Play Live Radio
Next Up:
0:00
0:00
0:00 0:00
Available On Air Stations

The hunt for clues about how classified government documents leaked

ANDREW LIMBONG, HOST:

The U.S. government is investigating a leak of classified documents that appear to give a snapshot of how the intelligence community saw the world in late February and early March. That includes the war in Ukraine, Chinese influence on global technology, terrorism and more. Oddly enough, the documents were first spotted on a social media platform that's mostly used for gaming. NPR's Jenna McLaughlin is here to tell us more about this leak investigation. Hi, Jenna.

JENNA MCLAUGHLIN, BYLINE: Hey, Andrew.

LIMBONG: So The New York Times broke this story when these documents were spreading in Russian social media circles last week, but it sounds like the story is a little bit more complicated, right? Can you tell us a little bit about how this started?

MCLAUGHLIN: Yeah. So it does appear that this leak got the attention of the Pentagon when it reached the messaging app Telegram, which has a lot of different public channels you can join, and that includes a lot of pro-Russian groups. The Pentagon was forced to kind of - accusing Russia that, you know, they had leaked those documents because some of them appeared in those groups, and a handful of them appeared sloppily altered to favor Russian narratives. But, you know, there were immediately a lot of weird details going on. The documents are all photographs of printed pages, which makes it seem like they weren't hacked or stolen. And it turns out that it was just a portion of the total leaked documents. Once the open source community started digging, it quickly became clear that Telegram actually wasn't the original source.

LIMBONG: All right. So say more. Where did this trail lead?

MCLAUGHLIN: Yeah. So after the story first broke, NPR and others found the same documents on 4Chan posted earlier in March and then even more on Discord, which is a social media messaging app that's pretty popular with gamers. Then pretty much a group of us journalists, open source researchers and random internet users frankly were chasing leads in real time together.

LIMBONG: Yeah. Wow. So what did you find?

MCLAUGHLIN: So I kind of got actively involved in the hunt. I got on Discord and confirmed that some of the documents were posted in a server dedicated to the game Minecraft, which is a game where you can build your own world. They didn't exactly greet me with open arms.

LIMBONG: Yeah, I can imagine that.

MCLAUGHLIN: I briefly messaged with the user who had originally posted them and while he was kind enough to tell me where he had gotten them from, he promptly blocked me. That led me down to another Discord server dedicated to a popular Filipino YouTuber. What seemed to be a young man in Southern California had posted them to that server, but within minutes users on the channel blocked me as well. They were all kind of yelling and screaming about concern that pro-Ukrainian social media narcs were coming in to infiltrate their platform. But by the time I got kicked off, the young man was still tweeting about how he found the documents, and he said that he got them from another since-deleted channel on Discord. So it's impossible to really prove where they came from before that. As you can see, it's a real rabbit hole. But that hasn't stopped us from trying to find out more. My colleague Geoff Brumfiel and I have been trying to spot things in the background of the leaked photos to find clues, including Gorilla Glue, a user manual for a hunting scope, toenail clippers and potentially a pamphlet about archery. So putting together those clues, it seems like maybe someone in the U.S. who's a fan of hunting.

LIMBONG: All right. So what about the documents themselves? Like, just how damaging does this leak seem?

MCLAUGHLIN: It's not totally clear yet. Some Discord users did say that they saw other documents released as early as January, which could suggest that the source has more prolonged access. But I haven't seen proof of that. NPR has access to about 40 of these documents from late February and early March, so they are very current and now. And the subjects are really wide-ranging. They mention sensitive things like Russian cyber operations, as well as South Korean officials' private hesitation and conversations about sending artillery to Ukraine, for example. Then again, it really is just a snapshot in time. It's certainly embarrassing for the U.S. government, and it gives enemies and allies alike some hints about how the U.S. knows about their internal conversations, maybe even how much they know, how they got there. But it doesn't even go into detail about how those U.S. operations are run, similar to what we saw with the Snowden leaks and the Vault 7 leaks about CIA hacking tools. So the source and the impact remain pretty uncertain, but there's wide government concern about the leak and a manhunt is underway.

LIMBONG: That was NPR's Jenna McLaughlin. Jenna, thanks so much.

MCLAUGHLIN: Thank you. Transcript provided by NPR, Copyright NPR.

Jenna McLaughlin is NPR's cybersecurity correspondent, focusing on the intersection of national security and technology.