A former coder for the CIA has been indicted for computer hacking and espionage for allegedly passing the agency’s computer intrusion secrets to WikiLeaks, the Justice Department announced Monday.
Joshua Adam Schulte, 29, was already in federal custody in Manhattan on child-porn charges. His new indictment adds three counts under the Espionage Act for stealing and transmitting national security secrets, as well as computer intrusion and obstruction of justice charges and a criminal copyright violation. If convicted, he likely faces decades in prison under federal sentencing guidelines.
Schulte worked at the CIA from 2010 to 2016 in the agency’s Operational Support Branch. According to court records, he was an early suspect last year when WikiLeaks began publishing some 8,000 CIA files under the rubric “Vault 7.” The files had been copied from an internal agency wiki at some point in 2016, and contained documentation and some source code for the hacking tools used by the CIA’s intrusion teams when conducting foreign surveillance. The FBI raided Schulte on March 23, 2017, roughly two weeks the leak. When the agents examined Schulte’s hard drive they turned up 10,000 images of child pornography. He was arrested on child porn charges five months later while the government continued the Vault 7 investigation.
The government hasn’t said how it came to suspect Schulte, but as The Daily Beast reported last May, he had previously posted the source code for an internal CIA tool to his account on the public code-sharing site GitHub—a potential red flag that was apparently missed by the spy agency just months after the Edward Snowden leaks.
Schulte ran a private web server for himself and his friends, and he allegedly used that server to share “thousands of copyrighted movies , television shows, and audio recordings” in violation of federal anti law during and after his CIA employment. Another charge in the new indictment claims that Schulte illicitly gave himself access to an unidentified government system, deleted evidence of the intrusion and then locked out legitimate users.
In a tweet on Monday evening, WikiLeaks pointed to the child pornography and piracy charges as evidence of possible “weakness of [the] CIA case.” The secret-spilling group followed that up with a series of re-tweets highlighting some of the hacking capabilities that emerged in the Vault 7 leak.