Federal authorities have identified a suspect behind last years Vault 7 leak of Central Intelligence Agency hacking tools. The trove published to WikiLeaks included exploits and documents for infecting iPhones, Wi-Fi routers, and Cisco Switches, and it represented the biggest-known loss of classified information in CIA history.
According to articles posted by The Washington Post and The New York Times, the suspect is 29-year-old Joshua A. Schulte. FBI agents reportedly searched his Manhattan home a week after the WikiLeaks published its first Vault 7 dispatch in March 2017. A transcript of a court hearing this past January indicates that agents seized phones, computers, and unspecified "top secret government information." According to the transcript, the evidence immediately made Schulte a target in the leak investigation.
For reasons that are still unknown, Schulte hasnt been charged in the case despite being arrested more than a year ago. Instead, authorities charged him in August with possessing and transporting child pornography. He has pleaded not guilty in that case. His attorneys have also denied he had any involvement in the Vault 7 leak.
A major problem
With more than 8,000 CIA documents published to date, according to a defense attorney at the January hearing, the Vault 7 series came as a major embarrassment to US intelligence officials. In March 2017, the officials were already smarting from an unprecedented leak of National Security Agency software exploits seven months earlier by a mysterious group calling itself the Shadow Brokers.
On the whole, the Vault 7 disclosures are less damaging than their Shadow Brokers counterparts because the WikiLeaks dispatches havent included potent source code that could be repurposed. Still, the leak underscored the major problem US intelligence officials were having in securing their arsenal of hacking tools. The leak also led to security researchers finding cases of the tools actively infecting governments and companies since at least 2011.
Schulte's LinkedIn profile shows that he worked as a systems engineer at the NSA for four months before taking a job as a software engineer in 2010 at the CIA, where he worked for six years. The profile shows he took a job at Bloomberg in November 2016.
The child pornography charges, according to the NYT, stem from material investigators found on a server Schulte created as a business in 2009 while he was a student at the University of Texas. The hearing transcript also shows investigators found more than 10,000 images of child pornography on his computer, which was set up with several layers of encryption. The NYT said that court papers quote messages that suggest Schulte knew of encrypted images on his computer showing children being molested by adults. Still, the article said, Schulte advised one user, “Just dont put anything too illegal on there.”
In a statement read by WaPo, Shulte said he joined the CIA to fulfill a patriotic mission to respond to the September 11 attacks of 2001. The statement said he later reported “incompetent management and bureaucracy” at the CIA to the agencys inspector general and a congressional oversight committee. The reports cast him as a disgruntled employee, and when he left the CIA in 2016, suspicion fell upon him as “the only one to have recently departed [the CIA engineering group] on poor terms,” the WaPo reported, citing the Schulte statement.
Why prosecutors havent filed charges against Schulte remains unclear. The transcript quotes a prosecutor saying that, once investigators searched Shultes home, they “immediately had enough evidence to establish that he was a target of that [Vault 7] investigation.”
Defense attorneys, the NYT said, have asked the court to “impose a deadline on any charges that the government seeks to bring under the Espionage Act for supplying the secret CIA files to WikiLeaks.” Prosecutors, meanwhile, said in court last week that they plan to file a new indictment in the next 45 days.