In weekly online posts last year, WikiLeaks released a stolen archive of secret documents about the Central Intelligence Agency’s hacking operations, including software exploits designed to take over iPhones and turn smart television sets into surveillance devices.
It was the largest loss of classified documents in the agency’s history and a huge embarrassment for C.I.A. officials.
Now, the prime suspect in the breach has been identified: a 29-year-old former C.I.A. software engineer who had designed malware used to break into the computers of terrorism suspects and other targets, The New York Times has learned.
Agents with the Federal Bureau of Investigation searched the Manhattan apartment of the suspect, Joshua A. Schulte, one week after WikiLeaks released the first of the C.I.A. documents in March last year, and then stopped him from flying to Mexico on vacation, taking his passport, according to court records and relatives. The search warrant application said Mr. Schulte was suspected of “distribution of national defense information,” and agents told the court they had retrieved “N.S.A. and C.I.A. paperwork” in addition to a computer, tablet, phone and other electronics.
But instead of charging Mr. Schulte in the breach, referred to as the Vault 7 leak, prosecutors charged him last August with possessing child pornography, saying agents had found 10,000 illicit images on a server he created as a business in 2009 while studying at the University of Texas at Austin.
Court papers quote messages from Mr. Schulte that suggest he was aware of the encrypted images of children being molested by adults on his computer, though he advised one user, “Just don’t put anything too illegal on there.”
In September, Mr. Schulte was released on the condition that he not leave New York City, where he lived with a cousin, and keep off computers. He was jailed in December after prosecutors found evidence that he had violated those rules, and he has been held at the Metropolitan Correctional Center in Manhattan since then. He has posted on Facebook under a pseudonym a series of essays critical of the criminal justice system.
It is unclear why, more than a year after he was arrested, he has not been charged or cleared in connection with Vault 7. Leak investigators have had access to electronic audit trails inside the C.I.A. that may indicate who accessed the files that were stolen, and they have had possession of Mr. Schulte’s personal data for many months.