US Hit by ‘Worst Leak of Secret Documents Since Edward Snowden’

Roland Oliphant / The Telegraph
US Hit by ‘Worst Leak of Secret Documents Since Edward Snowden’ Joe Biden, the US president. The White House is investigating the appearance of highly classified briefing documents related to Ukraine on social media. (photo: Kevin Dietsch/Telegraph)

More than 100 classified items relating to Ukraine, China, the Middle East, the Pacific and terrorism published on social media

The United States is facing possibly its worst intelligence leak since Edward Snowden flew to Moscow after a new batch of classified documents appeared on social media.

More than 100 classified documents relating to Ukraine, China, the Middle East, the Pacific, and terrorism are now believed to be in the public domain after they were posted in an obscure internet forum last month.

It comes after White House officials said they were investigating the appearance of highly classified briefing documents related to Ukraine on Twitter on Thursday.

The US Department of Justice said it had launched an investigation into the leak.

American officials said Russia or pro-Russian elements were likely behind the leak, but did not give further details.

Phillip Ingram, a retired senior British military intelligence officer, said the leak was "very significant" and potentially deeply damaging.

“It shows a failure at the very highest levels of classification,” he said. “These are top secret or above top secret. They are daily briefing documents for senior US decision-makers at joint chiefs - or potentially presidential - level.

“If it is genuine, the Americans have a very serious problem. The biggest since Edward Snowden.”

Briefings marked 'top secret'

The initial leak consisted of briefing documents dated March 1 and marked "secret" and "top secret", which began to appear on Twitter and Telegram on Thursday.

They included battle maps, casualty estimates, and a timeline for the integration of Western equipment into the Ukrainian army.

Some had been crudely doctored to increase the Ukrainian casualties and reduce the Russian ones.

One of the slides says the Ukrainian Security Service believed its own agents may have disobeyed orders and carried out the drone attack on a Russian A-50 aircraft at a Belarusian airbase on Feb 26.

The attribution suggests it was sourced from a signals intercept, which in turn suggests the Americans are eavesdropping on Ukrainian communications.

The new tranche began to circulate on social media channels on Friday.

As well as more Ukraine documents, they include an assessment of Chinese diplomatic pressure on Jordan and other issues in the Middle East and Pacific regions.

Both sets of documents carry designations that mean they should have been accessible only to a very small group of people.

Some are marked "NOFORN", or not releasable to foreign nationals, which is reserved for very high-level intelligence that the Americans do not want to share even with their Five Eyes intelligence allies Australia, Britain, Canada, and New Zealand.

Others are labelled "ORCON", or originator-controlled, meaning the agency that provided the intelligence retains full control of who can see it or which parts are replicated or disseminated.

A CIA spokesman said the agency was also aware of the posts and was looking into the claims, but would not comment on the source.

Although the leaks are likely to trigger fears of a highly placed Russian spy in the US, it would be unusual to burn such a valuable mole by releasing their intelligence online.

Aric Toler, a researcher with the Dutch investigative group Bellingcat, established that the first batch of more than 30 documents appeared to have been posted on an obscure chat server on March 1 and 2 - within a day of them being created.

The user who put them there, who goes by the username Lucca, told Mr Toler that he found the files on a third - now deleted - Discord server called Thug Shaker Central, and that there were many more of them.

“Basically, he and some friends were in a tiny Discord server and one of the guys there was posting hundreds upon hundreds of leaked documents,” said Mr Toler. “The leaked files went back at least to January of this year. The earliest I've seen a trace of is Jan 15."

The leaks cover only a small period of time, but include information the Russians may find useful.

One revealed Ukraine is running low on medium-to-high altitude air-defence missiles and could run out of them by the beginning of May - information Russia could use to plan its air campaign.

It also gives the names and training timetables for nine brigades being prepared to lead Ukraine's spring offensive. It reveals which units are receiving advanced Western kit, including the unit receiving British Challenger II tanks.

It says the offensive will begin at any time from April 1, but does not say where the main blow might fall.

The Discord server that Mr Toler tracked the leaks to belongs to a popular YouTube channel called Wow Mao, which creates “low effort” meme videos with titles like “which Communist would you smoke with?” and “who is the better philosopher? Diogenes versus Jordan Peterson”.

A few days later, some of those files were reposted to another Discord server for players of Minecraft, a video game popular among teenagers in which players explore a vast virtual world with blocky graphics and build structures from cubes.

Then, on Wednesday last week, three of those files were reposted from the Minecraft server to 4Chan, a message board about Japanese animation that is notorious for spawning far-right memes like Pepe the Frog and the “Incel”, or involuntarily celibate, movement made up on sexually frustrated young men.

It was at this point the crude adjustments to the casualty figures were added to one of the files.

The 4chan images were then quickly picked up by pro-Russian war bloggers, who posted them on Telegram and Twitter - prompting the White House to launch an investigation on Thursday.

That convoluted path makes tracing the original poster difficult.

It also suggests the leak was obtained opportunistically, perhaps by hacking, rather than by a highly-placed Russian mole. It would be reckless to blow such a valuable spy's cover by releasing the intelligence they obtained publicly.

Many commentators, including pro-Russian war bloggers, cautioned that the initial leak could be false information deliberately released by the US to mislead Russia ahead of Ukraine’s anticipated spring offensive.

Mykhailo Podolyak, an adviser to Volodymyr Zelensky, the Ukrainian president, said the leaks contained a "very large amount of fictitious information" and was probably a Russian fabrication to sow confusion between Ukraine and its allies.

"These are just standard elements of operational games by Russian intelligence. And nothing more," he wrote.

EMBED

Mark Galeotti, an expert on the Russian security services, said the leaks did not seem to have been concocted by Moscow, and that the American reaction suggested the papers were genuine.

“The Russians have proven on the whole quite poor at doing really realistic fabrications,” he said.

“And if it was a total fabrication, the Americans would have dismissed it as such. As far as I know, they haven’t - they’re saying things like ‘we don’t comment on this sort of thing’.”

"The main value to the Russians is in embarrassing the Americans and raising questions about their security. This will give the Ukrainian even more excuses not to be that candid with DC."

EXPLORE THE DISQUS SETTINGS: Up at the top right of the comments section your name appears in red with a black down arrow that opens to a menu. Explore the options especially under Your Profile and Edit Settings. On the Edit Settings page note the selections on the left side that allow you to control email and other notifications. Under Profile you can select a picture or other graphic for your account, whatever you like. COMMENT MODERATION: RSN is not blocking your comments, but Disqus might be. If you have problems use our CONTACT PAGE and let us know. You can also Flag comments that are seriously problematic.
Close

rsn / send to friend

form code