Last week, news organizations realized something quite remarkable: A trove of 100 secret US military and intelligence documents had been posted in the far-flung corners of the internet.
The files reveal closely held information about US operations, like a suggestion there are up to 100 NATO special operations officials in Ukraine, and details about casualty counts for both Russia and Ukraine. They indicate that the US has infiltrated Russian intelligence groups and has inside knowledge of hacking attempts on a Canadian pipeline. And they show in some detail what the US has gleaned from spying on partners such as Israel, Egypt, and South Korea.
And most bizarrely, the documents surfaced more than a month earlier on anonymous, decentralized web forums dedicated to gaming, like a Discord channel devoted to Minecraft, and after that on 4chan.
Now, more details are beginning to emerge about the documents’ provenance. On Wednesday, the Washington Post reported they had found the original Discord group where the documents — and hundreds more yet unreported — had been posted. They spoke to two of the group’s members, and described the leaker as a “young, charismatic gun enthusiast” who said he worked on a military base. The alleged leaker was filmed shooting a weapon after yelling racial and antisemitic slurs at the camera, and shared the intelligence with the tight-knit group of mostly young men.
The classified files emerged as recently photographed folded documents that may have appeared as daily briefings for the military’s top leaders. They represent a major intelligence breach and offer insights into the US role in defending Ukraine from Russia’s invasion and other major geopolitical arenas.
For now, the documents’ ambiguous provenance, the somewhat surprising platform on which they were first posted, the signs that at least several were doctored, and the inability to independently verify them mean it’s difficult to draw sweeping conclusions.
But the US government is racing to try to contain the fallout. The Justice Department opened an investigation into the leaks, the Defense Department and several other government agencies are together assessing any impact on national security, and Pentagon leaders are angry and scrambling to undo the damage. Congress has asked to be briefed, and allies are reportedly frustrated and confused.
Gavin Wilde, a Carnegie Endowment expert who previously worked in the White House and at the National Security Agency, says the documents expose the contradiction between the incredible intelligence-gathering capacity of US agencies and their apparent sloppiness in handling sensitive information. “It’s just the latest indication that the intelligence bureaucracy is both remarkably adept and remarkably inept in this new misinformation environment,” he told me. “The way we think about counterintelligence clearly needs to be more coherent.”
“That’s a paradox to me,” Wilde continued, “that on one hand, these documents appear to show an intelligence community that excels at what it’s charged with doing, while being kind of catastrophically inept at another aspect of what it’s supposed to do. ... It really vexes me that it took over a month for them to gain popular notice.”
What the leaks reveal
The documents, according to several former officials I spoke with, seem to be photographed from a briefing book for a high-level US military leader and perhaps shared with allies. The number of individuals who might have access to such documents, these sources speculated, might number into the hundreds or even low thousands. What was most noteworthy is the scope of the information, which includes a variety of maps that show Ukrainian and Russian positions and in-depth intelligence reports.
“The documents appear — and I want to emphasize appear — to potentially reveal sources and methods,” says Glenn Gerstell, who served as general counsel of the National Security Agency from 2015 to 2020 and now works as an adviser to the consulting firm Beacon Global Strategies.
This may compromise the US’s ability, for example, to spy on Russia.
The breadth and depth of the documents are also important. The documents are current — dated in late February or early March of this year — and cover a wide range of topics, beyond just Ukraine. While 100 documents is a lot, it’s not near the scale of the leaks published by Chelsea Manning or Edward Snowden. Asked if the leak was contained or whether more files were out there, White House spokesperson John Kirby said, “We don’t know. We truly don’t.”
The Post on Wednesday said it had reviewed about 300 photos of classified documents that the alleged leaker shared with his Discord group, “Thug Shaker Central.” Bellingcat had previously flagged this group as the likely origin of the documents.
Among other surprising findings, the documents reveal the Israeli intelligence agency Mossad supported protests against Prime Minister Benjamin Netanyahu as he pushed for a major judicial overhaul in the country. The Washington Post cites a document that says Mossad leaders “advocated for Mossad officials and Israeli citizens to protest the new Israeli Government’s proposed judicial reforms, including several explicit calls to action that decried the Israeli Government, according to signals intelligence.” Israel has not provided weapons to Ukraine, and a document from February 2023 shows “scenarios that could drive Jerusalem to provide lethal aid” to Ukraine.
