US secrets found on chat forum ‘worst leak since Snowden’
The data, some at the very highest classification level, passed through obscure corners of the internet
THE United States is facing possibly its worst intelligence leak since Edward Snowden’s 2013 flight to Moscow as a new batch of classified documents appeared on social media.
More than 100 classified documents on Ukraine, China, the Middle East, and terrorism are now believed to be in the public domain after they were posted in an obscure internet forum last month.
On Thursday, White House officials said they were investigating the appearance of highly classified briefing documents on Twitter, and the Justice Department has launched an investigation into the leak.
American officials said Russia or proRussian elements were likely behind the leak, but did not give further details.
Phillip Ingram, a retired senior British military intelligence officer, said the leak was “very significant” and potentially deeply damaging.
“It shows a failure at the very highest levels of classification,” he said. “These are top secret or above top secret. They are daily briefing documents for senior US decision makers at joint chiefs – or potentially presidential – level.
“If it is genuine, the Americans have a very serious problem. The biggest since Edward Snowden.”
The initial leak was of documents dated March 1 and marked “secret” and “top secret,” which began to appear on Twitter and Telegram on Thursday.
They included battle maps, casualty estimates, and a timeline for the integration of Western equipment into the Ukrainian army. Some had been crudely doctored to increase Ukrainian casualties and reduce Russian ones.
One of the slides says the Ukrainian security service believed its own agents may have disobeyed orders and carried out the drone attack on a Russian A-50 aircraft at a Belarusian air base on Feb 26. The attribution suggests it was sourced from a signals intercept, which in turn suggests the US is eavesdropping on Ukrainian communications.
A new tranche began to circulate on social media channels on Friday. As well as more Ukraine papers, they included an assessment of Chinese diplomatic pressure on Jordan, and other issues in the Middle East and Pacific regions.
Both sets of documents carry designations that mean they should have been accessible only to a very small group of people. Some are marked
NOFORN, or not releasable to foreign nationals, which is reserved for intelligence the Americans do not want to share even with their Five Eyes intelligence allies Australia, Britain, Canada, and New Zealand.
Others are labelled ORCON, or originator controlled, meaning the agency that provided the intelligence retains full control of who can see it or which parts are replicated or disseminated.
A CIA spokesperson said the agency was aware of the posts, but would not comment on the source.
Although the leaks are likely to trigger fears of a highly placed Russian spy in the US, it would be unusual to “burn” such a valuable mole by releasing their intelligence online.
Aric Toler, a researcher with the Dutch investigative group Bellingcat, established the first batch of more than 30 documents appeared to have been posted on an obscure chat server on March 1 and 2 – within a day of them being created.
The user who put them there, who goes by the user name “Lucca”, told Mr Toler he found the files on a nowdeleted Discord server called Thug Shaker Central, and that there were many more of them. “He and some friends were in a tiny Discord server and one of the guys was posting hundreds upon hundreds of leaked documents,” said Mr Toler.
The leaks cover only a short time, but include information Russia may find useful. One revealed Ukraine is running low on medium to high-altitude airdefence missiles and could run out of them by early next month.
It also gives names and training times for nine brigades being prepared to lead Ukraine’s spring offensive, and reveals which units are receiving advanced Western kit, including British Challenger II tanks. It says the offensive will begin at any time from April 1, but does not say where the main blow might fall.
One bizarre aspect of the leak is the improbable corners of the Internet the files passed through before they came to public attention last week. The Discord server Mr Toler tracked the leaks to belongs to a Youtube channel called Wow Mao, which creates meme videos with titles such as Which Communist would you smoke with?” and “Who is the better philosopher? Diogenes versus Jordan Peterson”.
A few days later, some of the files were reposted to a Discord server for players of the video game Minecraft.
Last Wednesday, three files were reposted from the Minecraft server to 4Chan, a message board about Japanese animation that is notorious for spawning far-Right memes. It was at this point the crude adjustments to the casualty figures were added to one of the files.
The images were then picked up by pro-Russian war bloggers who posted them on Telegram and Twitter.
The convoluted path makes tracing the original poster difficult. It also suggests the leak was obtained opportunistically, perhaps by hacking, rather than by a highly placed mole.
Many commentators, including proRussian war bloggers, cautioned the initial leak could be false information released by the US to mislead Russia ahead of Ukraine’s spring offensive.
Mykhailo Podolyak, an adviser to Ukrainian president Volodymyr Zelensky, said the leaks were probably a Russian fabrication to sow confusion between Ukraine and its allies.
But Mark Galeotti, an expert on the Russian security services, said the US reaction suggested the papers were genuine, adding: “If it was a total fabrication, the Americans would have dismissed it as such. As far as I know they haven’t –they’re saying things like, ‘We don’t comment on this sort of thing.’
“The main value to the Russians is in embarrassing the Americans and raising questions about their security.”
‘These are top secret or above top secret – daily briefing documents for senior US decision makers’