Joshua Adam Schulte, 35, of New York, New York, was sentenced today to 480 months in prison for crimes of espionage, computer hacking, contempt of court, making false statements to the FBI, and child pornography. Schulte’s theft is the largest data breach in the history of the CIA, and his transmission of that stolen information to WikiLeaks is one of the largest unauthorized disclosures of classified information in the history of the United States.
The sentencing followed Schulte’s convictions at trials that concluded on March 9, 2020, July 13, 2022, and Sept. 13, 2023.
“Mr. Schulte severely harmed U.S. national security and directly risked the lives of CIA personnel, persisting in his efforts even after his arrest,” said Assistant Attorney General Matthew G. Olsen of the Justice Department’s National Security Division. “As today’s sentence reaffirms, the Department of Justice is committed to investigating, prosecuting, and holding accountable those who would violate their constitutional oath and betray the trust of the American people they pledged to protect," as per the statement released by the U.S State Department.
“Joshua Schulte betrayed his country by committing some of the most brazen, heinous crimes of espionage in American history,” said U.S. Attorney Damian Williams for the Southern District of New York. “He caused untold damage to our national security in his quest for revenge against the CIA for its response to Schulte’s security breaches while employed there. When the FBI caught him, Schulte doubled down and tried to cause even more harm to this nation by waging what he described as an ‘information war’ of publishing top secret information from behind bars. And all the while, Schulte collected thousands upon thousands of videos and images of children being subjected to sickening abuse for his own personal gratification. Joshua Schulte is a monster, and the sentence imposed today reflects the enormity of his crimes. The outstanding investigative work of the FBI and the career prosecutors in this office unmasked Schulte for the traitor and predator that he is and made sure that he will spend 40 years behind bars where he belongs.”
“Joshua Schulte caused grave harm to U.S. national security and contributed to the abuse of scores of innocent children,” said Executive Assistant Director Larissa L. Knapp of the FBI’s National Security Branch. “Using his expertise, Schulte stole and exposed classified national security information including some of the U.S. government’s most sensitive techniques and personnel, but he didn’t only exploit the U.S. government – he also exploited vulnerable children by collecting images and videos capturing their horrific abuse for his own pleasure. Together with our partners, the FBI will remain steadfast in our pursuit of those who put the security of the American people and its most vulnerable citizens at risk.”
According to court documents, from 2012 to 2016, Schulte was employed as a software developer in the Center for Cyber Intelligence (CCI), which conducts offensive cyber operations: cyber espionage relating to terrorist organizations and foreign governments. Schulte and other CCI developers worked on tools that were used in, among other things, human-enabled operations: cyber operations that involved a person with access to the computer network being targeted by the cyber tool. In addition to being a developer, Schulte was also temporarily one of the administrators of one of the servers and suite of development programs used to build cyber tools.
In March 2016, Schulte was moved within branches of CCI as a result of personnel disputes between Schulte and another developer. Following that transfer, in April 2016, Schulte abused his administrator powers to grant himself administrator privileges over a development project from which he had been removed as a result of the branch change. Schulte’s abuse of administrator privileges was detected, and CCI leadership directed that administrator privileges would immediately be transferred from developers, including Schulte, to another division. Schulte was also given a warning about self-granting administrator privileges that had previously been revoked.
Schulte had, however, secretly opened an administrator session on one of the servers before his privileges were removed. On April 20, 2016, after other developers had left the CCI office, Schulte used his secret server administrator session to execute a series of cyber-maneuvers on the CIA network to restore his revoked privileges, break in to the backups, steal copies of the entire CCI tool development archives (the Stolen CIA Files), revert the network back to its prior state, and delete hundreds of log files in an attempt to cover his tracks. Schulte’s theft of the Stolen CIA Files is the largest data breach in CIA history.
From his home computer, Schulte then transmitted the Stolen CIA Files to WikiLeaks, using anonymizing tools recommended by WikiLeaks to potential leakers, such as the Tails operating system and the Tor browser. On May 5, 2016, having transmitted the Stolen CIA Files to WikiLeaks, Schulte wiped and reformatted his home computer’s internal hard drives.
