95 comments

[ 5.3 ms ] story [ 188 ms ] thread
Leaking classified documents and posting your life on Instagram... a match made in heaven, like peanut butter and jelly.
I call parallel construction.
Alternatively, the “leak” is a controlled disclosure of realistic misinformation.

The “leaker”‘s real life identity then “goes to jail” for 30 years and they work for the government in clandestine services under a new identity. This tactic confuses the enemy, and has the side benefit of scaring your own into being more careful with real classified docs.

If I was unethical enough to work for the security apparatus, the above is definitely something I would do.

If you haven't watched the TV series _The Bureau_, you should. That's the kind of plots they're using.
I was thinking like that too. Many many "leaks" are intentional.

For this one to work, you would have to convince the Russian secret services, a pretty high bar. Usually, leaks just have to pass a sniff test, or not even that, people can just glance over the factual basis for the leak if it's convenient for their world view (e.g. FBI leaking photos from Trump's raid)

None of the way any of this has played out has told me it’s nothing more than major, major chess.
The vast majority of intelligence assets are analysts or sigint, not James Bond-ish operators who can discard identities and their family/friend/etc like a Scooby Doo mask. This is not a plausible thing.
Yeah, what they actually did was probably follow WaPo's investigation, which found and publicly announced who it was first, and worked back from that very quickly.

(This is mostly a joke, but...)

Good. I am actively working on the front lines of the Ukraine war in a humanitarian capacity.[1]

The danger posed to civilians and soldiers by stolen intelligence is real, and the cavalier sharing of such documents without regard to the consequences is, and should be, a serious crime punishable to the fullest extent of the law.

[1]https://ukraineaidinternational.org

Well the good news is, from everything I’ve seen in this leak, the info has been harmless.

Lamest “leak” of all time tbh.

Someone on NPR mentioned that it included locations running low on ammo in Ukraine, and they were discussing how this wasn’t good timing for an upcoming spring offensive.
uff, that's big if true, it could jeopardize the entire plan. But then again, Ukraine has been saying only 5 people know of the true plan, so maybe it won't matter (surely more people know which depos are running low).
Do you have other charity or non-profit recommendations aside from your own personal one? Only asking because I have no measure[1] of how effective yours has been, and I figure in your capacity, you likely don't mind who the intermediary is just so long as it gets to the right place.

[1] https://www.charitynavigator.org/ein/881848788

Yes, we're only a year old, and haven't even filed our first tax return yet!

The key with us is that we're not an intermediary, we do the sourcing and delivering of aid ourselves. We're one of the few that do -- most NGOs you would have heard of outsource their deliveries to us.

Obviously, I think we're incredibly effective, and if you'd like to hear more details, I'd love to share: shoot me an email brian [at] ukraineaidinternational.org

There's give and take here. For example, we see that US, UK and other NATO countries have their constituent special forces on the ground in Ukraine. For the United States this requires a literal act of Congress if US troops are on the ground for more than 30 days.

This is at a minimum an indictable offense by a sitting US president, though it is not without precedent.

Are these documents actually leaked...?

It seems lots of journalists have them, and none of the public.

And none of the journalists will just publish the actual complete documents.

Almost looks like one of those 'leaked to the media, but please let us review any article before you publish it' type leaks...
Journalists have a responsibility to make sure people are not killed (including their own colleagues who might be there) as a result of their reporting.
But previously with the Snowden and Manning leaks, journalists still published the leaked docs (with selective redactions for truly sensitive content). In this case, I've not seen any actual docs linked or published, even though they claim "they're on Twitter"
I’ve seen ~40 images of realistic looking gov docs on 4chan and Twitter back when this broke. Most of it was pretty boring stuff, and indicated Ukraine has a lot more hardware than Russia in-theater.

Seems pretty suspect.

