The evidence emerging on the leak of classified US defence documents suggests that it was probably not some dastardly hacking or disinformation plot by Russia or the US, but rather another example of how carelessly Washington handles its secrets.
The least likely version of reality is the one being circulated among Kremlin supporters, that it was a clever piece of CIA distraction ultimately aimed at demoralising Russians by showing how many lives they had lost, and how badly their war was going in Ukraine.
The reference to Russian losses, however, was in just one of more than a hundred documents known to have been leaked, and the rest of the material is damaging either to Kyiv, by revealing Ukraine’s ammunition woes and some of its air defence deployments, or to the US, by exposing the depth of its involvement in Ukraine’s defence, some of its intelligence-collection methods on Russia – including details on little-known satellite technology – and the extent of Washington’s espionage directed at allies, such as Ukraine, South Korea and Israel.
Slightly more plausible, because of all the above, is the theory that it was a Russian hack designed to embarrass Washington, and that was what unnamed US officials told Reuters on Friday. But that version also does not fit very well with the known facts.
Aric Toler, an investigator for Bellingcat, the open-source intelligence journalism site, spoke to the internet users from the servers that were involved in the dissemination of the documents, if not the original leak. It does not sound like a Kremlin plot.
The first appearance of the documents appears to have been on a server called Thug Shaker Central (among other names) as far back as October. The server was set up on the Discord platform for gamers by a few people who had met on another server for fans of Oxide, a YouTuber who posts video discussions about guns, body armour, night vision mounts and the like. There is some suggestion that these associates were outcasts because they were considered too racist. One of the alternative names for Thug Shaker Central included a racial slur.
According to former users of Thug Shaker Central, the role of the server’s administrator was passed along more than once before the suspected leaker was put in charge. At some point in October he (and it is thought from the context that the leaker was male) posted the first leaked documents, seemingly to show off to 19 fellow members on a channel he set up about Ukraine called “Bear vs Pig”. The title is thought to be a reference to a video that went viral last year about two pigs fighting off a black bear in Connecticut. Some of the other users posted “wow” responses, and the leaker put up more documents over time, but nothing further occurred. No one was in a hurry to spread the documents any further.
“The channel was sharing updates about the war, but most of them weren’t really into the war,” Toler said. “It was mostly people playing Call of Duty and going on voice chat and sharing memes or whatever. It was young people. Some of them were teenagers.”
It was not until five months later that another user, an American teenager, made the documents more widely available on another Discord server for fans of another YouTuber, WowMao, a Filipino specialising in history memes.
From there, they spread to Minecraft gamers, with one user drawing on them to support his point in a row with another gamer. Then there was another delay of a few weeks, before the material made its way to the rightwing forum 4chan and a Russian Telegram channel, where one document was doctored.
“The Russian Telegram channel editing a single file of this leak of 100+ files was the best thing that could happen for the USG [US government],” Toler said on Twitter. “Now they can claim the whole thing was a Russian op, even though it was just a crappy edit of a single portion of a single file.
“From talking with the folks who were watching the leaked files come in over the last handful of months, there’s no way Russia was behind this,” he added.
The truth may be more worrying for the US and its allies than a Russian hack. The Washington Post cited a defence official as saying that many of the documents appear to have been put together over the winter for Gen Mark Milley, chairman of the US joint chiefs of staff, and other top military leaders, but they were available to other US personnel and contractors with the right security clearances.
According to the most recent figures published by the Office of the Director of National Intelligence, there were 1.25 million people with clearance and access to read top secret material in the US government in 2019. The figures have not been made public since then, but nothing suggests they have significantly diminished. The Pentagon has said it is reviewing its access policy.
Numbers that big make it almost a statistical certainty that, at some point, incredibly damaging top secret material will fall into the hands of someone willing to leak it, perhaps for ideological reasons, like Edward Snowden, in the case of his revelation of US mass surveillance.
In this case, the evidence suggests the person responsible is most likely a gaming and weapons enthusiast with motives no more complicated than a desire to impress other members of his internet chat group.