Jack Teixeira: Leak Dumps Don’t Care about (the Story You Tell about) Motive
Dan Froomkin says reporters should call Jack Teixeira’s release of highly classified documents “theft,” not a leak, distinguishing “public-spirited” leakers from “self-serving … thieves.” Spencer Ackerman muses that Teixeira, “leaked for that most ineffable thing, something nonmaterial but nevertheless hyper-real in the logic of the poster, and particularly the right-wing-chud poster: clout.” Charlie Savage suggests something distinguishes this case, legally, from those of everyone else (among a limited subset) who took classified information. Glenn Greenwald has been all over the map, in one breath calling this, “a bullshit leak, despite some relevant docs, the impact of which has been severely overblown from the start,” but then applauding Tucker Carlson’s focus on the altered casualty numbers in Ukraine and Tucker’s claims that even Fox has factchecked as an example of, “the significant revelations these leaks provide.”
Now he’s just making shit up about WaPo and NYT hunting down Teixeira, shit that a quick reading of the arrest affidavit readily debunks, shit that ignores that WaPo’s source(s) for hundreds of still-unpublished documents, at least, are one or more of the Discord chat kids, to whom WaPo has given source protection (that will be utterly meaningless in the face of the subpoenas already served).
A bunch of people who made their careers because a young, narcissistic IT guy stole a shit-ton of records about which he had little personal expertise — some incredibly important, a great many useful only to America’s adversaries — seem to be uncertain what to make of Jack Teixeira, who, early reports at least suggest, is an even younger narcissistic IT guy who stole a smaller shit-ton of records about which he had even less personal expertise, some newsworthy, some useful primarily to America’s adversaries.
We will likely have the rest of Teixeira’s young life to get a better understanding of why he allegedly did what he did, which may well be very different than what he told the kids in the Discord chat rooms about why he did what he did, who in any case are entirely unreliable narrators. But then, they may be no more unreliable, as narrators, than Greenwald is about Edward Snowden, and for a similar reason: because their identity is wrapped up in a certain narrative about this dude.
Since this age of the leak dump started, journalists have been sustaining self-serving stories about what leak dumps really are.
That Ackerman treats Josh Schulte’s hack-and-dump in the same breath as the leak dumps of Chelsea Manning or Edward Snowden, calling Teixeira’s leaks, “something different than the Snowden leaks, Manning leaks or, say, the Vault 7 hack,” is a great example of that. At trial, Schulte didn’t so much claim he was a whistleblower as he was a scapegoat, someone the CIA already hated to blame for an embarrassing compromise. But in his second trial, in the course of representing himself, he performed precisely what the government said he was: a narcissistic coder — KingJosh, he called himself — exacting revenge for the escalating personnel problems he caused after his manager moved his desk. “I think you are playing into the government’s theory of the case,” Judge Jesse Furman warned in a sidebar during Schulte’s cross-examination of a former supervisor, “by making clear to the jury that even today you remain aggrieved by you as being mistreated.”
Vault 7 was not a noble leak. It was an epic act of nihilism. A man-boy retaliating because he couldn’t get his way at work.
And except for security researchers in the business of attributing CIA hacks, the Vault 7 files weren’t all that newsworthy, either — though they did give Julian Assange a way to pressure the Trump Administration. Plus, the fate of both the Vault 7 files during the nine months between leak and publication, during a period when Assange was a key part of a Russian influence operation, as well as the Vault 8 source code included in Schulte’s guilty verdict, remains unknown. In a letter attempting to exonerate himself (even while exposing the protected identities of several colleagues), Schulte himself described the value that the source code would have for Russia, particularly during that nine month window before the CIA learned Schulte had hacked them:
So much still unknown, and with potential (yet unconfirmed) link between wikileaks and Russia–Did the Russians have all the tools? How long? It seems very unlikely that an intelligence service would ever leak a nation’s “cyber weapons” as the media calls them. These tools are MUCH more valuable undiscovered by the media or the nation that lost them. Now, you can secretly trace and discover every operation that nation is conducting.
I don’t imagine that these issues were what Ackerman had in mind, when comparing Schulte to Manning and Snowden, but perhaps he should give some thought to why he believes otherwise.
Meanwhile, Marjorie Taylor Greene is already creating a heroic myth about Teixeira not all that dissimilar from the myths WikiLeaks spun about Schulte that Ackerman appears to still believe.
Maybe, like Chelsea Manning, a struggle with his own demons made Teixeira more apt to leverage classified records to win the adulation of a bunch of teenagers. Or maybe, like Schulte, he really is the racist shithole he sounds like.
Or both.
We may never learn how much damage these leaks did such that we could adequately balance their value against their cost. We will undoubtedly get inflammatory claims from prosecutors if Teixeira is ever sentenced, which may or may not be backed by some damage assessment that will get declassified in a decade or three.
Because it’ll be some time before we really understand this guy, because journalists seem to be struggling to understand how to treat him, I thought it worthwhile to lay out some lessons I have learned from covering leak-dumps for 15 years, lessons that have resulted in a radically different view than the Manichean belief in good dumps or bad dumps others have.
Leak dumps don’t care about all that.