I do wonder how does a national guard “intelligence” grunt have access to decisive foreign intelligence. Maybe the docs they have access to are fuzzed/not that secret.
Weren't they leaked on Discord? So also non journalists have them too.
NY Post used one of the leaked images as illustration for their article (this one was available on 4chan for a couple of days, so not as sensitive as others it seems):

https://nypost.com/2023/04/14/jack-teixeira-made-frantic-fin...

From a quick skim of that (and also some other coverage), my first two impressions:

- This kid's emotional age is too low to justify anything resembling the the security clearance that he seems to have had.

- Sending the FBI's "special forces" and armored car out to pick up this kid was a stupid machismo waste of resources. Two grannies and a golf cart would have been more than enough to do the job.

How many guns did he own?
If he actually had "how many people I can take down with me?" inclinations, he'd hardly need to wait for the FBI to show up.
Impulsive people can act impulsively.
But if you actually desire a small response, then only apply a small stimulus.
It is done to send a very clear message to anyone else thinking about doing the same thing.

Is it disproportionate to the threat? Absolutely. But that’s not why it’s done.

Maybe I'm too old, or hang with the wrong crowds - but my sense is that that "very clear message" only works within a certain narrow, violent, and machismo mindset. Outside of that mindset - it sends quite different messages, most of which are counterproductive.

Any chance that you've seen an action movie or two in which a lone hero was hauled off by a whole gang of big, tough bad guys?

The message is meant for people with security clearance. "Don't leak documents, or this might happen to you."
If you post top secret documents to a discord server, that's a leak. That's a leak even if everyone else on the server is cleared for top secret or even if no-one other than you is on the discord server.
I've seen documents that are claimed to be part of the leak on reddit. Hard to be certain, of course.

And for what it's worth, they were about role-playing games, which limits their impact even if they are bona fide :)

Should I be surprised that a 21-year-old member of the Massachusetts Air National Guard, in the intelligence wing, had access to these sort of documents? Or is this expected? Was this part of a larger organizational failure, or just one man's betrayal?
As someone who works in a MUCH smaller organization that deals with 'sensitive' data, it is extremely difficult to maintain the policy of least privilege.

The system almost can not be maintained from the outside, because administrators don't see every individual document, and not all sensitive forms of data can be targeted by automation/scanners. This means the actual people doing the business processes with the data must take personal responsibly for keeping it properly maintained. And aside from that nebulous property of 'personal responsibility' they must also have an accurate ability to classify it.

Aside from that, workers who deal with the data have a bunch of conflicting incentives, like working with people in other teams, working efficiently, and maintaining the policy of least privilege.

The problems I've seen dealing with keeping information secure in a small environment make me feel like it'd actually be impossible to do at the scale of The US Government.

So yeah, my money is on 'organizational failure' but also 'inherent complexity'

Apparently he was a network tech for the classified network. The real scandal here is there weren’t alarm bells ringing somewhere that a low level network tech was printing and viewing top secret documents.
I do think it’s kind of odd that we, as a country, have decided people are not mentally mature enough to use alcohol or tobacco and yet we’re apparently willing to just hand these junior adults stacks and stacks of sensitive intelligence information. I’m not saying he shouldn’t be held responsible for his actions but I do think part of the blame is also on the system that allowed him access.

Anyone who has been in their early 20s knows the false sense of invincibility that comes with finally being an adult. The simple fact that he did this (and apparently just to impress a chat room of teenagers? yikes!) tells me he lacked the emotional maturity to understand what was being asked/expected of him. And since the leak doesn’t appear to be malicious or “whistleblower” in nature it seems he totally and completely failed to understand the consequences of his actions.

All kinds of sensitive military operations are conducted by 21-year-olds, such as nuclear missile maintenance and readiness:

> "The film starts in September 1980, when a 21-year-old missile technician named Dave Powell dropped the socket from a socket-wrench... When the socket fell, it plunged 70 feet to pierce the side of the Titan II missile. The puncture released pressurized rocket fuel and set off a chaotic series of events and decisions that highlighted a chain of command ill-prepared to deal with disaster."

https://www.theverge.com/2017/1/10/14232574/command-and-cont...

