Alleged Vault 7 leaker trial finale: Want to know the CIA's password for its top-secret hacking tools? 123ABCdef

Tales of terrible security, poor compartmentalization, and more, emerge from the Schulte hearings


Analysis The fate of the man accused of leaking top-secret CIA hacking tools – software that gave the American spy agency access to targets' phones and computer across the world – is now in the hands of a jury. And, friend, do they have their work cut out for them.

Joshua Schulte stands accused of stealing the highly valuable materials directly from the CIA’s innermost sanctum and slipping them to WikiLeaks to share with the rest of the planet. Federal prosecutors have spent the past four weeks explaining exactly why they believe that to be the case. And Uncle Sam's lawyers have developed a compelling case to send Schulte away for virtually the rest of his life.

But Schulte’s lawyer, Sabrina Shroff, has picked away at that seemingly watertight case, and pointed out, countless times, that the evidence against her client is dangerously thin. Schulte is the fall guy, she argues; the victim of an agency that decided he was responsible, and then used its extraordinary analytical focus to nail him regardless of his innocence.

The CIA may have wished the trial never happened, because, in the course of events, the picture of what actually happens in the darkest corners of what may be the most powerful institution on Earth is not one of the highest caliber of professionals working in their nation’s best interests. Instead, the leak of the world’s most dangerous hacking tools, code-named Vault 7, may have stemmed from a rubber-band fight that got out of hand.

We reported earlier that Schulte’s lawyer started her defense of him by stressing how much of an asshole he is. Just as incredibly, she closed her argument for his innocence in the same way: “I told you that Mr Schulte was a difficult man. He was a difficult employee, and I told you that there was no doubt about that. I told you that the evidence would show that, and that's what the government showed you. For four weeks, that's what they showed you.”

Vindictive

She’s not lying. Schulte came across as an impossible, arrogant, and vindictive co-worker. When he ended up in a dispute with another employee, Amol, Schulte lodged a formal complaint saying Amol had threatened to kill him, knowing that would put Amol in a very difficult position. It did, though a CIA probe concluded Amol hadn’t done any such thing. But such was the value of these two difficult but brilliant men to the agency that they kept them both, simply moving them to different departments and floors.

Employee after employee, all the way up to Schulte’s boss’s boss’s boss, testified Josh was a royal pain in the ASCII. But let’s let his own lawyer Shroff tell you in literally her closing words: “They proved to you that, yes, you can properly call him Voldemort or Vault Asshole or Asshole or Jason Bourne or John Galt. They have given you evidence of all of that. But one thing that you cannot call him, after four full weeks, because the evidence isn't there, you cannot call him guilty. Please acquit.”

Those names, incidentally, were chosen by Schulte himself for various aliases he used. One that Shroff didn’t mention but the government’s lawyer did was also telling: King Josh.

“Josh Schulte is no patriot. Far from it. He's vengeful and he's full of rage, and he's committed crimes that have been devastating to our national security,” prosecutor Matthew Laroche told the federal district court, in New York City, in his closing arguments [PDF]. “King Josh. That's what the defendant thinks of himself. Well, King Josh got caught. And all of his lies, all of his deceptions have come crashing down in this case.”

To be fair, it wasn’t King Josh, it was “KingJosh3000” – one of many names he used in his job as a CIA sysadmin. The handle KingJosh3000 proved critical in the case because it was the one username the government found that, allegedly, connected Schulte to the theft of the hacking tools. He had, according to the prosecution, carefully and methodically deleted all the logs that showed his removal of gigabytes of data from the CIA’s server. But KingJosh3000’s session was missed from the data wipe, and it was that ID that he used to access a backdoor into the system after he had been officially booted off, we were told.

Sysadmin and out

The fact Schulte had been actively blocked and had his admin rights revoked on several servers was used by both the prosecution and defense as evidence of their arguments. The prosecution noted Schulte had previously been kicked off systems as an admin and in response, both out of spite and in order to demonstrate his superiority, he found his way back in and set up new accounts.

