April 21, 2023

Everything you want to know about the Pentagon/Discord Leak

(Updated: December 13, 2023)

Two weeks ago, a few highly classified military maps from Pentagon appeared on social media. As more and more of such documents surfaced, this became the most significant leak since the exposure of NSA and CIA hacking tools in 2016 & 2017.

Because the content of the leaked documents has already been extensively discussed by the press, I will summarize the events, take a close look at the form of the documents and assess how the leaker might have been able to access them.

The leak      The leaker      The documents      The access

Updates:   #1    #2    #3    #4    #5

See also: New details about the Pentagon Leak
The leak      The leaker

The documents      The access


Updates:   #1    #2    #3    #4





The leak     Discord - 4chan - Telegram

The Pentagon or Discord Leak came to light on Thursday, April 6, when The New York Times reported on Top Secret US defense documents that had been shared on Russian Telegram channels.

How this leak developed becomes clear from research by Aric Toler from Bellingcat and Shane Harris from The Washington Post, as well as from the affidavit which the FBI submitted to the district court of Massachusetts.

According to these sources, the leak started in October 2022, when someone who called himself OG (for Original Gangster) began posting classified information in a Discord server, which he eventually named "Thug Shaker Central" and was controlled by OG as the administrator.

This server had been created in 2020 by someone who called himself Vakhi, a now 17-year-old high school graduate, and consisted of some 20 to 30 gamers from various countries, including Russia and Ukraine. They had been locked in their houses during the Covid-19 pandemic and were "united by their mutual love of guns, military gear and God".

Initially, OG made transcriptions of classified documents he had brought home from his job on an unnamed military base. By sharing this information, OG apparently wanted to show off his insider knowledge and offer the other server members unique insights that could provide protection from the real-world troubles.

Similar to Snowden, OG ranted about "government overreach" and saw law enforcement and intelligence agencies as "a sinister force that sought suppress its citizens and keep them in the dark."

When transcribing classified documents by hand proved too tiresome and not very attractive for the server members, OG began posting photos of the original documents in January 2023. Eventually, he posted some 350 of such photos in his Discord server.

Then, from February 28 to at least March 2, a 17-year-old user called Lucca secretly posted 50 to 100 of the photos from Thug Shaker Central on another Discord server, which was affiliated with a British-Filipino YouTuber called wow_mao:


  
Screenshots of several photos posted in the wow_mao Discord server on March 1, 2023
(screenshots by - click to enlarge)


On March 4, 2023, ten photos from the wow_mao server appeared on yet another (and meanwhile deleted) Discord server called "Minecraft Earth Map", which was dedicated to the popular computer game Minecraft. A zip file of 32 photographs also included a photo of a handwritten piece of paper that appeared to be a character sheet for a roleplaying game (RPG), which seems unrelated to the leaked documents.


(Screenshot and pixelation by Bellingcat - click to enlarge)


On April 5, three of these photos were posted on the message board platform 4chan and five of them on a pro-Kremlin Telegram account called Donbass Devushka. One of the images, showing a March 1 Ukraine status update (marked "Pg 7"), had been altered to inflate the number of Ukrainian casualties and downplay those on the Russian side.

The Donbass Devushka account has some 65,000 followers and one of its administrators appeared to be former US Navy electronics technician Sarah Bils from Washington-state. She said that she later deleted the four photos, but they had already been picked up by other Russian Telegram channels and were eventually noticed on Twitter.

Meanwhile, OG had stopped sharing images in the Thug Shaker Central server in the middle of March. On April 6, shortly before the New York Times first reported on the leak, he learned that his photos had been spilled into other social media, which made him confused and distraught. He then shut down his Discord server and urged its members to delete any information that related to him.


UPDATE #1:

On April 21, 2023, The New York Times reported that from February 25, 2022 (which is one day after Russia invaded Ukraine) to March 19, 2023, the leaker also posted classified information an another, easily accessible Discord server with some 600 members.

There he called himself "unknowing" and provided insights into the development of the war, mainly in the form of detailed written accounts, but he apparently also posted pictures of some documents, which have since been deleted.

