U.S. iden­ti­fies sus­pect in leak of CIA hack­ing tools

The Washington Post - - FRONT PAGE - BY SHANE HAR­RIS

The U.S. govern­ment has iden­ti­fied a sus­pect in the leak last year of a large por­tion of the CIA’s com­puter hack­ing arse­nal, the cy­ber-tools the agency had used to con­duct es­pi­onage op­er­a­tions over­seas, ac­cord­ing to in­ter­views and pub­lic doc­u­ments.

But de­spite months of in­ves­ti­ga­tion, pros­e­cu­tors have been un­able to bring charges against the man, who is a for­mer CIA em­ployee be­ing held in a Man­hat­tan jail on un­re­lated charges.

Joshua Adam Schulte, who worked for a CIA group that de­signs com­puter code to spy on for­eign ad­ver­saries, is be­lieved to have pro­vided the agency’s topse­cret in­for­ma­tion to WikiLeaks, fed­eral pros­e­cu­tors ac­knowl­edged in a hear­ing in Jan­uary. The anti-se­crecy group pub­lished the code un­der the la­bel “Vault 7” in March 2017.

It was one of the most sig­nif­i­cant leaks in the CIA’s his­tory, ex­pos­ing se­cret cy­ber­weapons and spy­ing tech­niques that might be used against the United States, ac­cord­ing to cur­rent and for­mer in­tel­li­gence of­fi­cials. Some ar­gued that the Vault 7 dis­clo­sures could cause more dam­age to Amer­i­can in­tel­li­gence ef­forts

than those by for­mer Na­tional Se­cu­rity Agency con­trac­tor Ed­ward Snowden. He re­vealed ex­traor­di­nary de­tails about the ca­pa­bil­i­ties of the United States to spy on com­put­ers and phones around the world, but the Vault 7 leaks showed how such spy­ing is ac­tu­ally done, the cur­rent and for­mer of­fi­cials ar­gued.

Schulte’s con­nec­tion to the leak in­ves­ti­ga­tion has not been pre­vi­ously re­ported.

Fed­eral au­thor­i­ties searched Schulte’s apart­ment in New York last year and ob­tained per­sonal com­puter equip­ment, note­books and hand­writ­ten notes, ac­cord­ing to a copy of the search war­rant re­viewed by The Wash­ing­ton Post. But that failed to pro­vide the ev­i­dence that pros­e­cu­tors needed to in­dict Schulte with il­le­gally giv­ing the in­for­ma­tion to WikiLeaks.

A govern­ment pros­e­cu­tor dis­agreed with what he called the “char­ac­ter­i­za­tion” by Schulte’s at­tor­ney that “those search war­rants haven’t yielded any­thing that is con­sis­tent with [Schulte’s] in­volve­ment in that dis­clo­sure.” But the pros­e­cu­tor, Matthew Laroche, an as­sis­tant U.S. at­tor­ney in the South­ern Dis­trict of New York, said that the govern­ment has not brought an in­dict­ment, that the in­ves­ti­ga­tion “is on­go­ing” and that Schulte “re­mains a tar­get of that in­ves­ti­ga­tion,” ac­cord­ing to a court tran­script of the Jan. 8 hear­ing that es­caped pub­lic no­tice at the time.

Part of that in­ves­ti­ga­tion, Laroche said, was an­a­lyz­ing whether a tech­nol­ogy known as Tor, which al­lows In­ter­net users to hide their lo­ca­tion, “was used in trans­mit­ting clas­si­fied in­for­ma­tion.”

In other hear­ings in Schulte’s case, pros­e­cu­tors have al­leged that he used Tor at his New York apart­ment, but they have pro­vided no ev­i­dence that he did so to dis­close clas­si­fied in­for­ma­tion. Schulte’s at­tor­neys have said that Tor is used for all kinds of com­mu­ni­ca­tions and have main­tained that he played no role in the Vault 7 leaks.

