Slash Boxes

SoylentNews is people

posted by janrinok on Saturday February 03, @04:40PM   Printer-friendly
from the was-it-worth-it? dept.

A former CIA programmer was sentenced to 40 years in prison on Thursday for leaking the US spy agency's most valuable hacking tools to WikiLeaks:

Joshua Schulte, 35, was found guilty in 2022 of espionage and other charges in what the CIA called a "digital Pearl Harbor" -- the largest data breach in the history of the intelligence agency.

[...] US District Judge Jesse Furman sentenced Schulte to 40 years in prison for espionage, computer hacking, contempt of court, making false statements to the FBI and child pornography.

Schulte worked for the CIA's elite hacking unit from 2012 to 2016 when he quietly took cyber tools used to break into computer and technology systems, according to court documents.

After quitting his job, he sent them to WikiLeaks, which began publishing the classified data in March 2017.

[...] The leaked data included a collection of malware, viruses, trojans, and "zero day" exploits that, once leaked out, were available for use by foreign intelligence groups, hackers and cyber extortionists around the world, they said.


Original Submission

Related Stories

Suspect Identified in C.I.A. Leak was Charged, but Not for the Breach 9 comments

In weekly online posts last year, WikiLeaks released a stolen archive of secret documents about the Central Intelligence Agency's hacking operations, including software exploits designed to take over iPhones and turn smart television sets into surveillance devices.

It was the largest loss of classified documents in the agency's history and a huge embarrassment for C.I.A. officials.

Now, the prime suspect in the breach has been identified: a 29-year-old former C.I.A. software engineer who had designed malware used to break into the computers of terrorism suspects and other targets, The New York Times has learned.

Agents with the Federal Bureau of Investigation searched the Manhattan apartment of the suspect, Joshua A. Schulte, one week after WikiLeaks released the first of the C.I.A. documents in March last year, and then stopped him from flying to Mexico on vacation, taking his passport, according to court records and relatives. The search warrant application said Mr. Schulte was suspected of "distribution of national defense information," and agents told the court they had retrieved "N.S.A. and C.I.A. paperwork" in addition to a computer, tablet, phone and other electronics.

[...] It is unclear why, more than a year after he was arrested, he has not been charged or cleared in connection with Vault 7. Leak investigators have had access to electronic audit trails inside the C.I.A. that may indicate who accessed the files that were stolen, and they have had possession of Mr. Schulte's personal data for many months.

[...] Mr. Schulte's lawyers have repeatedly demanded that prosecutors make a decision on the Vault 7 leak charges. Prosecutors said in court last week that they planned to file a new indictment in the next 45 days, and Mr. Schulte's lawyer Sabrina P. Shroff, of the federal public defender's office, asked the court to impose a deadline on any charges that the government sought to bring under the Espionage Act for supplying the secret C.I.A. files to WikiLeaks.


Also at: BBC, SecurityWeek, and Ars Technica.

Original Submission

Ex-CIA Employee Charged In Leak Of Classified Hacking Tools 14 comments

Ex-CIA Employee Charged In Leak Of Classified Hacking Tools

A former CIA employee was charged Monday with leaking information on CIA hacking tools to Wikileaks.

Joshua Adam Schulte, 29, was charged with the theft of classified national defense information in a 13-count indictment handed down by a grand jury, the Justice Department said Monday. According to the indictment, Schulte stole the classified information from a CIA network in 2016 and then transmitted it to an organization that was unidentified in the indictment.

Schulte is also accused of intentionally damaging a CIA computer system, deleting records of his activities and blocking others from accessing the system. Schulte is currently in custody on child pornography charges. He's pleaded not guilty to those charges.

The leaks, which Wikileaks called "Vault 7," revealed tools used by the CIA to hack phones, TVs and computers as part of its investigations. The disclosures showed the lengths to which government investigators go to access electronic evidence, tailoring hacks for specific smart TVs, for example.

[...] "Schulte utterly betrayed this nation and downright violated his victims. As an employee of the CIA, Schulte took an oath to protect this country, but he blatantly endangered it by the transmission of classified Information," William F. Sweeney Jr., head of the New York FBI office, said in a statement Monday.

Man who allegedly gave Vault 7 cache to WikiLeaks busted by poor opsec

Submitted via IRC for Runaway1956

FBI used passwords used on suspect's cellphone to also get into his computer.


