Federal investigators believe a man who once worked for the U.S. Central Intelligence Agency is responsible for last year's massive leak of Top Secret CIA hacking tools, court documents reveal.
The suspect has been named as Joshua Adam Schulte, 29, who lived in New York, and is now in federal jail in Manhattan--not for the hack, but on child pornography charges.
Chat log found on Joshua Schulte's computer - feds say he's discussing how to keep child porn secret. I'm more interested in the CIA coder's comment about how encryption can be broken. Feds didn't need to break the encryption on his computer. They found password on his cellphone pic.twitter.com/eoRuQAnPhm— Kim Zetter (@KimZetter) May 15, 2018
The government has filed no charges against Schulte in connection with the CIA leak. It's not clear why.
In court, Schulte's lawyer Jacob Kaplan said the FBI suspects his client was behind the leak of some 8,000 CIA documents to WikiLeaks in March, 2017.
"The FBI believed that Mr. Schulte was involved in that leak," said Kaplan, according to a transcript of a Jan. 8, 2018 hearing published by NBC News.
"As part of their investigation, they obtained numerous search warrants for Mr. Schulte's phone, for his computers, and other items, in order to establish the connection between Mr. Schulte and the WikiLeaks leak."
Shane Harris at the Washington Post, which where today's news on this story broke:
Joshua Adam Schulte, who worked for a CIA group that designs computer code to spy on foreign adversaries, is believed to have provided the agency’s top-secret information to WikiLeaks, federal prosecutors acknowledged in a hearing in January. The anti-secrecy group published the code under the label “Vault 7” in March 2017.
It was one of the most significant leaks in the CIA’s history, exposing secret cyberweapons and spying techniques that might be used against the United States, according to current and former intelligence officials. Some argued that the Vault 7 disclosures could cause more damage to American intelligence efforts than those by former National Security Agency contractor Edward Snowden. He revealed extraordinary details about the capabilities of the United States to spy on computers and phones around the world, but the Vault 7 leaks showed how such spying is actually done, the current and former officials argued.
Schulte’s connection to the leak investigation has not been previously reported.
A man who identified himself to NBC News as Schulte's brother Jason told a reporter that "what the government is doing to him is wrong. They are screwing him over."
Court papers quote messages from Mr. Schulte that suggest he was aware of the encrypted images of children being molested by adults on his computer, though he advised one user, “Just don’t put anything too illegal on there.”
In September, Mr. Schulte was released on the condition that he not leave New York City, where he lived with a cousin, and keep off computers. He was jailed in December after prosecutors found evidence that he had violated those rules, and he has been held at the Metropolitan Correctional Center in Manhattan since then. He has posted on Facebook under a pseudonym a series of essays critical of the criminal justice system.
It is unclear why, more than a year after he was arrested, he has not been charged or cleared in connection with Vault 7.
And a series of observations on the case from Wired News reporter Kim Zetter:
WikiLeaks published Vault 7 leaks from the CIA in March 2017. Joshua Schulte, the former CIA worker whom the WaPo says is suspected of leaking the docs to WikiLeaks, left CIA in Nov. 2016. WaPo story says search of Schulte's apt and computer uncovered no evidence of leaks pic.twitter.com/x0fnpzKyge— Kim Zetter (@KimZetter) May 15, 2018
To recap: Schulte is labeled disgruntled worker by CIA after filing report about incompetence at CIA. Feds search his computer/home, find no evidence of leaks but do find child porn on server he hosted for file trading (common for file-trading servers) https://t.co/0TyXQ8Y7yj https://t.co/hT8kTf8ooa— Kim Zetter (@KimZetter) May 15, 2018
When WikiLeaks published Vault 7 CIA leaks, they wrote "The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive." Schulte wasn't a contractor— Kim Zetter (@KimZetter) May 15, 2018
Schulte, according to the WaPo, was technically a former CIA hacker. He was a coder who worked for a CIA group that designed the agency's digital spy tools. If Schulte is the WL source, WL didn't do him any favors by describing the leaker as a former gov hacker. https://t.co/iBtKrIyl9g— Kim Zetter (@KimZetter) May 15, 2018
WikiLeaks published the Vault 7 CIA leaks on March 7. According to court documents filed in the case against Joshua Schulte (the former CIA employee) the feds got a search warrant for his home on March 13— Kim Zetter (@KimZetter) May 15, 2018
On or about March 15, 2017, members of FBI searched the Residence. During the course of that search, law enforcement officers recovered, among other things, multiple computers, servers, and other portable electronic storage devices, including SCHULTE's personal desktop computer https://t.co/X610rzId0M— Kim Zetter (@KimZetter) May 15, 2018
During the course of reviewing the Desktop Computer, CACS agents encountered a volume of files in an encrypted container, approximately 54 GB in size (the "Encrypted Container") https://t.co/WX5aPDtk0z— Kim Zetter (@KimZetter) May 15, 2018
The feds were able to "defeat the encryption used to protect the Encrypted Container by entering passwords recovered from a cellular telephone belonging to JOSHUA ADAM SCHULTE" https://t.co/J5l46rrpDJ— Kim Zetter (@KimZetter) May 15, 2018
They found more than 10,000 files, images and videos,... organized in folders, some of which are titled "downloads," "new," "kids," "old," "other," and "young" "13yo in bath" and "llyr old" that also contain child pornography. https://t.co/p39RDSEYC0— Kim Zetter (@KimZetter) May 15, 2018
Sorry, I'm not going to post the court document for the Joshua Schulte case -- it's too graphic in describing the child porn the feds found.— Kim Zetter (@KimZetter) May 15, 2018
When the feds searched Schulte's cell phone they found "various passwords that had been input by the user of the Cellphone to, for example, access the phone, applications on the phone, and/or certain websites" https://t.co/p39RDSEYC0— Kim Zetter (@KimZetter) May 15, 2018
Our IP Address: