the United States government has been scrambling this week, thanks to a leak of sensitive Pentagon documents that include an array of recent intelligence updates and Joint Chiefs of Staff briefings. Notably, the documents seem to be very recent, dating from as early as January to early March. The trove was first posted to Discord a few weeks ago, before some of the documents got pickup more recently on Russian Telegram channels and then Twitter.
Initial reporting about the situation—including by The New York Times, which broke the story—has focused on roughly 100 documents, but some reports indicate that even more secret documents may have been shared on Discord over the past few months. The documents are photographs of printed-out presentation slides. Some of the papers had been folded and unfolded before being photographed, and some of the photos capture slivers of other objects that were on the desk with the papers.
Researchers say the leak ranks high among other prominent recent revelations about clandestine US government activity—a list that includes information from Edward Snowden about the NSA's bulk surveillance activity, details of the CIA's hacking capabilities in the Vault7 revelations published by WikiLeaks, and NSA hacking tools revealed in the Shadow Brokers leak. But this latest leak has some specific characteristics reflective of the current moment: It is relatively small and contains fresh information rather than a large trove of months- or years-old data. And while it is not yet clear who leaked the documents or what their motivation was, initial indications from Discord activity suggest that the leaker may have been trying to show off to their gaming friends, and might even be a teenager or young adult.
“I am intrigued by the idea of a small, pinpoint leak phenomenon,” says Dan Meyer, a partner at the law firm Tully Rinckey who works on federal employment and national security matters. Meyer was formerly a federal investigator and whistle-blowing expert within the US government. The use of “strategic leaks” has been a tactic of top officials “for a very long time,” Meyer says. “But now the technology issue is very real with phones and the ability to move these documents in ways the government didn’t anticipate.”
The latest leaked documents reveal details about the war in Ukraine, including information about the Ukrainian army's air defenses and plans for a future counteroffensive against Russia. Notably, the trove also reveals details about Russia's war effort and exposes the degree to which the United States intelligence community has penetrated Russia's military and intelligence services.
As with any leak of state secrets, the most impactful revelations long-term generally relate to methods and access rather than specific information. That means Russian intelligence, for example, will likely make changes to its operations in response to the relvations to evade American operators. The leak also includes indications that the US has been spying on allies like South Korean and Israeli officials, a move that is not necessarily surprising but diplomatically embarrassing.
“We're still investigating how this happened, as well as the scope of the issue,” Chris Meagher, the US assistant to the secretary of defense for public affairs, told reporters on Tuesday. “There have been steps to take a closer look at how this type of information is distributed and to whom. We are also still trying to assess what might be out there.”
Analysts emphasize that the scale of the leak may be much larger than what has emerged publicly so far, and that the situation reflects concerning lapses in the Pentagon's systems for handling secrets.
“It seems like the Department of Defense thought they had sufficient controls in place to detect would-be leakers after incidents like Snowden,” says Jake Williams, a former NSA hacker and an analyst with IANS Research, a cybersecurity consultancy firm. “But obviously, whoever is doing this got around that or learned from past techniques and mistakes.”
As real-time accounts of everything from wars to natural disasters play out on social media and other digital communication platforms, it makes sense that leaking has increasingly become targeted and agile as well. So-called “hack and leak” operations have demonstrated this in recent years, with, for example, state-backed attackers leaking excerpts of government officials' digital communications or strategy documents from political campaigns. Hactivists have also increasingly used precision leaks around the world. Ukrainian advocates have, for example, repeatedly doxed Russian military officials and intelligence agents. And they've leaked data stolen from Russian government agencies and private companies since the Kremlin's full-scale invasion of Ukraine in February 2022.
For now, as the US government aggressively investigates the latest Pentagon leaker and their motives, Meyer says his advice for US federal employees, contractors, or anyone with a US security clearance is to mind their business.
“Just because you have the ‘need to know,’ that doesn't mean you have the need to go look at it,” he says. “That person should not access these documents anywhere on the web. This stuff has now been identified as classified, and even if it's well intentioned, if you view classified information in a non-SCIF environment, you've committed a technical infraction. It’s a mess, don’t do it.”
