by Nicholas Biase and Lauren Scarff at U.S. Attorney’s Office – New York – Southern District
Damian Williams, the United States Attorney for the Southern District of New York; Matthew G. Olsen, the Assistant Attorney General for National Security; and James Smith, the Assistant Director in Charge of the New York Field Office of the Federal Bureau of Investigation (“FBI”), announced today that JOSHUA ADAM SCHULTE was sentenced to 40 years in prison by U.S. District Judge Jesse M. Furman for crimes of espionage, computer hacking, contempt of Court, making false statements to the FBI, and child pornography. SCHULTE’s theft is the largest data breach in the history of the CIA, and his transmission of that stolen information to WikiLeaks is one of the largest unauthorized disclosures of classified information in the history of the U.S. Today’s sentencing followed SCHULTE’s convictions at trials that concluded on March 9, 2020, July 13, 2022, and September 13, 2023.
U.S. Attorney Damian Williams said: “Joshua Schulte betrayed his country by committing some of the most brazen, heinous crimes of espionage in American history. He caused untold damage to our national security in his quest for revenge against the CIA for its response to Schulte’s security breaches while employed there. When the FBI caught him, Schulte doubled down and tried to cause even more harm to this nation by waging what he described as an ‘information war’ of publishing top secret information from behind bars. And all the while, Schulte collected thousands upon thousands of videos and images of children being subjected to sickening abuse for his own personal gratification. The outstanding investigative work of the FBI and the career prosecutors in this Office unmasked Schulte for the traitor and predator that he is and made sure that he will spend 40 years behind bars – right where he belongs.”
Assistant Attorney General Matthew G. Olsen said: “Mr. Schulte severely harmed U.S. national security and directly risked the lives of CIA personnel, persisting in his efforts even after his arrest. As today’s sentence reaffirms, the Department of Justice is committed to investigating, prosecuting, and holding accountable those who would violate their constitutional oath and betray the trust of the American people they pledged to protect.”
FBI Assistant Director in Charge James Smith said: “Today, Joshua Schulte was rightly punished not only for his betrayal of our country, but for his substantial possession of horrific child pornographic material. The severity of his actions is evident, and the sentence imposed reflects the magnitude of the disturbing and harmful threat posed by his criminal conduct. The FBI will not yield in our efforts to bring to justice anyone who endangers innocent children or threatens our national security.”
According to court documents and evidence at trial:
From 2012 to 2016, SCHULTE was employed as a software developer in the Center for Cyber Intelligence (“CCI”), which conducts offensive cyber operations: cyber espionage relating to terrorist organizations and foreign governments. SCHULTE and other CCI developers worked on tools that were used in, among other things, human-enabled operations: cyber operations that involved a person with access to the computer network being targeted by the cyber tool. In addition to being a developer, SCHULTE was also temporarily one of the administrators of one of the servers and suite of development programs used to build cyber tools.
In March 2016, SCHULTE was moved within branches of CCI as a result of personnel disputes between SCHULTE and another developer. Following that transfer, in April 2016, SCHULTE abused his administrator powers to grant himself administrator privileges over a development project from which he had been removed as a result of the branch change. SCHULTE’s abuse of administrator privileges was detected, and CCI leadership directed that administrator privileges would immediately be transferred from developers, including SCHULTE, to another division. SCHULTE was also given a warning about self-granting administrator privileges that had previously been revoked.
SCHULTE had, however, secretly opened an administrator session on one of the servers before his privileges were removed. On April 20, 2016, after other developers had left the CCI office, SCHULTE used his secret server administrator session to execute a series of cyber-maneuvers on the CIA network to restore his revoked privileges, break in to the backups, steal copies of the entire CCI tool development archives (the “Stolen CIA Files”), revert the network back to its prior state, and delete hundreds of log files in an attempt to cover his tracks. SCHULTE’s theft of the Stolen CIA Files is the largest data breach in CIA history.
From his home computer, SCHULTE then transmitted the Stolen CIA Files to WikiLeaks, using anonymizing tools recommended by WikiLeaks to potential leakers, such as the Tails operating system and the Tor browser. On May 5, 2016, having transmitted the Stolen CIA Files to WikiLeaks, SCHULTE wiped and reformatted his home computer’s internal hard drives.
