Category Archives: Cyber War

Iranian Regime Using Water as a Weapon and APT 33

Posted on by

The Iranian people have been protesting against the regime for quite some time and in some cases it has turned deadly, where military forces are firing on the protestors. What are the protests about? Their economy. Remember when the Obama White House gave Iran billions that apparently we owed from back debts and the regime was to use the money to infuse growth in the economy? Yeah, not so much. In fact the starving and unemployed citizens of Iran are demanding the regime get out of Syria and pay attention at home.

Related reading: Iran Calls for Calm After Water Protests, Clashes

Yet, water availability in Iran has been at a crisis point for a few years and getting worse.

Dozens of riot police on motorcycles faced off against farmers in the same town, Varzaneh, another video showed. Smoke swirled around the protesters and the person filming said tear gas was being fired. A second person reported clashes. Police in the city of Isfahan were not immediately available to comment.

“What’s called drought is more often the mismanagement of water,” said a journalist in Varzaneh, who asked not to be identified because of the sensitivity of the subject.

“And this lack of water has disrupted people’s income.”

Farmers accuse local politicians of allowing water to be diverted from their areas in return for bribes.

While the nationwide protests in December and January stemmed from anger over high prices and alleged corruption, in rural areas, lack of access to water was also a major cause, analysts say.

At least 25 people were killed and, according to one parliamentarian, up to 3,700 people were arrested, the biggest challenge yet for the government of president Hassan Rouhani, who was reelected last year. More here from Reuters.

Meanwhile, in Paris there are several Americans attending the annual National Council of Resistance of Iran (NCRI) – an umbrella bloc of opposition groups in exile that seek an end to Shi’ite Muslim clerical rule in Iran. There apparently was a bomb plot on Monday that was foiled, where an Iranian diplomat was arrested along with several others.

Since President Trump formally exited the JCPOA, the nuclear deal, Iran has some nefarious activities again in play and that includes hacking beyond punishing the Iranian citizens and bomb plots.

Since the 2009 Green Revolution in Iran, the Iranian Revolutionary Guard Corps has taken to hacking including by proxy.

The emergence of the Iranian Cyber Army (ICA) as an extension of the IRGC was an initial attempt by the Islamic Republic at conducting internationally focused operations. These operations were a departure from Gerdab’s focus on maintaining domestic moral values and defending government rhetoric. In 2011, the IRGC’s ICA formed the foundation of the Khaybar Center for Information Technology. According to a former IRGC cyber commander, the Khaybar Center was established in 2011 and has been linked to a number of attacks against the United States, Saudi Arabia, and Turkey.

Even today, the balance between ideology and cyber skills remains problematic. One example of the conflict between ideology and skill was Mohammad Hussein Tajik, a former cyber commander within the IRGC. According to Insikt Group’s source, Tajik’s father maintained a strong religious background and was a veteran of Iran’s ministry of intelligence. Yet Tajik was arrested and killed because the Iranian government feared that Tajik was not ideologically aligned and posed a betrayal and flight risk.

Today, based on ongoing contact between Insikt Group’s source and Iranian hackers, it is estimated that there are over 50 organizations vying for government-sponsored offensive cyber projects. Only the best teams succeed, are paid, and remain in business. The government does its best to compartmentalize — one job might be creating a remote code exploit (RCE) for a popular software application, while another job might be using the RCE and establishing persistent unauthorized access. Two different contractors (or more) are typically required to complete the government-defined objective.

Public knowledge has also established that Iranian academic institutions play a contractor-like role. Specific examples include Shahid Beheshti University (SBU) and the Imam Hossein University (IHU), which have comprehensive science and technology departments attracting some of the best academic talent in Iran. In fact, the SBU has a specific cyberspace research institute dedicated to such matters, and the IHU was founded by the IRGC.

For a full read on the report due to an interview with a previous Iranian hacker and significant research on state sponsored campaigns, go here.

Cyber security professionals in the United States have detected Iranian hackers breaking into defense contractors, aviation systems, energy companies, telecom operations and other tech companies in the United States. Iran is listed at APT 33, Advanced Persistent Threat and Saudi Arabia is just as vulnerable as the United States. In 2016, the Department of Justice indicted 7 Iranians on cyber attacks on dozens of U.S. banks, attempting to shut down the Bowman Avenue dam operation in New York and to disrupt other critical U.S. infrastructure sites. 45 major financial institutions were targeted including JP Morgan, Well Fargo and American Express. Read more detail here.

