Anatomy of an investigation
Investigators trace Winner via document access history, email
Inquiry that led to arrest was not the stuff of big-budget Hollywood spy films
The investigation that led to the arrest of a federal contractor on charges of leaking classified material that was published by
The Intercept website apparently was not the stuff of big-budget Hollywood spy films.
The affidavit filed Monday against Reality Leigh Winner, 25, states that federal authorities contacted the FBI on Thursday and said a “News Outlet” had reached out two days earlier relating to an upcoming story. The
Intercept, which published its story Monday, apparently provided authorities with a copy of a topsecret NSA document discussing details of suspected Russian interference in U.S. elections.
Officials quickly determined the information was classified.
“The U.S. Government Agency examined the document shared by the News Outlet and determined the pages ... appeared to be folded and/or creased, suggesting they had been printed and handcarried out of a secured space,” the affidavit says.
An internal audit determined that six people had accessed and printed the intelligence report, the affidavit says.
“A further audit of the six individuals’ desk computers revealed that WINNER had email contact with the News Outlet,” it says. “The audit did not reveal that any of the other individuals had email contact with the News Outlet.”
No more phone calls — the FBI had a Winner. Unlike Edward Snowden, who fled the U.S. after leaking classified documents, Winner was easily found. Atlantabased FBI Special Agent Justin Garrick spoke to Winner on Saturday at her home in Augusta, Ga.
“During that conversation, WINNER admitted intentionally identifying and printing the classified intelligence reporting at issue despite not having a ‘need to know,’ and with knowledge that the intelligence reporting was classified,” the affidavit says.
It adds that Winner, who had “Top Secret” clearance as a contractor with Pluribus International Corp., admitted taking the report from her office space and mailing it to the news outlet, even though she knew the website was not authorized to receive or possess the documents. The complaint says Winner even acknowledged that she “knew the contents of the reporting could be used to the injury of the United States and to the advantage of a foreign nation.”
The Intercept says the NSA document details the Russian “spearphishing ”attack targeting local government employees with emails that appeared to be from e-voting vendors but were de- signed to allow hackers to infect and gain control of computers.
In late October, the hackers sent emails to 122 addresses tied to “local government organizations,” the document says, adding that “officials involved in the management of voter registration systems” were the likely targets.
“It is unknown whether the aforementioned spear-phishing deployment successfully compromised all the intended victims, and what potential data could have been accessed by the cyber actor,” the alleged NSA document says. “However, based upon subsequent targeting, it was likely that at least one account was compromised.”
The Intercept issued a statement Tuesday saying it did not know the source of the report until the news broke late Monday.
These (charging) documents contain unproven assertions and speculation designed to serve the government’s agenda and as such warrant skepticism,” the statement said. “Winner faces allegations that have not been proven.”