Recommend a series of in-depth articles about this on emptywheel.
Lots of rat-fuckery going on. Some political, some spy-craft.
Great article, BTW.
The fate of the man accused of leaking top-secret CIA hacking tools – software that gave the American spy agency access to targets' phones and computer across the world – is now in the hands of a jury. And, friend, do they have their work cut out for them. Joshua Schulte stands accused of stealing the highly valuable materials …
The biggest red herring I see is the fact that KingJosh3000 was somehow missed from the wipe, as if the guilty party wanted to link him to the theft. Also that the Wikileaks references are to articles, not data.
As far as alternative suspects, everyone who hated him, starting with Amol, and even his "friend" Michael - all of whom presumably knew of his KingJosh3000 ID.
Could he have done it? Yes. Could someone else have done it? Also, yes.
Has the CIA proved their case beyond a reasonable doubt? No. Will it matter to the jury? Probably not.
Going to a jury is risky for both sides. As is pointed out the actual case is relatively thin but he is a louse at best. So it could either way. The jury could decide being a louse was sufficient motive for leaking. But they could also decide he was too well known as a louse and despised that he might have been set up as a fall guy. It really hinges on how thin the evidence is.
Based on the limited information given in the article, I agree.
Possible he did it? Certainly
Balance of probability he did it? There might be a decent case
Beyond reasonable doubt? Absolutely not
There might be enough circumstantial evidence to get a verdict in a civil case where the burden of proof is much lower, but for a criminal trial, no way.
Incidentally, I believe in US the only possible verdicts are guilty or not guilty, if I'm not mistaken in Scotland there can be a third verdict 'not proven', which basically indicates that the jury or judge believe the defendent to be guilty but don't have sufficient proof to be absolutely sure.
"Has the CIA proved their case beyond a reasonable doubt? No."
I think I disagree with that assessment. Reasonable doubt is not about being 100% sure. There is no way to be 100% sure, which is why we have the concept of "reasonable doubt" in the first place.
Everyone seems to agree that he indeed used the KingJosh3000 ID, and there seems to be evidence that someone using that ID accessed the VM containing the code. Seems reasonable and even logical to accuse him. Is it possible that someone else who knew about the ID (whether they hated him or not) could have used it? Yes. Is there any evidence at all that someone else did so? No. Is there evidence that a co-worker hated him? Yes. Is there any evidence at all that one of those who hated him set him up? No.
The prosecution claims "We know that someone using the ID made an unauthorized access, and we have testimony that the defendant owned and used that ID." The defense rebuts with "Right, but everybody hated him. So, so, so, .... they framed him!" Seems beyond reasonable to me.
Is there any evidence at all that someone else did so? No. - Do you actually know there is no evidence, or just saying that you haven't seen any as a person not at the trial? Why would the prosecution bring up information that revealed someone else did it?
Is there evidence that a co-worker hated him? Yes.
Is there any evidence at all that one of those who hated him set him up? No. Again - there would not be any evidence exposed to this - the prosecutor has to prove that HE did it, not that he could have done it.
Yes, based on what's in the article - it might be different if I'd actually heard all the evidence firsthand - if I were on the jury I'd have to vote to acquit.
But to be honest, even if I felt he were guilty beyond a reasonable doubt, I'd really have to consider nullification in this case.
I actually knew the guy :/
I also was not his biggest fan. Having served as juror on a capital murder trial, I feel like I would also not be able to vote guilty for this - it doesn't seem they have PROVEN that he did it. Whether or not I think he might have done it or not, is irrelevant. There isn't enough proof, and it would have been easy to frame him.
Just like the leaving the trace of that username - with as methodical as he has been, that seems like quite a rookie mistake that I don't think is in his nature.
Of a server with the incorrect date/time? Remember, his access to that system had been revoked, so he set the clock back to when his account was still active
Also, you'd think that a paranoid asshole would check for something like VNCia running before doing something seemingly evil.
I hope he wins and they're forced to give him $$$$ and his job back, with back pay.
"forced to give him $$$$ and his job back, with back pay"
In most of these cases, being forced to give the job back is undesirable to both parties. If my employer had just fired me then sued me I sure as hell wouldn't want to go back to work for them. $$$$ for back pay and wrongful dismissal will do nicely, thanks
It's hard to know what actually happened - the CIA are pretty good at that - but it smells like some of the bosses are getting blamed for the leak and want to get a conviction and move on while ignoring the actual cause. There's a long history of this type of action in most spy agencies.