 

Question China and They Were Uninvited to RIMPAC

Posted on by

The U.S. Navy and allies are drilling in the Pacific Ocean as part of the massive Rim of the Pacific naval exercise. After years continuing to sail alongside China in RIMPAC, even as the peer competitor militarized man-made islands in the South China Sea, the U.S. decided enough is enough and rescinded the invitation. (Andrew Jarocki/Staff)

Twenty-six nations, 47 surface ships, five submarines, 18 national land forces, and more than 200 aircraft and 25,000 personnel will participate in the biennial Rim of the Pacific (RIMPAC) exercise scheduled June 27 to Aug. 2, in and around the Hawaiian Islands and Southern California. As the world’s largest international maritime exercise, RIMPAC provides a unique training opportunity designed to foster and sustain cooperative relationships that are critical to ensuring the safety of sea lanes and security on the world’s interconnected oceans. RIMPAC 2018 is the 26th exercise in the series that began in 1971. The theme of RIMPAC 2018 is “Capable, Adaptive, Partners.” Participating nations and forces will exercise a wide range of capabilities and demonstrate the inherent flexibility of maritime forces. These capabilities range from disaster relief and maritime security operations to sea control and complex warfighting. The relevant, realistic training program includes amphibious operations, gunnery, missile, anti-submarine and air defense exercises, as well as counter-piracy operations, mine clearance operations, explosive ordnance disposal, and diving and salvage operations. This year’s exercise includes forces from Australia, Brazil, Brunei, Canada, Chile, Colombia, France, Germany, India, Indonesia, Israel, Japan, Malaysia, Mexico, Netherlands, New Zealand, Peru, the Republic of Korea, the Republic of the Philippines, Singapore, Sri Lanka, Thailand, Tonga, the United Kingdom, the United States and Vietnam. This is the first time Brazil, Israel, Sri Lanka and Vietnam are participating in RIMPAC. Additional firsts include New Zealand serving as sea combat commander and Chile serving as combined force maritime component commander. This is the first time a non-founding RIMPAC nation (Chile) will hold a component commander leadership position. This year will also feature live firing of a Long Range Anti-Ship Missile (LRASM) from a U.S. Air Force aircraft, surface to ship missiles by the Japan Ground Self-Defense Force, and a Naval Strike Missile (NSM) from a launcher on the back of a Palletized Load System (PLS) by the U.S. Army. This marks the first time a land based unit will participate in the live fire event during RIMPAC. RIMPAC 18 will also include international band engagements and highlight fleet innovation during an Innovation Fair. Additionally, for the first time since RIMPAC 2002, U.S. 3rd Fleet’s Command Center will relocate from San Diego to Pearl Harbor to support command and control of all 3rd Fleet forces in 3rd Fleet’s area of responsibility to include forces operating forward in the Western Pacific. The Fleet Command Center will be established at a deployable joint command and control on Hospital Point for the first part of the exercise and then transition to USS Portland (LPD 27) for the remainder of the exercise. Hosted by Commander, U.S. Pacific Fleet, RIMPAC 2018 will be led by Commander, U.S. 3rd Fleet, Vice Adm. John D. Alexander, who will serve as combined task force (CTF) commander. Royal Canadian Navy Rear Adm. Bob Auchterlonie will serve as CTF deputy commander, and Japan Maritime Self-Defense Force Rear Adm. Hideyuki Oban as CTF vice commander. Fleet Marine Force will be led by U.S. Marine Corps Brig. Gen. Mark Hashimoto. Other key leaders of the multinational force will include Commodore Pablo Niemann of Armada de Chile, who will command the maritime component, and Air Commodore Craig Heap of the Royal Australian Air Force, who will command the air component. This robust constellation of allies and partners support sustained and favorable regional balances of power that safeguard security, prosperity and the free and open international order. RIMPAC 2018 contributes to the increased lethality, resiliency and agility needed by the joint and combined force to deter and defeat aggression by major powers across all domains and levels of conflict.

***

The location of the garrison, confirmed through satellite imagery here, can possibly support a brigade-sized intercontinental ballistic missile formation.

New Delhi: China has built a new garrison in its central Sichuan province for its intercontinental ballistic missiles (ICBM) which have the capacity to cover all of India, the Indian Ocean Region as well as large parts of continental America.

