The U.S. pressed on Saturday to assess the damage of a widespread intelligence breach, as the Pentagon and the Justice Department seek answers to how dozens of images that purport to show highly classified documents on the war in Ukraine and other international matters surfaced online.
Determining the source of the leak and its implications has dominated the attention of leadership at the Pentagon, defense officials said, as a wide-ranging internal government probe gathered steam over a U.S. holiday weekend.
While some of the documents are roughly two months old, their disclosure could affect the conduct of the war in Ukraine because they purport to spell out potential battlefield vulnerabilities and the composition of parts of Ukraine’s forces, U.S. officials said. The documents also appear to include intelligence on internal matters in a variety of nations, including allies Israel, South Korea and the U.K. The leak is likely to have an impact on U.S. national security worldwide, officials said.
The Wall Street Journal wasn’t able to independently authenticate the documents, but they contain enough detail to give them credibility. Defense officials have said they believe some of the documents could be authentic, though some also appear to have been altered.
Taken together, the document dump, initially made in a small forum on the Discord messaging platform, is shaping up to be one of the most damaging intelligence breaches in decades. The unauthorized disclosure of highly sensitive information has alarmed not only top U.S. security officials but also allies with whom the U.S. shares secret intelligence.
Some U.S. security partners are playing down the impact of the breach on operations covered in the documents.
Andriy Chernyak, a spokesman for Ukrainian military intelligence, described the leaked documents as an “operation by Russia’s special services.”
“This will in no way affect our continued cooperation with allies,” he said. Asked about the Ukrainian counteroffensive against Russian forces expected in coming weeks, he said military operations will be carried out according to plans set out by the military command.
Still, Ukrainian President
said Friday, after the first reports of the breach emerged, that Kyiv has decided to adopt new measures to prevent unauthorized disclosure of its military plans ahead of the counteroffensive.
Some experts who have studied the documents are doubtful the breach is part of a Russian disinformation campaign.
head of research and training at the Bellingcat investigative consortium, which has done several high-profile probes of Russian intelligence operations, said Saturday that he had traced the original source of the posting to a small group of users called Thug Shaker Central on Discord. Hundreds of files were posted there in January, February and March. Later, some of these documents were reposted by users to a bigger group, uniting fans of the Minecraft game. The original group has since been wiped clean, as was the much bigger document trove.
“I really doubt this is some Russian op, so there’s a good chance only a few internet weirdos saw the hundreds of documents,” said
the founder of Bellingcat. “It’s really only something you’d find if you were terminally online.”
The Federal Bureau of Investigation and the Justice Department launched a probe into the leak on Friday at the request of the Defense Department. Investigators are trying to quickly identify the source of the breach.
Justice Department officials said they had been in touch with officials at the Defense Department as their investigation got under way. Such probes usually begin by determining who had access to the documents, current and former officials said, which in this case could be difficult, as potentially hundreds of government employees have security clearances that would give them the ability to view the documents.
Justice Department spokespeople declined to comment Saturday on the investigation.
The U.S. is considering a range of possibilities over how the breach occurred, including that someone with top-secret security clearance leaked the information or that U.S. intelligence systems were hacked, U.S. officials said Saturday.
U.S. congressional leadership hasn’t been briefed about a leak but has requested one, a congressional aide said. “We don’t know the scope of this so it is hard to assess,” the aide said.
The White House was concerned about the damage caused by the leaks, U.S. officials said. One official said some of the documents appeared to be manipulated but that the Biden administration was still gathering information about the matter.
The images were marked with “Top Secret” and other classifications indicating they represent highly sensitive U.S.-produced intelligence.
The documents, which appear to originate from within the U.S. military and intelligence agencies, include details about the disposition of Ukrainian forces, air defenses and military equipment, classified information about arms and support the U.S. has provided to Kyiv in its fight against Russia, and intelligence on internal matters in several nations.
In addition to documents pertaining to the war in Ukraine, the leaked files included purported copies of the daily intelligence report provided to Defense Secretary
and Chairman of the Joint Chiefs of Staff Army Gen.
Central Intelligence Agency reports on leaders of Israel’s Mossad spy service, and intelligence on discussions within the government of South Korea on sales of artillery ammunition to Kyiv.
Because the documents appear to be images of printed presentation slides, the investigation will likely focus on that possible method of transferring them from a classified system. Classified documents can only be printed on approved systems, which can be tracked.
In 2017, the government quickly identified Reality Winner, at the time a contractor for the National Security Agency, who printed out top-secret material and sent it to a news organization. The government was able to track that only six people had printed the document since it was published to a classified computer network, and then quickly narrowed it down to Ms. Winner, who later pleaded guilty to leaking the information.
In another leak to the media, Terry Albury, an FBI special agent, tried to avoid detection by cutting and pasting information from different classified documents into a new one, and then printing it, according to the government. He also, the government said, took pictures of classified documents from his computer screen, so as to avoid printing them. He was identified and pleaded guilty in 2018 to unauthorized retention and transmission of classified information.
Ms. Winner and Mr. Albury, both of whom served time in prison for their disclosures, said they leaked information to the media in the hopes of turning public attention to important issues. Ms. Winner said the document she leaked was intended to prove Russian interference in the 2016 elections, while Mr. Albury has described his disclosures as intending to cast light on what he alleged were FBI abuses.
Ms. Winner declined to comment. Mr. Albury deferred to his attorney, who didn’t immediately respond to a request for comment.
—Matthew Luxmoore and Sharon Weinberger contributed to this article.
Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8