A former CIA software engineer has been sentenced to 40 years in prison for what the government called the biggest theft of classified information in CIA history and for possession of child sexual abuse images and videos.
Furman said Schulte continued his crimes from behind bars by trying to leak more classified materials and by creating a hidden file on his computer that contained 2,400 images of child sexual abuse that he continued to view from jail.
Holy crap, dude was even watching child porn in prison. Clearly the CIA is hiring the cream of the crop.
Disclosing found exploits allows developers to patch them out and improve security of everyone, which includes all the other alphabet boys and regular citizens.
There's no way to know that you're the only one who found any given exploit. Letting an exploit stay unpatched opens up an attack vector for everyone, not just you.
Disclosing found exploits to the development team is far different than exposing those exploits to unfriendly countries or in this case those that would expose state secrets.
Tune extent yes, but it also makes us all more secure. Even if you think our own government is doing a good job all the other governments have these holes too.
“We will likely never know the full extent of the damage, but I have no doubt it was massive,” Judge Jesse M. Furman said as he announced the sentence.
Schulte was responsible for “the most damaging disclosures of classified information in American history.”
Realistically, it's doubtful anybody died directly because of that particular leak.
Probably the shutting down of the phone reading methods could eventually compromise operations. It probably cost them money and a great deal of time which could totally have an impact on somebody's life. But that's how espionage works.
I kind of get that you have to keep your secrets secret. And there need to be repercussions for leaking secrets. Especially trade secrets like this. If not for the CP stuff I would think 5 or 10 years would have been a more reasonable number.
But with the hole unapologetic CP thing. I'm not even sure 40 is enough.
When people claim that leaks "get people killed," they're referring to when undercover agents are identified while they're in the field. The only secrets exposed in these leaks are the computer hacking techniques used by the US to spy remotely through compromised devices.
The so-called Vault 7 leak revealed how the CIA hacked Apple and Android smartphones in overseas spying operations, and efforts to turn internet-connected televisions into listening devices.
You could maybe say that closing off those surveillance channels prevented the CIA from learning about some attack, but that's really tenuous. It also assumes that the CIA isn't constantly developing new zero-day exploits so that they can continue to spy on just about everyone on the planet.
Why should he go to trial? It's not going to be a fair trial, and the people have a right to know that the US government is illegally surveilling them. If he truly did directly kill people as a result of his leak, there would already be preliminary evidence.
If they publicly released that his leak got someone in particular killed, they would be admitting publicly that the person killed was an agent. In most cases they would not want to tip their hand on that for fear of exposing other agents.