On March 19, 2023, unknowing wrote: "I was very happy and willing and enthusiastic to have covered this event for the past year and share with all of you something that not many people get to see", but: "I've decided to stop with the updates."


Motives and damage

Looking back at the leaks of the past 10 years, we see quite some variation in motives: while Edward Snowden assumed he would provide proof of mass surveillance (2013), Daniel Hale leaked the Drone Papers to inform the public (2015), Harold Martin was simply hoarding everthing he could get (2016), Nghia Pho wanted to improve his programming skills (2016), Reality Winner also wanted to inform the public about Russian election interference (2017), Joshua Schulte leaked the Vault7 files because he was angry at the CIA (2017), but Jack Teixeira wanted to impress his online chat group (2023).


However, as emptywheel explains in an extensive blog post, the motive of the leaker is something different than what's actually inside the leaked files and what subsequently happens with them: "many [contemporary leakers] don't have expertise on the specific files they're leaking".

This is demonstrated in a piece by PwnAllTheThings, who analyses the damage done by the military intelligence about Ukraine ("acute damage potential, but very short-lived"), the political analysis using non-fragile sources ("embarrassing, but quickly forgotten"), and the foreign intelligence from highly sensitive sources ("fragile and opaque longer-term damage").



The leaker     Jack Teixeira

Based upon a very close examination of items that could be seen in the background of the leaked photograhps, "OG" was identified as the 21-year old airman Jack D. Teixeira. On Thursday, April 13, he was arrested by the FBI at the home of his mother in North Dighton, Massachusetts, and accused of "alleged unauthorized removal, retention and transmission of classified national defense information."

Teixeira grew up in the suburbs of Providence, Rhode Island, and attended Dighton-Rehoboth High School in Massachusetts where he graduated in 2020. He appeared to be a loner and according to several of his former high school classmates, he had a fascination with the military, guns and war.

Op September 26, 2019, Teixeira had joined the Massachusetts Air National Guard, and after finishing technical training, he entered active duty at the 102nd Intelligence Wing on October 1, 2021. This unit is located at Otis Air National Guard Base on the southern portion of the Joint Base Cape Cod (JBCC).


The entrance to Joint Base Cape Cod in Pocasset, Massachusetts
(photo: CJ Gunther/EPA - click to enlarge)


In his first job, that of a Cyber Transport Systems Journeyman, Teixeira was responsible for keeping the communications networks secure and operational, including installing, maintaining and repairing hardware and cables. Since May 2022, his job title was Cyber Defense Operations Journeyman. This is remarkably similar to Edward Snowden, who started as a systems administrator and then became a cyber defense analyst.

Since he entered active duty in 2021, Teixeira held a Top Secret clearance with access to Sensitive Compartmented Information (SCI), which usually includes signals intelligence (SI) and information collected by satellites and airborne surveillance platforms (TK). For which information he had the necessary need-to-know depended on the specific duties of his job.


Location of Joint Base Cape Cod and Teixeira's hometown
(graphic: The Washington Post - click to enlarge)


The 102nd Intelligence Wing

The 102nd Intelligence Wing consists of over 20 squadrons and groups. The 102nd Intelligence Surveillance Reconnaissance Group (ISRG), for example, performs near-real-time exploitation and analysis of video feeds from the U-2 spy plane, as well as from the RQ-4 Global Hawk and MQ-9 Reaper surveillance drones, which are put together so it can be used by military commanders.

Other units are involved in cyber missions, like the 267th Intelligence Squadron (IS), which conducts "signals intelligence exploitation in the cyber domain for 25th Air Force and US Cyber Command", providing "finished Cyber ISR products, and direct support for consumers across multiple agencies."

Besides supporting combat operations overseas, the 102nd Intelligence Wing also provides defense support to civilian authorities during national and regional emergencies, as is shown in this video from 2017:



102nd Intelligence Wing Airmen provide disaster relief
in response to Hurricane Harvey in August 2017
(click the image to start the video)


Meanwhile, the US Air Force has ordered the 102nd Intelligence Wing to halt its intelligence mission as the service's inspector general investigates the leak. Its duties have been temporarily reassigned to other Air Force units.


UPDATE #2:

On April 26, 2023 the US Air Force said that the commander of the 102nd Intelligence Wing temporarily suspended his subordinate commander of the 102nd Intelligence Support Squadron and the detachment commander overseeing administrative support.

> See also: New details about the Pentagon Leak



The documents     intelligence briefings

Reportedly, Jack Teixeira posted some 350 photos in the Thug Shaker Central Discord server, but it should be noted that each photo only shows a single page, so the actual number of complete documents is much lower.

The maps and charts seem to come in sets of up to 8 pages and an unpublished intelligence summary also consists of 8 pages. This means the number of documents may be somewhere around 60.

Various media outlets have gained access to around 100 photos, likely those that were shared to the wow_mao Discord server. Just over 50 of them have been shared more widely and were also available on some websites. On April 16, Newsweek published 20 of these photos with comments by William Arkin.

Most widely available are eight out of the ten photos that made their way to the Minecraft Discord server and from there to 4chan and Telegram. They are shown down below (click the image to enlarge):

Russia/Ukraine | Status of the Conflict as of 1 Mar (Pg 7)
TOP SECRET//HCS-P/SI-G/TK//FGI//RSEN/ORCON/NOFORN/FISA
March 1, 2023

IVO = In the Vicinity Of      ICOD = Intelligence Cut-Off Date
PCN = Product Control Number      UAF = Ukraine Armed Forces


Assessed Operations in Kharkiv (Pg 8)
TOP SECRET//HCS-P/SI-G/TK//FGI//RSEN/ORCON/NOFORN
March 1, 2023



Bakhmut Axis (Pg 10)
TOP SECRET//HCS-P/SI-G/TK//FGI//RSEN/ORCON/NOFORN
March 1, 2023



Donetsk Axis (Pg 11)
TOP SECRET//HCS-P/SI-G/TK//FGI//RSEN/ORCON/NOFORN
Date unknown



Ukraine | Freeze Favorable To Vehicle Maneuver (~16 Inches) Projections (Pg 13)
SECRET//REL TO USA, FVEY
February 28, 2023



Russia/Ukraine Joint Staff J3/4/5 Daily Update (D+370) (Pg 17)
SECRET//NOFORN
March 1, 2023

AOR = Area of Responsibility      Pax = Persons
CAO = Current As Off      SIGACT = Significant Activity
CCIR = Commander’s Critical Information Requirement
SOF = Special Operations Forces


US. Allied & Partner UAF Combat Power Build (Pg 24)
SECRET//REL TO FIN, UKR, FVEY, NATO
February 28, 2023

CAO = Current As Off      BDE = Brigade


BDA From Recent Strike? Damage GBU BBCARD (Pg 37)
SECRET//REL TO USA, FVEY
February 15, 2023

BDA = Battle Damage Assessment      OSINT = Open Source Intelligence
BBCARD = ?      RFI = Request For Information
GBU = Guided Bomb Unit      SAG-U = Security Assistance Group - Ukraine


The following video provides a detailed explanation of four of the leaked documents:




Addtional page numbers

Among the set of 50+ photos are more of these military maps and a close look reveals that in the lower right corner of most of them there's an additional page number that was printed over the original text. The highest page number is 59, which indicates that maybe even more of these maps and charts (with dates from February 27 to March 2) had apparently been part of one package:



It seems that all the documents with an additional number are about the war in Ukraine, so they were probably put together to provide a comprehensive overview of the current situation ("to inform senior military and civilian government officials during briefings at the Pentagon in Arlington, Virginia" as the affidavit says?)