Schulte is in a Man­hat­tan jail on charges of pos­sess­ing, re­ceiv­ing and trans­port­ing child pornog­ra­phy, ac­cord­ing to an in­dict­ment filed in Septem­ber. He has pleaded not guilty.

A for­mer fed­eral pros­e­cu­tor who is not con­nected to the case said that it is not un­usual to hold a sus­pect in one crime on un­re­lated charges and that the months Schulte has spent in jail do not nec­es­sar­ily mean the govern­ment’s case has hit a wall. The for­mer pros­e­cu­tor, who spoke on the con­di­tion of anonymity to dis­cuss an open in­ves­ti­ga­tion, also said that if govern­ment lawyers ac­knowl­edged in a pub­lic hear­ing that Schulte was a tar­get, they prob­a­bly sus­pect he acted alone.

In doc­u­ments, pros­e­cu­tors al­lege that they found a large cache of child pornog­ra­phy on a server that was main­tained by Schulte. But he has ar­gued that any­where from 50 to 100 peo­ple had ac­cess to that server, which Schulte, now 29, de­signed sev­eral years ago to share movies and other dig­i­tal files.

Schulte worked in the CIA’s En­gi­neer­ing Devel­op­ment Group, which pro­duced the com­puter code, ac­cord­ing to peo­ple with knowl­edge of his em­ploy­ment his­tory as well as the group’s role in devel­op­ing cy­ber­weapons.

At the time of the leak, peo­ple who had worked with that group said that sus­pi­cion had mainly fo­cused on con­trac­tors, not full­time CIA em­ploy­ees such as Schulte. It is not clear whether the govern­ment is pur­su­ing con­trac­tors as part of the leak in­ves­ti­ga­tion, but pros­e­cu­tors have not men­tioned any­one other than Schulte in court pro­ceed­ings.

Schulte, who also worked for the NSA be­fore join­ing the CIA, left the in­tel­li­gence com­mu­nity in 2016 and took a job in the pri­vate sec­tor, ac­cord­ing to a lengthy state­ment he wrote that was re­viewed by The Post. The CIA de­clined to comment. Schulte said in the state­ment that he joined the in­tel­li­gence com­mu­nity to ful­fill what he saw as a pa­tri­otic duty to re­spond to the at­tacks of Sept. 11, 2001.

Schulte also claimed that he re­ported “in­com­pe­tent man­age­ment and bu­reau­cracy” at the CIA to that agency’s in­spec­tor gen­eral as well as a con­gres­sional over­sight com­mit­tee. That painted him as a dis­grun­tled em­ployee, he said, and when he left the CIA in 2016, sus­pi­cion fell upon him as “the only one to have re­cently de­parted [the CIA en­gi­neer­ing group] on poor terms,” Schulte wrote.

Schulte said he had also been plan­ning a va­ca­tion with his brother to Can­cun, Mex­ico, which may have given the ap­pear­ance that he was try­ing to flee the coun­try.

“Due to th­ese un­for­tu­nate co­in­ci­dences the FBI ul­ti­mately made the snap judg­ment that I was guilty of the leaks and tar­geted me,” Schulte said.

Schulte, who has launched a Web page to raise money for his de­fense and post ar­ti­cles crit­i­cal of the crim­i­nal-jus­tice sys­tem, claims that he ini­tially pro­vided as­sis­tance to the FBI’s in­ves­ti­ga­tion. Fol­low­ing the search of his apart­ment in March 2017, pros­e­cu­tors waited six months to bring the child pornog­ra­phy charges.

Some in­tel­li­gence of­fi­cials ar­gue that the Vault 7 dis­clo­sures could cause more dam­age to Amer­i­can in­tel­li­gence ef­forts than those by for­mer Na­tional Se­cu­rity Agency con­trac­tor Ed­ward Snowden.


A CIA re­cruit­ing ta­ble at the Spe­cial Op­er­a­tions Forces In­dus­try Con­fer­ence in Tampa in 2016.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.