On 27 May, the 10th test of the Dongfeng-41 or DF-41 (East Wind-41) ICBM, with a reported range of 12,000-15,000 km, was conducted at the Taiyuan Space Launch Center in Shanxi province. China’s PLARF, or the People’s Liberation Army Rocket Force, formerly Second Artillery Corps (SAC), claimed it a success.

Vinayak Bhat/The Print

ThePrint has now identified a never-before revealed PLARF location, which may possibly be a DF-41 garrison, with the help of satellite imagery.

ThePrint had in April reported that PLARF had built a garrison in the southernmost Hainan province to store DF-31AG missile.

The location

This is the first time that the new Chinese garrison has been confirmed through satellite imagery (as of 7 May, 2018), although it has been covered by ground human intelligence before.

It is located 15 km east of Yibin town in Sichuan province, away from towns and cities but close to a highway to enable quick deployment. Construction is said to have begun three years ago.

The entire complex can possibly support a brigade-sized ballistic missile formation.

The ICBM is likely to be armed with 10 multiple independently targetable re-entry vehicle (MIRV) warheads each with 150kT yield.

Vinayak Bhat/The Print

This new garrison is typically built around a sports track with a football field in it. It also has two basketball grounds and an obstacle course adjoining the sports track.

There are two large highbay garages in the centre of the complex along with two smaller highway garages to the north of the facility. The smaller highbay garages were probably built for warhead assembly.

There are two locations where dugouts are observed. These could possibly be underground DES igloos.

Vinayak Bhat/The Print

There are about 15 triple storied C-shaped barracks, possibly for troops’ living accommodations.

Three large multi-storey buildings connected with each other could be administrative offices. A meteorological station with possible satellite link is also seen to the west side of the complex.

All buildings except central administrative buildings and high-bay garages are provided with slanted box gable roofs.

Vinayak Bhat/The Print

The entire garrison with its support buildings has a very high-walled security with four entrances. The main entrance is heavily guarded with around 200m approach under visual observation with the help of a large convex mirror.

It has typical layout of eight garages with six of them being interconnected. There are 30 smaller buildings (15 on either side of highbay garages) with different dimensions which are difficult to assess.

In the latest satellite image, a large tractor trailer of 22m is seen plying on the highway 400 metre south of the complex, suggesting that DF-41 truck erector launcher (TEL) of similar size can easily manoeuvre in this area.

The vehicle

 The DF-41 vehicle has most advanced technologies incorporated for the smooth ride of the missile. It is an eight-axle, 16-wheeled TEL with possibly a six-axle drive.

The steering mechanism of DF-41 TEL is very uniquely purposed to provide high-speed turning stability and smallest possible turning radius to the behemoth.

Power steering has been provided on the three-front steer axles and the rear three drive axles are probably mechanically coordinated with hydraulic power. Thus making the DF-41 TEL very easily manoeuvrable.

As for the 27 May ICBM test from the Taiyuan Space Launch Centre, it was first reported by Washington Free Beacon quoting Pentagon spokesman Marine Corps Lt. Col. Christopher Logan who said, “The US was aware of recent flight tests and we continue to monitor weapons development in China.”

The well-known defence magazine IHS Jane’s Defence Weekly claimed that after the latest launch, DF-41 had moved closer to commissioning and deployment. Chinese experts claim that DF-41 is the most advanced ICBM in the world.

New Citizenship Applications for Asgardia

Posted on by

For those that are as old as me may remember Ralph Cramden telling his wife Alice, to the moon. Well, that time is here. Except, Alice would be an Asgardian if she launched and landed on the moon. Send postcards when you can.

Space platform

Asgardia will be a fully fledged, independent nation inhabited on a low Earth orbit. It began with a satellite, Asgardia-1, that was launched in 2017, to be followed by an orbital satellite constellation launch in 2019-2020, and later by other satellite constellations and Space Arks, as well as by settlements on the Moon.

Who will be your leader? Well there is one already. And there is a Constitution.

There are already citizens. Asgardia Nation Citizens 203,865 Residents 218,396

Click here to see where they are from.

There is also an anthem for Asgardia.

FIRST IN HISTORY INAUGURATION OF THE HEAD OF THE FIRST SPACE NATION ASGARDIA

Asgardia’s first Head of Nation, Dr Igor Ashurbeyli, was inaugurated on the 25th of June at the Hofburg Palace with guests from over 40 countries from across the world.

