OK - it's US v. Schulte CIA leaks trial closing arguments. Assistant US Attorney Laroche begins, playing audio of Schulte complaining about Amol. Friday US dropped Count 2 patreon.com/posts/34425643 Inner City Press will live-tweet: thread 
@MatthewLeeICP @sdnylive @EspionageNews @CyberScoopNews @KharonData AUSA Laroche: Joshua Schulte - King Josh, he thought he was - reinstated his privileges without authorization. It was a huge red flag. So the CIA acted - it tried to keep him out. But it left a backdoor, that he used
@MatthewLeeICP @sdnylive @EspionageNews @CyberScoopNews @KharonData AUSA Laroche: Schulte was so focused on getting his privileges back he is willing to lie again. He's logging in and out all day. This is his IP address - he's logging in. He's using that key, that session, to view log files.
@MatthewLeeICP @sdnylive @EspionageNews @CyberScoopNews @KharonData AUSA Laroche: Let's recap what happened. At 7:17 pm he logged in again. Then 7:44 pm he's using that left-over key to view log files as an administrator with absolutely no reason. He was planning to steal the information.
@MatthewLeeICP @sdnylive @EspionageNews @CyberScoopNews @KharonData AUSA Laroche: The information WikiLeaks published must has come from back-up files, and we know the dates of the files... Defendent reverted the files to a time when he had full access. Minutes later, he steals the back ups. And he deletes log files.
@MatthewLeeICP @sdnylive @EspionageNews @CyberScoopNews @KharonData AUSA Laroche: You know it was the defendant - this 766 number, it is his session. It was stored in his unallocated space. You will see that the defendant searches again and again for it.
@MatthewLeeICP @sdnylive @EspionageNews @CyberScoopNews @KharonData AUSA Laroche: Here is the evidence he stole the back ups. This is from his unallocated space. Then he starts deleting things. And here's the defendant after 5:57 pm, he's looking for those files. He knows that are bad evidence for him
@MatthewLeeICP @sdnylive @EspionageNews @CyberScoopNews @KharonData AUSA Laroche: The defendant went back in time to April 2016 when he had full administrative control. They he essentially went back to the future. That way he deleted all of the information on the virtual machine. There is no reason for this other than stealing
@MatthewLeeICP @sdnylive @EspionageNews @CyberScoopNews @KharonData AUSA Laroche: Auditing data, deleted. Log in information, deleted. How do we know this was the defendant? These logs were from his work station, from his unallocated space.
@MatthewLeeICP @sdnylive @EspionageNews @CyberScoopNews @KharonData AUSA Laroche: Defendant locked it in 2016 two time - TWO TIMES! - both times because he was scoping it out, then stealing....
During this time, Michael is on the 5th floor, logs are being deleted by HIM, not by Michael, who's never near the defendant's desk.
During this time, Michael is on the 5th floor, logs are being deleted by HIM, not by Michael, who's never near the defendant's desk.
@MatthewLeeICP @sdnylive @EspionageNews @CyberScoopNews @KharonData AUSA Laroche: There's been stuff about Michael, yes, he went on administrative leave. But it's a side show. The CIA was not in charge of the investigation, the FBI was. Michael was not a suspect.
[Wag: Thou dost protest too much?]
[Wag: Thou dost protest too much?]
@MatthewLeeICP @sdnylive @EspionageNews @CyberScoopNews @KharonData AUSA Laroche: On the 21st [of April 2016], he goes in and emails Anthony. He wants to wash his hands of that server. An hour later, that UBS device that had been plugged it, in gets wiped.
@MatthewLeeICP @sdnylive @EspionageNews @CyberScoopNews @KharonData AUSA Laroche: By the 22nd, Defendant learned that Amol was appealing his order of protection. So he moved to delete Brutal Kangaroo. And he downloaded a program that WikiLeaks encourages people to download to sent leaks in
@MatthewLeeICP @sdnylive @EspionageNews @CyberScoopNews @KharonData AUSA Laroche: On the 30th and May 1, he is concerned about what he has been searching for. He visits the website "kill your data dead." At 10:55 he searches for SSD wipe utility. At 12:19 am he mounted his drive onto his virtual machine.
@MatthewLeeICP @sdnylive @EspionageNews @CyberScoopNews @KharonData AUSA Laroche: Overnight, he is constantly checking his computer, unlocking his virtual machine. He runs Google search. At 3:18 am he searches, how long does it take to calculate MD5? Then he reformats his computer, to hide evidence.
@MatthewLeeICP @sdnylive @EspionageNews @CyberScoopNews @KharonData AUSA Laroche: The only time the defendant searches for wiping utilities is in April and May 2016. It wasn't about rebuilding computers. It was about trying to cover his tracks. Between 2006 into 2016, only nine WikiLeaks search. Then he starts searching more
@MatthewLeeICP @sdnylive @EspionageNews @CyberScoopNews @KharonData AUSA Laroche: There are other things being posted by WikiLeaks, like Hillary Clinton's emails. But nothing with source code. Defendant searches for "Wikileaks 2017" - vows to blow you away. He had sent it, he is waiting to see what comes out.