In what follows, I’m not questioning the value of (some) of Snowden’s and Manning’s leaks. I’m saying that some of the people most closely involved haven’t taken a step back, in the decade since, to see what we’ve learned since, including some things these celebrated leakers have in common with what we know, so far, of Teixeira.
It’s worth distinguishing leaks from people knowledgable about what they’re leaking
Those who’ve worked on past leak dumps like to compare the leakers with Daniel Ellsberg, a comparison Ellsberg has welcomed.
But for most, there’s something that clearly distinguishes this later group of leakers: many don’t have expertise on the specific files they’re leaking.
Indeed, several of these leakers obtained new jobs while they were already contemplating leaking (or, in Snowden’s case, long after he had started collecting documents to leak). Several took files entirely unrelated to their jobs.
By comparison, Ellsberg was a PhD who leaked the Rand study he worked on himself.
To the extent that prior leak dumpers leaked files they didn’t have specific reason to want to expose, they often did so out of a generalized malaise, usually stemming from America’s war on terror policies. While I think Manning and Daniel Hale’s reaction to the war on terror was just and righteous, and while Teixeira thus far seems like a badly misguided conspiracy theorist, the type of motivation, a general malaise about American conduct, may not be that dissimilar.
Similarly, Teixeira clearly doesn’t have the knowledge or maturity to make an ethical decision to leak these documents. But it’s not clear some of his predecessors did either.
False claims about authentic documents are still false claims
Over the years, Greenwald and others — most recently #MattyDickPics Taibbi — have completely collapsed the distinction between “true” and “authentic.” There’s a good deal of Snowden reporting, for example, that remains uncorrected. Ackerman even repeated one such error, from the Guardian’s report on PRISM, in his 2021 book — “the NSA could conduct what internal documents described as ‘legally-compelled collection’ from the servers—the exact form of access remains unknown”—of PRISM participants. [my emphasis] This description of getting data directly from tech companies’ servers came from a guy who was overselling the program, effectively a Deep State hypester snookering civil libertarian journalists to buy into his hype.
As Bart Gellman described in his own book, not only was the direct access misleading, but it distracted from the more important policy points of the Section 702 collection.
Companies that had declined to comment in advance, or had said nothing of substance, now issued categorical denials that any U.S. agency had “direct access” to their servers. I scrambled to reconcile those statements with the NSA program manager’s explicit words—repeated twice—in the authoritative PRISM overview. Later that night I found a clue in another document from the Snowden archive. There, in a description of a precursor to PRISM, I found a variation on Rick’s formula. “For Internet content selectors, collection managers sent content tasking instructions directly to equipment installed at company-controlled locations,” it said. That sounded as though the U.S. government black box was on company property but might not touch the servers themselves. I updated my story to disclose the conflicting information and the new evidence.
[snip]
The “direct access” question became a big distraction, rightly essential to the companies but not so much to the core questions of public policy.”
The Snowden reporters were under a real time crunch and unbelievable security pressure to report, so have a good excuse, but others don’t.
#MattyDickPics blithely started reporting on Twitter without first bothering to get the least understanding of what he was looking at and he still has never gotten records showing what requests Trump made of Twitter, the only thing close to real censorship in question. Yet because he has some screen caps to wave around, vast swaths of people believe his false claims.
The same is true of the “laptop.” Virtually the entire Republican Party has refused to distinguish between authentic emails on a hard drive allegedly obtained from a Hunter Biden laptop, and the authenticity of the laptop itself, even after people in Rudy’s orbit started altering that hard drive. To say nothing of whether provably authentic emails say what the GOP breathlessly claims they do, which so far, they have not.
As noted, Tucker has already magnified (with Greenwald applauding) two of the false claims about the documents that Teixeira released: the doctored casualty numbers put out by Russia, and misrepresentations about the role of Special Operations forces in Ukraine, which have been debunked by the same Fox News reporter that Tucker tried to get fired one of the previous times she corrected the network’s false claims.
Notably, I think one thing that is contributing to more accurate reporting based on these files is more hesitation from responsible outlets to publish or magnify the files themselves, while still using them as a basis for stories, though as WaPo races to beat its competitors that may be changing.
Documents can serve to distract
And that’s because authentic documents have, from the start of these leak dumps, often served to distract attention from the actual content.
As I noted the other day, FBI’s cooperating troll witness in the Douglass Mackey trial, Microchip, described unashamedly how the trolls ensuring the John Podesta emails would go viral in the last weeks of the 2016 election knew there was no there, there. But they also knew that so long as they could invent some kind of controversy out of them, they could suck the air out of substantive political coverage.
Q What was it about Podesta’s emails that you were sharing?
A That’s a good question.
So Podesta ‘s emails didn’t, in my opinion, have anything in particularly weird or strange about them, but my talent is to make things weird and strange so that there is a controversy. So I would take those emails and spin off other stories about the emails for the sole purpose of disparaging Hillary Clinton.
T[y]ing John Podesta to those emails, coming up with stories that had nothing to do with the emails but, you know, maybe had something to do with conspiracies of the day, and then his reputation would bleed over to Hillary Clinton, and then, because he was working for a campaign, Hillary Clinton would be disparaged.
