News Stay informed about the latest enterprise technology news and product updates.

Vault 7 leak suspect is a former CIA employee already in custody

The U.S. government has identified a man already in custody on unrelated charges as the suspect in the Vault 7 leak, but it is unclear how much evidence supports the case.

The suspect behind the Vault 7 leak, one of the largest exposures of CIA documents in history, has been identified by the U.S. government and he is being held on unrelated charges.

WikiLeaks originally released the cache of approximately 9,000 CIA documents, hacking tools and zero-day exploits in March 2017 under the name of Vault 7.

The Vault 7 leak suspect is former CIA employee Joshua Adam Schulte. The 29-year-old engineer had worked for the CIA's Engineering Development Group designing cyberweapons for offensive operations by the U.S. government, as first reported by The Washington Post. Prior to joining the CIA, Schulte worked for the NSA.

The reports said the government has been trying to build a case against Schulte for months. Federal authorities searched Schulte's apartment, computers and written notes at some point last year and found documents related to Schulte's time with both the CIA and NSA. In a January court hearing, Matthew Laroche, the assistant U.S. attorney, said the government had enough evidence to charge Schulte in the Vault 7 leak case.

The government is also investigating whether Schulte used the Tor network to transmit classified data. While this investigation is ongoing, Schulte is being held on unrelated child pornography charges filed in August, according to The New York Times.

According to a statement by Schulte obtained by The Washington Post, he claims the suspicion that he was behind the Vault 7 leak stems from a coincidence of his leaving the CIA under "poor terms" in 2016, around the time the files were allegedly stolen.

Prosecutors have claimed there is a new indictment against Schulte planned to be filed in the next 45 days, and the federal defense lawyers have asked the court to force a deadline in bringing charges against Schulte in the Vault 7 leak case.

WikiLeaks and the CIA were originally criticized over the Vault 7 leak as lacking a responsible disclosure process. The U.S. government was allegedly aware of the Vault 7 leak since late 2016 but did not disclose any of the vulnerabilities in the dump to affected vendors. And, WikiLeaks claimed it would share details with affected vendors, but only if certain conditions were met beforehand.

Dig Deeper on Information security laws, investigations and ethics

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

What do you think about the decision by the government to identify Schulte now in relation to the Vault 7 data leak?
No opinion. But I do think it calls into the wisdom of putting back doors in business and consumer communications equipment. The chain of security to protect that information is only as good as its weakest link. Form a human chain of reasonable size and there is always a weak link. This might have been worse if the information was sold to foreign agencies who used it to spy on the US without being detected for a long time, if ever.