Alleged source of NSA leak left cyberfootprints
Criminal investigations into national security leaks tend to be long, complicated and delicate affairs. Sources generally cover their tracks, especially in an era when even the most innocuous computer activity leaves an electronic trail.
Edward Snowden took extraordinary precautions when he leaked troves of classified information on surveillance activity by the National Security Agency to journalists, and was charged only after he publicly revealed himself to be the source. Thomas Drake, a former NSA executive, wasn’t indicted for several years after he passed on details about fraud and waste at the agency to the Baltimore Sun. Originally accused of felony espionage, Drake pleaded guilty to a misdemeanor of exceeding authorized use of a computer.
In the case of Reality Leigh Winner, an NSA contractor accused of sending a topsecret document to a news outlet, federal authorities brought charges less than a week after being tipped off to the leak.
Winner, 25, was charged Monday with gathering, transmitting or losing defense information, as The Washington Post reported. Court documents did not identify the document that was leaked or the news outlet that received it, but the criminal complaint against Winner was unveiled shortly after the national security site the Intercept published a story containing an NSA report on Russian efforts to interfere with the 2016 election.
The Post has reported that the charges are related to the Intercept’s story, which describes how Russian military intelligence used hacking techniques against a U.S. voting software supplier and more than 100 local election officials in the days before voters went to the polls. The Intercept called the classified document the “most detailed U.S. government account of Russian interference in the election that has yet come to light,” saying it indicated that Russian hacking may have gone deeper than previously known.
A search warrant affidavit filed in federal court in Georgia reveals how it took just a few days for investigators to single out Winner as the alleged source of the leak.
It started on May 30, when the news outlet showed authorities the printed materials and asked them to comment, according to the affidavit.
“The U.S. Government Agency examined the document shared by the News Outlet and determined the pages of the intelligence reporting appeared to be folded and/or creased,” the affidavit reads, “suggesting they had been printed and hand-carried out of a secured space.”
An internal audit showed that six people had printed out the top-secret materials after they were published at the beginning of the month. One of them was Winner, who worked for Pluribus International at a facility in Georgia, the affidavit says.
Investigators said they searched Winner’s work computer and found that she had emailed the news outlet in March from a personal account. In her message, they said, she appeared to ask for transcripts of a podcast. In response, the news outlet “confirmed Winner’s subscription to the service,” according to the affidavit.
The review of Winner’s computer history also showed that on May 9 she searched the agency’s classified system using search terms that led her to the report, the affidavit says. That day, it says, she printed the document.
The agency told the FBI about the leak on June 1. The same day, the affidavit says, an unidentified government contractor contacted the agency to say he had been in touch with a reporter from the news outlet, who had texted pictures of the document so he could verify their authenticity.
“The Contractor informed the Reporter that he thought that the documents were fake,” the affidavit reads. “Nevertheless, the Contractor contacted the U.S. Government Agency on or about June 1, 2017, to inform the U.S. Government Agency of his interaction with the reporter.”
The following day, FBI agents staked out Winner’s one-story red brick house near downtown Augusta, Ga., where they saw her driving a light-colored Nissan Cube, according to the affidavit.