. did.

On March 7, 2017, the Web site WikiLeaks launched a series of disclosures that were catastrophic for the C.I.A. As much as thirty-four terabytes of data—more than two billion pages’ worth—had been stolen from the agency. The trove, billed as Vault 7, represented the single largest leak of classified information in the agency’s history. Along with a subsequent installment known as Vault 8, it exposed the C.I.A.’s hacking methods, including the tools that had been developed in secret by the O.S.B., complete with some of the source code. “This extraordinary collection . . . gives its possessor the entire hacking capacity of the C.I.A.,” WikiLeaks announced. The leak dumped out the C.I.A.’s toolbox: the custom-made techniques that it had used to compromise Wi-Fi networks, Skype, antivirus software. It exposed Brutal Kangaroo and AngerQuake. It even exposed McNugget.

In the days after this colossal breach became public, the C.I.A. declined to comment on the “authenticity or content of purported intelligence documents.” Internally, however, there was a grim realization that the agency’s secrets had been laid bare. “I was sick to my stomach,” Karen, the O.S.B. supervisor, later recalled. “That information getting out into a forum like that can hurt people and impact our mission. It’s a huge loss to the organization.” Malicious code that had originated at the C.I.A. could now be attributed to the agency. And the potential fallout extended beyond the digital realm: a foreign target who had been hacked might now be able to identify the malware, determine when it had been placed on a device, and even deduce which trusted member of the inner circle had engaged in betrayal. In the estimation of another senior C.I.A. official, Sean Roche, the leak amounted to “a digital Pearl Harbor.”…..
……This was a befuddling prospect: the O.S.B. engineers devoted their professional lives to concocting clandestine digital weapons. Making public the source code would render their inventions useless. Why destroy your own work? As the F.B.I. interviewed members of the team, a suspect came into focus: Joshua Schulte. Voldemort. He had left the agency in November, 2016, and was said to have been disgruntled. He now lived in Manhattan, where he worked as a software engineer at Bloomberg. As Schulte was leaving the office one evening, Evanchec and another F.B.I. agent intercepted him. When they explained that they were investigating the leak, he agreed to talk. They went to a nearby restaurant, Pershing Square, opposite Grand Central Terminal. Schulte may not have realized it, but the other patrons seated around them were actually plainclothes F.B.I. agents, who were there to monitor the situation—and to intervene if he made any sudden moves. Schulte was amiable and chatty. But, when Evanchec looked down, he noticed that Schulte’s hands were shaking.

……according to Schulte’s parents, his dream was to work for the government. “He never talked about the private sector at all,” Deanna told me, explaining that he was motivated by patriotism. “I think he was very proud to serve his country.” In a blog post, Schulte argued that “privacy and individual security are antithetical,” and that “increasing one ultimately decreases the other.” By the time he finished college, in 2011, he had been hired by the C.I.A. Many people regarded the N.S.A. as the premier government employer for coders and hackers, but the C.I.A.’s hacking unit may have offered more palpable proximity to exciting operations on foreign soil. Schulte wanted to fight terrorists.

Like drone pilots who destroy villages in Afghanistan from an air-conditioned trailer in Nevada, the engineers of the O.S.B. experienced an uncanny incongruity between the safety of their surroundings and the knowledge that their work supported high-stakes covert operations abroad.

The article alleges that the playful behavior between Schulte and his co-workers escalated into full-out brawls:

……Schulte proved to be a capable programmer, and in 2015 he was granted a special distinction when he was made a system administrator for the C.I.A.’s developer network, or Devlan. Now he could control which employees had access to the network that held the source code for the group’s many projects. Being a system administrator was regarded, Weber said, as “a privileged position.” Schulte made good friends at work; he became particularly close with another member of the O.S.B. team, named Michael. They played video games together after hours, or went to the gym.