Actually, the CIA should be more embarrassed by the fact that it didn't have a clue they were stolen in the first place.
Which clearly indicates that they might have been, and some foreign power has acquired them (or maybe more than one).
In the end, this kindergarden-style management of security concerning so-called weapons of state is the most damning indictment of all. Hollywood has a habit of showing the CIA as cool, efficient people. Hollywood is not going to have to adapt to showing them as kids at the lunch canteen throwing yogourt at one another and posting passwords in the hallways.
Some years back, I read a book by U.S. Army Col. Philip Corso (ret.) who claimed that his job in army intelligence involved doling out the contents of a locked filing cabinet kept in his office in the Pentagon which were allegedly bits of tech from the Roswell UFO crash. The bits would be seeded to universities and industry researchers from the "Foreign Technology Office" to be reverse-engineered and commercialized with a clean paper trail.
How much of this is true and how much the result of Corso having the braid on his cap a little too tight is left as an exercise for the reader, but I recall one comment that that always rang true to me regarding Army's opinion of the CIA's security hygiene. Supposedly only Corso and his commander knew about the contents of the cabinet because (IIRC) "...if anyone else knew about it then the FBI would find out about it and if the FBI knew about it then the CIA would learn of it and if the CIA knew about it then EVERYONE would know about it!"
...Plus ça change...
I have to ask: what tech?
I can't think of any technology from the second half of the twentieth century which can't be fully traced along its research and development path from bright idea to mature technology. So what was in the filing cabinet?
He claimed things like ICs, lasers, fiber optics were among the tech that passed through his office.
His claim is that, as selected U.S. researchers showed an interest in [technology] his office would approach them with "foreign technology", the source of which had to be kept on the down-low, but which they could examine and see if it gave them any clues as to how it could have been manufactured. If they could reverse-engineer it, they could publish and patent under their own names, and since they were already known commodities in their fields and were on the record as working on the problem, no one would question the narrative.
FWIW, it IS verifiable that Corso was in Army Intelligence from 1945 onward, was a staff officer on the NSC under Eisenhower, and served in the DoD's Foreign Technology Office from 1961 - 1963, which COULD be reconciled with the developmental histories of some of the tech he claims.
Also, it should be noted that the FTO's day-to-day job was researching and assessing foreign technology of all types and liaising with industry and academia on ways to adopt or negate, as needed, the foreign tech advantage so, again, they were a known commodity in the field. Seeding the Roswell tech was (allegedly) just the most compartmentalized part of the job.
Finally, as I noted in my original post, it COULD just be that Corso was wearing his hat braid too tight.
Original AC here (boss reads El Reg too).
Thanks for the extra information. It's a fascinating story. I don't agree with the "Aliens!" explanation, but I can't help wondering if Corso was really told that, and real spies popped in of an evening to refill the filing cabinets with purloined tech and data.
There are a few documented cases of the UK providing tech to the US in return for other bits and bobs (it's claimed some of this cooperation evaporated after the tech was handed over too), and seeding it into industry in this way does sound very plausible.
Thanks again, and enjoy the weekend!
There are any number of explanations, ranging from "Corso just made the whole thing up to sell his book" to "it actually was stolen foreign technology, but Corso wasn't told the real origin because he didn't Need to Know".
I mean, if I were running a spy program that stole interesting technological developments and other research from foreign powers, I'd want a way to quietly funnel it into my own nation's R&D stream, and leaking it to university and commercial researchers to reverse-engineer and claim as their own seems like a reasonable way to do it. And I'd want some dupe in the middle who didn't know where it came from so I'd have some deniability in case the program came to light.
I can't think of any technology from the second half of the twentieth century which can't be fully traced along its research and development path from bright idea to mature technology
Duh, they used the Roswell time-travel tech to go back and retcon it.
I don't get this, it seems like it would be pretty easy to prevent in such a confined space. Don't they have guards walking by the cells now and then who would see what inmates are up to? Worst case, can't they put a metal screen on the walls and windows to turn it into a Faraday cage? They could easily install repeaters on the inside that allow only specific cell phones to work if that's needed, and for the radios the guards carry.