On March 7, 2017, WikiLeaks began publishing classified data from the Stolen CIA Files. Between March and November 2017, there were a total of 26 disclosures of classified data from the Stolen CIA Files that WikiLeaks denominated as Vault 7 and Vault 8 (the “WikiLeaks Disclosures”). The WikiLeaks Disclosures were one of the largest unauthorized disclosures of classified information in the history of the U.S., and SCHULTE’s theft and disclosure immediately and profoundly damaged the CIA’s ability to collect foreign intelligence against America’s adversaries; placed CIA personnel, programs, and assets directly at risk; and cost the CIA hundreds of millions of dollars. The effect was described at trial by the former CIA Deputy Director of Digital Innovation as a “digital Pearl Harbor,” and the disclosure caused exceptionally grave harm to the national security of the U.S.
Following the WikiLeaks Disclosures, SCHULTE was voluntarily interviewed on multiple occasions by the FBI in March 2017. During those interviews, SCHULTE repeatedly lied, including denying being responsible for the theft of the Stolen CIA Files or for the WikiLeaks Disclosures and spinning fake narratives about ways the Stolen CIA Files could have been obtained from CIA computers, in the hope of deflecting suspicion away from SCHULTE and diverting law enforcement resources to false leads.
In March 2017, the FBI searched SCHULTE’s apartment in New York pursuant to a search warrant and recovered, among other things, multiple computers, servers, and other electronic storage devices, including SCHULTE’s personal desktop computer (the “Desktop Computer”), which SCHULTE built while living in Virginia and then transported to New York in November 2016. On the Desktop Computer, FBI agents found layers of encryption hiding tens of thousands of videos and images of child sexual abuse materials, including approximately 3,400 images and videos of disturbing and horrific child pornography and the rape and sexual abuse of children as young as two years old, as well as images of bestiality and sadomasochism. SCHULTE collected some of these files during his employment with the CIA and continued to stockpile child pornography from the dark web and Russian websites after moving to New York.
While detained pending trial, in approximately April 2018, SCHULTE sent a copy of the affidavit in support of the warrant to search his apartment, which a protective order entered by the Court prohibiting SCHULTE from disseminating, to reporters from two different newspapers, and SCHULTE acknowledged in recorded phone calls that he knew he was prohibited from sharing protected material like the affidavit.
Despite being warned by the Court not to violate the protective order further, in the summer and fall of 2018, SCHULTE made plans to wage what he proclaimed to be an “information war” against the U.S. government. To pursue these ends, SCHULTE obtained access to contraband cellphones while in jail that he used to create anonymous, encrypted email and social media accounts. SCHULTE also attempted to use the contraband cellphones to transmit protected discovery materials to WikiLeaks and planned to use the anonymous email and social media accounts to publish a manifesto and various other postings containing classified information about CIA cyber techniques and cyber tools. In a journal, SCHULTE wrote that he planned to “breakup diplomatic relationships, close embassies, [and] end U.S. occupation across the world[.]” SCHULTE successfully sent emails containing classified information about the CCI development network and the number of employees in particular CIA cyber intelligence groups to a reporter.
As a result of this conduct, on March 9, 2020, SCHULTE was found guilty at trial of contempt of court and making material false statements. On July 13, 2022, SCHULTE was found guilty at trial of eight counts: illegal gathering and transmission of national defense information in connection with his theft and dissemination of the Stolen CIA Files, illegal transmission and attempted transmission of national defense information, unauthorized access to a computer to obtain classified information and information from a department or agency of the U.S. in connection with his theft of the Stolen CIA Files, and two counts of causing transmission of harmful computer commands in connection with his theft of the Stolen CIA Files. Finally, on September 13, 2023, SCHULTE was found guilty at trial on charges of receiving, possessing, and transporting child pornography.
* * *
In addition to the prison term, SCHULTE, 35, of New York, New York, was sentenced to a lifetime of supervised release.
Mr. Williams praised the outstanding efforts of the Counterintelligence Division and the Child Exploitation and Human Trafficking Task Force of the FBI’s New York Field Office, as well as the extraordinary work of FBI computer scientists from the Cyber Action Team. Mr. Williams also thanked the FBI Washington Field Office, the CIA Office of General Counsel, and the National Security Division’s Counterintelligence and Export Control Section for their assistance.
This case is being handled by the Office’s National Security and International Narcotics Unit. Assistant U.S. Attorneys David W. Denton Jr., Michael D. Lockard, and Nicholas S. Bradley are in charge of the prosecution.
Continue Reading