Former U.S. Army intelligence analyst Korbein Schultz was sentenced this week to 84 months in prison for selling classified military information to an individual connected to the Chinese government. (see https://www.justice.gov/opa/pr/former-us-army-intelligence-analyst-sentenced-selling-sensitive-military-information)
Betrayal for Financial Gain
Schultz, a 25-year-old from Wills Point, Texas, pleaded guilty to conspiring to collect and transmit national defense information, unlawfully exporting controlled information to China, and accepting approximately $42,000 in bribes in exchange for sensitive U.S. government information.
Attorney General Pamela Bondi emphasized the severity of Schultz’s actions, stating:
“This defendant swore an oath to defend the United States — instead, he betrayed it for a payout and put America’s military and service members at risk.”
FBI Director Kash Patel added:
“This sentencing is a stark warning to those who betray our country: you will pay a steep price for it. The People’s Republic of China is relentless in its efforts to steal our national defense information, and service members are a prime target.”
Systematic Information Theft
Court documents revealed that between May 2022 and March 2024, Schultz engaged in an ongoing conspiracy to provide dozens of sensitive U.S. military documents to a foreign national residing in China. Despite clear indications that this individual, referred to as “Conspirator A” in the indictment, was likely connected to the Chinese government, Schultz continued the relationship for financial gain.
The sensitive information Schultz provided included:
- His Army unit’s operational order before deployment to Eastern Europe
- Tactical lessons learned from the Ukraine-Russia conflict applicable to Taiwan’s defense
- Technical manuals for advanced military systems, including HH-60 helicopters and F-22A fighter aircraft
- Information on Chinese military tactics and the People’s Liberation Army Rocket Force
- Details on U.S. military exercises in South Korea and the Philippines
- Documents concerning U.S. military satellites and missile defense systems
- Tactics for countering unmanned aerial systems in large-scale combat operations
Schulz Case Reveals A Familiar Recruitment and Escalation Pattern
The case details reveal a sophisticated approach by Conspirator A, who initially contacted Schultz through a freelance web-based platform shortly after Schultz received his Top Secret/Sensitive Compartmented Information (TS/SCI) clearance. Masquerading as a client from a geopolitical consulting firm, the conspirator gradually escalated requests for increasingly sensitive information.
Particularly concerning was Schultz’s attempt to recruit a fellow Army intelligence analyst assigned to the U.S. Department of Defense’s Indo-Pacific Command (INDOPACOM), which oversees operations in China’s sphere of influence. Schultz and Conspirator A discussed recruiting this individual in a “nice and slow fashion” to gain access to even more classified material.
Pattern of Insider Threats
This case bears striking similarities to two recent DOJ indictments last month for similar mobile device-based insider threats involving the theft of classified information. On March 7, 2025, the Department of Justice announced charges against State Department desk officer Michael Schena with conspiracy to transmit national defense information after he allegedly photographed classified documents with a covert iPhone registered to a foreign number.
According to the FBI affidavit, Schena accessed at least five documents relating to the diplomatic relationship of the U.S., which were visibly marked with the SECRET classification markings. He then photographed them with a white iPhone 14 and sent the images through a messaging app before deleting them from his phone. An FBI investigation revealed Schena had allegedly been selling information for nearly 3 years to a group of individuals who, similarly to Schulz, had recruited Schena by posing as international consultants.
In a parallel case, the DOJ indicted active-duty JBLM soldiers Jian Zhao and Li Tian in March for gathering sensitive military information, including technical manuals related to U.S. Army weapon systems. According to the DOJ, Zhao allegedly negotiated the sale of classified hard drives and manuals marked “SECRET” and “TOP SECRET,” and received at least $10,000 for providing information on the High Mobility Artillery Rocket System (HIMARS) and U.S. military readiness plans for potential conflicts with China. The DOJ released a security camera frame showing Zhao using his smartphone to take photos of redacted documents at his desk.
These cases demonstrate a troubling pattern: foreign adversaries targeting cleared personnel through digital channels, often exploiting mobile and wireless technologies to facilitate the unauthorized transfer of sensitive information.
The Wireless Threat Vector
The Schultz case illustrates how digital communications have transformed espionage. Malicious insiders have replaced traditional physical document theft with digital transfers that can happen anywhere with wireless connectivity. Schultz was able to download and transmit 92 sensitive military documents while evading traditional network security monitoring by using his smartphone, despite strict policies that banned such devices within areas storing classified information.
Why Organizations Need Wireless Airspace Defense
These insider threat cases demonstrate the urgent need for comprehensive wireless airspace defense:
- Invisible Data Exfiltration: Mobile devices and Bluetooth-enabled equipment can transmit sensitive data while remaining undetected by traditional network security tools. As seen in the Schultz case, malicious insiders can download and transmit classified documents entirely through wireless channels.
- Proximity Threats: Wireless vulnerabilities extend beyond an organization’s network perimeter. Sensitive facilities require monitoring of all wireless protocols, including cellular, Wi-Fi, and Bluetooth, to detect unauthorized devices that threat actors could use to capture and transmit data.
- Comprehensive Detection: Modern intelligence collection often involves sophisticated compromised devices that can intercept wireless signals or pair with authorized devices. Continuous monitoring of the wireless spectrum can identify these threats before data is compromised.
- Proactive Defense: Organizations that hold sensitive information need visibility into all wireless devices operating within their facilities. This capability includes the ability to detect, locate, and identify unauthorized devices and unusual wireless activity patterns that might indicate espionage.
The Schultz case is the latest example that securing physical access and network perimeters is no longer sufficient. In response to the Jack Teixeira leaks, the 2023 SecDef Memo requires SCIFs and SAPFs to implement continuous monitoring of the entire wireless environment to detect and mitigate wireless and personal device insider threats before they compromise sensitive information.
With nation-state actors increasingly targeting cleared personnel, and guiding them to use wireless channels as a means to exfiltrate critical information while evading detection, organizations must implement comprehensive wireless security solutions that provide complete visibility into their airspace: detecting unauthorized devices, monitoring wireless transmissions, and alerting security teams to suspicious activities before threat actors leak sensitive information.