And how the heck does someone smuggle a modern smartphone into a prison? The old candy bar style phones one can imagine where they are hidden, but you can't exactly do that with the size of modern devices (and they are all glass, potentially disastrous if broken!)
And how the heck does someone smuggle a modern smartphone into a prison?
I expect that the easiest route in is via a guard who has taken a bribe.
If all you want is a basic phone, then there are some crazily small ones out there (have a look on Amazon) which are easily concealable and I expect could be exchanged from visitor to inmate with minimal sleight of hand during a visiting session
The problem with the Faraday cage idea is that it doesn't discriminate between signals from illicit mobile phones, and those from legitimate sources. I can't see how it would be hard to triangulate the origin of phone signals within the prison walls though, with a relatively small number of aerials.
When describing how the security control's we have in place to protect the business are proportional to the nature of the business, I will often say that "we're not protecting state secrets". However it appears we have a lot more security controls in place than those who are protecting state secrets.
I often come up against people who think that certain 'data' isn't super-secret because it doesn't meet the criteria. Never mind that in the wrong hands that data could very well have a very negative impact on hundreds of millions of people.
I have no wish to prove these people wrong, because that would be scary (more scary than coronavirus) but I do wish I could put them in a simulator of some kind and show them what *could* happen - because no matter what they are told they revert back to the 'check-list' or someone else's evaluation (someone who doesn't know what the system that holds the data is or does).
Grrrr.
I often come up against people who think that certain 'data' isn't super-secret because it doesn't meet the criteria. Never mind that in the wrong hands that data could very well have a very negative impact on hundreds of millions of people.
And people so easily overlook the value of conflating a number of seemingly innocuous bits of data. For example....Bob is single...Bob lives at <address>. Bob works for <company> as a middle manager. <company> has office hours of 0830-1730.....throw that lot together and you've got a good idea of where there's a house likely to have some decent value contents and when it's likely to be unoccupied and available for burglary.
addendum - the mortality rate by age group is, however, very informative. If you're under 50, you have pretty good odds. They get progressively worse as you get older; in the 80+ age bracket, the rate is around 15%. I'd link the figures here, but the top results I get from google are links to images in paywalled articles.
If you overlay the graph of mortality by age over one of incidence of COPD, there's an almost perfect match. Correlation isn't causation, of course, but it's not hard to posit a causal link.
It's almost as if the planet has taken a dislike to boomers and decided to do something about it.
Seasonal flu and Covid-19 infections are not diagnosed in comparable ways. Most seasonal flu is self-diagnosed/reported and the figures are collected from employers accounting for sickness absences among other sources. Covid-19 is diagnosed by an RNA test which is only performed on people who are showing signs of being very unwell. It is classic sample selection bias and it is unreasonable to compare the two sets of figures.
If everyone who took sick leave from work/study was rigorously tested for flu and Covid-19 I would expect the kill-rate for Covid-19 to fall to similar levels to flu. I would also expect many to be found to have a common cold as well as some found to be malingerers. I have no evidence for this and recognise that it is not something that most states could test or admit to testing.
Well yes, I've actually been saying the same thing. I'm referring to the published mortality rates, which may be wildly inaccurate. Interesting to note that the communicability and mortality rates are both similar to those of the 1918 H1N1 flu pandemic. Of course, that happened in the middle of a time of global war, and medical treatment has progressed somewhat in the last century.
Osbourne Cox : And you're my wife's lover?
Ted Treffon : [shaking his head] No.
Osbourne Cox : Then what are you doing here?
[pause]
Osbourne Cox : I know you. You're the guy from the gym.
Ted Treffon : I'm not here representing HardBodies.
Osbourne Cox : Oh, yes. I know very well what you represent.
[pause]
Osbourne Cox : You represent the idiocy of today.
Ted Treffon : No, I don't represent that either.
Osbourne Cox : Yeah. You're the guy at the gym when I asked about that moronic woman.
Ted Treffon : She's not a moron.
Osbourne Cox : You're in league with that moronic woman. You are part of a league of morons.
Ted Treffon : No. No.
Osbourne Cox : Oh, yes. You see, you're one of the morons I've been fighting my whole life. My whole fucking life. But guess what... Today, I win.
