Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Suspect identified in CIA 'Vault 7' leak that revealed iOS and Mac exploits

U.S. officials have identified a primary suspect in the so-called "Vault 7" leak that released a massive cache of information detailing the Central Intelligence Agency's cyber tools, including software exploits targeting iPhone and Mac devices.

Citing newly unearthed court documents, The Washington Post reports government authorities believe Joshua Adam Schulte provided WikiLeaks with top-secret CIA cyberweapons and espionage tools and techniques. The former CIA employee is being held in a Manhattan jail on unrelated charges as federal prosecutors attempt to build a case worthy of filing charges.

Schulte, who left the CIA for a private sector job in 2016, worked in the agency's Engineering Development Group and was responsible for crafting code used to break into computers, smartphones and other devices owned by terrorists and other targets.

The code archive was obtained by WikiLeaks and subsequently made public as the "Vault 7" release in March 2017. Attack vectors unmasked as part of the leak ranged from iOS exploits, both physical and remote, to malware impacting Windows and Android. The latter turned smart TVs into eavesdropping devices.

Apple responded to the WikiLeaks dump in short order, saying "many" of the iOS vulnerabilities had been patched in previous software updates.

In July, a subsequent Vault 7 data dump detailed workable exploits targeting hardware running Mac OS X 10.6 Snow Leopard and OS X 10.7 Lion.

The Federal Bureau of Investigation conducted a search of Schulte's New York City apartment a week after the March WikiLeaks revelation, but found no evidence of wrongdoing. Schulte was charged last August with possession of child pornography after investigators discovered illegal content on a server he created in 2009 while a student at the University of Texas, reports The New York Times.

He pleaded not guilty, saying up to 100 people had access to the server, and was released in September under the condition that he not leave New York City or engage in computer-related activities. In December, Schulte landed back in jail after breaching those guidelines.

In a statement obtained by The Post, Schulte claims he reported "incompetent management and bureaucracy" to the CIA's inspector general and a congressional oversight committee, a move he believes cast him in a bad light. Prior to the FBI search last year, Schulte said he was planning a vacation in Cancun, Mexico, with his brother, potentially giving the appearance that he was about to flee the country.

"Due to these unfortunate coincidences the FBI ultimately made the snap judgment that I was guilty of the leaks and targeted me," Schulte said.



10 Comments

elijahg 18 Years · 2842 comments

nunzy said:
He should rot for what he did.

Why? The same exploits could have been discovered and used by nefarious individuals (and who’s to say the US isn’t seen that way by some) to gain access to devices. Now they’ve been released, the holes patched, so less iOS exploits for the good of everyone. 

hentaiboy 14 Years · 1252 comments

Funny how when they can't build a case against someone they always find porn on their PCs 🤔

racerhomie3 7 Years · 1264 comments

Not good for consumer security.Then the FBI tells us it can keep ‘backdoors’ safe.

StrangeDays 8 Years · 12986 comments

released in September under the condition that he not leave New York City or engage in computer-related activities. In December, Schulte landed back in jail after breaching those guidelines.“

...computers now comprise the fabric of our society. that’s like asking someone not engage in electricity-related activities. absurd.