The classification markings

More eye-catching than the additional page numbers are the classification markings. Especially the map in the first photo (marked "Pg 7") has one of the longest classification lines seen so far:

Classification line of the document marked "Pg 07" (colors enhanced)


These official classification lines consist of different types of markings, separated by a double slash. The meaning of the various parts is as follows:

- TOP SECRET (release would cause exceptionally grave damage to national security)

- HCS-P = HCS Product (intelligence reports based on human sources)
- SI-G = Special Intelligence GAMMA (sensitive communication intercepts)
- TK = TALENT-KEYHOLE (intelligence from satellite collection)

- FGI = Foreign Government Information (classified info from foreign partners)

- RSEN = Risk Sensitive
- ORCON = Originator Controlled
- NOFORN = No Foreign Nationals
- FISA = Foreign Intelligence Surveillance Act


The markings HCS-P, SI-G, TK and FGI show that this document contains information from all the main intelligence sources: human intelligence (HUMINT, marked HCS-P), signals intelligence (SIGINT, marked SI-G), imagery intelligence (IMINT, marked TK) and intelligence provided by foreign partners (marked FGI). The result is a so-called "all-source intelligence product".

In this case, this product was created by the Defense Intelligence Agency (DIA), which is responsible for fusing intelligence from multiple sources for military purposes, just like the Central Intelligence Agency (CIA) creates all-source intelligence reports for the president and senior civilian policymakers.


The last part of the classification line consists of the dissemination markings:

- Risk Sensitive, which is used by the National Geospatial intelligence Agency (NGA) to "protect especially sensitive (satellite) imaging capabilities and exploitation techniques".

- Originator Controlled, which means the originator of the information controls to whom it is released. It allows originators to maintain knowledge, supervision, and control of the distribution of the information beyond its original dissemination.

- No Foreign Nationals, which means the information may not be disclosed or released to foreign nationals, foreign governments, or international organizations without permission by the originator of the information.

- Foreign Intelligence Surveillance Act, which is the law that allows the collection of foreign intelligence at facilities inside the United States (i.e. PRISM and Upstream collection). Information from this source may not be used in criminal investigations without approval by the attorney general.


A similar, but much less visible classification line (without the FISA-marking) is found on some other maps:

Classification line of the document marked "Pg 08" (colors enhanced)


Intelligence briefings

For most of the maps and charts it's not clear what their exact origin is, but a photo published by Newsweek shows a document with the header of the Daily Intelligence Update for the Secretary of Defense and the Chairman of the Joint Chiefs of Staff.

This briefing is dated February 28, 2023 and was prepared by the Directorate for Intelligence (J2) of the Joint Staff, which is managed by the DIA:


Title of the Daily Intelligence Update from February 28, 2023 (colors enhanced)


Besides the military maps and charts, the set of 50+ photos also contains text documents. These appear to be daily intelligence briefings which consist of one-paragraph summaries of particular events from all over the world. Four different briefings can be distinguished:

- CIA Operations Center Intelligence Update (March 2, 2023; 2 pages)

- Signals Intelligence briefing (March 1 or 2, 2023; 8 pages)

- Multiple source intelligence briefing (probably March 1, 2023; 2 pages)

- Multiple source intelligence briefing (March 2, 2023; 5 pages)


Covering events from all over the world and based upon all available sources of intelligence, these briefings are clearly intended for high-level military commanders and civilian policymakers, although they are likely also distributed among watch centers like the NSA's National Security Operations Center (NSOC).

The briefing that only contains signals intelligence appears almost identical to the NSA's Global SIGINT Highlights. Parts of the Global SIGINT Highlights from 2004 to 2012 were published in 2015 by Wikileaks, which had obtained them from a still unknown source. They were considered more embarrasing for the US than most of the Snowden documents.



NSA report about an intercepted conversation of French president Hollande.
From the Global SIGINT Highlights, published by Wikileaks in 2015
(click to enlarge)


The Global SIGINT Highlights succeeded the SIGINT Digest, which also included maps, graphics and images. By the end of 1994, the NSA started to share content of the SIGINT Digest on the JWICS version of Intelink, in order to make its intelligence products available for other agencies. However, Intelink may include information from the SCI compartments SI and TK, but not from HCS and GAMMA.



