Former CIA engineer allegedly leaked Vault 7 documents to WikiLeaks

The suspect is CIA’s very own former engineer accused of handing over Vault 7 series documents to WikiLeaks.

The government of United States has claimed to identify the suspect who allegedly stole a trove of data belonging to the Central Intelligence Agency (CIA) detailing its hacking tools and secret cyber espionage campaigns targeting governments, unsuspected users, and businesses around the world.

The suspect has been identified as 29-year-old former CIA software engineer Joshua A. Schulte. Authorities believe that Schulte not only stole the data but also handed over it to WikiLeaks, a whistleblowing firm founded by Julian Assange.

The hacking tools in the discussion were published by WikiLeaks on their website under the handle of Vault 7. These documents contained a trove of 8,000 documents and 943 attachments showing how the CIA developed tools to hack their targets and turn them into spying devices.

The list of CIA’s targets included Windows-based computers (1), Linux (2) and Mac devices (3), air-gapped PCs (4), security cameras (5), smart TVs (6), web browsers (7), iPhones (8) and Android smartphones (9), webcams, headphones, microphones (10), notepads, video players (11), trucks and other Internet-connected devices (12) – These documents exposed “the entire hacking capacity of the CIA.”

The suspect is a former CIA engineer

Joshua A. Schulte is no stranger to the CIA as he worked for the agency’s Engineering Development Group which developed malware and other hacking tools for Cyber Intelligence. In November 2016, Schulte left the agency and started working for a private software firm in New York.

Suspect who leaked CIA' Vault 7 hacking tools docs to WikiLeaks revealed
Joshua A. Schulte

In March 2017, just a week after WikiLeaks started publishing Vault 7 documents Schulte’s apartment in New York was raided by the Federal Bureau of Investigation (FBI). Although Schulte was not charged, the FBI agents seized his personal computer, handwritten notes, notebooks and passports barring him from going to Mexico on vacation.

In a court statement in January, Assistant U.S. attorney Matthew Laroch said that Schulte used Tor browser to transfer classified information however, he did not provide any evidence. Tor browser lets users hide their real IP address on the Internet and browse anonymously on the desktop and Android devices.

Schulte charged with possessing child pornography

In August this year, while Schulte was expected to be charged with Vault 7 related offense he was charged with possessing child pornography after the FBI agents found over 10,000 explicit images on a web server ran by Schulte during his college days at University of Texas at Austin in 2009.

Reportedly, the server was accessed by around 100 people who shared, uploaded and download child abuse content. Schulte is currently held at Metropolitan Correctional Center in Manhattan.

Schulte’s lawyers have enough of it

On the other hand, Schulte’s lawyers are asking prosecutors to come up with a final decision on charges related to Vault 7 leak.

“This case has been dragging since August 2017,” said Schulte’s lawyer Sabrina P. Shroff. “The government should be required to indict so Mr. Schulte has the opportunity to defend himself. Otherwise, he is just languishing.”

WikiLeaks and Vault 7

When WikiLeaks started publishing the Vault 7 series documents it was surrounded by suspicions whether these documents were authentic. Although Edward Snowden and Wall Street Journal confirmed their authenticity the US government investigating one of its agency’s ex-engineers over the leak also indicate that the Vault 7 series was authentic and detailed CIA’s hacking tools in-depth.

List of leaked Vault 7 documents

BothanSpy and Gyrfalcon: Steals SSH credentials from Linux & Windows devices
OutlawCountry and ElsaMalware targeting Linux devices and tracking user geolocation
Brutal Kangaroo: CIA hacking tools for hacking air-gapped PCs
Cherry Blossom: CherryBlossom & CherryBomb: Infecting WiFi routers for years
Pandemic: A malware hacking Windows devices
AfterMidnight and Assassin: CIA remote control & subversion malware hacking Windows
Dark Matter: CIA hacking tool infiltrating iPhones and MacBooks
Athena: A malware targeting Windows operating system
Archimedes: A program helping CIA to hack computers inside a Local Area Network
HIVE: CIA implants to transfer exfiltrated information from target machines
Grasshopper: A malware payloads for Microsoft Windows operating systems
Marble: A framework used to hamper antivirus companies from attributing malware
Dark Matter: A CIA project that infects Apple Mac firmware
HighriseAn Android malware spies on SMS Messages
Aeris, Achilles, SeaPea: 3 malware developed by CIA targeting Linux and macOS
Dumbo Project: CIA’s project hijacking webcams and microphones on Windows devices
CouchPotato Tool: Remotely Collects Video Streams from Windows devices
ExpressLane implantCIA Collected Biometric Data from Partner Agencies

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.