US Identifies Suspect in Leak of CIA Hacking Tools
The U.S. government has identified a suspect in the leak last year of a large portion of the CIA’s computer hacking arsenal, the cyber tools the agency had used to conduct espionage operations overseas, according to interviews and public documents.
But despite months of investigation, prosecutors have been unable to bring charges against the man, who is a former CIA employee currently being held in a Manhattan jail on unrelated charges.
Joshua Adam Schulte, who worked for a CIA group that designs computer code to spy on foreign adversaries, is believed to have provided the agency’s top-secret information to WikiLeaks, federal prosecutors acknowledged in a hearing in January. The anti-secrecy group published the code under the label “Vault 7” in March 2017. It was one of the most significant and potentially damaging leaks in the CIA’s history, exposing secret cyber weapons and spying techniques that also might be used against the United States, according to current and former intelligence officials.
Schulte’s connection to the leak investigation hasn’t been previously reported.
Federal authorities searched Schulte’s apartment in New York last year and obtained a personal computer equipment, notebooks, and hand-written notes according to a copy of the search warrant reviewed by The Washington Post. But that failed to provide the evidence that prosecutors needed to indict Schulte with illegally giving the information to WikiLeaks.
“Those search warrants haven’t yielded anything that is consistent with [Schulte’s] involvement in that disclosure,” Matthew Laroche, an assistant U.S. attorney in the Southern District of New York, said at a hearing on Jan. 8, according to a court transcript.
Laroche said at the time that the investigation “is ongoing,” and that Schulte “remains a target of that investigation.”
Part of that investigation, Laroche said, was analyzing whether a technology known as TOR, which allows Internet users to hide their location, “was used in transmitting classified information.”
In other hearings in Schulte’s case, prosecutors have alleged that he used TOR at his New York apartment, but they have provided as yet no evidence that he did so in order to disclose classified information. Schulte’s attorneys have said that TOR is used for all kinds of communications and have maintained that he played no role in the Vault 7 leaks.
Schulte is currently in a Manhattan jail on charges of possessing, receiving, and transporting child pornography, according to an indictment filed last September. He has pleaded not guilty.
A former federal prosecutor, who is not connected to the case, said that it’s not unusual to hold a suspect in one crime on unrelated charges, and that the months Schulte has spent in jail doesn’t necessarily mean the government’s case has hit a wall. The former prosecutor, who spoke on the condition of anonymity to discuss an open investigation, also said that if government lawyers acknowledged in a public hearing that Schulte was a target, they probably believe he acted alone.
In documents, prosecutors allege that they found a large cache of child pornography on a server that was maintained by Schulte. But he has argued that anywhere from 50 to 100 people had access to that server, which Schulte, now 29, designed several years ago in order to share movies and other digital files.
Schulte worked in the CIA’s Engineering Development Group, which produced the computer code, according to sources with knowledge of his employment history as well as the group’s role in developing cyber weapons.
At the time of the leak, people who had worked with that group said that suspicion had mainly focused on contractors, not full-time CIA employees like Schulte. It’s not clear whether the government is pursuing contractors as part of the leak investigation, but prosecutors haven’t mentioned anyone other than Schulte in court proceedings.
Schulte, who also worked for the National Security Agency before joining the CIA, left the intelligence community in 2016 and took a job in the private sector, according to a lengthy statement he wrote that was reviewed by the Post.
The CIA declined to comment.
Schulte said in the statement that he joined the intelligence community to fulfill what he saw as a patriotic duty to respond to the Sept. 11, 2001, attacks.
Schulte also claimed that he reported “incompetent management and bureaucracy” at the CIA to both that agency’s inspector general as well as a congressional oversight committee. That painted him as a disgruntled employee, he said, and when he left the CIA in 2016, suspicion fell upon him as “the only one to have recently departed [the CIA engineering group] on poor terms,” Schulte wrote.
Schulte said he had also been planning a vacation with his brother to Cancun, which may have given the appearance that he was trying to flee the country.
“Due to these unfortunate coincidences the FBI ultimately made the snap judgment that I was guilty of the leaks and targeted me,” Schulte said.
Schulte, who has launched a webpage to raise money for his defense, claims that he initially provided assistance to the FBI’s investigation. Following the search of his apartment in March 2017, prosecutors waited six months to bring the child pornography charges.