The suspect behind the Vault 7 leak, one of the largest exposures of CIA documents in history, has been identified by the U.S. government and he is being held on unrelated charges.
WikiLeaks originally released the cache of approximately 9,000 CIA documents, hacking tools and zero-day exploits in March 2017 under the name of Vault 7.
The Vault 7 leak suspect is former CIA employee Joshua Adam Schulte. The 29-year-old engineer had worked for the CIA's Engineering Development Group designing cyberweapons for offensive operations by the U.S. government, as first reported by The Washington Post. Prior to joining the CIA, Schulte worked for the NSA.
The reports said the government has been trying to build a case against Schulte for months. Federal authorities searched Schulte's apartment, computers and written notes at some point last year and found documents related to Schulte's time with both the CIA and NSA. In a January court hearing, Matthew Laroche, the assistant U.S. attorney, said the government had enough evidence to charge Schulte in the Vault 7 leak case.
The government is also investigating whether Schulte used the Tor network to transmit classified data. While this investigation is ongoing, Schulte is being held on unrelated child pornography charges filed in August, according to The New York Times.
According to a statement by Schulte obtained by The Washington Post, he claims the suspicion that he was behind the Vault 7 leak stems from a coincidence of his leaving the CIA under "poor terms" in 2016, around the time the files were allegedly stolen.
Prosecutors have claimed there is a new indictment against Schulte planned to be filed in the next 45 days, and the federal defense lawyers have asked the court to force a deadline in bringing charges against Schulte in the Vault 7 leak case.
WikiLeaks and the CIA were originally criticized over the Vault 7 leak as lacking a responsible disclosure process. The U.S. government was allegedly aware of the Vault 7 leak since late 2016 but did not disclose any of the vulnerabilities in the dump to affected vendors. And, WikiLeaks claimed it would share details with affected vendors, but only if certain conditions were met beforehand.