The Department of Justice has opened an investigation into the leaks of a trove of apparent US intelligence documents that were posted on social media in recent weeks.
The investigation comes as new documents surfaced Friday covering everything from US support for Ukraine to information about key US allies like Israel, widening the fallout from the already alarming leaks. The Pentagon on Thursday said it was looking into the matter after social media posts of apparently classified documents on the war in Ukraine had emerged.
“They look real,” a US official told CNN about the leaked documents.
US officials say they are taking the leaks seriously as they investigate and work toward a more formal assessment of what is in the documents and how they were leaked. So far, they appear legitimate, and there isn’t a major reason to doubt that the documents are in fact what they appear to be. US officials believe their public release would represent a significant breach.
The documents that were surfaced on Friday by open-source intelligence researchers appear to have been posted online in the past few weeks. They appear to contain classified information on topics ranging from the mercenary Wagner Group’s operations in Africa and Israel’s pathways to providing lethal aid to Ukraine, to intelligence about the United Arab Emirates’ ties to Russia and South Korean concerns about providing ammunition to the US for use in Ukraine.
CNN could not independently verify that the documents have not been altered. But they are similar to a tranche of classified documents about Ukraine that have been circulating online in recent weeks, which US officials on Friday morning confirmed to CNN to be authentic.
Much like those documents, Friday’s discoveries were also photos of printed-out, wrinkled documents. All bore classified markings, some top secret – the highest level of classification. They also all appear to have been produced between mid-February and early March.
It is unclear who is behind the leaks and where, exactly, they originated.
Officials rattled
The leaks have rattled Pentagon officials, particularly within the Defense Department’s Joint Staff, which comprises the DoD’s most senior uniformed leadership, whose role is to advise the president. Many of the documents had markings indicating that they were produced by the Joint Staff’s intelligence arm, known as J2, and appear to be briefing documents.
Earlier Friday, US officials confirmed that similar documents about Ukraine were part of a larger daily intelligence briefing deck produced by the Pentagon about the war for senior leadership.
US officials suggested that a leak investigation would look inward, at potential culprits inside the Pentagon. But a person familiar with US intelligence said a probe would likely not be limited to the Pentagon, given the large number of people across the government who have access to these kinds of documents. Some of the documents also have markings indicating that they were shared with countries in the Five Eyes intelligence alliance – the US, Australia, Canada, New Zealand and the United Kingdom.
Officials from the other Five Eyes countries are waiting for the US to share a damage assessment, as the countries simultaneously conduct their own assessments, one official said.
“We expect the US to share a damage assessment with us in the coming days, but we cannot wait for their assessment; right now we are doing our own,” the official said. “We are poring over these documents to figure out if any of the intelligence originated from our collection.”
Some of the intelligence could have originated from Five Eyes partners, the official said. But the documents appear to have been obtained and leaked by someone who gained access to the US intelligence system, because some of them have markings indicating that their contents were not even shared with the closest US intelligence partners.
The official said that it was hard to determine the motivation behind leaking these documents because they are about a wide range of topics.
Other markings indicate the inclusion of material from other agencies, such as the State Department’s intelligence arm, the Defense Intelligence Agency, the National Geospatial-Intelligence Agency, and the National Security Agency.
Many of the documents, however, also have markings indicating they are sourced from human intelligence and not meant to be shared with foreign nationals, even the closest US allies.
Some of documents reference classified information from the CIA. An agency spokesperson told CNN on Friday, “We are aware of the social media posts and are looking into the claims.”
‘No one noticed’
Images of some of the documents – which include estimates of Russian casualties and a list of Western weapons systems available to Ukraine – were posted to the social media platform Discord in early March, according to screenshots of the posts reviewed by CNN.
“This sh*t was sitting in a Minecraft Discord server for a month and no one noticed,” Aric Toler, a researcher at investigative outlet Bellingcat who traced the timeline of the posted documents, told CNN. Minecraft is a popular video game.
It wasn’t until this week that the leaked documents started to gain more attention after someone posted a portion of the documents to 4chan, a web forum popular with extremists, and then a Russian speaker posted an altered version of one of the documents on Telegram, Toler said.
US officials believe someone altered that document to make the estimated number of Ukrainians killed in the war far higher than it actually is.
The Pentagon said Thursday that it was aware of the social media posts and it was investigating the matter.
On Discord on Friday, speculation and paranoia were rife, with some users wondering if they could get in trouble for re-posting the documents now that the US government is investigating the matter. A user who posted photos of the documents on March 1 appeared to have deleted his accounts on Twitter and Discord.
Madeline Sarver, a spokesperson for Discord, said the company had no comment Saturday afternoon when CNN asked if the FBI or other US government agencies had contacted the company as part of their investigation.
Thomas Rid, an expert on state-backed information operations, told CNN: “The fact that unedited and edited – doctored – versions of some files are available online makes me skeptical that this is a professional Russian intelligence operation.”
Historically, if an intelligence agency has access to classified material from an adversary and decides to falsify some of the material, they typically don’t make both versions of those documents public, said Rid, who is a professor at Johns Hopkins University’s School of Advanced International Studies.
“That only makes it easier to detect the facts, and thus defeats the purpose,” Rid said.
Jim Sullivan, who until December was the top cyber official at the Defense Intelligence Agency, said it was unlikely the Russian government was the original source of the leak, given the sensitive access to US secrets that Moscow would give up by publishing the documents.
“It’s very unlikely that Russia would compromise a major source used to inform the Chairman of the Joint Chief of Staff for a minor disinformation victory,” Sullivan told CNN.
There is concern, however, that the leaked documents could have real-world impact.
“If real, the leaking of these documents can do significant damage to Ukrainian counteroffensive since this information effectively provides Russia with Ukrainian order of battle — extensive information on capabilities of brigades that would be involved in upcoming counteroffensive,” said Dmitri Alperovitch, a Russia analyst who is executive chairman of Silverado Policy Accelerator.
‘Very serious breach’
Former senior US intelligence and military officials expressed alarm in interviews with CNN about the potential scope and impact of the leak.
“This appears to be a very serious breach of security, which is potentially very damaging both to the US as well as many friends and allies,” James Clapper, who was director of national intelligence under President Barack Obama, told CNN.
“I am sure all resources are being tapped to find who is leaking this sensitive information,” said Clapper, who was America’s top spy when former intelligence contractor Edward Snowden leaked a trove of classified documents on US spying programs.
US intelligence and military officials “always tighten restrictions [on access to classified documents] after a discovery like this,” Clapper said, “but then, over time, loosen such restrictions, which become onerous and inefficient.”
“The bigger issue is preventing the wrong people from access in the first place,” Clapper told CNN. “Tightening up [administration] procedures doesn’t really get at the fundamental problem.”
It is too early to tell how serious the damage from the leaks might be given the ongoing Pentagon and Justice Department investigations, current and former US officials cautioned.
If it hasn’t already, the US government is racing to determine which intelligence assessment or briefing book the documents came from, said Glenn Gerstell, former general counsel for the National Security Agency.
If the leaker printed out the classified documents, that could help investigators narrow their search, Gerstell said, but only so much: There are still a large number of printers in the defense and intelligence communities capable of printing classified documents.
The episode “certainly underscores the need to reform the outmoded, outdated classified document system,” Gerstell told CNN.
This headline and story have been updated with additional developments.
CNN’s Alex Marquardt, Jenny Hansler, Zachary Cohen and Kylie Atwood contributed to this report.