Chelsea Manning was 20 years old and had full access to State Department cables and secret military video, for comparison. The military aims recruiting heavily towards teenagers, incidentally, for various reasons.

Older people with more independent thinking might be even more willing to leak data about government incompetence, criminal activity, reckless stupidity and so on.

What I think the source of surprise with is not primarily his age as such, but that he is a relatively junior service member in a role with no obvious connection to the material.

A more senior person with broad but not obviously connected scope of responsibility, or a similarly junior person with an obviously-related role, would be less surprising.

Those leaks are a proof that agencies can't or unwilling to protect the data they are collecting. If even crucial war information isn't really protected you can imagine the lack of protection for less important data.

Most of the last big leaks came from contractors or minor ranks with access.

More than a million people have top secret clearance in the US[1]. It's very difficult to ensure security in that context.

[1] https://edition.cnn.com/2022/08/15/politics/classified-infor...

That's my point, top secret isn't the right term if more than a million people have access.

It's not enough to call it top secret, it has to be handled as such.

Yup I was agreeing with you. It's interesting that in this sense scale harms the objective. As you increase the apparatus of the intelligence machine, you inevitably reduce its ability to be genuinely clandestine just because you have to allow more and more people behind the curtain.
As one of the Twitter replies points out (https://twitter.com/dirtturd/status/1646618532950450176), there's no way that the pattern on the granite countertop is actually a match, given that in the Instagram photo the match is on the edge of the counter - whereas in the leak, the match is clearly not on the edge of the counter. The floor is also an entirely different color in the leaks v. the Instagram photo.

Someone else then raised the point of "well maybe there are duplicate splotches", in which case there would surely be duplicates across many countertops in many homes - probably one with a floor color that actually matches the one shown in the leaks.

A couple other folks in that thread seem to assume "well the splotch sample was clearly rotated so the paper could've been on the counter", in which case you'd think some of the leak photos would've shown the edge on which the splotch exists and would've shown more matching splotches. Still flimsy, at best.

Assuming the suspect really is guilty, I highly doubt this was how the suspect got caught; it reeks of parallel construction. If this is really the only evidence anyone has of the suspect's guilt, then a conviction in spite of the "evidence" being blatantly non-evidence would be yet another damning condemnation of my country's already-damningly-condemned "justice" system.

The tweet doesn't even present the granite as the link the used to identify (that was the steam account) but to verify where the photos were taken.
(comment deleted)
This is the sort of crowd-sourced investigative thinking like when Reddit "Got The Boston Bomber"[1]. Investigators aren't looking at patterns on granite countertops or splotches etc as primary evidence. They may well use that to confirm something but that's not the way the found the guy.

They will have found him because the photo was geotagged to his house, or he's on Discord - his personal credit card has probably paid for nitro or the account is linked to his personal phone for 2fa or something. Everyone on the internet goes full CSI but most of the ways people get caught are really mundane.

[1] https://www.reddit.com/r/MuseumOfReddit/comments/1iv343/the_...

> This is the sort of crowd-sourced investigative thinking like when Reddit "Got The Boston Bomber"

It's the literal opposite (suggesting someone's innocence instead of someone's guilt), but sure.

> They will have found him because the photo was geotagged to his house, or he's on Discord - his personal credit card has probably paid for nitro or the account is linked to his personal phone for 2fa or something.

Then you'd think they would've mentioned that instead of fixating on some splotch in a granite countertop as if it actually proves anything.

That tweet is from a journalist, not a member of the investigative team which arrested him.

Just as an example, the NYT/Bellingcat couldn't get a court order to get discord to reveal the credit card details a given account used to pay for nitro (in my example of a possible way he could have been caught) and then a order to get the card issuer to reveal the billing address of the card. But the FBI for sure could.