Q So you’re essentially creating the appearance of some controversy or conspiracy associated with his emails and sharing that far and wide.
A That’s right.
Q Did you believe that what you were tweeting was true?
A No, and I didn’t care.
Q Did you fact- check any of it?
A No.
Q And so what was the ultimate purpose of that? What was your goal?
A To cause as much chaos as possible so that that would bleed over to Hillary Clinton and diminish her chance of winning.
In this model — the exact model adopted by the Twitter Files (and, frankly, virtually all of Trump’s tweets) — the actual documents themselves are just a hook for viral dissemination of the false claims made about the documents, just like most of the Twitter Files are.
Microchip even admitted that disinformation can increase buzz.
Q As you sit here today, back in that time period, did you like to get a rise out of people?
A Sure, yeah.
Q And that’s one of the reasons you posted things on Twitter; correct?
A Correct.
Q Was it your belief back then that disinformation increases buzz? A Um, disinformation sometimes does increase buzz, yes.
The claims about the documents don’t work like truth claims do; instead, they serve to short-circuit rational thought, making it far easier to believe conspiracy theories or intentional disinformation.
We’re seeing some of that now from the disinformation crowd, starting with Tucker and Greenwald.
You can’t always tell who is in a chat room
The Discord kids told WaPo there were “roughly two dozen” active members of the Discord chat room where Teixeira allegedly first released the documents, about half of whom were overseas, including in Ukraine and elsewhere in post-Soviet countries.
Of the roughly 25 active members who had access to the bear-vs-pig channel, about half were located overseas, the member said. The ones who seemed most interested in the classified material claimed to be from mostly “Eastern Bloc and those post-Soviet countries,” he said. “The Ukrainians had interest as well,” which the member chalked up to interest in the war ravaging their homeland.
But the affidavit to search Teixeira’s house says there were twice that many members, approximately 50. WSJ reports that the group was more pro-Russian than the Discord kids have thus far admitted. So while initial reports suggest this was not espionage, it’s far too early to tell either what Teixeira’s motive was or whether he was cultivated by someone else in his server, encouraged to leak certain kinds of documents just as Chelsea Manning was encouraged to seek out certain things over a decade ago.
That’s why I harped on this earlier: I’ve learned, both stuff that’s public and not, about how easily sophisticated actors can manipulate precisely the kinds of people, usually young men, who inhabit these kinds of chat rooms.
Foreign intelligence services have been searching out these opportunities, eliciting both criminal hacking and leaks, for at least a decade.
For example, the LulzSec hackers knew there were Russians in their chat rooms, but didn’t much care. But it might explain why some documents hacked as part of the Syria Leaks that would be particularly damaging to Russia never got published by WikiLeaks, even though multiple sets of the documents were shared with the outlet.
Even the FBI, with subpoena power, may have troubles identifying everyone who participated in a chat room. And if the FBI can’t do it, the teenagers involved likely can’t either. That’s especially true as operational security increases. Which means they may have no idea who they were really talking to, no matter what they tell the WaPo and FBI.
So while Teixeira paid for with this server with his own credit card, it has been shut down long enough that FBI may never be able to figure out who else was in the chat room, much less their real identity. So we may never know what happened before someone decided to ruin their lives by leaking documents with what inevitably will be inadequate operational security.
Which, in the case of Teixeira’s leaks, means we may not know all the people who got advance access to documents months before their publication on Twitter and Telegram alerted the IC about them, to say nothing of whether those people were nudging Teixeira for certain kinds of leaks.
No one controls what happens with dump leaks
Back in 2021, former Principal Deputy Director of National Intelligence Sue Gordon and former DOD Chief of Staff Eric Rosenbach seemingly confirmed that the files released by Shadow Brokers in 2016 and 2017 were obtained after two NSA employees, Nghia Pho and Hal Martin, brought them home from work; there’s no evidence that Pho, at least, ever tried to share them and no proof Martin did either.
In two separate incidents, employees of an NSA unit that was then known as the Office of Tailored Access Operations—an outfit that conducts the agency’s most sensitive cybersurveillance operations—removed extremely powerful tools from top-secret NSA networks and, incredibly, took them home. Eventually, the Shadow Brokers—a mysterious hacking group with ties to Russian intelligence services—got their hands on some of the NSA tools and released them on the Internet. As one former TAO employee told The Washington Post, these were “the keys to the kingdom”—digital tools that would “undermine the security of a lot of major government and corporate networks both here and abroad.”
If that’s right, it means the last most damaging leak to DOD wasn’t intentionally leaked at all, which makes it not dissimilar from the way that Teixeira reportedly intended just to share it with the guys in his Discord server. It was exfiltrated from NSA’s secure servers by employees (in Pho’s case, purportedly for work reasons), then stolen, then released.
In the wake of that discovery, DOJ seems to have started pushing to hold leakers accountable for the unintended consequences of their leaks. In a declaration accompanying Terry Albury’s sentencing, for example, Bill Priestap raised the concern that by loading some of the files onto an Internet-accessible computer, Albury could have made them available to entities he had no intention of sharing them with.
