The afternoon of July 13, a jury returned a guilty verdict for Joshua Schulte which brings to a close the saga of Schulte’s theft of CIA information, which he shared with Wikileaks which became known as the Vault 7 leak. In addition to exposing to the nation’s adversaries the cyber operational tool suite of U.S. intelligence. His action laid bare the poor cybersecurity practices within the very group which exploits poor cybersecurity practices of the nation’s adversaries and provided Schulte with his defense, that his actions were highlighting the deficiencies. The jury didn’t buy it and found him guilty on nine counts, including illegally gathering national defense information and the illegal transmission of the information.
Guilty Charge for Ex-CIA Engineer
The jury instructions detailed the nine counts, and the elements within each. For example, the illegal gathering of national defense information contained sections on his covert act which occurred in 2016, the definition of what constitutes national defense information, and what Schulte’s purpose, knowledge and intent was when he decided to breach the trust that the CIA and the United States had in and expected from Schulte.
In 2018, when Schulte was originally charged, Manhattan U.S. Attorney Geoffrey S. Berman said, “Joshua Schulte, a former employee of the CIA, allegedly used his access at the agency to transmit classified material to an outside organization. During the course of this investigation, federal agents also discovered alleged child pornography in Schulte’s New York City residence. We and our law enforcement partners are committed to protecting national security information and ensuring that those trusted to handle it honor their important responsibilities. Unlawful disclosure of classified intelligence can pose a grave threat to our national security, potentially endangering the safety of Americans.”
On July 13, the Southern District of New York, U.S. Attorney Damian Williams, said, “When Schulte began to harbor resentment toward the CIA, he covertly collected those tools and provided them to WikiLeaks, making some of our most critical intelligence tools known to the public – and therefore, our adversaries.” Williams continued, “Today, Schulte has been convicted for one of the most brazen and damaging acts of espionage in American history.”
The New York Times notes that in a previous trial, Schulte was found guilty of “contempt of court and making false statements.”
Insider Out for Revenge
Such was Schulte’s subterfuge against the United States and specifically the CIA with whom he had become disaffected. The trove provided and published by Wikileaks stunned the intelligence community. As detailed by Courthouse News, the Schulte data dump contained, “7,000 pages, millions of lines of embedded computer code and several hundred attachments, the document dump that WikiLeaks dubbed Vault 7 detailed how the agency uses malware to hack the iPhones, Android devices and Samsung smart televisions of private consumers.”
Sentencing for Schulte is deferred for the time being. He still faces open charges concerning child pornography, which was separated out of the national security case which concluded with his conviction.
The takeaway for all who manage insider threat programs is summed up by Assistant U.S. Attorney David Denton who told jurors during the trial, “There was no misguided idealism here; he did it because he was angry and disgruntled. He felt the CIA had slighted him and disrespected him, so he tried to burn to the ground the very cyber intelligence work that he had was once been part of.”
Schulte could have chosen to move on with his life and sever his relationship within the CIA. He instead opted, as AUSA Denton noted above, to try and “burn to the ground” the CIA’s covert capabilities. In a nutshell, he was an insider who was set on revenge.