Original Submission #1Original Submission #2

Former CIA Software Engineer Joshua Schulte Convicted of Minor Charges, Not Espionage 16 comments

Minor convictions for ex-CIA coder in hacking tools case

A former CIA software engineer accused of stealing a massive trove of the agency's hacking tools and handing it over to WikiLeaks was convicted of only minor charges Monday, after a jury deadlocked on the more serious espionage counts against him.

Joshua Schulte, who worked as a coder at the agency's headquarters in Langley, Virginia, was convicted by a jury of contempt of court and making false statements after a four-week trial in Manhattan federal court that offered an unusual window into the CIA's digital sleuthing and the team that designs computer code to spy on foreign adversaries.

After deliberating since last week, the jury was unable to reach a verdict on the more significant charges. They had notified U.S. District Judge Paul A. Crotty on Friday that they had reached consensus on two counts, but were unable to reach a verdict on eight others.

Previously: Suspect Identified in C.I.A. Leak was Charged, but Not for the Breach

Original Submission

Ex-CIA Employee Convicted of Leaking 'Vault 7' Secrets to Wikileaks 18 comments

Ex-CIA Employee Convicted of Leaking 'Vault 7' Secrets to Wikileaks:

The leak, among the largest ever to affect the CIA, showed the agency could hack smart TVs, Skype accounts, and lots of common web applications.

A former Central Intelligence Agency computer engineer has been convicted of leaking a large tranche of classified material that revealed some of the agency's most powerful hacking techniques. Joshua Schulte, 33, worked for an elite software team within the CIA when he stole a cache of documents in 2016 and shared them with Wikileaks, which published the material in 2017. It was one of the worst breaches in the CIA's history.

Schulte was found guilty of nine charges, including illegally gathering and distributing national defense information, by a federal jury in Manhattan on Wednesday. The convictions could net him up to 80 years in prison.

[...] "Vault 7" consisted of some 9,000 pages and shed light on a host of creepy hacking techniques used by the agency. The leak demonstrated that the CIA had developed the capability to hack into smart TVs and turn them into a surveillance devices (very 1984), that it had enlisted a previously unknown army of hackers, and that those keyboard warriors work around the clock to penetrate all sorts of smart phones, operating systems, popular communication services like Skype, and even common anti-virus software. According to Wikileaks, the CIA also "hoarded" zero-day vulnerabilities—unknown bugs that could be exploited to gain access to technical systems with extreme speed. The government says that these tactics are used to break into the networks of terrorists and foreign adversaries.

Original Submission

This discussion was created by janrinok (52) for logged-in users only, but now has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Informative) by JoeMerchant on Saturday February 03, @07:24PM (2 children)

    by JoeMerchant (3937) on Saturday February 03, @07:24PM (#1342976)

    >The leaked data included a collection of malware, viruses, trojans, and "zero day" exploits that, once leaked out, were available for use by foreign intelligence groups, hackers and cyber extortionists around the world, they said.

    Sure, but was that really the "good stuff" or do they just want us to believe that this is the best they've got?

    🌻🌻 []
    • (Score: 0) by Anonymous Coward on Saturday February 03, @11:43PM (1 child)

      by Anonymous Coward on Saturday February 03, @11:43PM (#1342984)

      There's a fine line between paranoia and schizophrenia.

      They were not happy with this guy at all but there's always another vulnerability being inserted into critical infrastructure by code monkeys.

      • (Score: 3, Funny) by Rosco P. Coltrane on Sunday February 04, @12:30PM

        by Rosco P. Coltrane (4757) on Sunday February 04, @12:30PM (#1343000)

        There's a fine line between paranoia and schizophrenia.

        You know what's nice when you have both paranoia and schizophrenia?
        You outnumber your enemies 2-to-1.

        🥁 🥁 🥁 Thank you! I'll be here all week.

  • (Score: 2) by Snotnose on Monday February 05, @02:08PM

    by Snotnose (1623) on Monday February 05, @02:08PM (#1343123)

    Instead of hoarding these "tools" howabout contacting the affected vendors so they can fix the problem. Then we all don't have to worry about chinese/russian/iranian hackers hacking us.

    Of course, then the various TLAs can't then hack the chinese/russians/iranians, so it will never happen.

    My ducks are not in a row. I don't know where some of them are, and I'm pretty sure one of them is a turkey.