Vault 7
WikiLeaks published roughly nine thousand documents describing CIA hacking tools. The leaker turned out to be a frustrated developer two cubicles away from the source code.
In March 2017, WikiLeaks began publishing a series of documents under the name Vault 7. Over several months, the release totaled roughly nine thousand files, describing the offensive tooling, infrastructure, and software exploits of the Central Intelligence Agency's Center for Cyber Intelligence in Langley.
What the catalogue showed
The documents were largely manuals, internal wiki pages, and project notes rather than working exploit code. They described, in often striking operational detail, capabilities for compromising iOS and Android phones, Windows and Linux desktops, Wi-Fi routers, and — in one widely reported section — Samsung smart TVs that could be put into a "fake-off" mode while their microphones remained active.
Apple, Google, Samsung, and various router vendors scrambled to identify and patch the underlying flaws. Several of the techniques turned out to have already been independently fixed; others had not.
The Joshua Schulte case
The leaker was eventually identified as Joshua Schulte, a CIA software engineer who had worked inside the same group whose tools he exfiltrated. US prosecutors argued that Schulte's grievances over an internal interpersonal dispute had motivated him to copy the data and pass it to WikiLeaks via the agency's air-gapped development network. After a hung jury, Schulte was convicted in 2022 and sentenced to forty years.
What the chronicle remembers
Vault 7 was the largest disclosure of CIA cyber-operational material in history, and like the Shadow Brokers leaks before it, it reframed the internal trade-off between offensive capability and operational secrecy. It also turned out to be a case in which one disgruntled employee, with authorized access to a sensitive code repository, could produce more public damage than any external adversary had managed.