Skip to main content

Suspect Named in Leak of ‘Vault 7’ and Top-Secret CIA Hacking Tools


Joshua Schulte CIA leak Vault 7 photo

A former CIA employee has been named as a suspect in the 2017 leak of the so-called “Vault 7,” which contained information about secret CIA cyber weapons, hacking tools and spying techniques. It was leaked on WikiLeaks.

The suspect was named as Joshua Adam Schulte.

Schulte has been under investigation for months but prosecutors have not charged him. He is currently jailed in Manhattan on unrelated charges of possessing, receiving and transporting child pornography, the Washington Post reported. He has pleaded not guilty.

Schulte’s apartment was raided last year for his computer and notes, but authorities came up empty-handed as far as smoking gun evidence of leaking “Vault 7.”

Assistant U.S. attorney at the Southern District of New York (SDNY), Matthew Laroche, has been on the case and he said Schulte “remains a target” of an ongoing investigation into whether he used TOR to anonymously disclose classified information.

Schulte is currently jailed on child pornography charges. Authorities allegedly found evidence of child pornography on a server Schulte possessed, a server 50 to 100 people were able to access. Schulte created the server years ago.

A source with knowledge of what Schulte did at the CIA told the Washington Post he coded for the Engineering Development Group (EDG), a group involved in the development of cyber weapons.

Schulte commented that he wanted to serve his country after 9/11 and did so during his time at the CIA.

He said suspicion of him is based in his report of “incompetent management and bureaucracy [at the CIA]” and the fact that he appeared to be the “only one to have recently departed [EDG] on poor terms.” He also said a coincidentally planned vacation with his brother made authorities wrongly believe he was fleeing the country.

“Due to these unfortunate coincidences the FBI ultimately made the snap judgment that I was guilty of the leaks and targeted me,” he said.

The tweet below links to a LinkedIn profile of Joshua Adam Schulte. The profile shows that Schulte has been working at Bloomberg LP as a senior software engineer since Nov. 2016.

Before that, the profile says, he was employed by the CIA as a software engineer from May 2010-Nov. 2016.

On March 7, 2017, WikiLeaks said in a press released that it had obtained a “new series of leaks on the U.S. Central Intelligence Agency” that was “[c]ode-named ‘Vault 7.'”

“[I]t is the largest ever publication of confidential documents on the agency,” WikiLeaks declared.

Here’s what WikiLeaks said about the information it received from a “former U.S. government hacker”:

The first full part of the series, “Year Zero”, comprises 8,761 documents and files from an isolated, high-security network situated inside the CIA’s Center for Cyber Intelligence in Langley, Virgina. It follows an introductory disclosure last month of CIA targeting French political parties and candidates in the lead up to the 2012 presidential election.

Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized “zero day” exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.

The release went on to say that “Year Zero” included information on CIA abilities weaponize its hacking program against iPhones, Google’s Android and Microsoft’s Windows and Samsung TVs.

[Images via Philippe Huguen/AFP/Getty Images]

Have a tip we should know? [email protected]

Filed Under:

Follow Law&Crime:

Matt Naham is the Senior A.M. Editor of Law&Crime.