In attendance were ambassadors of more than 10 countries, representatives of a number of major public organizations affiliated with UN structures, newly elected Asgardian Members of Parliament, astronauts, space industry managers, scientists, international lawyers, and media from all over the world.

Taking part in the ceremony was the Chairman of Parliament, Lembit Öpik, a former leader of the Welsh Assembly and Member of the British Parliament. The Head of the Supreme Court, Dr Yun Zhao, also took part—a well-known lawyer in the field of space law, a professor at Hong Kong University and a member of a number of arbitration courts.

After taking his oath of office, Dr Ashurbeyli announced that, within the next 25 years, Asgardia will have habitable space stations and stationary settlements on the Moon equipped with artificial gravity and protection from cosmic radiation which will effectively enable permanent human habitation in space. In the coming months, he also announced that Asgardia’s first Government administration will be formed, during which time a Cabinet of Ministers will be appointed, alongside the formation of the Prosecutor General’s Office, the National Audit Office and the Supreme Space Council.

Why Become an Asgardian

Shape the Future of Space LawLet your voice be heard! Join our discussion on a new legal platform for the exploration of space. Be part of the movement that will define the future of humanity’s off-planet expansion.

Connect with Forward – Thinking People

Our community is the perfect place to network and brainstorm with innovators, engineers, scientists, business people and investors. Asgardians can transform a dream into reality.

Protect Our Planet and Future Generations

Faced with threats such as sun storms and potentially dangerous asteroids, we need to prioritise our collective efforts to protect the Earth. Help us accelerate this process and find solutions.

 

Hey China, the U.S. Should Include the Cost of Espionage in Trade Deficit

Posted on by

Let’s begin here: FOR IMMEDIATE RELEASE

Thursday, June 21, 2018

Chinese National Arrested for Conspiring to Illegally Export U.S. Origin Goods Used in Anti-Submarine Warfare to China

Defendant allegedly illegally exported devices used to detect and monitor sound underwater

BOSTON – A Chinese national was arrested today and charged in connection with violating export laws by conspiring with employees of an entity affiliated with the People’s Liberation Army (PLA) to illegally export U.S. origin goods to China, as well as making false statements to obtain a visa to enter the United States and to become a lawful permanent resident under the EB-5 Immigrant Investor Visa Program.

Shuren Qin, 41, a Chinese national residing in Wellesley, Mass., was charged in a criminal complaint with one count of visa fraud and one count of conspiring to commit violations of U.S. export regulations. Qin was arrested today and will appear in federal court in Boston on June 22, 2018.

According to charging documents, Qin was born in the People’s Republic of China and became a lawful permanent resident of the United States in 2014. Qin operates several companies in China, which purport to import U.S. and European goods with applications in underwater or marine technologies into China.  It is alleged that Qin was in communication with and/or receiving taskings from entities affiliated with the PLA, including the Northwestern Polytechnical University (NWPU), a Chinese military research institute, to obtain items used for anti-submarine warfare. (..)

LCS Mission Packages: The Basics - USNI News photo

Okay, how about this one?

The submarine contractor breach, recently reported by the Washington Post, reflects this intense focus on bridging any technological advantage the US may have. It involved attacks in January and February that nabbed important data, albeit from an unclassified network. When taken together, though, the information would have amounted to a valuable snapshot of US cutting edge underwater weapons development, plus details on a number of related digital and mechanical systems.

The attack fits into a known pattern of Chinese hacking initiatives. “China will continue to use cyberespionage and bolster cyberattack capabilities to support [its] national security priorities,” US director of national intelligence Daniel Coats wrote in a February threat report. “The [Intelligence Community] and private-sector security experts continue to identify ongoing cyberactivity from China…Most detected Chinese cyberoperations against US private industry are focused on cleared defense contractors or IT and communications firms.”

This week, analysts from Symantec also published research on a series of attacks in the same category from November 2017 to April from a hacking group dubbed Thrip. Though Symantec does not go so far as to identify Thrip as Chinese state-sponsored hackers, it reports “with high confidence” that Thrip attacks trace back to computers inside the country. The group, which Symantec has tracked since 2013, has evolved to hide in plain site by mostly using prefab malware to infiltrate networks and then manipulating administrative controls and other legitimate system tools to bore deeper without setting off alarms. All of these off-the-shelf hacking tools and techniques have made Thrip harder to identify and track—which is likely the idea—but Symantec started to notice patterns in their anomaly detection scanners that ultimately gave these attacks away, and led the researchers to a unique backdoor that implicated Thrip.

