How Did Reality Winner Know to Look for the Russian Hack Document?

There’s a detail about the Reality Winner case that I’ve been thinking about. She appears to have known to look for the report she ultimately leaked to The Intercept. From the SW affidavit:

On or about May 9. 2017. four days after the publication of the classified report, WINNER conducted searches on the U.S. Government Agency’s classified system for certain search terms, which led WINNER to identify the intelligence reporting. On or about May 9, 2017, WINNER also printed the intelligence reporting. A review of WINNER’S computer history revealed she did not print any other intelligence report in May 2017.

And the complaint:

On June 3, 2017, your affiant spoke to WINNER at her home in Augusta, Georgia. During that conversation, WINNER admitted intentionally identifying and printing the classified intelligence reporting at issue despite not having a “need to know,” and with knowledge that the intelligence reporting was classified.

So days after a report for which she didn’t have the need to know was completed, she knew the search terms to use to find it.

How did she learn about it?

I assume she heard about it from chatter among colleagues (I wonder whether anyone else who didn’t have a need to know searched for the report as well, perhaps only to read it to leak its substance?). But I find it striking that a somewhat innocuous report generated enough chatter for her to go looking for it.

19 replies
  1. lefty665 says:

    Whole damn thing has smelled fishy from the beginning. Operation Reality Winner… an eponymous project whose name fits a little too perfectly with the spooks naming conventions.
    Objective: Reinforce that the Ruskies did it.


    • Bob In Portland says:

      More propaganda to reinforce the Russian hack scam.

      I also see a propaganda move to paint Sanders revolutionary red. The baseball shooting is at least the second incident of a “Sanders supporter” using deadly force. Right-wingers linked the Nazi throat-slasher in Portland to Sanders. It seems to be a happening thing.

      • Watson says:

        Agreed. But with gun use so sanctified, and with Trump having endorsed the use of ‘the Second Amendment solution’, it should be hard for the Tea Party types to characterize the baseball shooting as anything but a noble act.

  2. greengiant says:

    Simpler to assume she was not set up. She could well have been triggered by social media or news reports which would fit in with sending it to the intercept and having learned through social media there “was” a bias there. One can imagine the search engine on her government net being a little dodgy, “clean” data only, lower level classification and the 39 state intelligence not even accessible to her. A most recent report dated May 5 and she pulled it on May 9?
    The russian “actors” did do it. Where else do you think you go for contractors? Maybe someone will hack a video game from a US ISP but they are asking for trouble if they go after money or intelligence. The voting hacks in Russia in 91 and 96, the US forever, and the hack is done wherever, precinct, county or state just so the numbers all jive. “Are you asking for a hand count” and the response in Michigan and Wisconsin and everywhere else is “you can leave now, we don’t do that”, nor wlll we run a test set of ballots through. Vote tabulators built with 1990s technology using soviet memory voting cards equivalent to USB drives with a shell game of Slavic and foreign ownership of election machines.
    Problem, Trump may not be an elite made neo-con, but he is one low level criminal. When the elite neo-s impeach Trump there are still otherwise intelligent actors for whom Trump is the american savior. Thinking this will be a bigger problem than the suicidal Democrat party elite.

    • bmaz says:

      Based on all info to date, very much inclined to agree….she was not set up, but, for a variety of reasons and motivations, most of which we have no idea about as to her mind personally, walked forthright right into this.

    • Procopius says:

      Wait, what… ? “She could well have been triggered by social media or news reports …” The report had only been completed a few days before? It was classified Top Secret? What social or news media were reporting on it so quickly? It seems pretty clear there isn’t much effort to enforce “need to know,” but there seems to be an awful lot of gossip going on among the five million contractors working for the Intelligence Community.

  3. harpie says:

    O/T for Rayne,

    If you’re interested, here’s the “probable cause statement for the involuntary manslaughter charges in the Flint water crisis” via Buzzfeed’s Chris McDaniel

    There are some dates indicating who knew/did what wrt: Legionnaires.