But Schulte could also be abrasive. “Josh was very opinionated on the way things should be done,” Weber observed. “So he had some rough edges.” In particular, if Schulte felt wronged in some way, he had a pronounced tendency to overreact. One day at work, he shot a rubber band at Michael, and Michael returned fire. “This went back and forth until late at night,” Michael recalled. “He trashed my desk, I trashed his desk.” The conflict escalated until both men were throwing punches.

Schulte could get “a little off the hinge,” Sean remembered. At one point, agency officials decided to assign a contractor a project, Almost Meat, that was based in part on Schulte’s code. “Josh was offended,” Weber recalled. He protested that his hard work would be handed to a third party, then sold back to the government at a markup. He threatened to file a complaint with the C.I.A.’s inspector general, claiming “fraud, waste, and abuse.” Frank Stedman, who worked on Almost Meat, felt that the episode illustrated Schulte’s tendency to react with a “disproportionate response.” The man known as Bad Ass and Voldemort accrued another office nickname: the Nuclear Option.

Personality conflicts caused dysfunctional behavior:

Schulte had been on the job for about three years when a new programmer named Amol joined the O.S.B. He sat near Schulte, and they were partnered on a project code-named Drifting Deadline. According to Weber, Amol and Schulte “didn’t get along, and from the get-go.” Initially, people ribbed Amol because he behaved in a professional manner that was at odds with the prevailing frat-house vibe. Schulte liked to shoot Amol with his Nerf gun. As Amol grew more accustomed to the O.S.B.’s raucous culture, he started fighting back. He would collect Schulte’s Nerf darts and stash them behind his desk. He began trolling others in the office, maligning their skills as coders and devising his own cruel nicknames. He referred to Schulte as Bald Asshole. Amol was heavy, and Schulte reciprocated by making fun of his weight. Their bickering intensified.

In October, 2015, Amol complained to Sean, the hacking-unit supervisor. “I have had enough of Schulte and his childish behavior,” he wrote. “Last night, he shot me in the face with his nerf gun and it could have easily hit me in the eye.” Schulte also wrote to Sean, saying that Amol was “very derogatory and abusive to everyone.” According to Schulte, Amol had told him, “I wish you were dead,” “I want to piss on your grave,” and “I wish you’d die in a fiery car crash.” Such rhetoric, Schulte noted, “does little to foster collaboration.”

……Schulte felt that his superiors weren’t taking his accusations seriously. He neither liked nor respected Karen, his ultimate boss, referring to her as a “dumb bitch.” One C.I.A. security official responded to the dispute by saying that he couldn’t play “high school counselor,” which only exacerbated Schulte’s anger. Schulte escalated the matter by complaining to the director of the cyberintelligence division, Bonnie Stith—an agency veteran who oversaw several thousand employees. One might suppose that she had more pressing matters to contend with, but she offered to sit down with Schulte and Amol and try to broker peace. Initially, Schulte refused, saying that he was afraid to be in the same room with Amol. But she insisted, and at the meeting she urged both men to consider the “honor” of being C.I.A. employees, and to remember their obligations to their country. Amol, she thought, seemed embarrassed to have been hauled before the school principal. Stith decided that the coders should be physically separated. “Our nation depended on us,” she pointed out later. “I needed them to be focused.”

In order to deescalate the office war, Schulte was forced to move his desk; which did nothing to abate the feud.  Schulte filed for a restraining order against Amol in Virginia state court.  Then, the agency moved Schulte to a different branch altogether, on the eighth floor.  Nothing worked.

Leonard Small, an official from the agency’s Office of Security, later said that “Josh’s escalating behavior” kept “going on and on.” In an e-mail to Small, Schulte threatened to go public, saying that a lawyer he had spoken to had suggested, “An article titled ‘c.i.a. punishes employee for reporting office death threats’ would be an article that the media would be very interested in.” Schulte hadn’t yet “proceeded with this option,” he said, because he was “hoping there is an alternative.”

