Jury Finds Former CIA Programmer Guilty Of Leaking CIA Hacking Materials To WikiLeaks

Thurgood Marshall US Courthouse in the Southern District of New York (Photo: Heather Paul)

A federal jury in New York convicted former CIA employee Joshua Schulte of violating the Espionage Act when he allegedly released materials on the CIA’s hacking capabilities to WikiLeaks.

This was the second trial against Schulte. In March 2020, his first trial ended in a mistrial on several Espionage Act charges, but he was found guilty of contempt of court and lying to the FBI.

Unlike the first trial, Schulte represented himself and argued his case. He again maintained he was not the source of the leaks published by WikiLeaks.

A jury deliberated for nearly three days before announcing a verdict. Judge Jesse M. Furman in the Southern District of New York did not schedule a sentencing date because there are other charges pending against Schulte.

Known as the “Vault 7” materials, WikiLeaks began releasing documents on March 7, 2017. They came from what WikiLeaks described as an “isolated, high-security network situated inside the CIA's Center for Cyber Intelligence.”

Documents revealed how the CIA could target iPhones, Androids, and Samsung TVs and convert the devices’ microphones into bugs used to spy on targeted persons. Malware was also developed to infect Microsoft Windows users, and the CIA was “hoarding” security vulnerabilities in software and hardware that they could use for their covert operations instead of notifying companies that users were at risk of being hacked.

It was one of the largest leaks of information in the history of CIA and a huge embarrassment for then-CIA Director Mike Pompeo, who responded by labeling WikiLeaks a "non-state hostile intelligence agency" and developing "secret war plans" against the media organization that included kidnapping or even killing WikiLeaks founder Julian Assange.

The US government has charged Assange with violating the Espionage Act, and the UK government authorized his extradition in June.

Assistant US Attorney Michael D. Lockard asserted that on April 20, 2016, Schulte “stole the entirety of the CIA’s highly sensitive cyber intelligence capabilities.” This occurred just days after the CIA “locked the defendant out of the secure restricted vault-like location on the network.”

“Shortly after stealing this extraordinarily sensitive intelligence information, the defendant transmitted those backups to WikiLeaks, knowing full well that WikiLeaks would put it up on the internet,” Lockard argued. “In the weeks following this break-in, the defendant took every step he would need to take in order to transmit those files to WikiLeaks. He downloaded a program that WikiLeaks itself recommends to leakers to use to send stolen data.”

The program Schulte downloaded is Tor, and it is a widely used privacy tool that was supported through funds from the US State Department.

He also downloaded Tails, which can be used to make your computer forget websites, files, passwords, and devices and Wi-Fi networks. Lockard said, "[WikiLeaks] tell[s] you to use Tails as an operating system that allows you to hide all of your activity."

But like Tor, Tails can be used by anyone who cares about their privacy in an age of digital surveillance.

Lockard cast Schulte as a disgruntled employee and insisted he was known at the CIA for filing “false complaints,” bragging about his access to the classified computer network, and defying his supervisors.

“The defendant would like to think of himself as a bad ass, but in fact, he is a ticking time bomb, a nuclear bomb, one that was ready to explode at any perceived provocation or disrespect,” Lockard declared. “And in April and May of 2016, the defendant, the so-called nuclear option, set out to lay waste to the CIA’s cyber program, to prove his superiority, and to punish the people who he believed had wronged him.

“In carrying out that revenge, he caused enormous damage to this country’s national security.”

But US prosecutors never presented any forensic evidence to specifically tie Schulte to the publication of the CIA hacking materials on WikiLeaks.

Schulte acted very confident during his closing argument. He insisted that Lockard was “worried about the lack of evidence” because he had told the jury the “lack of evidence is not evidence of innocence.”

“He's worried there was no forensic artifact of a log-in to the Confluence server [the server that allowed employees to share information],” Schulte stated. “He's worried there was no forensic artifact of a copy command. And he’s worried there was no forensic artifact of the transmission to WikiLeaks. And finally, he's worried there was no forensic artifact of any communication at all between me and WikiLeaks.  He should be worried ‘because that is reasonable doubt.’”

As Schulte put it, the CIA “had no idea that its crown jewels” were stolen until the material appeared on WikiLeaks. “The CIA was under pressure—I will say tremendous pressure—to find out what was leaked, how it was leaked, and who leaked it. They wanted to hold someone responsible for the leak, and so they began immediately an investigation, an investigation that focused on me.”

Schulte left the CIA on “bad terms” in November 2016. According to Schulte, “The lead FBI agent admitted that they had not even interviewed a single CIA witness. They had not even finished seizing the DevLAN network [which stored all the source code for hacking tools], let alone actually reviewed it. They had not conducted any investigation at all, and yet I was already the target of their investigation.”

“Then, within a week, the FBI concocted an impossible theory that the WikiLeaks crime occurred on March 7, 2016, because it was precisely a year before the leaks. That was a day when many other people were at a manager offsite, and I was left alone in the office with no one to see what I was doing. And so the FBI argued I must have stolen the CIA's files,” Schulte added.

Frank Stedman, who worked with Schulte, described why he was known as the “nuclear option.” It had nothing to do with someone prone to leaking classified information. He said Schulte did not care about the process for raising complaints. He would not play nice.

“If there was, like, a project or something that we didn't want to do or we thought was a bad idea, the joke was that we could bring him into the meeting and he would tell the customer to their face that they were stupid, that their idea was stupid, that we weren't going to do it,” Stedman testified.

It came out in testimony during both trials that at one point Schulte expressed views against leaking and suggested that NSA whistleblower Edward Snowden was a traitor who deserved to be executed.

Prosecutors attempted to stop Schulte from insisting that there was information from the "Vault 7" materials, which was already publicly available. So the government had not taken steps to protect it, and he could not be guilty of violating the Espionage Act. Judge Furman allowed the argument.

There was scant coverage of both trials from the US news media. Matthew Russell Lee, who publishes to an independent site called Inner City Press, covered the trials—and all hearings in between.

Schulte was designated for special administrative measures, or SAMs, by Attorney General Jeff Sessions, and Lee successfully won the unsealing of records related to Schulte’s civil complaint against the US government for cruel and inhuman treatment in Metropolitan Correctional Center New York. (The prison shut down as a result of deteriorating conditions in August 2021.)

Attorney General Merrick Garland has continued to impose the restrictive conditions against Schulte, which prohibit any communications with journalists, require an FBI agent to monitor limited communications with immediate family, and ban him from talking with any inmates.

While at MCC New York, Schulte complained, “SAMs inmates are locked in concrete boxes the size of parking spaces with purposefully obstructed views of outside. The cages are filthy and infested with rodents, rodent droppings, cockroaches, and mold.”

"There is no heating or air conditioning in the cages. There is no functioning plumbing. The lights burn brightly 24 hours per day, and the inmates are denied outside recreation, normal commissary, normal visitation, access to books and legal material, medical care, and dental care.”

Schulte is now confined at the Metropolitan Detention Center in Brooklyn. He has several child pornography charges pending against him that stem from the FBI raid on his Manhattan apartment on March 15, 2017.