The defendant had placed certain of these materials on a personal computing device that connects to the Internet, which creates additional concerns that the information has been or will be transmitted or acquired by individuals or groups not entitled to receive it.
But it’s a lesson journalists don’t take seriously, except (in most cases) their own operational security. What happened to the source code of CIA hacking tools Schulte took? What happened to the damning files on Russia from the Syria leaks? Did Chelsea Manning envision the State cables she leaked would be shared with someone like Israel Shamir, who reportedly shared them, in turn, with Alexander Lukashenko’s regime in advance — the same kind of advance knowledge that Schulte himself reflected on?
Even the laudable, distinguishing aspect of Snowden’s leaks, that he gave them to journalists to determine what was in the public interest (an approach he abandoned when he described CIA infrastructure in his own book), is a double-edged sword. He made multiple copies of his files — most of which weren’t in the public interest — and handed the files to others, including at least one person, Greenwald, that Snowden knew had started out with epically shitty OpSec. We would never know if someone got some the Snowden files as a result unless, like Shadow Brokers or Teixeira’s leaks, someone started sharing them openly on Telegram.
The damage assessment and the reporting goes on
We are nine days into the public part of this leak and, thanks to WaPo reporters’ success at befriending the Discord kids, WaPo has obtained hundreds of otherwise unpublished documents. In addition to about eight background stories on the leaks and charges against Teixeira, WaPo currently has Discord Leak stories on: Taiwan’s military vulnerability, China’s surveillance balloons, Surveillance on Mexican cartels. There’s nothing that makes WaPo’s reporting more or less credible, more or less honorable, because Teixeira released these to show off to his buddies (if that is why he released them).
The Discord Leaks are a leak dump. They may have more in common with past leak dumps than a lot of past leak dump journalists would like to admit. Importantly, no matter what journalists would like to tell themselves, Teixeira’s motive, if he is the source, will have virtually no impact on the damage he does to US national security or the value those documents offer to the public good, both of which will be driven by the content of the documents and the details of any advance notice adversaries may have gotten.
And legally, Teixeira is going to be treated just like Chelsea Manning and Josh Schulte — which is to say, harshly, unless he decides to flip before prosecutors can build charges on another twenty documents and has information of value to prosecutors. That’s not surprising in the least. But — short of proving he knowingly shared these documents with an agent of a foreign power — nor will it be tied to his motive.
Leak dumps don’t care about motive.
Update: PwnAllTheThings’ analysis of the damage caused by the Discord leaks is worth reading. Along with noting that at least one human source has been put in danger by these leaks (as well as a bunch of SIGINT collection), he describes how these releases could have gotten a bunch of Ukrainians killed.
We don’t know yet if Teixeira wanted lots of Ukrainians to die as a result of his leak. But we definitely know he didn’t care if they did, and they certainly had the potential to cause colossal amounts of death—both military and civilian—in Ukraine, even if that huge potential was never fully realized.
Sigh. Being brought down to earth is such a thump. But as Dean Baker repeatedly tells us in economic stories, we can’t read people’s minds, so all we have is what they say and do (or perform). Thanks for the grounding
[Welcome to emptywheel. Please choose and use a unique username with a minimum of 8 letters. We are moving to a new minimum standard to support community security. Because your username is far too common it will be temporarily changed to match the date/time of your first know comment until you have a new compliant username. Thanks. /~Rayne]
Greenwald has seriously damaged whatever reputation he’d had before this.
Greenwald’s reputation has already been damaged for some time now.
“ Leak dumps don’t care about motive.”
Thank you.
I’m reminded of “A virus does not care about your political beliefs.”
It’s likely I was subconsciously repeating it. But yeah, that’s sort of what I was trying to describe.
Once docs are gathered into a big stash in insecure spaces, no intent can guarantee what happens with them.
I also find it exasperating that from the get go there was a ton of pundit-splaining about the intent of the leaker, as if they knew. I would argue that even the members of the chat group interviewed by WaPo and Bellingcat may not know either.
I look forward to learning more over time as the case unfolds. Thus far, actual malice seems more likely to me (racist, gun nut, deep state conspiracy theorist) than wet-behind-the-ears lad showing off among friends.
But I don’t know either.
All I do know, is he would have had to swear to protect the information he revealed. And he didn’t. Violating not only his affirmative statements regarding his clearance, but his military oath as well.
As usual, Occam’s razor applies. He was trying to impress these other kids.
I think you made a great point about the difference it makes when a leaker does so with expert knowledge of what they’re leaking. Personally, I find it much harder to describe something as “whistleblowing” if the leaker can’t explain what they leaked and why. Just grabbing a giant tarball of files and letting other people figure out what’s in them can in no way be described as trying to alert the public about something you saw.
Conducting security clearance background investigations was part of my duties way back when and was performed in those days solely by trained military intelligence personnel. Am fairly certain this guy never would’ve received a clearance above Secret and perhaps not even that …way too many red flags. For many years now it’s been done by what are described as “contractor personnel” working for either the Office of Personnel Management or the Department of Defense, qualifications unknown. It’d be nice if that became part of the story. This guy should have never have had this kind of access and that’s what needs to be fixed.