Serial numbers

In the unpublished intelligence briefings, each paragraph has one or more serial numbers which refer to the source of the information, usually an intelligence report by one of the US intelligence agencies. Here's a selection of the serial numbers from these briefings (with classification level and topic):

NSA serialized reports:
3/55/120969-23 (TS/SI, about Jordan)
Z-G/OO/121581-23 (TS/SI-G, about Israel)
3/O5/121275-23 (TS/SI, about Colombia)
3/OO/122012-23 (TS/SI, about North-Korea)
Y-G/OO/122008-23 (TS/SI-G, about Brazil/Russia)
G/RG/122297-23 (TS/SI-G, about Russia)
3/OO/122310-23 (TS/SI, about the IAEA)
Z-G/OO/122198-23 (TS/SI-G, about South-Korea)
3/IR/122434-23 (TS/SI, about Central African Republic)
G/RA/122097-23 (TS/SI-G, about Russia in Africa)
3/RT/122431-23 (TS/SI, about Nigeria)

(The format of these SIGINT serial numbers is explained here)

Australia's ASD serialized reports:
3/EE/718-23 (TS/SI, about China)

Canada's CSE serialized reports:
3/UU/442-23 (TS/SI, about Russia & Canada)

DIA reports:
DIA_F_24OUB_A (TS/SI-G, about Nicaragua)
DIA_F_24O3A_A (Secret, about war in Ukraine)
DIA_F_24OR2_A (Secret, about ISIS)
DIA_F_24ON5_A (Secret, about China)
DIA_F_24OLT_A (TS/SI, about Russia)

CIA reports:
WIRe2023-04119 (Secret/HCS-P, about Ethiopia)
WIRe2023-27480 (Secret, about satellite interference)
WIRe2023-04601 (TS/SI-G, about China)
WIRe2023-03684 (Secret, about North-Korea)

Other CIA reports:
CIA 50125415520 (Unclassified, about Israel)
CIA-DA-IA-2023-01909 (TS/SI, about nuclear security)
CIA Intel Update [date]

INR reports:
INR Night Owl Notes [date]

DEA reports:
DEA-NN-IIR-3998-23 (Secret, Haiti/Russia)

National Intelligence Council:
NIC-NICM-2023-04600 (Secret, about West/Central Africa)
NIC-NICM-2023-04261 (?, about Ukraine)

Unknown:
AFP202302281614370370 (Unclassified, about Israel)
EUW2023030116612750 (Unclassified, about Nigeria)
LIW2023022771195902 (Unclassified, about Israel)
EUW2023030167988335 (TS/SI, about Iran)
AFW2023030163657742 (Secret, Nigeria)

Compilation of NSA serial numbers found in the briefings (source)


Dates of the documents

If we look at the dates of the aforementioned documents, we see that all the text briefings are from March 1 and March 2, 2023. Some of the maps and charts have dates from the second half of February, but they seem to be part of the "Ukraine package", the latest date of which is March 1.

Some screenshots from the wow_mao Discord server show that the user called Lucca already posted the photos of these documents there on March 1 and March 2.

That means Teixeira took the printed briefings home at the end of the same day that they had been released, photographed tens of pages, posted them on his own Discord server, after which Lucca reposted them almost immediately, or ultimately the next day on the wow_mao server.

This was repeated on March 2, when Lucca reposted documents dated February 28 and March 1, mostly from the "Ukraine package". This shows how eager both Teixeira and Lucca were to share the Top Secret information.

The earliest date seen so far is January 13, 2023, which is found on a chart that was published by The Washington Post on April 18:


Leaked document that "highlights capabilities and notional flight paths
of China's supersonic reconnaissance drone, along with satellite images
of its home base at Liuan Airfield", January 13, 2023.



The access     JWICS

A frequently asked question is whether a low-level airman like Jack Teixeira had legitimate access to the documents he leaked. Given his Top Secret/SCI clearance he was allowed to work with intelligence information, but even if his unit was involved in (cyber) operations in Ukraine, it's unlikely that he had the need-to-know for high-level briefings covering events from all over the world.

But where did he get them from? The easiest way would have been that a senior commander at Otis Air Base asked Teixeira to print out his daily briefings, and that Teixeira was able to grab those papers afterwards and took them home, instead of throwing them into the burn bag to be safely destructed.

