The United States is facing possibly its worst intelligence leak since Edward Snowden flew to Moscow after a new batch of classified documents emerged on social media.
More than 100 classified documents related to Ukraine, China, the Middle East, the Pacific and terrorism are now said to be in the public domain after being posted to an obscure internet forum last month.
It comes after White House officials said Thursday they were investigating the appearance of highly classified briefing documents related to Ukraine on Twitter.
The US Department of Justice said it had launched an investigation into the leak.
US officials said Russia or pro-Russian elements were likely behind the leak, but did not provide further details.
Phillip Ingram, a retired senior British military intelligence officer, said the leak was “highly significant” and potentially very damaging.
“It shows failure at the very highest level of classification,” he said. “These are top secret or above top secret. They are daily briefing papers for senior U.S. decision-makers at the joint chiefs — or potential presidential — level.
“If it is real, the Americans have a very serious problem. The greatest since Edward Snowden.”
Briefings marked ‘top secret’
The first leak consisted of briefing documents dated March 1 and marked “secret” and “top secret,” which began appearing on Twitter and Telegram on Thursday.
They include battle maps, casualty estimates, and a timeline for the integration of Western equipment into the Ukrainian military.
Some had been crudely edited to increase the number of Ukrainian casualties and reduce the number of Russian ones.
One of the slides states that the Ukrainian security service believed its own agents had disobeyed orders and carried out the Feb. 26 drone strike on a Russian A-50 aircraft at a Belarusian air base.
The attribution suggests it came from a signal intercept, which in turn suggests the Americans are eavesdropping on Ukrainian communications.
The new installment began circulating on social media channels on Friday.
In addition to more Ukrainian documents, they include an assessment of Chinese diplomatic pressure on Jordan and other Middle East and Pacific issues.
Both sets of documents bear indications that they should have been accessible only to a very small group of people.
Some are marked “NOFORN,” or cannot be released to foreigners, which is reserved for very high-level information that the Americans are unwilling to share, even with their Five Eyes intelligence allies Australia, Britain, Canada, and New Zealand.
Others are labeled “ORCON,” or creator-controlled, meaning that the agency that provided the intelligence retains full control over who can see it or what parts are replicated or distributed.
A CIA spokesman said the agency was also aware of the reports and was investigating the allegations, but would not comment on the source.
While the leaks are likely to raise fears of a senior Russian spy in the US, it would be unusual to burn such a valuable mole by releasing their information online.
Aric Toler, a researcher at the Dutch research group Bellingcat, determined that the first batch of more than 30 documents appeared to have been posted to an obscure chat server on March 1 and 2 — within a day of being created.
The user who posted them there, who goes by the username Lucca, told Mr. Toler that he found the files on a third – now deleted – Discord server called Thug Shaker Central, and that there were many more.
“Basically, he and some friends were on a little Discord server and one of the guys there was posting hundreds and hundreds of leaked documents,” Mr. Toler said. “The leaked files went back at least to January of this year. The earliest I’ve seen a trace of is January 15.”
The leaks cover only a short period of time, but contain information that could be useful to the Russians.
One revealed that Ukraine has almost no mid- to high-altitude air defense missiles and could run out by early May — information that Russia could use to plan its air campaign.
It also gives the names and training schedules for nine brigades being prepared to lead Ukraine’s spring offensive. It reveals which units receive advanced Western kit, including the unit receiving British Challenger II tanks.
It says the offensive could begin anytime from April 1, but doesn’t say where the biggest blow could fall.
The Discord server Mr. Toler traced the leaks to belongs to a popular YouTube channel called Wow Mao, which makes low-effort meme videos with titles like “Which communist would you smoke with?” and “Who is the better philosopher? Diogenes vs. Jordan Peterson”.
A few days later, some of those files were reposted on another Discord server for players of Minecraft, a video game popular among teens in which players explore a vast virtual world using blocky graphics and building structures from cubes.
Then, last Wednesday, three of those files were reposted from the Minecraft server to 4Chan, a Japanese animation message board notorious for releasing far-right memes like Pepe the Frog and the “Incel,” or involuntary celibate movement. made up on sexually frustrated young men.
It was at this point that the gross adjustments to the victim numbers were added to one of the files.
The 4chan images were then quickly picked up by pro-Russian war bloggers, who posted them to Telegram and Twitter, prompting the White House to launch an investigation Thursday.
That complicated path makes it difficult to trace the original poster.
It also suggests that the leak was acquired opportunistically, perhaps by hacking, rather than by a high-ranking Russian mole. It would be reckless to expose such a valuable spy by disclosing the information obtained.
Many commentators, including pro-Russian war bloggers, warned that the first leak could be false information deliberately released by the US to mislead Russia ahead of Ukraine’s expected spring offensive.
Mykhailo Podolyak, an adviser to Ukrainian president Volodymyr Zelensky, said the leaks contained a “very large amount of fictitious information” and were likely a Russian fabrication to create confusion between Ukraine and its allies.
“These are just standard elements of Russian intelligence operational games. And nothing more,” he wrote.
Mark Galeotti, an expert on Russia’s security services, said the leaks did not appear to have been fabricated by Moscow and that the US response suggested the papers were genuine.
“The Russians have generally turned out to be pretty bad at making really realistic fabrications,” he said.
“And if it was a total fabrication, the Americans would have dismissed it as such. As far as I know, they haven’t – they say things like ‘we don’t comment on this sort of thing’.”
“The most important value to the Russians is embarrassing the Americans and asking questions about their safety. This will give the Ukrainian even more excuses not to be so forthright with DC.”