Brother, you are preaching to the choir! My first security clearance investigator was a retired FBI Special Agent. I don’t attribute superpowers to the Bureau or any other shop, but this guy had at least read my questionnaire and asked good follow-up questions about my responses. The last few renewal investigators my DOJ colleagues & I had, as well as the ones who interviewed me as a reference for colleagues’ reviews, were neither impressive nor effective. Some would simply read the questions from the questionnaire & nod if we gave the same answers that we’d put in writing. I strongly suspect that these folks are being measured on throughput & nothing else. The contract middleman makes a bunch of money, but the taxpayers are getting cheated.
I and my employer received a security screening questionnaire regarding a former IT employee who was trying to obtain a job in which clearance was required.
I was surprised this individual had attempted to make it through the clearance process. It is against my employer’s HR policy to disclose details of past employees under any circumstance in which it’s not required, but I thought it was important to communicate relevant information.
The form had an option to gives replies confidentially so I responded by opting out of the form. Just for precautionary opsec with my HR dept really. I eventually got a call from a gentleman who walked me through the questionnaire verbally. He probed and clarified in all the relevant areas I’d have expected. Came off as a thorough professional who knew what he was doing. Of course I’d imagine any form that comes back and basically says “psst, not here” is going to garner an escalated response.
1. Having gone through the SF-86, Form-4414, NAC/LAC/Credit/SSBI process a number of times over 40 years, things have changed over the years. My the first one involved the local FBI special agent interviewing a former boss/family friend — which he happily told me about on my next trip home.
But what I did notice, as others have commented, were changes in who/how the interviews were conducted over those years. There is a certain “gravitas” when you are in a interview with an FBI special agent. But over the years I saw that shift to full-time civilian investigators and then more of the contractors. Anyone who has been a government contractor knows that the performance measurables are different. Another part of that is the huge backlog of clearance requests. That means there is pressure to produce numbers.
2. As for the age thing, the actual years of age may be part of this particular discussion, but what I am more concerned about is the foundation for granting (1) the clearance, and (2) the access — two different things.
At age 19/20/21, how much information is there to harvest in order to make the decision to grant a clearance? After that, who made the decision to grant access to the specific SCI compartments? That’s my biggest puzzlement. I can’t image a blanket multi-compartment access permission due to the (assumed) need to access areas of IT systems. Even if there was, there would be a trail of 4414s. In my own case, I was never allowed to walk into a SCIF without signing in, and always in the presence of another person when accessing materials/information.
Best investigation story: Went to OCS with a guy. Our paths crossed many times in uniform, and in the afterlife of contracting. We used each other as references. Was interviewed for one of “Tom’s” periodic background investigations. The investigator asked when I first met “Tom”. With just a slight hit of Forrest Gumpiness, I replied with the month, day, and year. I could see those little eye movements in the investigator’s eyes. Then I continued to explain that was the day we reported to OCS — which happened to be my birthday.
Raven,
> That’s my biggest puzzlement. I can’t image a blanket multi-compartment access permission due to the (assumed) need to access areas of IT systems.
Servers and people both have certificates and get granted a set of access rights. Servers are granted rights based on the data that they process. People who work on those systems need to be granted all of the rights that those systems have, in order to be allowed to access the systems. If this IT person supported systems that contained Top Secret data that could process data that had compartmented markings, then he would have been granted those compartmented rights in order to be able to get onto those systems for administrative purposes.
He may have had access to those systems to be able to apply OS level patches, or possibly do some sort of security scans, not actually to touch any of the data. Since he technically would have had read access to the file system, he needed to have the authorities.
He just took it upon himself to go exploring and looking at things that he didn’t actually “need to know” using those rights.
My last interaction with investigators they were former Air Force and IIRC they were civilians. And even the best investigator in the world is not going to find every bad egg. I forgot where I heard this, but when doing a SSBI (single scope background investigation) their determination is as only as good for a “snapshot in time” for the target. “Yeah, think he’s trustworthy right now, lock him in a house with his parents for 18 months and we might want to take another look.”
And despite what the investigation reveals, it’s ultimately up to the agency in question to make a decision. How badly is the work needed, can anyone else do it, how long can we wait, etc. are the sort of questions they ask themselves.
The investigators don’t have a say. In fact it’s almost certain they don’t even know what kind of data they will have access too, much less the agency. And you think there were too many “red flags” for him to get access? What specifically, and how do you know the government had these warnings? A background investigation is not a panacea someone won’t go off the reservation.
What amazes me about these specific leaks is the sheer breadth of things that this junior Airman apparently had enough ‘need to know’ that he had unfettered access to subjects as widely ranged as Ukraine ORBATs and air force accounts of Chinese Balloons not yet publicly released. To me this suggests a shockingly cavalier attitude towards secrecy within the Defense/Intelligence apparatus, and a complete lack of accounting methods for the distribution of allegedly sensitive information.