    • harpie says:

      …includes this:

      31. Dr. Janet Stout, President and Director of Special Pathogens Laboratory at the University of Pittsburgh, will testify that Flint’s source water change and the subsequent management of the municipal water system caused conditions to develop within the municipal water distribution system that promoted legionella growth and dispersion, amplification, and the significant increase in cases of Legionnaires’ Disease in Genesee County in 2014 and 2015. Further, that there is currently no evidence or information that demonstrates that the water system at McLaren-Flint hospital is currently at a greater risk for colonization or amplification of legionella than other comparable buildings in Flint.

    • harpie says:

      [All of the following is from the above-linked document, except the bio information is from the state website.]
      XX Oct 2014– Dr. Paul Kilgore [Associate Professor at Wayne State University’s School of Pharmacy] will testify that, with the information available to the MDHHS, a Legionnaires’ Disease outbreak should have been publicly declared in October 2014.
      XX Feb 2015 Snyder creates new agency MDHHS by Executive Order. MDHHS is a merger of the former Michigan Departments of Human Services (DHS) and Community Health (MDCH).
      10 April 2015-Nick Lyon is appointed by Snyder as director of the Michigan Department of Health and Human Services (MDHHS). [Previously, Lyon had been appointed as MDCH director beginning in September 2014 and interim DHS director in December of 2014. Lyon was MDCH chief deputy director beginning in 2011. BA Economics/Political Science, Yale, 1990]
      11 Jan 2016– Meeting: [Snyder Cabinet member testimony] Cabinet meeting: cabinet member, Lyon, Wells, Snyder, MDEQ Director Keith Creagh, others; Lyon and Wells were overheard by “others in that meeting” discussing Legionnaires outbreak and asked to explain. Lyon is said to have “acknowledged that there was a Legionnaires’ Disease outbreak, but explained that it was isolated to one healthcare institution.”
      XX Jan 2016– Shawn McElmurry, Associate Professor of Civil Engineering at Wayne State University will testify that he was “contacted by Harvey Hollins of Governor Snyder’s Office and was asked to conduct research into whether Flint’s switch in drinking water source caused the Legionnaires’ Disease outbreak”
      Early summer 2016-Meeting: [McElmurry testimony]; McElmurry, Dr. Paul Kilgore [Associate Professor at Wayne State University’s School of Pharmacy], Lyon, and Governor Snyder’s Senior Advisor; regarding McElmurry research.

      McElmurry testimony: Lyon: indicated “they could not afford” that surveillance; Kilgore: the decision [Lyon] was making could cause more people to die; Lyon said he “couldn’t save everyone.”
      Kilgore testimony: witness “explained the necessity of their research because they still did not know the source of the outbreak, and more people could die.  Lyon responded that “they have to die of something.”

      12 Aug 2016-[McElmurry testimony] Flint Water Inter-Agency Coordinating Committee meeting; discussion afterwards with McElmurry, Lyon, Creagh, Wells and others; Lyon asked McElmurry to explain his research, and then questioned the scientific value of the study and stated that McElmurry had to “balance the value of finding information and upsetting the public.”
      16 Dec 2016-[McElmurry testimony] [A member of the research team had previously said publicly “that the research team still had concerns about the water”] McElmurry received a phone call from a Senior Advisor to Governor Snyder stating that he “needed to get on message,” that the public statement had made his boss “very unhappy,” and threatened to “pull funding for his research”.
      XX Feb 2017-[McElmurry testimony] Meeting: McElmurry, Lyon, Wells; “McElmurry was directed to stop his retrospective analysis because it “proved problematic.””
      14 Feb 2017-[Julie Borowski, Compliance Director at McLaren Hospital in Flint testimony], McLaren received a letter from Lyon ordering the hospital to correct conditions because “McLaren Flint’s water system is a nuisance, unsanitary condition, or cause of illness,” or they would shut the hospital down.
      14 June 2017-Nick Lyon charged with involuntary manslaughter in connection with actions/inactions wrt: legionnaires outbreaks

  4. Watson says:

    O/T: Re today’s shootout at the congressional baseball practice:

    There’s a gallows humor aspect to gun violence in the USA.

