Unaccountable Hackers: The CIA, Vengeance, and Joshua Schulte

The release of the Vault 7 files in the spring of 2017 in a series of 26 disclosures, detailing the hacking tools of the US Central Intelligence Agency, was one of the more impressive achievements of the WikiLeaks publishing organisation.  As WikiLeaks stated at the time, the hacking component of the agency’s operations had become so sizeable it began to dwarf the operations of the National Security Agency.  “The CIA had created, in effect, its ‘own NSA’ with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capabilities of a rival agency could be justified.”

The publication ruffled feathers, enraged officials, and stirred the blood of those working in the intelligence community bothered by this “digital Pearl Harbor”.  The exercise involved the pilfering of 180 gigabytes of information and constituted, according to the agency, “the largest data loss in CIA history”.

The CIA’s WikiLeaks Task Force was charged with investigating the incident and submitted its findings to the director in October 2017.  Pompeo should have been grudgingly grateful – WikiLeaks had given the organisation a good excuse for cleaning the cobwebs and removing the creases.  The report, for instance, found that the CIA’s Center for Cyber Intelligence (CCI) had placed greater emphasis on the building of “cyber weapons at the expense of securing their own systems.  Day-to-day security practices had become woefully lax.”  The cyber weapons were also “not compartmented”, passwords at various administrator levels were shared “and historical data was available to users indefinitely.”  In what reads like a vote for the dull and the tedious, the report took issue with “a culture that evolved over years that too often prioritized creativity and collaboration at the expense of security.”

The individual responsible for taking the loot to WikiLeaks was the fractious Joshua Schulte, who worked at the CCI as a software developer and had himself created a number of hacking tools.  On February 1, he was sentenced in the New York federal court to 40 years in prison.  His list of previous convictions was encyclopaedically colourful: espionage, computer hacking, contempt of court, making false statements to the Federal Bureau of Investigation, and child pornography.

At the sentencing hearing, Judge Jesse M. Furman, in that time honoured tradition of judicial vagueness, remarked that, “We will likely never know the full extent of the damage, but I have no doubt it was massive.”  This was a silly claim, given that the leaks were, as Axios reported, “largely inconsequential, with most being instruction manuals for old hacking tools”.

The prosecution was similarly imprecise (and disingenuous), as they tend to be when measuring the extent national security is supposedly impaired by information disclosures.  “He caused untold damage to our national security in his quest for revenge against the CIA for its response to Schulte’s security breaches while employed there,” stated the US Attorney for the Southern District of New York, Damian Williams.  Assistant Attorney General Matthew G. Olsen further added that Schulte had “directly risked the lives of CIA personnel, persisting in his efforts even after his arrest.”

In comments made to the court prior to the sentencing, Schulte touched on the wonderful penal conditions that mark the US penitentiary system.  He had, for instance, been denied hot water.  He had been extensively exposed to artificial light and constant noise.

He also had – and here, British judges should take note regarding Assange’s own arguments against extradition to the US – been deceived by the prosecutors in a plea deal offer that would have seen him sentenced to 10 years in prison.  Instead, he got an additional three decades.  “This is not justice the government seeks,” Schulte accurately observed, “but vengeance.”

Schulte proved an important figure in the roistering annals of WikiLeaks.  It was his disclosures that signalled the cold and vicious turn in US policy in targeting Assange.  The release of the Vault 7 files sent the then director, Mike Pompeo, into a rage.  The 2021 Yahoo! report, which famously noted various opinions within the intelligence community on what could be done about the Australian publisher, reports that change of approach.  According to one former Trump national security official, the director and CIA officials “were completely detached from reality because they were so detached about Vault 7.”

Soon, Pompeo was publicly tarring WikiLeaks while privately pondering options to kidnap or assassinate Assange.  In April 2017, in a speech given to the Center for Strategic & International Studies in Washington, the director hoisted the black flag.  “WikiLeaks walks like a hostile intelligence service and talks like a hostile intelligence service and has encouraged its followers to find jobs at the CIA in order to obtain intelligence.”  Nonsensically, Pompeo imbues the publishing organisation with dictatorial and mesmeric qualities.  “It directed Chelsea Manning in her theft of specific secret information.”  (No, it did not.)  “And it overwhelmingly focuses on the United States while seeking support from anti-democratic countries and organizations.”  Given the concentration of unstable power at the heart of Washington, and its imperial pretences, Pompeo can hardly be surprised.

The speech is worthy of close analysis.  It declares, inevitably, that the CIA is a noble organisation incapable of abuse, a saintly enterprise of patriots who should be treated as such.  It takes issue with those who give the game away.  And, more fundamentally, it refuses to have any truck with a publisher who aids that cause.

Pompeo, for instance, dismissed Assange’s own justifications for publishing national security material as “sophistry”.  He could hardly be compared to Thomas Jefferson or “the Pulitzer Prize-winning work of legitimate news organizations such as The New York Times and The Washington Post.”

Dangerously, the strategy behind the bluster becomes clear, and would find itself gorily displayed in the indictment against Assange.  It picks and chooses between publishers as sacred and profane, the ennobled and the condemned.  It ignores the pointed fact that national security information is almost always pilfered and leaked, sometimes patriotically, sometimes selfishly.  Punish Assange, and you are opening the door to punishing any news outlet of any stripe operating anywhere.  And that, fundamentally, is the point.

Binoy Kampmark was a Commonwealth Scholar at Selwyn College, Cambridge. He lectures at RMIT University, Melbourne. Email: bkampmark@gmail.com. Read other articles by Binoy.