U.S. identifies suspect in major leak of CIA hacking tools

The U.S. government has identified a suspect in the leak last year of a large portion of the CIA’s computer hacking arsenal, the cyber-tools the agency had used to conduct espionage operations overseas, according to interviews and public documents.

But despite months of investigation, prosecutors have been unable to bring charges against the man, who is a former CIA employee being held in a Manhattan jail on unrelated charges.

Joshua Adam Schulte, who worked for a CIA group that designs computer code to spy on foreign adversaries, is believed to have provided the agency’s top-secret information to WikiLeaks, federal prosecutors acknowledged in a hearing in January. The anti-secrecy group published the code under the label “Vault 7” in March 2017.

It was one of the most significant leaks in the CIA’s history, exposing secret cyberweapons and spying techniques that might be used against the United States, according to current and former intelligence officials. Some argued that the Vault 7 disclosures could cause more damage to American intelligence efforts than those by former National Security Agency contractor Edward Snowden. He revealed extraordinary details about the capabilities of the United States to spy on computers and phones around the world, but the Vault 7 leaks showed how such spying is actually done, the current and former officials argued.

Schulte’s connection to the leak investigation has not been previously reported.

Federal authorities searched Schulte’s apartment in New York last year and obtained personal computer equipment, notebooks and handwritten notes, according to a copy of the search warrant reviewed by the Washington Post. But that failed to provide the evidence that prosecutors needed to indict Schulte with illegally giving the information to WikiLeaks.

A government prosecutor disagreed with what he called the “characterization” by Schulte’s attorney that “those search warrants haven’t yielded anything that is consistent with [Schulte’s] involvement in that disclosure.” But the prosecutor, Matthew Laroche, an assistant U.S. attorney in the Southern District of New York, said that the government has not brought an indictment, that the investigation “is ongoing” and that Schulte “remains a target of that investigation,” according to a court transcript of the Jan. 8 hearing that escaped public notice at the time.

Schulte is in a Manhattan jail on charges of possessing, receiving and transporting child pornography, according to an indictment filed in September. He has pleaded not guilty.