This post has been deleted by its author
We don't deal with NSA-level codebreaking savant geniuses, but the explanation of that team's behaviour in the article seems like I've lived mini versions of it. It really is a spectrum (and I'm not talking about ASD...) between "total condescending borderline crazy jerk but brilliant" and "super-type-A gladhanding salesy type without a knack for anything technical." It's like there's a slider and dialing up one forces you to dial down the other except in rare cases.
It does seem that tech companies tolerate "brilliant jerks" much more than they should. NSA might be a special case altogether though...they might feel that just putting handlers in front of their most productive and least social people is worth it. I'm sure Microsoft and the FAANGs have a ton of people that they'll surround with a team as long as they keep cranking out work. I absolutely can't sell and would never be mistaken for a hyper-extroverted executive type, but one thing I've learned in 20+ years is that people who at least make an effort to fit in will have more success than those who don't. But that's probably because I'm not a super-genius...just competent at what I do (and willing to teach anyone who asks.) I did get into this field because I'm more comfortable solving problems and dealing with machines than navigating political fires, but developing a good overall likable personality helps a great deal! I'm not smart enough to fall in with the "hide them in the back room" crowd so I've had to adapt.
In my experience, many companies over-tolerate the "super-type-A gladhanding salesy type without a knack for anything technical" types as well, despite the fact that they aren't "brilliant jerks" either.
It's probably because corporate boards seem to over-represent the type-A personalities (probably due to their knack for self-promotion) and ignore the tendency towards their affinity for white powder and misogyny.
Agreed ...
I've been privileged to meet some super intelligent and talented people and most of them were in the "OMG I'd love to hate them but they're too nice" category: people who are more modest about themselves and their accomplishments than I am about having met them.
There were a very small number of highly intelligent gits - maybe they succeed more outside academia and business: in both of these I suspect an inability to meet even minimal standards of interpersonal cooperation is usually a bit of a bar to progress.
I suspect that I might qualify, in the minds of people I meet, as a "brilliant jerk." Why? Because the same quirks in my brain that allow me to top out on IQ tests also make me painfully incapable of "reading" people. Beyond that, I have a REALLY hard time understanding that people often don't want their blatant mistakes pointed out to them.
So, I see someone doing something stupid, like say, setting up a permissions system based on users instead of based on roles. Before my conscious brain has a chance to engage, I am upset about the amount of effort that this individual is going to have to spend maintaining such a system, as well as the security vulnerabilities that can be expected to cause a great deal of work for many people. My conscious brain has to intercept my instinctual reaction and attempt to soften what I say. And the truth is, even as I write this, I don't know what the thing to say to convince someone to do the right thing without coming off as arrogant. Never mind that I have literally gone non-verbal for a full minute trying to consciously know why a bad decision is so bad.
Yes, people see me as arrogant. But they don't understand. Not only have I considered what they have to say already, I've tracked it's logical conclusions. In many cases, I've seen the results of these bad decisions, and I cannot stand the thought of other people going through that pain.
So to quote from the recent Sherlock Holmes series, "I'm not a psychopath, I'm a highly-functioning sociopath. ... Do your research!"
This post has been deleted by its author
There are brilliant people with well rounded personalities, or at least non-toxic personalities. The issue is that they have the ability to get hired by more companies for a variety of jobs. The company that hires a brilliant but toxic person is not willing to pay the dollar cost for a rounded person. For example while taking a masters degree a group project was required. One of the students did their full share of the work and would later give polite helpful, teachable, comments to the others in the group about their parts. She did this all through the group project and she was doing another non-bachelor degree program at the same time. I don't know who would have the money to hire her but she deserved five to ten times my salary.
>>While Schulte was allegedly stealing the documents – which the CIA says he did by creating a backup of the machine holding the tools, saving that backup to a portable storage device, and then reverting the system back to before the backup, deleting all the logs on the way – he was also chatting over IRC with Michael. It was April 20, 2016, around 5.30pm.
Joshua Schulte asked Michael if he was going to the gym. Michael said he was. Josh arranged to meet him there. But when he didn’t turn up, Michael asked Josh what was going on, and Josh explained that one of their co-workers had kept him talking over some matter for 30 minutes.<<
so he's in the middle of crime of the century, chatting on IRC _and_ asking to meet Michael shortly, before he know's he completed his nefarious activities?