Ex-Employee Suspected Of Leaking CIA Hacking Tools

The US government has identified a suspect in the leak last year of a large portion of the CIA's computer hacking arsenal, the cyber-tools the agency had used to conduct espionage operations overseas, according to interviews and public documents.

But despite months of investigation, prosecutors have been unable to bring charges against the man, who is a former CIA employee being held in a Manhattan jail on unrelated charges.

Joshua Adam Schulte, who worked for a CIA group that designs computer code to spy on foreign adversaries, is believed to have provided the agency's top-secret information to WikiLeaks, federal prosecutors acknowledged in a hearing in January. The anti-secrecy group published the code under the label "Vault 7" in March 2017.

It was one of the most significant leaks in the CIA's history, exposing secret cyber-weapons and spying techniques that might be used against the United States, according to current and former intelligence officials.

Some argued that the Vault 7 disclosures could cause more damage to American intelligence efforts than those by former National Security Agency contractor Edward Snowden. 

He revealed extraordinary details about the capabilities of the United States to spy on computers and phones around the world, but the Vault 7 leaks showed how such spying is actually done, the current and former officials argued.

Schulte, 29, already held without bail in Manhattan on child pornography charges, learned last Friday during a New York court appearance that additional charges were likely to be filed against him in about 45 days from what Assistant US Attorney Matthew Laroche said was a "broader investigation" unrelated to the pornography case.

"Mr Schulte has spent years working to ensure the safety of his country and is deeply saddened to hear that he could face charges of espionage," assistant federal defender Sabrina Shroff said on Tuesday.

At a January hearing, Laroche said Schulte was a target of an ongoing investigation into the theft of tools that were used by the CIA to spy overseas. His defence lawyers have insisted he was not involved.

The US government has all but publicly acknowledged the embarrassing leak from the CIA's Centre for Cyber Intelligence. President Donald Trump told a television host then, "I just want people to know the CIA was hacked, and a lot of things taken".
At January's hearing, Laroche said the material was taken from the CIA during the more than six years that Schulte worked for the agency in various positions, including technical development officer.

"The government immediately had enough evidence to establish that he was a target of that investigation," Laroche said.

"They conducted a number of search warrants on the defendant's residence."

Laroche said he disagreed with Schulte's lawyer at the time, who claimed the search warrants had not yielded anything consistent with the material released by WikiLeaks. "In fact, our investigation is ongoing," Laroche said. "He remains a target of that investigation."

Laroche told US District Judge Paul A. Crotty that the new charges were unlikely for several weeks.

"We're consulting with a lot of folks that are not within our office, so we're moving as quickly as we can on that front," he said.
The cryptic description at Friday's hearing led Shroff, who entered the case in March, to demand more.

"Are they secret charges that I'm not allowed to know about? What are these charges?" Shroff asked, saying she wanted to know of possible charges, whether they be sedition or something else. "Are they charging him with espionage?"

Laroche said it involved an ongoing grand jury investigation and added, "I don't think we have an obligation to disclose it at this time, but we certainly have had discussions with Ms. Shroff about the nature of the underlying investigation". Schulte, of New York, is being held at the Metropolitan Correctional Centre in Manhattan.

Jacob Kaplan, Schulte's attorney at the January hearing, told the court that "the government had full access to his computers and his phone, and they found the child pornography in this case, but what they didn't find was any connection to the WikiLeaks investigation".

Sydney Morning Herald:    Image: Nick Youngson

You Might Also Read:

CIA Malware Unveiled:

CIA Silent About Wikileaks Agency Files:
 

 

« NSA Spies Triple Text and Phone Collection
Secure Encrypted Email Platform PGP Is Not Secure »

Directory of Suppliers

Infosys

Infosys

Infosys is a global leader in consulting, technology and outsourcing solutions.. Services include IT strategy, technical architecture and operations.

Caliber Security

Caliber Security

Caliber Security Partners provide information security and security assessment services.

MediaSec AG

MediaSec AG

The MediaSec AG is the leading Swiss specialist publisher for safety, security and safety. In addition to three publications she is responsible for co

Rapid Awareness

Rapid Awareness

Rapid Awareness incorporates awareness-raising campaigns designed to help meet international standards and the demands of certification audits.

ViewDS

ViewDS

ViewDS specializes in cloud identity management solutions, directory services, access and authorization management solutions, and data synchronization tools.

GSMA - IoT Security Guidelines

GSMA - IoT Security Guidelines

GSMA has created a set of security guidelines for the benefit of service providers who are looking to develop new IoT products and services.

Indium Software

Indium Software

Indium Software is an Independent Software Testing Company offering software testing services (including security testing) and offshore Quality Assurance solutions.

Advanced Resource Managers (ARM)

Advanced Resource Managers (ARM)

ARM provide specialist recruitment services for technology and engineering including cyber security.

Cyber Command

Cyber Command

Our Managed IT service allows clients to offload the management of day-to-day computer, server, and networking support to our team of professionals.

National Authority Against Electronic Attacks (NAAEA)

National Authority Against Electronic Attacks (NAAEA)

The National Authority Against Electronic Attacks (NAAEA) is the national computer emergency response team of Greece.

Alliance for Cyber Security

Alliance for Cyber Security

An alliance of all major players in the field of cyber security in Germany with a mission to strengthen Germany’s resistance to cyber-attacks.

Cybernetica

Cybernetica

Cybernetica is an ICT company with activities in e-government, marine comms, data analysis and research in information security technologies.

Applied Engineering Solutions (aeSolutions)

Applied Engineering Solutions (aeSolutions)

aeSolutions offers performance-based process safety engineering and automation solutions. Services include industrial cybersecurity.

Babcock MSS

Babcock MSS

Babcock Managed Security Services protect people, property and data against cyber security threats to deliver a competitive advantage to our customers.

SAINT

SAINT

SAINT Security Suite provides a fully-integrated set of capabilities to assess your network for vulnerabilities across a wide variety of operating systems, applications, devices and configurations.