@MatthewLeeICP @sdnylive @EspionageNews @CyberScoopNews @KharonData AUSA Laroche: At the beginning of the trial, Ms. Shroff said the timeline makes no sense. But it does - WikiLeak is publishing a lot things, and there was an error in the script. It took time.
@MatthewLeeICP @sdnylive @EspionageNews @CyberScoopNews @KharonData AUSA Laroche: Ms Shroff said the prison activities would show a man trying to clear his name. But what it shows is the illegal use of a cell phone, and to promise a reporter he will give more if the reporter follows his timeline.
[Wag: Are those inconsistent?]
[Wag: Are those inconsistent?]
@MatthewLeeICP @sdnylive @EspionageNews @CyberScoopNews @KharonData AUSA Laroche: That's walk through the time in prison. The defendant was told he cannot modify terms of the protective order. You've seen his prison notebooks. He's frustrated by his family. By August he gets an encrypted Samsung and declares his information war.
@MatthewLeeICP @sdnylive @EspionageNews @CyberScoopNews @KharonData AUSA Laroche: The FBI searched the MCC on October 3 and stopped his plan. The Defendant has threatened to close embassies and end occupations across the world until his case was dismissed. He was going to disclose Bartender
@MatthewLeeICP @sdnylive @EspionageNews @CyberScoopNews @KharonData AUSA Laroche: You don't need to delete emails if they are about clearing your name. You delete emails if what you are doing is criminal. He opens a protonmail account. He writes about WhatsApp and Signal and Telegram
@MatthewLeeICP @sdnylive @EspionageNews @CyberScoopNews @KharonData AUSA Laroche: The defendant starts drafting tweets, like "I know Jeremy... he set him up." You know Bartender was a classified tool. Its disclosure would put lives at risk. But the defendant did not care. He sent Shane Harris a Signal message.
@MatthewLeeICP @sdnylive @EspionageNews @CyberScoopNews @KharonData Now defense closing argument:
Schulte's lawyer Shroff: They were under pressure to find a suspect. They quickly focused on Josh Schulte, who was disliked at the CIA. The FBI learned that the CIA's DEVLAN network was highly insecure.
Schulte's lawyer Shroff: They were under pressure to find a suspect. They quickly focused on Josh Schulte, who was disliked at the CIA. The FBI learned that the CIA's DEVLAN network was highly insecure.
@MatthewLeeICP @sdnylive @EspionageNews @CyberScoopNews @KharonData Shroff: DEVLAN was wide open. Passwords were leaked. There were not audit logs. The witnesses told you DEVLAN was the Wild, Wild West.
@MatthewLeeICP @sdnylive @EspionageNews @CyberScoopNews @KharonData Shroff: They called DEVLAN a "dirty network." It had very easy passwords. Simply carrying the data out the door on a hard drive would not be difficult.
@MatthewLeeICP @sdnylive @EspionageNews @CyberScoopNews @KharonData Shroff points at the AUSAs - "They don't know." They look down at their hands.
Shroff: He tells you, the Alta backups were wide open.
Shroff: He tells you, the Alta backups were wide open.
@MatthewLeeICP @sdnylive @EspionageNews @CyberScoopNews @KharonData Shroff: Michael was present at his desk when the government says the data was taken. The computer evidence they claim points to Mr. Schulte, it fails to support the government's case.
@MatthewLeeICP @sdnylive @EspionageNews @CyberScoopNews @KharonData Shroff: The thumb drive was removed 26 minutes *before* the reversion. And it was too small, and write-protected. Maybe the culprit is the one living at home on paid administrative leave.
@MatthewLeeICP @sdnylive @EspionageNews @CyberScoopNews @KharonData Shroff: Let's look at Government Exhibit 1207-27. Mr Denton told you March 3 was the very day Mr Schulte felt the CIA had wronged him. But there's nothing in the evidence that Mr. Schulte viewed March 3, 2016 as particularly significant.
@MatthewLeeICP @sdnylive @EspionageNews @CyberScoopNews @KharonData Shroff: Did he use a cell phone? Sure. But that's not what he's charged with.
@MatthewLeeICP @sdnylive @EspionageNews @CyberScoopNews @KharonData Shroff: Your job as jurors is to put the government to these test. I told you at the beginning of the trial, Mr. Schulte was a difficult employee. That is all the government has shown in over the past four weeks.
They're taking a break. Thread will continue.
They're taking a break. Thread will continue.
@MatthewLeeICP @sdnylive @EspionageNews @CyberScoopNews @KharonData AUSA Kamaraju: Ms Shroff spent a lot of time talking about this thumb drive, more time than we did. We told you he was nervous and wiped it even that it wasn't plugged in during the key time
@MatthewLeeICP @sdnylive @EspionageNews @CyberScoopNews @KharonData AUSA Kamaraju: These is only one conclusion: Joshua Schulte is guilty of the charges.
Judge Crotty: We'll have a half an hour break then I'll instruct you on the law.
Judge Crotty: We'll have a half an hour break then I'll instruct you on the law.
