A former U.S. Central Intelligence Agency (CIA) espionage code writer is a key suspect in the leak last year of a trove of the agency’s hacking tools used to spy on foreign nations.
Joshua Adam Schulte is believed to have slipped the CIA’s top-secret hacking weaponry to WikiLeaks, according to federal prosecutors in a hearing last January, the Washington Post reported. (The hearing somehow escaped public scrutiny,) WikiLeaks subsequently published the code in a massive dump called it called Vault7, in March 2017.
Schulte is currently being held in a New York jail on unrelated charges, the report said. At this point, he has not been indicted as the mastermind of the Vault7 leak. Investigators had previously thought third-party contractors may be the source of the leak, and the investigation may still include outsiders, but for the moment Schulte has been the only individual named in court, the Post said.
Schulte, who was reportedly part of the CIA’s Engineering Development Group involved in writing code used in surveillance operations, previously worked for the National Security Agency (NSA) before leaving for a job in the private sector in 2016. He has said that when he exited the CIA, his complaint to the agency’s inspector general and a congressional oversight committee about shoddy management labeled him as a disgruntled employee, and, by implication, made him a target of the leak investigation, the report said.
A search of Schulte’s New York residence last year, including his computer equipment, notebooks and personal notes failed to turn up any evidence that he shuttled the spying code to WikiLeaks, according to the Post, which reviewed a copy of the search warrant. Matthew Laroche, an assistant U.S. attorney in the Southern District of New York, told the Post that Schulte “remains a target of that investigation,” according to a court transcript of the January 8th hearing.
Here’s some background on the dump, from WikiLeaks dating to a year ago March, in which the pro-transparency organization seems to suggest that one person was behind the leak:
“Today, Tuesday 7 March 2017, WikiLeaks begins its new series of leaks on the U.S. Central Intelligence Agency. Code-named 'Vault 7' by WikiLeaks, it is the largest ever publication of confidential documents on the agency.
“Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized ‘zero day’ exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.”
A month later, Symantec posted a security blog linking a hacker group it called Longhorn to some 40 targets in at least 16 countries across the Middle East, Europe, Asia and Africa, making reference to CIA-like tools but not naming the spy agency.
“Symantec has been protecting its customers from Longhorn’s tools for the past three years and has continued to track the group in order to learn more about its tools, tactics, and procedures.
The tools used by Longhorn closely follow development timelines and technical specifications laid out in documents disclosed by WikiLeaks. The Longhorn group shares some of the same cryptographic protocols specified in the Vault 7 documents, in addition to following leaked guidelines on tactics to avoid detection. Given the close similarities between the tools and techniques, there can be little doubt that Longhorn’s activities and the Vault 7 documents are the work of the same group.”