Ex-CIA man fingered as prime suspect in Vault 7 spy tool manuals leak

Report claims former intel worker believed to be behind data dump

15 Reg comments Got Tips?

A former CIA employee has been named as the prime suspect behind last year's leak of thousands of top-secret documents on the agency's hacking practices.

According to the Washington Post, court documents name Joshua Adam Schulte as the person authorities believe to be behind the massive Vault 7 online dump of CIA internal documents and manuals.

Transcripts [PDF] from an investigation contain multiple references to search warrants related to the Vault 7 case.


WikiLeaks doc dump reveals CIA tools for infecting air-gapped PCs


"In March of 2016, there was a significant disclosure of classified material from the Central Intelligence Agency. The material that was taken was taken during a time when the defendant was working at the agency," prosecuting attorney Matthew Laroche is quoted as saying.

"The government immediately had enough evidence to establish that he was a target of that investigation. They conducted a number of search warrants on the defendant's residence."

Another January transcript [PDF] made public also notes that attorneys were discussing "national security evidence that might be present in the case."

Here's where things get tricky: the government says it does not have enough evidence to charge Schulte with the leak. However, he is facing unrelated charges in the New York Southern District court for possession and distribution of child abuse images.

He has plead not guilty to the charges.

The report says that, while the government thinks Schulte was the one who handed the cache of documents over to WikiLeaks, they do not currently have enough evidence to bring charges. Rather, he is being charged with operating a server that contained a 54GB container of child abuse content (we're not going to label it as 'pornography' out of respect for adult entertainment performers).

Schulte's lawyers have argued that he simply ran a public server and had no idea as to the contents of the encrypted container. Interestingly, court transcripts show that Schulte's team has offered his work with the CIA, and the rigorous screenings that come with it, as arguments in his defense.

According to the report, Schulte worked for the the CIA's engineering development group until 2016, a position that would have given him access to the thousands of agency documents that were handed over to WikiLeaks in 2017.

That cache would eventually be disclosed as the "Vault 7" data dump. While it was embarrassing for the CIA to lose so many documents, the dump itself provided little in the way of juicy intel: mostly it just showed that, yes, the CIA engages in covert intelligence operations.

Most notably, the dump included details on hacking tools the agency used to compromise Windows, MacOS and iOS devices. ®


Keep Reading

The 'IoT' in Microsoft IoT Hub means Internet of Trying-to-kill-off-whiffy-crypto-protocol: TLS 1.0/1.1 spared axe again

Stay of execution granted after customer 'feedback'

Broadcom sends its England-based staff back into office as UK lockdown eases – though Welsh workers get a free pass

'Split-shift model' to safely help 'critical infrastructure workforce' do its thing

If you're despairing at staff sharing admin passwords, look on the bright side. That's CIA-grade security

Internal report confirms what we all feared: Lax controls led to WikiLeaks Vault 7 hack tools blab

If there's something strange in Symantec's neighborhood, who you gonna call? Not Broadcom, it seems: Systems go down, cut off customers

And now back on their feet after global two-hour wobble

Internet of Tardiness: Microsoft puts on a brave face as IoT boat prepares to set sail

Build Lots of previews and coming-soons, but is it too little, too late?

Caltech takes billion-dollar bite out of Apple, Broadcom for using its patented Wi-Fi tech without paying a penny

Knock knock knock: Give us the money! Knock knock knock: Give us the money!

First it was toilet paper. Then pasta. Now Broadcom suspects hoarders are behind its surprisingly good-looking Q2 sales

But warns things probably aren’t great long term, which HPE has just done too

Accenture pays for CSS injection from Symantec parent Broadcom: Yep, it bought its cybersecurity services arm

Price tag undisclosed but we're guessing it won't have made seller rich

Biting the hand that feeds IT © 1998–2020