At least 100 apparently classified documents have been leaked online in the most significant unauthorised release of US intelligence material since the large-scale disclosures by former contractor Edward Snowden in 2013.
The documents largely relate to the war in Ukraine, including recent battlefield information, but also include details intercepted by the US from allies including South Korea and Israel.
What are the documents?
The Financial Times reviewed dozens of the files, which consist of photographs of creased printouts of briefing materials containing operational data on the war in Ukraine, as well as intelligence updates on the war and on the Middle East and Asia. Officials and analysts believe the use of photographed printouts suggests the documents were leaked rather than hacked.
The documents, laid on top of magazines and surrounded by objects such as Gorilla Glue and nail clippers, appear to come from briefing materials for senior US officials, and include purported information prepared by the Joint Chiefs of Staff and the CIA operations centre. Officials said hundreds or even thousands of people could potentially have access to the documents.
How did they come to light?
Analysts say some of the information was posted on the messaging platform Discord as early as January. US defence secretary Lloyd Austin was first briefed about the leaks on April 6, when some of the files began appearing on a Telegram channel related to Russia’s invasion of Ukraine.
According to analysis by Bellingcat, the Discord channels where some of the March documents were posted focused on the Minecraft computer game and fandom for a Filipino YouTube celebrity, before they spread to 4Chan and later Twitter and Telegram.
Much of the information is relatively current, with the most recently released slides from about early March. While the FT could not independently confirm the authenticity of the documents, the highly specific information and markings help lend them credibility. Defence officials say the documents look authentic and appear to contain highly classified and sensitive information, though some appear to have been altered.
What do the documents say?
The documents largely pertain to Russia’s invasion of Ukraine, with detailed maps, battlefield inventories and other information. Particularly worrying, current and former officials said, was that the documents contained information relevant to Ukraine’s soon-to-begin counteroffensive — though they did not contain specific plans for the counteroffensive itself.
Some of the documents detail critical Ukrainian air defence shortages, which could help Russia achieve its goal of air superiority as soon as May if Ukraine is to run out of anti-aircraft missiles.
A February 23 analysis echoes what defence and military officials have been saying publicly, that the fighting in the east is a “grinding campaign of attrition” that looks headed towards stalemate.
Another slide suggests that approximately 100 special forces troops are operating in Ukraine, including from the US, Great Britain, France, Latvia and the Netherlands. Other documents say that the US deeply penetrated Russia’s military: for example, it had Russian plans for striking Ukrainian forces in Odesa and Mykolayiv in early March. The documents also contain detailed insight into the paramilitary Wagner group, which allegedly sought to covertly buy arms from Turkey.
There are assessments of Russian plans for disinformation campaigns in Africa, as well as reports that a pro-Russia hacking group had penetrated Canada’s gas distribution network and could launch future attacks if directed to do so.
The documents reveal a previously unknown US satellite surveillance system called LAPIS, which produces what is described as “time-series video”.
Also included are details about Israel’s Mossad, whose leaders allegedly urged people to join anti-government demonstrations, according to signals intelligence. The Israeli government has denied this claim.
The leaks also contain purported details of internal deliberations by South Korean officials on whether to send ammunition to the US, which might be passed on to Ukraine. Seoul has resisted pressure from western officials to give military assistance to Ukraine.
How does this compare with previous breaches?
While officials are still rushing to understand the scope and scale of the breach, it appears to involve fewer materials than the terabytes of information stolen in 2013 by then National Security Agency contractor Snowden or thousands of state department cables published by WikiLeaks beginning in 2010.
But while those leaks are more comprehensive, the information emerging over the past few days is more current, and officials are hurrying to figure out how it could affect the Ukraine war. The leaks include secret and top secret documents, with different markings indicating whether the information was collected by eavesdropping or human sources, and different levels of permitted access.
The release of the documents has caused alarm throughout Washington and across the intelligence community.
What does this mean for the future?
The Department of Justice has launched a criminal investigation into the leaks and the Pentagon is conducting its own assessment, as well as considering how the information was distributed and who had access to it. Western officials say that finding the source of the leak could take time, but they assume that those responsible will face steep consequences once located.
Current and former officials have warned that the information included in the leaks is highly sensitive and could potentially endanger the lives of human sources. They are working to assess how the leaks could affect the battlefield, as any Russian effort to clamp down on existing communications channels could hinder future planning.
Former officials said that whenever intelligence was revealed indicating that the US had spied on a national leader, it had the potential to chill that relationship in the future.
Additional reporting by Chris Cook in London