Eventually, Schulte quit:

Schulte appealed to several of the most senior officials at the C.I.A., including Meroe Park, the executive director. “I know you don’t deal with personnel issues and likely won’t spend much time on this, but management’s abuse of power and consistent retaliation against me has forced me to resign,” he wrote, on June 28, 2016. Schulte hung on a little longer, but by November he was gone. At Bloomberg, he would make more than two hundred thousand dollars a year—a significant increase from his government salary. Though he was legally bound to protect the confidentiality of his C.I.A. work, he could tell people he had been at the agency, and he discovered that in the private sector this conferred a certain cachet.

……Before Schulte’s departure, there had been one final fracas. Schulte was, in his own telling, trying “to make the best of my situation and move forward,” but after relocating to the eighth floor he attempted to work on Brutal Kangaroo—only to find that his access had been denied. “Imagine my shock,” he later recalled, noting that Brutal Kangaroo had been his project; he felt a huge proprietary investment in the program. Schulte consulted the audit logs on the system, and determined that Weber had stripped him of his access.

……Weber later explained that his reasoning had been simple: in Schulte’s new branch, he “was going to be working on new projects,” and therefore wouldn’t need access to the old ones. But Schulte saw it as retribution. He had developed a special resentment for Weber.

……And so Schulte, without asking for authorization, reassigned himself access to his old project. When his managers learned of this, they were so alarmed that they stripped Schulte of his administrator privileges. Weber later said of Schulte’s transgression, “The agency exists in a world of trust. We are granted access to classified information, and we are trusted to only use that information for the expressed reasons we’re given access to it.” If you can’t “trust the person that you’re working with,” he pointed out, you’re in trouble. (Schulte has disputed Weber’s account of these events.)

After WikiLeaks had posted the Vault 7 tools on the internet, the FBI and the CIA engaged in a joint effort to scour Schulte’s computers, home, and phone.

Here’s the strange part.  He was arrested for being in possession of child porn:

On August 24, 2017, at 5:30 a.m., a dozen armed federal agents hammered on the door of his apartment in Manhattan, startling him awake. Once inside, they bellowed, “Turn around and put your hands behind your back!” According to an account written by Schulte, he was led “like a prized dog” into the federal courthouse in lower Manhattan, where he was cuffed and shackled, then turned over to the U.S. Marshals. At this point, the F.B.I. and federal prosecutors had been investigating Schulte’s possible role in the Vault 7 leak for five months, but they still hadn’t indicted him. Instead, they now charged him with “receipt, possession, and transportation” of child pornography. Schulte pleaded not guilty. When he heard that the government was pushing to keep him detained pending trial, his stomach dropped. “The crime I am charged with is in fact a non-violent, victimless crime,” he objected, displaying an obdurate heedlessness when it comes to how child pornography is made. (In a recent court filing, Schulte asserted that he has been “falsely accused” of acquiring child pornography.)

A judge ultimately ruled that Schulte could be released on bail, on the ground that he posed no immediate threat to society. But his release came with stringent conditions. He would be under house arrest, unable to leave his apartment except for court dates. And he could not access the Internet. Schulte bridled at this, observing, “Today, everything is done online so it’s incredibly difficult.” Never one to meekly adhere to a directive that he found objectionable, Schulte chose to ignore the condition. In December, the government presented evidence that he had defied court orders by going online, and on several occasions had even logged on to the Internet using Tor—a system that enables users to access Web sites anonymously. Meanwhile, authorities in Virginia charged him with sexual assault, citing as evidence the photograph discovered on his phone. Schulte was taken into custody once again and locked up at the Metropolitan Correctional Center, in Manhattan. He was still there in the summer of 2018, when the government filed a superseding indictment with ten new counts and charged him with leaking Vault 7.