On March 7, 2017, WikiLeaks began publishing classified data from the Stolen CIA Files. Between March and November 2017, there were a total of 26 disclosures of classified data from the Stolen CIA Files that WikiLeaks denominated as Vault 7 and Vault 8 (the WikiLeaks Disclosures). The WikiLeaks Disclosures were one of the largest unauthorized disclosures of classified information in the history of the United States, and Schulte’s theft and disclosure immediately and profoundly damaged the CIA’s ability to collect foreign intelligence against America’s adversaries; placed CIA personnel, programs, and assets directly at risk; and cost the CIA hundreds of millions of dollars. The effect was described at trial by the former CIA Deputy Director of Digital Innovation as a “digital Pearl Harbor,” and the disclosure caused exceptionally grave harm to the national security of the United States.
Following the WikiLeaks Disclosures, Schulte was voluntarily interviewed on multiple occasions by the FBI in March 2017. During those interviews, Schulte repeatedly lied, including denying being responsible for the theft of the Stolen CIA Files or for the WikiLeaks Disclosures, and spinning fake narratives about ways the Stolen CIA Files could have been obtained from CIA computers, in the hope of deflecting suspicion away from Schulte and diverting law enforcement resources to false leads.
In March 2017, the FBI searched Schulte’s apartment in New York pursuant to a search warrant and recovered, among other things, multiple computers, servers, and other electronic storage devices, including Schulte’s personal desktop computer (the Desktop Computer), which Schulte built while living in Virginia and then transported to New York in November 2016. On the Desktop Computer, FBI agents found layers of encryption hiding tens of thousands of videos and images of child sexual abuse materials, including approximately 3,400 images and videos of disturbing and horrific child pornography and the rape and sexual abuse of children as young as two years old, as well as images of bestiality and sadomasochism. Schulte collected some of these files during his employment with the CIA and continued to stockpile child pornography from the dark web and Russian websites after moving to New York.
While detained pending trial, in approximately April 2018, Schulte sent a copy of the affidavit in support of the warrant to search his apartment, which a protective order entered by the court prohibiting Schulte from disseminating, to reporters from two different newspapers, and Schulte acknowledged in recorded phone calls that he knew he was prohibited from sharing protected material like the affidavit.
Despite being warned by the court not to violate the protective order further, in the summer and fall of 2018, Schulte made plans to wage what he proclaimed to be an “information war” against the U.S. government. To pursue these ends, Schulte obtained access to contraband cellphones while in jail that he used to create anonymous, encrypted email and social media accounts. Schulte also attempted to use the contraband cellphones to transmit protected discovery materials to WikiLeaks and planned to use the anonymous email and social media accounts to publish a manifesto and various other postings containing classified information about CIA cyber techniques and cyber tools. In a journal, Schulte wrote that he planned to “breakup diplomatic relationships, close embassies, [and] end U.S. occupation across the world[.]” Schulte successfully sent emails containing classified information about the CCI development network and the number of employees in particular CIA cyber intelligence groups to a reporter.
As a result of this conduct, on March 9, 2020, Schulte was found guilty at trial of contempt of court and making material false statements. On July 13, 2022, Schulte was found guilty at trial of eight counts: illegal gathering and transmission of national defense information in connection with his theft and dissemination of the Stolen CIA Files, illegal transmission and attempted transmission of national defense information, unauthorized access to a computer to obtain classified information and information from a department or agency of the U.S. in connection with his theft of the Stolen CIA Files, and two counts of causing transmission of harmful computer commands in connection with his theft of the Stolen CIA Files. Finally, on Sept. 13, 2023, Schulte was found guilty at trial on charges of receiving, possessing, and transporting child pornography.
The FBI Counterintelligence Division and Child Exploitation and Human Trafficking Task Force of the FBI New York Field Office investigated the case, with the extraordinary assistance of FBI computer scientists from the Cyber Action Team. The FBI Washington Field Office, CIA Office of General Counsel, and National Security Division’s Counterintelligence and Export Control Section provided significant assistance.
Assistant U.S. Attorneys David W. Denton Jr., Michael D. Lockard, and Nicholas S. Bradley for the Southern District of New York prosecuted the case.