The fact that a junior service member had TS/SCI clearance isn’t the problem. That such clearance allowed him to access materials – unobserved and unsupervised – that had no concievable relevance to a job he might be doing is the real problem. And that cannot just be blamed on contract background checkers. Somebody decided what kind of database access junior airmen should have. Someone determined what kind of access accounting would take place, and what sort of internal surveillance and cross-checking should be done on how/who is using that database. That person is, as much as this leaker, responsible for the breadth of damage that this nut was able to do. Of course, since that person is almost certainly much higher up in the military/intelligence bureaucracy than the Nut – their role in this will not be a subject for public discussion or any meaningful consequence. We don’t punish high-ups for incompetence, it sets a dangerous precedent.
Given the way large organizations work, I suspect that whatever investigations take place will be scrupulous to avoid casting any assertions on the senior military bureaucrats who allowed this state of affairs to take place. Since no systemic problems will be identified, no systemic solutions will be implemented. “Increased Screening” will be bandied about, but not meaningfully performed – since that’s expensive and would reduce the supply of available 19 year old Airmen to carry out the missions of the bureaucracy.
I do think that all this crying about national security damage is somewhat misplaced. What about the security of all the cooperating nations – who had shared information with the US on the mistaken assumption that the US is competent at intelligence work or secret-keeping? If the Government of Ukraine is more hesitant to share information with the US now that the US has revealed the kind of access it will thoughtlessly provide to unhinged gaming dorks – hopefully it will be protected from the disclosure of that information to actual spies and sources still working within the US’s intelligence apparatus.
Actual Russian/Chinese/Whathaveyou spies would presumably be unlikely to expose their thefts by publicly blabbing all over Discord about them. I think the rest of the world deserved to know the ridiculous openness within the US’s intelligence community, it might make the rest of us safer because of it.
These is not a “leak.” This is about a 21-year old guy trying to impress some teenage boys in a private chat group.
The real issue is why the 21-year old had access to the docs in the first place.
It is exactly a leak. Information that the US government claims it considers to be important to keep secret became not-secret. The specific motivation of the person who caused that to happen really doesn’t matter for this inquiry.
The simple fact is – the US government clearly does NOT actually care if this information falls into the hands of other governments, since it so casually shares it with the kinds of defective humans who would disseminate it for clout on minecraft discord servers.
I think the actual leak that the US intelligence community is really upset about is the public at large becoming aware of just how utterly insecurely it holds information it claims is so important that its secrecy trumps all other government obligations.
People go to trial for serious criminal offenses unable to access material relevant to their defense because the government claims it needs to protect “sources and methods” – that the disclousure of this kind of information would be so bad for the security of the nation that the right to a fair trial must be abridged. And yet that information is so casually treated within the national security bureaucracy that a teenager new to his job can somehow access top secret information relevant to conflicts in multiple continents – material that exposes the ‘secret’ espionage committed against alleged allies. Too secret for the government to allow criminal defendants to defend themselves, but not so secret that any teenager who can pass a basic background check shouldn’t have access to it.
Something is rotten – but my prediction is that absolutely nobody faces any public consequences for allowing this to happen other than the pathetic loser who is already being strung up.
Exactly. The government chain-of-command is not doing its business. These are life-and-death issues and those in the chain need to be held accountable – from the top on down.
The amount of resources that are expended to have some system of information security is enormous. To have it easily breached and facilely explained away is itself a crime.
Juliette Kayyem was for four years the overseer of the Otis wing of the Mass. ANG – and she writes in The Atlantic that no one on the Otis base needs to know any of that information. Elsewhere it was reported that senior / command leadership of Otis is located at a different ANG base, Hanscom in Lexington. Perhaps the supervision of children is taken more seriously there? Or supervision, generally?
This! I started following EW a long time ago because of my interest in SIGINT and the IC going back to manual-Morse days. How did this guy have access to this level of TS/SCI? In my experience of 65 years ago, people 20 feet away didn’t!
Here’s an interesting snippet from this morning’s Daily Kos that addresses your question:
“We begin today with Macarena Vidal Liy of El País in English tracing part of the origins of the Discord intelligence leaks back to the aftermath of the Sept. 11 attacks.
It is a situation that goes back to 9/11 and the attacks against the World Trade Center in New York and the Pentagon, according to representatives of the intelligence services. Back then, intelligence agencies were at the opposite end of the spectrum: they had an excessively compartmentalized system, where one department did not share its information with the department next door. This lack of coordination prevented intelligence agencies from connecting the dots about the plans hatched by the Islamic extremist network Al Qaeda, which was able to hijack four passenger planes and crash them, in attacks that cost the lives of more than 3,000 people.
The committee that investigated the 2001 attacks harshly criticized that “on-a-need-to-know-basis” mentality. That position assumes that it is possible to know in advance who will need to make use of that information. The system implicitly assumes that the risk of inadvertent data disclosure outweighs the benefits of sharing it more widely, the report published in 2004 states.
If the pendulum swung back then to facilitate the disclosure of information and for people in charge of national security to have as much data as possible when making decisions, it could now very well swing back in the opposite direction again. The Pentagon is conducting a review and update of its classified document distribution lists to reduce the number of individuals allowed to see sensitive data.”
My issue is with distribution and availability *at the local level*, such as at Otis ANG. Coordination at Fort Meade or elsewhere is something else. This dude was not “in charge of national security”.
