Opsec still hard, even for spooks —

Man who allegedly gave Vault 7 cache to WikiLeaks busted by poor opsec

FBI used passwords used on suspect's cellphone to also get into his computer.

Man who allegedly gave Vault 7 cache to WikiLeaks busted by poor opsec
SAUL LOEB/AFP/Getty Images

A federal grand jury has formally indicted Joshua Adam Schulte, a former CIA employee who prosecutors say was behind the Vault 7 trove of the agency’s hacking tools, which were sent to WikiLeaks.

Schulte, who had previously been prosecuted for possession of child pornography, has been expected to be indicted on the leaking charges for some time now. The New York-based engineer was arrested in August 2017.

According to the new superseding indictment, which was made public on Monday, Schulte faces numerous charges, including illegal gathering of national defense information, transmission of this information, and obstruction of justice, among others.

As Ars reported back in May, with more than 8,000 CIA documents published to date, according to a defense attorney at the January 2018 hearing, the Vault 7 series came as a major embarrassment to US intelligence officials. In March 2017, the officials were already smarting from an unprecedented leak of National Security Agency software exploits seven months earlier by a mysterious group calling itself the Shadow Brokers.

On the whole, the Vault 7 disclosures are less damaging than their Shadow Brokers counterparts because the WikiLeaks dispatches haven’t included potent source code that could be repurposed. Still, the leak underscored the major problem US intelligence officials were having in securing their arsenal of hacking tools. The leak also led to security researchers finding cases of the tools actively infecting governments and companies since at least 2011.

"Joshua Schulte, a former employee of the CIA, allegedly used his access at the agency to transmit classified material to an outside organization," Manhattan US Attorney Geoffrey S. Berman said in a statement.

"During the course of this investigation, federal agents also discovered alleged child pornography in Schulte’s New York City residence. We and our law enforcement partners are committed to protecting national security information and ensuring that those trusted to handle it honor their important responsibilities. Unlawful disclosure of classified intelligence can pose a grave threat to our national security, potentially endangering the safety of Americans."

In March 2017, when the FBI searched Schulte's home, they found an encrypted file on his computer, which they were able to access due to his seemingly poor operational security.

As the DOJ wrote in a Monday press release:

The Encrypted Container with the child pornography files was identified by FBI computer scientists beneath three layers of password protection on the Personal Computer. Each layer, including the Encrypted Container, was unlocked using passwords previously used by SCHULTE on one of his cellphones. Moreover, FBI agents identified Internet chat logs in which SCHULTE and others discussed their receipt and distribution of child pornography.  FBI agents also identified a series of Google searches conducted by SCHULTE in which he searched the Internet for child pornography.

Channel Ars Technica