Already during the Snowden-leaks it became clear the NSA and other agencies don't impose universal checks of personnel and their belongings as they enter and leave secure facilities. Security guards only conduct random checks and use their discretion in order to keep and build the trust of the employees: "Anything that could fit in a pocket could go out undetected".

In this case, however, the number of pages Teixeira took home around March 1, 2023 was so high (which is also indicated by the unsharp folds), that they wouldn't have easily fit in a pocket, but he could have put them under his clothes.


Unauthorized access?

In the US, intelligence is disseminated through the Joint Worldwide Intelligence Communications System (better known as JWICS), which is a highly secure communications network for information up to the level of Top Secret/SCI. It has "only" around 200,000 users, so it's not like all 1.25 million people who hold a Top Secret clearance had access to the leaked files, like various press reports suggested.


On the JWICS network, access is further restricted through additional login requirements for the various tools, programs and user groups (Communities of Interest), depending on someone's need-to-know. For example, for sharing intelligence, including from the GAMMA and HCS compartments, there's a collaborative workspace called i-Space (formerly A-Space), but users have to be individually authorized to see data about a particular topic or country.


Security measures

When A-Space was launched (for 10.000 users) in 2007, an intelligence official admitted that "This is a counter-intelligence nightmare. You've got to ask yourself, if there's one bad apple here, how much can that bad apple learn?" To mitigate that risk, A-Space would be additionally secured by looking out for suspiciously anomalous searches.

Given the fact that the leaked intelligence briefings contain information from the GAMMA and HCS compartments, we have to assume that there are similar security measures in place as those for i-Space and that it's not possible to access such documents without a proper individual authorization based upon someone's clearance and need-to-know.


While the US intelligence community is improving intelligence-sharing (not only since the attacks of 9/11, but already since the first Gulf War from 1990-1991), that doesn't mean that security is ignored. How Teixeira was nevertheless able to get hold of the highly classified documents he shared on Discord is something that still has to be clarified.


UPDATE #3:

In the larger Discord server, where Teixeira called himself "unknowing", he explained his knowledge by saying: "I have a little more than open source info. Perks of being in a USAF intel unit".
He also wrote that he was able to access a site run by the NSA and that "I usually work with GCHQ people when I’m looking at foreign countries". On February 28, 2022 he said that "the job i have lets me get privilege's above most intel guys":

Discord post by Teixeira under the nickname unknowing (source)


This sounds very similar to Edward Snowden again, who once said: "What was special about me was I had a special clearance called PRIVAC, which meant I could see across silos. I saw the big picture."
PRIVAC stands for Privileged Access and is described as "a higher level of access than the level of access needed to perform normal processes and system operations", which means these people have the capability to change network addresses, copy data, and install apps without raising red flags.
After Snowden, the NSA intended to reduce the number of PRIVAC users, but in 2016, the DoD Inspector General found that the agency had failed to do so.


UPDATE #4:

From the government's motion for pretrial detention of Jack Teixeira, which was released on April 27, 2023, it became clear that he had a "troubling history of making racist and violent remarks". Teixeira had been suspended from high school in 2018 for alarming comments about the use of Molotov cocktails and other weapons. This behavior was so disturbing that it was flagged by local police when Teixeira applied for a firearms identification card.

Prosecutors also made public a series of social media posts from 2022 and 2023 in which Teixeira expressed his desire to kill a "ton of people" and cull the "weak minded," and described what he called an "assassination van" to kill people in a "crowded urban or suburban environment." In his bedroom, investigators found a small arsenal, including handguns, bolt-action rifles, shotguns, an AK-style high-capacity weapon:

FBI photo of the firearms found in one of Teixeira's bedrooms


This raises serious questions about how it was possible that Teixeira was granted a Top Secret/SCI clearance. Some suggested that his behaviour might not have been very different from what is common among young airman - the investigation of the January 6 attack on the Capitol found that the military services included too many neo-Nazi and white supremacy extremists, including in their intelligence ranks.

Former NSA general counsel Glenn Gerstell said that "repugnant views and having lots of guns in your bedroom are not automatically going to disqualify you for a security clearance", especially because the US government has for decades struggled to attract sufficient IT and cybersecurity talent.