The researchers found evidence of intrusions at some southeast Asian telecom firms, a US geospatial imagery company, a couple of private satellite companies including one from the US, and a US defense contractor. The breaches were all deliberate and targeted, and in the case of the satellite firms the hackers moved all the way through to reach the control systems of actual orbiting satellites, where they could have impacted a satellite’s trajectory or disrupted data flow. More here from Wired.

As if that is not enough to begin charging China, how about this?

U.S. military pilots flying aircraft over the East China Sea have been targeted by blinding laser attacks more than 20 times over the last 10 months, U.S. officials told The Japan Times, after a number of similar attacks in East Africa that the Pentagon has said Chinese military personnel were behind.

The U.S. Indo-Pacific Command said the attacks in the waterway, where the Chinese military has bolstered its operations, were first reported last September. The incidents were believed to have come from a range of sources, “both ashore and from fishing vessels,” spokeswoman Maj. Cassandra Gesecki said.

Indo-Pacific Command said it would not go into specifics about the incidents, but media reports quoting unidentified U.S. officials said some of the fishing boats were Chinese-flagged vessels. Officials wouldn’t definitively confirm that Chinese personnel were behind all of the incidents.

Beijing operates a “maritime militia” of Chinese fishing boats, which it trains and subsidizes with sophisticated gear such as GPS equipment. Such vessels have played an important role in China asserting its various territorial claims in the East and South China Seas.

Chinese personnel at the country’s first overseas military base in Djibouti had been using lasers to interfere with U.S. military aircraft at a nearby American base, activity that has resulted in injuries to U.S. pilots and prompted the U.S. to launch a formal diplomatic protest with Beijing.

However, unlike the Djibouti incidents, where military-grade lasers had been employed in some cases, the East China Sea incidents involved smaller, commercial-grade laser pointers popularly known as “cat grade” lasers because pet owners have known to use to play with their animals. Even so, these types of lasers have been known to temporarily blind pilots and, in some cases, cause eye damage.

“In light of these recent incidents, units operating in the area are conducting an assessment of their laser eye protection equipment,” Gesecki said.

While Chinese fishing vessels have long operated in the East China Sea, the country’s military has embarked on a military modernization program heavily promoted by President Xi Jinping, who has overseen a shift in focus toward creating a more potent fighting force. This has included projects such as building a second aircraft carrier, integrating stealth fighters into the air force and fielding an array of advanced missiles that can strike air and sea targets from long distances.

In a demonstration of its continued push to refine its power-projection capabilities and push further into the Western Pacific Ocean, the Chinese military in April conducted drills in the Pacific with its sole operating aircraft carrier.

The East China Sea is home to a long-running dispute between China and Japan over the Senkaku Islands, which are controlled by Japan but also claimed by China, which calls them the Diaoyu. Japanese defense chief Itsunori Onodera said in April that Chinese activity — including naval and coast guard patrols in the waters — “has expanded and accelerated” in recent years as it seeks to assert its territorial claims.

But the activity goes beyond military.

Beijing has also used its maritime militia to hassle Japanese fishermen and the Japan Coast Guard in a bid to better enforce its claims in the East China Sea, experts say.

If the Chinese military is not directly involved in the laser incidents, it could be directing — at some level — the maritime militia to target U.S. pilots.

Although the U.S. has not taking a position on the sovereignty of the Senkakus, it has repeatedly said that they fall under its treaty obligations to defend Japan’s territory if it is attacked.

In closing, remember:

On May 23, the US State Department announced that one embassy worker in Guangzhou experienced “subtle and vague, but abnormal, sensations of sound and pressure” before being diagnosed with symptoms similar to those found in the diplomatic personnel that were in Cuba, including mild traumatic brain injury.

The New York Times reported Wednesday that at least two more Americans in Guangzhou have experienced similar phenomena and also fallen ill. One of those embassy workers told the Times that he and his wife had heard mysterious sounds and experienced strange headaches and sleeplessness while in their apartment.

After the evacuation of the first diplomatic employee from Guangzhou was announced, the State Department issued a health alert via the US Consulate in Guangzhou telling people that “if you experience any unusual acute auditory or sensory phenomena accompanied by unusual sounds or piercing noises, do not attempt to locate their source. Instead, move to a location where the sounds are not present.”