    It’s kinda like Jason Pierre-Paul, the NY Giants football player who blew off half of his right hand a couple of Fourth-of-July’s ago. He thought that playing with fireworks was amusing. The ‘joke’ turned out to be on him.

    So Americans think it’s cool to have lots of guns. Well …

  5. SpaceLifeForm says:

    Highly recommend everyone to not use tor.
    And if you have been, stop. You are not anonymous. In fact, you are drawing attention to yourself.

    That is all. Have a good day.

    • RickR says:

      Need a little more info please. Nothing on the blog or mailing lists apart from Kitten1 & Kitten2 issue. Something on IRC maybe?
      Are you suggesting that Torproject is operating in bad faith?

  6. bloopie2 says:

    Sorry, but I can’t feel pity for the Republicans. Next time one of them says “there’s too much government regulation”, read him this comment from an observer of the London fire last night in which a 24-story public housing tower went up in flames, killing at least 12, likely because of lax construction oversight: “I didn’t want them [my sons] to see what I saw. I said there had been a fire but the police had evacuated everybody. I tried to protect them but they could hear the people. I could hear people shouting: ‘Please, I have got kids, please save my kids.’ It makes you feel useless. You hear that, you have children and it makes you feel so weak, it makes you feel like nothing. I hope they [my sons] will forget what they heard. But me, I will never forget.”

    • P J Evans says:

      I understand people living in that tower had been worried and had complained publicly about problems.

  7. RickR says:

    Maybe I don’t understand the question. Knowing what to search for seems pretty trivial for someone who is intelligent and familiar with the system and the way documents tend to be formatted/worded. A simple “title/text/both” is what I’d expect her to be dealing with. Or maybe she was was just browsing all new stuff regularly every several days (simple date range search).
    I’m tasting the Kool-Aid that the affair was an op but I’m not thinking RW was a player. As I mentioned here when this first hit the blog. It seems to me that a “probalistic leak” would suffice. Just put it out there among 500,000 contractors with security clearance. I expect system managers track search terms that are most commonly entered. Sweetening the doc with a few commonly used generic terms would help. With a topic this hot it would hardly be missed. If it doesn’t leak in a prescribed time frame a plan B to force the action might be needed.
    Is the leak intended? I vote yes. I’ve never liked Rogers. With his somewhat checkered history and unorthodox style he’s a creepy spook (as opposed to, say, Clapper, a normal spook). So an on-message leak, a jailed leaker, and a somewhat embarrassed Intercept is a nice little op for the Donald to enjoy.

  8. Brad says:

    Seems odd too that it was only a single leaked document. I don’t know much about leaks, but wouldn’t there be a greater payoff in releasing several documents, even if they are only loosely related (e.g. The Russian hacks)?

  9. RexFlex says:

    I’m puzzled what a linguist with languages relating to Afghanistan and Iran under her belt was doing with access to the data she stole? Seems out of her sphere of expertise.

    Didn’t we learn anything from Snowden and the lax internal scrutiny at BAH?

    Also, the printer dot tool aside, what real loss occurred to the NSA by this particular data being released?


    • RickR says:

      “…. learn… from Snowden…?”
      Yes. WE learned the nature and intent of the IC/IT complex. The COMPLEX learned that they have to tighten up to avoid having leakers like Snowden.

      To me, the most interesting aspect of the contractor IT complex and the RW issue is this: What if someone with truly sinister intentions and better tradecraft sought information without the need for physical devices? Their purpose would be to retrieve/read/remember. How do you stop that?
      The RW affidavit goes to great lengths to present and explain (almost ad nauseam) the physical evidence. Without it the case would be almost completely circumstantial.

Comments are closed.