The Defense Counterintelligence and Security Agency (DCSA) confirmed that its background investigations do "not include automated checks of social media or chat rooms." A review of a serving individual's social media is only likely if their superiors have a reason to be alarmed, which is not only due to a lack of manpower, but also because it's difficult to attribute anonymous profiles.


UPDATE #5:

On December 11, 2023, the US Air Force released a report by its Inspector General which identified a range of deficiencies at Otis Air National Guard Base:

- Four cases of suspicious behaviour by Jack Teixeira weren't properly reported to security officials;
- IT specialists received weekly intelligence briefings to better understand the importance of their work, but this "know your why" effort was improper in that it provided higher level classified information than was necessary;
- Some personnel believed having a TS-SCI clearance meant users had approval to examine any information they could find on JWICS;
- No permission controls were in place to monitor print jobs, so any night shift member had ample opportunity to access JWICS sites and print a high volume of products without supervision or detection;
- Unit members described trusting their coworkers without verifying access or need to know and inconsistently practicing certain disciplines;
- Unit leaders created a critically permissive culture that reinforced risk-accepting behaviors at inappropriate levels.

As a result of the investigation, no less than 15 Air National Guardsmen have been disciplined, including the wing and group commanders, as well as more junior officers and noncommissioned officers.


> See also: New details about the Pentagon Leak



Links and Sources

- PBS Frontline documentary: The Discord Leaks (Dec. 12, 2023)

- The New York Times: The Next Intelligence Leak Could Be Prevented (April 24, 2023)
- The New York Times: Airman Shared Sensitive Intelligence More Widely and for Longer Than Previously Known (April 21, 2023)
- Financial Times: The Pentagon leak: how a low-ranked 21-year-old accessed top US secrets (April 19, 2023)
- Newsweek: Read the Leaked Secret Intelligence Documents on Ukraine and Vladimir Putin (April 16, 2023)
- PwnAllTheThings: Pentagon Leaks: What's the Damage? (April 15, 2023)
- Emptywheel: Jack Teixeira: Leak Dumps Don’t Care about (the Story You Tell about) Motive (April 15, 2023)
- The New York Times: The Airman Who Gave Gamers a Real Taste of War (April 13, 2023)
- The Cipher Brief: Leak Questions Begin To Center Around A Cell Phone (April 12, 2023)
- The Washington Post: Discord member details how documents leaked from closed chat group (April 12, 2023)
- Verschlusssache: Was steht in den Geheimpapieren? (April 11, 2023)
- Emptywheel: The Thug Shaker Leaks (April 9, 2023)
- Bellingcat: From Discord to 4chan: The Improbable Journey of a US Intelligence Leak (April 9, 2023)
- Motherboard: Pentagon’s Ukraine War Plans Leaked on Minecraft Discord Before Telegram and Twitter (April 7, 2023)
- The New York Times: Leaked documents expose US-NATO Ukraine war plans (April 7, 2023)
- Politico: Leaked military documents on Ukraine battlefield operations circulated as early as March (April 7, 2023)
- The Gray Zone: Leaked documents expose US-NATO Ukraine war plans (April 7, 2023)
- The New York Times: Ukraine War Plans Leak Prompts Pentagon Investigation (April 6, 2023)


8 comments:

Anonymous said...

I still want to know whose character sheet that was and what RPG it was for.

Anonymous said...

There's a write up on that already. According to Motherboard, it's probably from a game called Call of Cthulu. https://www.vice.com/en/article/ak3d5z/leaked-classified-documents-also-include-roleplaying-game-character-stats

Anonymous said...

Are the leaked Australian and Canadian serialised reports available online anywhere?

P/K said...

Not that I know of, but their content has likely been already been reported on

Anonymous said...

Nice writeup. Any more coming?





P/K said...

Thank you! Regarding this case, I will update this post when new information emerges.

Anonymous said...

can you link the aussie report? tks, mate!

P/K said...

The serial report by Australia's ASD is about China Communist Party members indicating that Han Zheng would become China's next vice president. So nothing very special.

In Dutch: Meer over het wetsvoorstel voor de Tijdelijke wet cyberoperaties