On June 5, the office of US Secretary of State Mike Pompeo announced the establishment of a task force meant to respond to these mysterious incidents, which some have called “sonic attacks.” More here.

Former CIA Engineer Charged with Giving Hacking Tools to WikiLeaks

Posted on by

Ex-CIA engineer charged with massive leak to WikiLeaks

A former CIA computer engineer has been indicted on charges he masterminded what appears to be the largest leak of classified information in the spy agency’s history.

Joshua Schulte, 29, was charged in a new grand jury indictment with providing WikiLeaks with a massive trove of U.S. government hacking tools that the online publisher posted in March 2017, the Justice Department announced on Monday.

Schulte was previously facing child pornography charges in federal court in New York, but the indictment broadens the case to accuse him of illegally gathering classified information, damaging CIA computers, lying to investigators and numerous other offenses.

In January, attorneys involved in the child porn case revealed in court that Schulte was the target of a major investigation into WikiLeaks’ release of a CIA collection known as “Vault 7.”

The Justice Department’snews release announcing Schulte’s indictment does not mention WikiLeaks by name, signaling that it has not been charged in the case. There was no mention of any other individuals being charged.

Attorneys for Schulte did not immediately respond to requests for comment.

The new charges make Schulte the fourth individual to face charges related to classified leaks since President Donald Trump took office and vowed a crackdown on leaks.

Last June, a National Security Agency contractor, Reality Winner, was arrested on charges of leaking to the online publication The Intercept a top secret report on the techniques that Russian government agents allegedly used to target computers of state election officials. She has pleaded not guilty and has been held without bail. Her trial is set for October.

In March, an FBI agent based in Minneapolis, Terry Albury, was charged with a leak to The Intercept of the FBI’s procedures for handling informants. He was also accused of retaining classified information at his home. He pleaded guilty to both charges and is free awaiting sentencing.

Earlier this month, the longtime head of security for the Senate Intelligence Committee, James Wolfe, was indicted on three felony counts of lying during the course of an FBI investigation into unauthorized disclosures of classified information. He was not charged with any leaks, but the indictment contends that he provided confidential committee information to at least one reporter. Wolfe pleaded not guilty to the charges last week. No trial date has been set.

Joshua Schulte named as suspect in 'Vault 7' leak of CIA ... photo

Criminal complaint found here.

*** More background detail:

Joshua Adam Schulte, the former CIA worker suspected of passing the agency’s hacking secrets to WikiLeaks, previously posted the source code for an internal CIA tool to his account on the public code-sharing site GitHub, The Daily Beast has learned.

That potential red flag was apparently missed by the spy agency just months after Edward Snowden walked out of the National Security Agency with a thumb drive of secrets in 2013. A spokesman for the CIA declined to comment.

Schulte, 29, worked at the CIA from 2010 to 2016. He was raided by the FBI on March 23, 2017, roughly two weeks after Julian Assange began releasing 8,000 CIA files under the rubric “Vault 7.” The files had been copied from an internal agency wiki sometime in 2016, and contained documentation and some source code for the hacking tools used by the CIA’s intrusion teams when conducting foreign surveillance.

When FBI agents examined Schulte’s hard drive, they found only a single classified document, but allegedly turned up 10,000 images of child pornography. Today Schulte is being held in a federal holding facility in Manhattan on one count each of possessing, receiving, and transporting child porn. He has not been charged with the Vault 7 leak, but, in January the FBI was still investigating him as the suspect.

Until now it’s been unclear how the FBI became suspicious of Schulte in the first place. In a statement to The Washington Post, which broke the story of the arrest, Schulte said the bureau went after him because he’d reported managerial incompetence to the CIA’s inspector general and then left the agency in 2016. “Due to these unfortunate coincidences, the FBI ultimately made the snap judgment that I was guilty of the leaks and targeted me.”

Prosecutor Matthew Larouch said at a January court appearance that “the government immediately had enough evidence to establish that [Schulte] was a target of that investigation,” but didn’t elaborate on the evidence.

Schulte has hosted 11 of his own coding projects on GitHub over the years. In the fall of 2013, he uploaded a robust software development tool he’d developed called OSB Project Wizard, described this way: “Create all types of projects following OSB build guidelines.” The OSB abbreviation went unexplained.