He was an active duty as a Cyber Transport Systems Journeyman for 102nd Signals Wing for Mass. ANG.
ref VOA: https://www.voanews.com/a/who-is-jack-teixeira-suspect-in-leak-of-military-documents-/7051337.html
Here’s a link to a job description for a similar job at the Air Force:
https://www.voanews.com/a/who-is-jack-teixeira-suspect-in-leak-of-military-documents-/7051337.html
Note that this position would have access to cryptographic backbone equipment, including responsibility for troubleshooting same and related infrastructure. This would no doubt give him access to all sorts of highly sensitive intelligence information. And that’s assuming that he wasn’t more directly involved in transmission of daily briefing reports to JCS, etc.
Since his stepfather was in the same unit previously and his pops served for a reputed three decades in the military, it’s possible there would be some deference/assumption that the stepson was good when it come to access to highly sensitive information. On top of that, there might have been active social engineering being done by the younger Teixeira using the older man’s credentials…credentials that should have been cancelled, not reissued, etc, etc.
Thanks. I’m clearly revealing the scope of my ignorance about what constitutes “traffic” and access to “backbone equipment”.
[Welcome back to emptywheel. Please choose and use a unique username with a minimum of 8 letters. We are moving to a new minimum standard to support community security. You’re not a new user — you’re recognizable — but for community security you will have to change your name soon. Thanks. /~Rayne]
x format …
3. This affidavit [Doc01.1] is being submitted in support of applications for warrants to search
– the premises known as North Dighton, MA 02764 [SUSECT PREMISES 1] further described in Attachment A-1;
– the premises known as [-] North Dighton, MA 02764 [SUBJECT PREMISES 2], further described in Attachment A-2;
– a 2016 Chevrolet Colorado with Massachusetts plate number [SUBJECT VEHICLE], further described in Attachment A-3;
– a Motorola Ultra [-] cellular phone further described in Attachment A-4, and the contents of any additional electronic devices found in the locations in Attachments A-1 and A-2 and A-3,
– for the records and items described in Attachment B.
IS THERE ANY ATTACHMENT A ?
So I included one version of four copies. I haven’t looked whether the 20 pages in each are different. But they would redact the specific descriptions of the homes (and I redacted the address, license plate, and phone number).
Teixeira’s parents live at the two addresses, and they have enough problems right now.
thanks.
2023 04 Apr 13 DCMA 1.23.mj.04243 NEW CASE No. Doc01.1 [mad.2555969-01.0 – 01.1] Affidavit – dets re SW prems 230413-TEX-hse 20p
so.
the 04243 case doc, 01.1, is the agent affidavit.
doc 01.0 is the agent’s application on PACER per docket.
the “MAD.2555969” should appear on each so … hence …
the long name i made, because i don’t do PACER, is for the affidavit.
i get it, but can’t explain real well.
Thanks for writing this all out. Really interesting to consider.
I am not surprised a young IT guy would have to have a security clearance, even if he’s not a decision maker. If the restricted information will flow through his servers, and he had to do some kind of diagnostics or debugging, it’d be too easy to see content, so having a security clearance makes total sense.
I remain baffled that this young airman thought that showing off these secret documents would enhance his status in this gamer group and not have any consequences. Don’t they still emphasize that secret is supposed to be secret when you get your clearance?
I recall long ago a discussion with one of my professors, and making glib comments about silly secrecy rules, and she sort of agreed that some things that are classified that shouldn’t be, but – and she turned real sober, and I’ll never forget her sudden focused gaze – “at some point these things are deadly, deadly serious, and there are things that you DEFINITELY do not want getting in the wrong hands.”
Turns out when she went off campus every Summer, she was going to Livermore Labs, doing something deeply secret in nuclear weapons design.
Indeed, she was right.
I had the chance to hear and meet Daniel Ellsberg long ago, and was impressed – he considered what he was doing with a lot of gravity and it weighed on him. Light years away from impressing a bunch of gamer bros.
Some of the stuff they do at LNL is not secret, and it’s interesting. Like the stored-energy stuff, with elastomeric systems, or, in common language, rubber-band energy storage. But yeah, some of it is very very serious, and you may never learn what your parent was doing. (I lived there as a child. We never asked “what does your father do?” because all we knew was the stuff on the federally-impacted-area forms we got through school twice a year.)
Thank you for this analysis, you cut through the media BS better than anyone.
Via Laura Rozen:
https://twitter.com/jameshohmann/status/1647579653438160897
8:36 AM · Apr 16, 2023
“The U.S. Army knows something about Discord”
The idea that this is Discord’s fault in any way is ludicrous. I spend time on three discord servers, and the youngest average age for the very youngest discord server I’m on is well over 25. The other two discord servers where I spend time have higher average ages; 30 or 40 respectively.
And just to continue my point, I’m fifty-mumble, and I don’t have an ownership stake in Discord or anything like that. The particular social media upon which this blew up is irrelevant, and there are literally hundreds of different systems online where small groups chat. It could have just as easily been Facebook, Twitter, Reddit, or Joe Smith’s blog.
