An office of the CIA outside Washington turned into a crime scene March 7, 2017.
WikiLeaks had just published a trove of confidential CIA documents that revealed secret methods the spy agency used to penetrate the computer networks of foreign governments and terrorists.
Investigators scrambled to find the culprit, seizing more than 1,000 devices from the CIA as top-secret operations and computer networks shut down. Eventually, they arrested Joshua Schulte, 31, who worked as a computer engineer for the agency.
But Monday, in a muddled outcome for the government, a federal jury in Manhattan could not agree on whether to convict Schulte of the biggest theft of classified documents in CIA history.
After hearing four weeks of testimony, the jurors deadlocked on eight counts, including illegal gathering and transmission of national defense information. They did convict Schulte on two other counts — contempt of court and making false statements to the FBI.
The motivation for the alleged theft, prosecutors said, was Schulte’s belief that CIA management did not take his workplace complaints seriously. His feuding with co-workers led to his resignation in November 2016 to join Bloomberg LP as a software engineer.
The partial verdict came after six days of chaotic deliberations. One juror was dismissed in the middle of the discussions because she violated the judge’s orders by researching the case and then shared that information with the jury. The judge declined to replace her with an alternate, leaving a panel of 11 people.
The jury also complained in a note about a separate juror who was not participating in the group discussion, raising concerns about “her attitude.”
After the verdict, one juror said the deliberations were a “horrible experience,” her eyes welling with tears as she walked away from reporters.
Schulte’s legal troubles are not over. The government could retry the case. In addition, during the investigation, federal agents found more than 10,000 images and videos of child pornography on electronic devices in Schulte’s home. He faces a separate federal trial on those charges.
The verdict showed that the jury had doubts about the government’s most important evidence, which came from a CIA server. Trial witnesses guided jurors through a complicated maze of forensic analysis that, according to prosecutors, showed Schulte’s work machine accessing an old backup file one evening in April 2016.
He did so, prosecutors said, by reinstating his administrator-level access that the CIA had removed after his workplace disputes. The file matched the documents posted by WikiLeaks, the anti-secrecy organization, nearly a year later, according to the government.
The defense argued that the CIA’s computer network had weak passwords and widely known security vulnerabilities, and that it was possible other CIA employees or foreign adversaries had breached the system.
Schulte’s lawyers pointed to an internal CIA report commissioned after the WikiLeaks debacle that found the agency did not know the files had been stolen until a year later.
In particular, the defense zeroed in on a CIA employee identified only as Michael. On the night of the alleged theft, Michael and Schulte, who were close friends, left the office together, according to a government court filing.
The CIA placed Michael on administrative leave in August because he was not cooperating with the criminal investigation into the data theft and had declined to take a polygraph test.
But the government did not notify the defense about Michael’s employment status until six months later, the night before he took the stand at trial as a government witness.
Schulte’s lawyer, Sabrina Shroff, asked in her closing argument why prosecutors had “kept this information about Michael to themselves.”
“It shows their doubt about the case against Schulte,” she told jurors.
During deliberations, some of the notes sent by the jury signaled it was exploring alternate culprits who might have committed the theft.
The government had no direct proof that Schulte sent the files to WikiLeaks. Instead, prosecutors relied on circumstantial evidence. For instance, Schulte downloaded the same program onto his home computer that WikiLeaks recommends as a safe way to submit documents to the organization.
Prosecutors said that after stealing the documents and sending them to WikiLeaks, Schulte “nuked” his hard drive at home to erase any trace of his submission.
The trial provided a rare glimpse inside the top-secret cyberoperations of the CIA. Schulte was a coder in the agency’s Engineering Development Group, which builds tools that allow CIA officers to extract files from foreign computers without detection.
On the witness stand, CIA employees — who testified under pseudonyms or only first names — publicly acknowledged for the first time some of the hacking tools that had been developed by the agency.
“Foreign governments do not want us on their networks and would complain, to put it lightly, if they caught us doing this,” testified a CIA employee, who used the pseudonym Jeremy Weber.
Prosecutors were careful to avoid details about specific operations. During cross-examination, Shroff asked one CIA witness: “Do you recall a time when the CIA covertly tried to read Angela Merkel’s emails?” referring to the German chancellor.
The government objected, and the judge stopped the witness from answering.
The testimony revealed the scramble inside CIA headquarters when the files leaked. Sean Roche, a top CIA official at the time, said he got a call from another CIA director who was out of breath. “It was the equivalent of a digital Pearl Harbor,” he testified.
Schulte immediately became a suspect. His personnel file indicated a willingness to violate CIA policy, and his resignation letter accused the agency of “deep injustices and illegal behavior,” witnesses testified.
Much of the trial felt like a rehash of a workplace complaint gone horribly wrong. Schulte’s primary grievance was with another co-worker, identified only as Amol. Their group at the CIA, predominantly male coders, was known for shooting Nerf guns and playing pranks.
Days after the first WikiLeaks disclosure, Schulte was scheduled to fly to Mexico.
Federal agents approached Schulte as he was leaving work at Bloomberg and took him to a cafe near Grand Central Terminal in New York. Schulte gave them advice about finding the leaker. His hands trembled during the conversation, an FBI agent testified.
That night, Schulte stayed in a hotel room as FBI agents, who had a search warrant, seized large volumes of data from his apartment.
The defense argued that investigators were quick to scapegoat Schulte because he was an easy target; after all, he had antagonized virtually all of his co-workers at the CIA
Prosecutors showed jurors detailed notebooks that Schulte kept in jail while awaiting trial. His bail was revoked after he used the internet without the judge’s permission, in violation of court orders.
While in jail, Schulte obtained a contraband cellphone from another inmate and set up a Twitter account called @freejasonbourne, referring to the fictional CIA operative played by actor Matt Damon. He emailed reporters sensitive information about his case from an encrypted account, resulting in his conviction for contempt of court.
In one notebook, prosecutors showed Schulte wrote a to-do list for himself, including “delete suspicious emails.”
This article originally appeared in The New York Times.
© 2020 The New York Times Company