This story[1] has more detail.

1. Someone else on his discord server cooperated with the case agent

2. He switched from posting as plaintext to posting photos because he thought he would get into trouble transcribing at work. THe photos were the ones the Bellingcat journalist deduced as being taken in his parent's kitchen.

3. The FBI had already identified him. He was using his primary discord account, had told other people on discord, his first name, that he lived in Massachusetts and worked for Air National Guard. Even with a common first name that is going to narrow the list a lot.

4. He repeatedly searched the word "leak" from his work computer, which was logged and led to an FBI alert from his work infosec monitoring.

[1] https://www.theguardian.com/us-news/2023/apr/14/leaked-penta...

(comment deleted)
> Assuming the suspect really is guilty, I highly doubt this was how the suspect got caught

The claim isn’t that this is how he was caught, but that it was a breakthrough—an important turning point—in the investigation.

> If this is really the only evidence anyone has

Literally no one has claimed anything like that, only “this is a thing that helped point us in his direction”.

> The claim isn’t that this is how he was caught, but that it was a breakthrough—an important turning point—in the investigation.

I expect most people would even misunderstand that description. While this may have been a breakthrough in "a investigation", is not claimed to have been such in "the investigation". Is expect most people to interpret "the investigation" as talking about the law enforcement investigation into this while the Twitter post is a journalist talking about "our investigation" (presumably that of the organization he works for).

Why are you focused on the countertop pattern? Are you assuming the match wasn't made by a human?
> Why are you focused on the countertop pattern?

Because that's the one thing stated to have linked the suspect to the leaked documents.

> Are you assuming the match wasn't made by a human?

I'm making no assumption either way; whether it's a human or machine making the match doesn't change the match's flimsiness.

> Because that's the one thing stated to have linked the suspect to the leaked documents.

It is not. The title is editorialized, and the twitter post is referring to a NY Times investigation.

The FBI got the leakers home address directly from Discord.

> It is not.

Then you can present the other pieces of evidence made public at your leisure. I don't doubt they exist - but this granite splotch is so far the only one actually presented by anyone.

> given that in the Instagram photo the match is on the edge of the counter - whereas in the leak, the match is clearly not on the edge of the counter.

This was my first thought as well, but your comment made me go back and look again. And actually, I find it more convincing now. You can see a line from the floor just below to the right of the marking.

Also, I think the Twitter poster you're linking doesn't understand that the photo was taken from the opposite angle and the marking was thus rotated to match, putting the paper directly on the counter at the edge and consistent with the leaked document photo.

> You can see a line from the floor just below to the right of the marking.

I can't see any such line in the leak version of the splotch - whereas you can see the shadowing from the edge of the counter in the Instagram version. It's readily apparent that this is not the same splotch - even (especially) after (as I mention above) rotating the splotch to line it up in both versions.

The line is very clear, it's on the right side just below the orange circle. I found it difficult to understand the geometry of how it could be there given that the table appears to extend to the right just under that line. But you can set the edge and it's not actually the table extending, instead that is likely catching a bit of a camo jacket like you can see in the Instagram post sitting on a chair in just that location.
> The line is very clear, it's on the right side just below the orange circle.

The only lines I'm seeing in the leak photo are other granite splotches; there's nothing indicating that it's a table edge or a camo jacket or anything else.

> the match is clearly not on the edge of the counter

The orange circle marker makes it a bit harder to see, but it certainly looks like an edge on both of those photos.

LOL this is almost insulting in level of BS, but all's forgiven for a good belly-laugh.

Clearly they had other sources, and this is a laughable attempt to divert from that.

Sure. The NYTimes is actually part of a global cabal and needs to divert your attention from their true sources.
Oh so you think the NYT team of super-sleuths dug this up all by themselves, rather than being led to it?

Well now they know how the leaker was unmasked, they don't need to poke around asking that question any more do they?

lol.