Are there problems with social media? Of course there are, and they are numerous, obvious, and well-documented, while various forums can range from hellishly toxic to extremely affirming. But thinking/writing about this as if Discord is a special problem is to miss the forest by focusing on a single tree, where the problem has a lot more to do with the idea that when you serve your country you’re still allowed to be every bit as selfish and narcissistic as you please. (The orange haired poster-boy for that kind of thinking/behavior gets talked about a lot here.)
But if everyone would stop writing about Discord as if the Internet is a series of tubes, the nature and tenor of this discussion would improve immediately.
I mean I’d just throw in here that Discord is part of the same slice of the software ecosystem that platforms like Slack and Microsoft Teams belong to. Many apps in this space differentiate in terms of how they address office productivity questions. Discord’s on the least office-y end of the spectrum since it was aimed at gamers originally. One of my daughters started a Discord server for the family just so we could readily message each other, collaborate on grocery lists or weekend plans, whatever.
For me, the interesting part is not the platform but that
the military runs this 17,000-member chatroom looking for recruits.
Also, this reminded me of FLYNN’s “digital soldiers”.
One place we talked about that is here:
https://www.emptywheel.net/2022/04/12/where-was-doug-jensen-radicalized-russias-2016-election-tampering/#comment-931772
Flynn immediately popped into my head, too, harpie. There is both the digital warrior aspect plus the Christian nationalist angle. I think he and his family work hard to appeal to young people. Jericho March and numerous rallies come to mind. Plus he is actively involved in local Sarasota, FL politics. And there is the military background, too, that all of them exploit.
Digital also has a cryptocurrency component. And that brings to mind Eryka Gemma Flores (one of Tarrio’s girl friends) who may have given him the 1776 game plan. Although she started a bitcoin enterprise in Miami, as a teenager, Eryka Gemma Flores was the youngest delegate in Washington State for the Ron Paul presidential campaign.
As we just learned, Sarah Bils (aka Donbass Devushka) is a person of interest in the Teixeira case, although there is no evidence of any direct links to him. She lives in Oak Harbor, Washington, near the Naval Air Station Whidbey Island where she was released from duty several months ago. She also may have a history of soliciting cryptocurrency through some of her social media accounts.
Since both Eryka Flores and Sarah Bils both have a state of Washington connection, that brings to mind the weird reference in the 1776 plan to Bill Gates. Maybe it was an anti-vaccine thing…Or anti-establishment?
Regarding Barton Gellman’s description of the “direct access” under the PRISM program: what he thought was the solution, is actually a mistake. His quote “For Internet content selectors, collection managers sent content tasking instructions directly to equipment installed at company-controlled locations” is from the IG’s draft report about Stellarwind from March 24, 2009 (page 20) and is therefore about Upstream collection at internet backbone cables. PRISM started after Stellarwind was terminated. That there was no “direct access” is because the FBI is in between and picks up the data which the NSA requests.
Thank you for the first rational discussion I’ve seen of the Discord docs from several viewpoints. Really like your comparisons of past leaks and their facilitators. The noise coming from everyone and everywhere about this leak is meant to drown, imho, the average citizen like me in hysteria and discourage anyone from really following the story. Stay with it, please.
The same as Edward Snowden. That shithead could not possibly have gone through every one of the files that he ‘liberated’. What he did was reckless beyond reason.
And add Chelsea Manning to that. Although i concur that leaking the so-called ‘collateral murder’ video was ‘whistleblowing’ in the traditional sense, giving that Wikileaks shithead thousands of secret cables was, again, a fucking careless, impetuous act well deserved of a jail sentence.
sigh,
the anniversary of the Boston Marathon bombing, (aka Patriots’ Day), when another impressionable young man in Massachusetts conspired to harm people, who hadn’t really harmed him in any way, in service to some inchoate idea of nationlism/patriotism.
Laura Rosen with info on Donbass Devushka, aka Sarah Bils:
https://twitter.com/lrozen/status/1647700008660082689
Woah.
It appears dissemination came via an ATC at NAS Whidbey Island with an alterego as pro-Russian troll Donbas Devushka. Something about the loyalties of certain of our military.
WSJ reported but that’s paywalled.
Maybe this?
https://malcontentment.com/a-russian-disinformation-empire-in-oak-harbor-washington/
Here’s where the WSJ reporter got his story from (and only credited after the NAFOs pointed it out):
https://twitter.com/P_Kallioniemi/status/1647199965540646913
I’m wondering how much his dad was involved in greasing the wheels for him to be in this position in the first place.
1)”Bear versus Pig” is a common anti-Ukrainian trope among Muscovite Slavic Russians (i.e., the ones who run the Russian empire and are sending Chechens and Buryatians to die in Ukraine). One usually needs to be an Eastern European or be pretty steeped in Russian hate culture to even know the meme, much less name a gaming server after it.
2) Another American who acted as a Russian asset just got caught. It turns out that she’s more of a grifter than anything, though older social media accounts show her with Nazi flags:
https://twitter.com/P_Kallioniemi/status/1647199965540646913
Alleged leaker Teixeira’s unit ordered to halt intelligence mission, Air Force says
https://www.reuters.com/world/us/alleged-leaker-teixeiras-unit-ordered-halt-intelligence-mission-air-force-2023-04-18/ Idrees Ali and Phil Stewart April 18, 2023 5:42 PM