Defense lawyers for former CIA software engineer Joshua Adam Schulte say that the CIA and federal prosecutors don’t actually know for certain who was behind a 2017 leak of cyber espionage documents, let alone whether it was their client, the Wall Street Journal reported on Tuesday. Instead, they said he really pissed off the entire CIA, making him a natural scapegoat for their incompetence.
Wikileaks released the nearly 9,000 pages of documents in March 2017, claiming they were from an “isolated, high-security network situated inside the CIA’s Center for Cyber Intelligence in Langley, Virgina [sic].” The material dealt with a number of cyber tools the U.S. intelligence community had developed for espionage purposes, including ways to bypass encryption on Android and iOS devices to break into Signal, WhatsApp, and Telegram messages; a tool called Weeping Angel that turns Samsung TVs into listening devices; and a “reverse engineering environment created by the NSA” called Ghidra. Further leaks, which WikiLeaks collectively called Vault 7, included documents related to malware development and even hinting at research into hacking smart cars.
In April 2017, security firm Symantec lent credence to the legitimacy of the documents by releasing evidence of Vault 7 tools used in the wild by unidentified operators that sounded a lot like members of the U.S. intelligence community. Australian security researcher Wayne Ronaldson later said he used the documents as the basis to build his own custom hacking tool.
According to the Journal, Schulte’s defense attorney Sabrina Shroff had a simple explanation as to why her client is facing federal prosecutors: Everyone else at the CIA hated him, making him an “easy target.” Saying Schulte had “antagonized almost every single person” at the agency, she added “was a difficult employee. But being a difficult employee does not make you a criminal.”
Federal prosecutors allege that Schulte, angry over personal disputes with other CIA colleagues and recently re-assigned to a job in another department, reinstated his own security credentials in April 2016 to download the a backup copy of the tools from a poorly protected computer network. Later that year, he left the agency for a different job. When WikiLeaks began releasing the documents in March 2017, prosecutors say, CIA staffers quickly identified him as a possible perpetrator.
Schulte is now facing 11 charges, seven of which are directly related to his alleged involvement in the leak, as well as unrelated child pornography charges arising from over 10,000 images and videos of child sex abuse authorities said they discovered on his computer during a raid in March 2017. (Those charges have been separated into their own trial.) Prosecutors also say they have evidence Schulte tried to communicate with reporters from his jail cell, as well as access logs showing he downloaded the data and tried to cover up his involvement.
Schulte’s defense team is instead arguing that the connection between Schulte and WikiLeaks is “pure speculation” and that the CIA’s protected network, DEVLAN, has awful cybersecurity that makes it impossible to determine whether he was involved or it was some other intruder. Shroff said in court on Tuesday that Schulte was a “talented, hardworking employee” who was “a pain in the ass to everybody,” according to the Journal.
Assistant U.S. Attorney David Denton, the paper wrote, also characterized Schulte as a jerk. Denton said the former CIA staffer “is not some kind of whistleblower” but instead compromised national security “out of spite” during a “spiral out of control, his quest for revenge.”
Prosecutors said they expect the trial to last about four weeks, according to Cyberscoop.