Then there are revelations about Egypt, which, as one of the US’s closest Middle East partners, has received billions of dollars in military aid. But a leaked document reveals a scheme to possibly support Russia with armaments. According to the Washington Post, Egyptian President Abdel-Fattah El-Sisi had “recently ordered subordinates to produce up to 40,000 rockets to be covertly shipped to Russia.”
Other revelations continue to surface. Serbia, which has stayed neutral in the Ukraine war, has agreed to supply weapons to Kyiv, according to a document. (Serbia denies this.)
The leaked files offer new details about personnel losses in the Russia-Ukraine war, which both sides of the conflict have tried to keep secret. The New York Times says, “One document reports the Russians have suffered 189,500 to 223,000 casualties, including up to 43,000 killed in action,” while another notes that “as of February, Ukraine had suffered 124,500 to 131,000 casualties, with up to 17,500 killed in action.” Pro-Russia accounts on the social media platform Telegram doctored some of those casualty numbers before recirculating the documents.
Several maps show detailed troop movements, the state of Ukrainian and Russian weaponry, and even the “Mud-Frozen Ground Timeline,” by month, which could be helpful in assessing the path of tanks on the battlefield. One top-secret document lays out the shortcomings of the Ukrainian military and says Ukraine would only make “modest territorial gains” in its counteroffensive.
Some of that information may already be outdated, but given the dates printed on the files, it may give Russia and other US adversaries the ability to reverse-engineer the sources of US intelligence.
“This has the real potential for actually genuinely hurting national security,” says Gerstell. “In prior leaks, people said that, but what they really meant was it was politically embarrassing or awkward or hurt our relationships with allies. And this is a little different.”
Why did these documents get leaked, and what happens now?
It’s still not confirmed who the leaker is. The Post’s reporting painted a picture of a man who, according to one of the Discord group’s members, shared the documents for “a little bit of showing off to friends, but as well as wanting to keep us informed.” But his identity remains unconfirmed, and many questions still remain about motives and sourcing.
Whatever the content of the files, the leak itself is likely to be favorable to Russian President Vladimir Putin in at least two regards: netting a propaganda win and showing valuable insights into how US agencies work.
Though some analysts had previously argued that its origin is Russian intelligence, it’s not clear why they would want to blow up such a goldmine of a source and publicize inside information. And the hastiness of the files being posted on seemingly arbitrary forums suggests it’s not an influence operation or malevolent intelligence agency. “I cannot comment on this in any way. You and I know that there is in fact a tendency to always blame everything on Russia,” Kremlin spokesperson Dmitry Peskov said earlier this week.
The Biden administration is now pushing to ensure that the leak is plugged. President Joe Biden on Thursday said that the investigation is “getting close” to identifying the leaker. And though he downplayed the content of the leaks, he said he was “concerned that it happened.”
Those concerns may translate to a major tightening of access, and probably in some cases a blanket shutdown of certain intelligence sharing, perhaps to the detriment of US policymaking as different channels get more siloed. “It will definitely kick off another cycle of caution, where everybody kind of starts to lock things down and start to reassess how much they’re comfortable sharing with each other,” Wilde told me.
In a statement, Discord said that they were cooperating with the investigation and could not provide any additional details.
“This is information that has no business in the public domain,” Kirby told reporters from the White House lectern. “It has no business, if you don’t mind me saying, on the front pages of newspapers or on television. It is not intended for public consumption, and it should not be out there.”
But now that it is out there, it reveals the very human aspects of the high-tech wars the US is engaged in. For all of the advanced weaponry the US is giving Ukraine, this is a war between humans, and when you have a lot of humans with access to highly secret information, there is always the potential for a breach. People make mistakes, and they apparently love to show off their access in posts on platforms like Discord.
Update, April 13, 11:30 am ET: This story was originally published on April 10 and has been updated twice with more details on the revelations contained within the leaked documents and their reported origins.