During the trial:

The parade of witnesses from the C.I.A. offered a rare glimpse of the office dynamics in a Top Secret unit. It was sobering. The descriptions of Schulte’s workplace called to mind not the steely competence of “The Bourne Identity” but, rather, the tiresome high jinx and petty scheming of “Office Space.” This was the paradox of the proceedings: there was no way for the C.I.A. to exact retribution against Schulte without, in the process, revealing a great deal of unflattering information about itself. Jurors would be told the story of an élite national-security division that had become consumed by juvenile name-calling and recrimination; senior C.I.A. officials would have to submit to cross-examination about the frequency and the severity of Nerf-gun fights, or about the lax security that had made the breach possible. Schulte’s former colleagues portrayed him as thin-skinned and volcanically malicious, and this proved to be the core of the government’s case. “He’s not some kind of whistle-blower,” one of the prosecutors, David Denton, told the jury. “He did it out of spite. He did it because he was angry and disgruntled at work.”

……It was abundantly clear that he had motivations for taking revenge on the C.I.A. The professional biography that emerged at trial was so damning that a decision to leak terabytes of classified data seemed almost like a logical dénouement: the final explosion of a man whose nickname was literally the Nuclear Option. Schulte’s incriminating Google searches further deepened his appearance of guilt. And, on the sixth day of the trial, prosecutors laid out what they regarded as a coup de grâce—the digital equivalent of fingerprints at a crime scene. Even after Schulte was stripped of his administrative privileges, he had secretly retained the ability to access the O.S.B. network through a back door, by using a special key that he had set up. The password was KingJosh3000. The government contended that on April 20, 2016, Schulte had used his key to enter the system. The files were backed up every day, and while he was logged on Schulte accessed one particular backup—not from that day but from six weeks earlier, on March 3rd. The O.S.B. files released by WikiLeaks were identical to the backup from March 3, 2016. As Denton told the jurors, it was the “exact backup, the exact secrets, put out by WikiLeaks.”

……To nobody’s surprise, Schulte has tangled with his prison guards, and in repeated filings to the new judge in his case, Jesse M. Furman, he has singled out individual guards and suggested that they should be facing criminal charges. Schulte has filed more than sixty official challenges to the conditions of his confinement. In prolix memos, many of them handwritten, he has condemned the Justice Department, the C.I.A., the F.B.I., and the Bureau of Prisons. He refers to his cell as a “torture cage,” and maintains that his living conditions are “below that of impoverished persons living in third world countries.” One of his complaints is that the guards do not give him adequate bathroom breaks during the hours he spends preparing his case in the prison law library. And so, lately, Schulte has taken to urinating in the law library. He has also converted to Islam. When I mentioned this to Kavi Patel, he burst out laughing. “He’s manipulative,” Patel said. “I don’t know how else to say it.”

From my own experience, the intelligence community at the higher echelons is full of narcissistic and eccentric eggheads.  Many of them are college wiz kids who were hired for their computer skills and education credentials.  The supervisors are arrogant bureaucratic shitheads. There’s a lot of pressure at that level to be on top of the world wide spy game. The push for innovation is very competitive.

Bottom line:

There’s a difference between being a whistleblower and a traitor; the distinction is motive. If your purpose is to expose unlawful, unconstitutional abuse of powers, then by all means, raise hell. If you’re a disgruntled, whiny little crapweasel (Bradley Manning) or Reality Winner, who wants to damage national security to massage your ego, then you deserve the death penalty for the lives you endangered. Edward Snowden had questionable motives himself. He gave information to Wikileaks about the Obama regime’s extensive NSA surveillance operations. He fled to Russia and is now a Russian citizen. I would have had more respect for him if he stood his ground and faced Congress. If your principles and integrity are solid, don’t flee the country; it only raises questions about character and credibility.

If Schulte’s purpose was revenge, then he’s right where he belongs.

 

 

Related articles:

https://www.justice.gov/usao-sdny/pr/joshua-adam-schulte-charged-unauthorized-disclosure-classified-information-and-other

Inner City Press is covered the court filings: https://www.leagle.com/decision/infdco20220520a18

And the trial: http://www.innercitypress.com/sdnylive95schultefurman061422.html

More: https://twitter.com/innercitypress/status/1537058659833982976

Leave a Comment

Your email address will not be published. Required fields are marked *

Wordpress Social Share Plugin powered by Ultimatelysocial