The Intercept might have unwittingly helped unmask Reality Winner, a government contractor who allegedly leaked a NSA document about Russian hacking to the news outlet.
On 5 June, The Intercept published a “Top Secret” National Security Agency (NSA) document detailing Russian efforts to interfere in the 2016 U.S. presidential election.
“Provided anonymously to The Intercept and independently authenticated,” the report reveals that Russian military intelligence conducted a digital attack campaign against a U.S. voting software supplier and sent spear-phishing emails to 100 local election officials.
These actions appear to support the view that Russia meddled in the election beyond having hacked the Democratic National Committee, an incident which EVERYONE (We’re looking at you, Mr. President.) finally agrees involved Russian military activity.
Later that same day, the Justice Department published an “Affidavit in Support of Application for Arrest Warrant” against Reality Leigh Winner. A 25-year-old government contractor with Pluribus International Corporation, Winner was arrested by the FBI in early June on the suspicion that she “willfully retained and transmitted classified national defense information to a person not entitled to receive it in violation of 18 U.S.C. § 793(e).”
The affidavit doesn’t mention any names, but it’s clear it’s accusing Winner of having leaked the NSA report to The Intercept.
As FBI Special Agent Justin Garrick explains in the affidavit:
“On or about May 9, 2017, WINNER printed and improperly removed classified intelligence reporting, which contained classified national defense information and was dated on or about May 5, 2017 (the ‘intelligence reporting’) from an Intelligence Community Agency (the ‘U.S. Government Agency’) and unlawfully retained it. Approximately a few days later, WINNER then unlawfully transmitted the intelligence reporting to an online news outlet (the ‘News Outlet’).”
How did Winner get caught? Well, it looks like the “News Outlet” had something to do with it.
According to Garrick’s affidavit, The Intercept reached out to the NSA on 1 June 2017 about publishing the document in an upcoming story. As part of the correspondence that ensued, the news outlet sent the NSA the report. An analysis of the document revealed that some of the pages had been folded or creased, suggesting that someone had printed it and carried it out of a secure facility.
The NSA subsequently determined that six individuals had printed the document. How? The intelligence agency logs its print jobs. Most newer printers leave patterns of nearly invisible yellow dots on the documents they print, so it’s possible to trace something like a Top Secret report to a print job.
(For more information about how the NSA might have traced the leaked document, read security expert Robert Graham’s write-up here.)
An internal audit yielded evidence that Winner had communicated with The Intercept. Garrick subsequently spoke with Winner at her home on 3 June 2017 about the leak, at which point in the time the contractor admitted to having stolen the document knowing full well that “the contents of the reporting could be used to the injury of the United States and to the advantage of a foreign nation.”
It appears The Intercept did no one any favors in publishing the report and sending a copy of it to the NSA. On the one hand, it probably sought to protect Winner as its source. But the document did originate from the NSA, after all. It’s a bit short-sighted of the The Intercept’s staff (and Winner, of course!) to think the NSA doesn’t have means of tracking its Top Secret reports.
On the other hand, The Intercept might have thought it was serving the public interest by publishing the report. But government agencies like the NSA classify information for a reason (not always a good one, but a reason nonetheless). This fact doesn’t even include the myriad of investigations that are examining Russian interference in the 2016 presidential elections. A leak like this could very well have some bearing on the outcome of at least some of those investigations.
No one “won” from this leak. At a bare minimum, it caused lots of headaches in the intelligence community, and it may have changed the life of one young woman forever.
For more discussion on this case, check out this episode of the “Smashing Security” podcast:
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.