On Wednesday, a jury in New York convicted ex-Central Intelligence Agency engineer Joshua Schulte on all nine charges he faced (as first reported by @InnerCityPress) as a result of the single largest leak in agency history. Dubbed Vault 7, the files and information shared by WikiLeaks in 2017 exposed a trove of tactics and exploits the CIA used to hack its targets’ computers, iPhones or Android phones, and even Samsung smart TVs.
CIA spokesperson Tammy Thorp said in a statement given to The Verge, “Today’s verdict affirms that maintaining the security of our nation’s cyber capabilities is of the utmost importance. It’s critical to the security of the American people, and it’s critical to our advantage against adversaries abroad. As set forth in the trial, unauthorized disclosures not only jeopardize US personnel and operations, but also equip our adversaries with tools and information to do us harm.”
Schulte, the subject of a lengthy profile in the New Yorker that described him as “abrasive” and then went into far worse details, was arrested in 2018, initially charged with possession of child pornography, and has been in jail ever since.
The article details Operations Support Branch (OSB), where Schulte worked and reportedly built hacking tools by quickly turning prototypes into actual exploits that could monitor or steal information from the targeted person’s devices. It reports that investigators obtained evidence against Schulte through his own lapses in personal security, like storing passwords on his phone that could be used to access his encrypted storage.
It even goes into the trouble investigators had obtaining the Vault 7 documents — they remained classified despite being leaked and publicly available on the internet, leading FBI officials to download the cache over Wi-Fi at a Starbucks to a freshly purchased laptop that immediately became officially classified, stored in a supervisor’s office, and only accessible with Top Secret clearance.
Additional charges accusing him directly of stealing classified national defense information and sending it to WikiLeaks were filed later. In 2020, the government’s first attempt at prosecuting Schulte ended in a mistrial as a jury convicted him on contempt of court charges as well as lying to FBI investigators but couldn’t agree on the rest.
That spurred the second trial that just ended, where Schulte opted to represent himself. The charges he was convicted on are all specifically related to gathering, stealing, and transmitting classified information and obstruction of justice for lying to investigators about it. He has not yet been sentenced, pending the resolution of the other charges he still faces for possessing and transporting child pornography.
The Associated Press reports prosecutors argued that after feeling ignored and disrespected over his complaints about the work environment, Schulte took revenge on the CIA by stealing and leaking the same exploits he’d been a part of creating. In his defense, Schulte argued unsuccessfully that he was being used as a scapegoat for the government’s failure to protect dangerous hacking tools. There is some evidence to support that argument, as The Washington Post reported in 2020 that an internal investigation by the CIA’s WikiLeaks Task Force found security in the unit was “woefully lax,” with users sharing admin-level passwords and a lack of controls over access to historical data or the use of removable USB thumb drives, and this was years after the Snowden leaks. Schulte claimed there was no reasonable motive established and that hundreds of people had access to the information who could’ve been behind the leaks.
In a statement released after the verdict, US Attorney for the Southern District of New York Damian Williams said, “When Schulte began to harbor resentment toward the CIA, he covertly collected those tools and provided them to WikiLeaks, making some of our most critical intelligence tools known to the public – and therefore, our adversaries.” His statement ended by saying, “Schulte has been convicted for one of the most brazen and damaging acts of espionage in American history.”