A former Central Intelligence Agency (CIA) employee was sentenced to 40 years in prison after he carried out a major data leak, the largest ever recorded by the agency in its history, officials said.
Joshua Adam Schulte was sentenced to 40 years in prison by US District Judge Jesse M Furman for crimes of espionage, computer hacking, contempt of Court, making false statements to the FBI, and child pornography.
WikiLeaks connection
In a statement, the US Attorney’s Office said: “Schulte’s theft is the largest data breach in the history of the CIA, and his transmission of that stolen information to WikiLeaks is one of the largest unauthorized disclosures of classified information in the history of the U.S. Today’s sentencing followed SCHULTE’s convictions at trials that concluded on March 9, 2020, July 13, 2022, and September 13, 2023.”
From 2012 to 2016, Schulte was employed as a software developer in the Center for Cyber Intelligence, which conducts offensive cyber operations: cyber espionage relating to terrorist organisations and foreign governments.
Schulte and other CCI developers worked on tools that were used in, among other things, human-enabled operations: cyber operations that involved a person with access to the computer network being targeted by the cyber tool.
In addition to being a developer, Schulte was also temporarily one of the administrators of one of the servers and suite of development programs used to build cyber tools.
In March 2016, Schulte was moved within branches of CCI as a result of personnel disputes between Schulte and another developer.
Following that transfer, in April 2016, Schulte abused his administrator powers to grant himself administrator privileges over a development project from which he had been removed as a result of the branch change.
Schulte’s abuse of administrator privileges was detected, and CCI leadership directed that administrator privileges would immediately be transferred from developers, including Schulte, to another division.
Schulte was also given a warning about self-granting administrator privileges that had previously been revoked.
Schulte had, however, secretly opened an administrator session on one of the servers before his privileges were removed.
On April 20, 2016, after other developers had left the CCI office, Schulte used his secret server administrator session to execute a series of cyber-maneuvers on the CIA network to restore his revoked privileges, break in to the backups, steal copies of the entire CCI tool development archives, revert the network back to its prior state, and delete hundreds of log files in an attempt to cover his tracks.
Schulte’s theft of the stolen CIA files is the largest data breach in CIA history.
From his home computer, Schulte then transmitted the stolen CIA files to WikiLeaks, using anonymising tools recommended by WikiLeaks to potential leakers, such as the Tails operating system and the Tor browser.
On May 5, 2016, having transmitted the Stolen CIA Files to WikiLeaks, Schulte wiped and reformatted his home computer’s internal hard drives.
On March 7, 2017, WikiLeaks began publishing classified data from the Stolen CIA Files. Between March and November 2017, there were a total of 26 disclosures of classified data from the stolen CIA files that WikiLeaks denominated as Vault 7 and Vault 8 (the “WikiLeaks Disclosures”).
What are WikiLeaks Disclosures?
The WikiLeaks Disclosures were one of the largest unauthorised disclosures of classified information in the history of the US, and Schulte’s theft and disclosure immediately and profoundly damaged the CIA’s ability to collect foreign intelligence against America’s adversaries; placed CIA personnel, programs, and assets directly at risk; and cost the CIA hundreds of millions of dollars. The effect was described at trial by the former CIA Deputy Director of Digital Innovation as a “digital Pearl Harbor”, and the disclosure caused exceptionally grave harm to the national security of the US.
Following the WikiLeaks Disclosures, Schulte was voluntarily interviewed on multiple occasions by the FBI in March 2017. During those interviews, Schulte repeatedly lied, including denying being responsible for the theft of the Stolen CIA Files or for the WikiLeaks Disclosures and spinning fake narratives about ways the Stolen CIA Files could have been obtained from CIA computers, in the hope of deflecting suspicion away from Schulte and diverting law enforcement resources to false leads.