I have never seen so much paranoia and conspiratorial thinking from Hacker news than with this story unfolding. Many comments saying "it can't be this easy and dumb, can it?" Ask any government worker who works in classified spaces, and the answer is overwhelmingly yes.
I bet any documents relating to planning for the Nordstream pipeline explosion were a lot more carefully controlled. These war planning documents were clearly distributed to a much wider audience, so leaks become much more likely.

It does also point towards a certain degree of disillusionment within military circles, the rank and file ar probably not thrilled about the idea of being sent overseas for another Iraq/Afghanistan style disaster, only in eastern Europe this time.

Please don't talk about hypothetical conspiracies as though they are fact on here. The rest of the Internet has enough of that.

We don't have any evidence around your claims other than speculation and that's not the point of this forum (in fact, the Discord where these docs were leaked seems like the exact kind of place for that comment).

I mentioned conspiratorial thinking, and they doubled down! It's scary. Thank you for being a voice of rationality. You put it better than me.
People who haven’t worked in areas with classified/sensitive information don’t seem to appreciate that once you have the appropriate clearances, you’re considered trustworthy.

You are treated as one of the gang, and people will often willingly share information with you that may even fall outside of what you need to know.

If someone is motivated to then collect/disseminate that information, it is exceedingly simple. It is always going to be difficult to stop these sorts of leaks.

I mean, I watched a reality TV/gameshow host run the executive branch for 4 years, culminating in a press conference at The Four Seasons Landscaping. I don't know who expects competence from the federal government anymore, but it isn't me.
I'm in the same boat as you, but for very different reasons.

I have close to zero trust in the abilities or goodwill of Federal entities.

The thing about something like this is that there are always individuals who will seek gain from classified access for themselves. The US has a singular focus on financial gain, but mental evaluation needs to be a more clear part to this.

The problem is "clout" seekers are all over the military. Have a conversation with a person in a highly selective field in the military and you'll find a crazy high amount of capable narcissists and God complex egos to go around.

This is why I'm saying to a degree this isn't a surprise to people in the IC.

It's probably a parallel construction. They might have found him using other sources or methods which they might not want to reveal. The should already be embarrassed some 20 year old kid had access to all this stuff, so any further embarrassment would be nice to avoid.

Once they had him, they sifted through the stuff until they found some plausible confirmation and the pattern just looked a fun enough one for the media to report on.

It's actually pretty common for folks in their 20s to have access to this within government work. Getting a clearance isn't particularly hard, so long as you have a job that sponsors you. That would include military work
I can see having access to information about some particular technology they may be using in the military. But he was working as a network administrator or tech support of some sort. It's odd they'd have someone who isn't trusted enough to rent a car or buy a drink in most state to get close to that high level of intelligence.
Yeah, but that's the same disparity that makes it illegal for a soldier to buy alcohol, but perfectly acceptable to hand them an assault weapon and put them in a war zone.

Network admins generally require a higher level of clearance since they have lower level access to systems that are harder to apply access controls to

The title is an editorialization: no government source (to my knowledge) has claimed that the IG photo was used to find the leaker, only that it served as a piece of data singling this suspect out among several. It’s much more likely that other, officially undisclosed, evidence led them to the suspect in the first place.
"Investigation" in the tweet means NYT investigation (it was posted by NYT journalist).
NYT/Bellingcat investigators*, not the actual team of investigators in the government who tracked the leaker and ultimately arrested him.

Just in case there's any confusion.

Thanks for noting that. I've updated the title since so many people (not unreasonably) seemed to jump to the inclusion that "investigators" meant "police".
You are calling the public relations arm of intelligence services that publishes “accidentally found public information” leaks like a shower an entity independent from government.
I'm surprised they don't do (steganography-style) watermarking when a TS doc is printed. Put random little dots on the page just like they do on currency bills. Color them in a manner that it looks like imperfections on the paper.

Or change the spacing between words ever so slightly.

Psyop to increase internet surveillance.