Until Jack Teixeira appeared in federal court on Friday morning, the unmasking of the alleged Pentagon leaker had taken on the air of a fascinating mystery novel.
Among those vying for starring roles were the online sleuthing group Bellingcat, which on 9 April publicly identified the private Discord server where Teixeira is said to have posted classified documents; and the New York Times, which matched images of the Teixeira family kitchen where the top secret papers were supposedly photographed to the 21-year-old defendant’s social media profile.
Adding further intrigue was an assertion from the Times that its journalists were already gathered at the Teixeira residence in Dighton, Massachusetts, shortly after publishing Teixeira’s identity on Thursday when a six-strong team of federal agents arrived and “pushed into the home”.
But it seems the FBI were onto Teixeira too, at least according to court documents made public on Friday detailing the criminal complaint against him.
The affidavit, signed by FBI special agent Patrick Lueckenhoff, does not reveal in any great detail what led the bureau to the young Massachusetts air national guardsman; and nor does it reveal what role the revelations published by Bellingcat and others might have played at any given stage. But it does show that investigators were pursuing their own inquiries that were at least parallel and had already zeroed in on their suspect.
The probable cause affidavit cites conversations between the FBI and a user of the so-called Thug Shaker Central chat group on Discord on 10 April, in which the user said Teixeira was posting classified material as early as December 2022.
It notes that when the FBI subpoenaed Discord for Teixeira’s account details, the records produced on 12 April showed Teixeira had put his own name and address as the billing info.
And it also disclosed that an unnamed “second US government agency, which can monitor certain searches conducted on its classified networks”, found Teixeira used his government computer to search for the word “leak” on 6 April.
In a tweet posted Friday shortly after Teixeira’s court appearance, Aric Toler, Bellingcat’s director of research and training, whose name also appears on New York Times coverage of the story, said the FBI was ahead of the curve in identifying Teixeira.
“This should have been obvious, but no, our story naming the Pentagon/Discord leaker didn’t help the feds find him,” Toler wrote.
“They already knew at least a day before we identified him.”
Still, what Bellingcat and the Times showed was how widespread the sharing of the documents had become and Teixeira’s apparent negligence as he left a plethora of digital breadcrumbs leading to his identity being revealed.
In addition to the Thug Shaker Central group, copies of some of the documents also showed up on another Discord server hosted by a prominent YouTuber named Wow Mao. They could have been shared there by Teixeira, or more likely others who had picked them up, thereby exposing them, and by consequence, the suspect himself, far beyond the tight group of 20 or so active users of the original private Discord group.
From there, the leaked documents spread to rightwing online message board 4chan and smaller groups on Telegram – including one analysts say included an edited image with inaccurate casualty figures.
The New York Times first reported on the leaked documents on 7 April, mentioning the work of Bellingcat in finding a tranche of documents shared in March on Discord.
Several US news outlets, including the Times and the Washington Post, spoke with users of the Discord group, before US officials, on 13 April, arrested Teixeira.
The New York Times and Bellingcat did not immediately respond to request for comment about whether and when they alerted federal officials of their findings during the reporting process.
But the saga has revealed major shortcomings in the US government’s management of classified information, said Theresa Payton, cybersecurity expert and former White House chief information officer.
“Everyone should take this as a huge wake-up call,” she said. “To not do a bottom-up review of how this happened would be a dereliction of duty – because this will continue to happen if we don’t really get to the root cause.”
The leak has spotlighted concerns over the systems the US employs to manage that information, with experts warning the country’s cyber infrastructure is woefully outdated.
The files Teixeira accessed were stored on what is known as the Joint Worldwide Intelligence Communications System, a 30-year-old system that originally handled materials produced by the intelligence community for distribution among a much smaller segment of the defense department. But it has since expanded.
Experts say agencies are lagging in their ability to modernize systems like the Joint Worldwide Intelligence Communications System, particularly as the volume of material they are meant to hold has exponentially increased.
The challenges the intelligence community is facing in that respect are in line with broader difficulties the US government has faced in modernizing its systems, including in areas like social services.
Part of the problem is staffing. Since 2016, the government has tried to staff up aggressively in the cyber infrastructure space, with the Department of Homeland Security hiring for hundreds of new roles in the past year. But experts say it is not enough – and the department itself has called for thousands of more staff.
The Biden administration has attempted to address the weakness with $26.2bn in funding announced in March, but concerns are ongoing.