Schulte was formally warned that in the aftermath of Edward Snowden's disclosures, this type of behavior was viewed extremely poorly, and he was made to sign a statement apologizing and promising not to do it again. But in that very same interview, his superior told the court, Schulte made it plain that he could, and would, do it again.

That behavior painted a big red target on Schulte's back: one that led the CIA to believe it was definitely him who stole the files when they were publicly distributed one year later by WikiLeaks, long after he had left the agency. But his defense argued that same red target caused the CIA and FBI to decide he was the guilty party and then build a case around proving it, rather than looking at all the evidence and figuring out who the real culprit was.

All this raises a question, though: just how bad is the CIA’s security that it wasn’t able to keep Schulte out, even accounting for the fact that he is a hacking and computer specialist? And the answer is: absolutely terrible.

The password for the Confluence virtual machine that held all the hacking tools that were stolen and leaked? That’ll be 123ABCdef. And the root login for the main DevLAN server? mysweetsummer.

It actually gets worse than that. Those passwords were shared by the entire team and posted on the group’s intranet. IRC chats published during the trial even revealed team members talking about how terrible their infosec practices were, and joked that CIA internal security would go nuts if they knew. Their justification? The intranet was restricted to members of the Operational Support Branch (OSB): the elite programming unit that makes the CIA’s hacking tools.

Next page: Not well liked

Similar topics

Broader topics


Other stories you might like

  • Tesla driver charged with vehicular manslaughter after deadly Autopilot crash

    Prosecution seems to be first of its kind in America

    A Tesla driver has seemingly become the first person in the US to be charged with vehicular manslaughter for a deadly crash in which the vehicle's Autopilot mode was engaged.

    According to the cops, the driver exited a highway in his Tesla Model S, ran a red light, and smashed into a Honda Civic at an intersection in Gardena, Los Angeles County, in late 2019. A man and woman in the second car were killed. The Tesla driver and a passenger survived and were taken to hospital.

    Prosecutors in California charged Kevin George Aziz Riad, 27, in October last year though details of the case are only just emerging, according to AP on Tuesday. Riad, a limousine service driver, is facing two counts of vehicular manslaughter, and is free on bail after pleading not guilty.

    Continue reading
  • AMD returns to smartphone graphics with new Samsung chip for your pocket computer

    We're back in black

    AMD's GPU technology is returning to mobile handsets with Samsung's Exynos 2200 system-on-chip, which was announced on Tuesday.

    The Exynos 2200 processor, fabricated using a 4nm process, has Armv9 CPU cores and the oddly named Xclipse GPU, which is an adaptation of AMD's RDNA 2 mainstream GPU architecture.

    AMD was in the handheld GPU market until 2009, when it sold the Imageon GPU and handheld business for $65m to Qualcomm, which turned the tech into the Adreno GPU for its Snapdragon family. AMD's Imageon processors were used in devices from Motorola, Panasonic, Palm and others making Windows Mobile handsets.

    Continue reading
  • Big shock: Guy who fled political violence and became rich in tech now struggles to care about political violence

    'I recognize that I come across as lacking empathy,' billionaire VC admits

    Billionaire tech investor and ex-Facebook senior executive Chamath Palihapitiya was publicly blasted after he said nobody really cares about the reported human rights abuse of Uyghur Muslims in China.

    The blunt comments were made during the latest episode of All-In, a podcast in which Palihapitiya chats to investors and entrepreneurs Jason Calacanis, David Sacks, and David Friedberg about technology.

    The group were debating the Biden administration’s response to what's said to be China's crackdown of Uyghur Muslims when Palihapitiya interrupted and said: “Nobody cares about what’s happening to the Uyghurs, okay? ... I’m telling you a very hard ugly truth, okay? Of all the things that I care about … yes, it is below my line.”

    Continue reading

Biting the hand that feeds IT © 1998–2022