Inside the furious week-long scramble to hunt down a massive Pentagon leak
By Jeremy Herb and Sean Lyngaas, CNN
Jack Teixeira, wearing a green t-shirt and bright red gym shorts with his hands above his head, walked slowly backward toward the armed federal agents outside his home in North Dighton, Massachusetts, who took him into custody on charges of leaking classified documents.
The carefully choreographed arrest of the 21-year-old Air National Guardsman stood in stark contrast to the Biden administration’s scramble one week earlier to deal with the fallout from the revelation that highly classified documents had been sitting publicly on the internet for weeks.
Those leaked documents, which appeared to catch the Biden administration flat-footed, disclosed a blunt US intelligence assessment of the war in Ukraine, as well as details revealing US intelligence collection on allies.
The Biden administration raced to determine the identity of the leaker who had posted pictures of folded-up documents online, to understand the full scope of what had been leaked and to soothe allies who were varying degrees of angry that their secrets had spilled out for the world to see.
While the suspected leaker has been arrested, the administration’s damage assessment is still ongoing. It remains unclear whether the full extent of the impact of the leaks is known, as details from additional classified documents continued to be published throughout the week — even on Friday morning, the day after his arrest.
Inside the Pentagon, Chairman of the Joint Chiefs of Staff Gen. Mark Milley was “pissed” at the leak and “deeply concerned” about its national security implications, a US official told CNN. The Defense Department has been holding daily meetings on the leak since Defense Secretary Lloyd Austin was first briefed last Thursday.
The episode represents the most egregious disclosure of classified documents in years. The leaked documents have exposed what officials say are lingering vulnerabilities in the management of government secrets, even after agencies overhauled their computer systems following the 2013 Edward Snowden leak, which revealed the scope of the National Security Agency’s intelligence gathering apparatus.
It is unlikely, however, that those safeguards would have prevented the most recent leak, sources said. “All classified systems have multiple levels of risk controls, but a determined insider will find the weak points over time,” said a former US official.
The Pentagon has already taken steps to clamp down on who can access sensitive classified material, while Austin has ordered a review over access to classified documents. And Congress is vowing to investigate exactly what happened and why the US intelligence community failed to discover its secrets were sitting on a public internet forum for weeks.
In a statement acknowledging the extent of the problem that the leaks exposed, President Joe Biden said Friday that he had directed both the military and intelligence community to “take steps to further secure and limit distribution of sensitive information.”
“This is a breakdown,” Chris Krebs, the former head of the Department of Homeland Security’s cybersecurity agency, told CNN. “There’s no question that there will be a lot of introspection inside the intelligence community and across the government of where were those breakdowns? How do we ensure that we tighten that system of military discipline that that was referred to earlier to ensure that these things do not happen?”
Postings started in December 2022
According to charging documents unsealed on Friday, Teixeira allegedly began posting classified information on the Discord server in December 2022.
Teixeira is believed to be the head of obscure invite-only Discord chatroom called “Thug Shaker Central,” multiple US officials told CNN, where information from the classified documents was first posted.
One of the users on the Discord server told FBI investigators that Teixeira began posting photographs of documents that appeared to be classified in January 2023, according to the affidavit unsealed Friday after Teixeira was arraigned.
Investigators wrote in the affidavit that at least one of the documents that described the status of the Russia-Ukraine conflict, including troop movements, was classified at the TS-SCI level, meaning it contains top-secret, sensitive compartmentalized information.
“The Government Document is based on sensitive U.S. intelligence, gathered through classified sources and methods, and contains national defense information,” the affidavit states.
Teixeira, an airman first class stationed at Otis Air National Guard Base, was assigned to the 102nd Intelligence Wing, which is a “24/7 operational mission” that takes in intelligence from various sources and packages it into a product for some of the most senior military leaders around the globe, a defense official said.
His job was not to be the one packaging the intelligence for those senior commanders, but rather to work on the network on which that highly classified intelligence lived. For that purpose, the official said Teixeira would be required to have a TS/SCI clearance, in the instance that he was exposed to that level of intelligence.
“It’s not like your regular IT guy where you call a help desk and they come fix your computer,” the official said. “They’re working on a very highly classified system, so they require that clearance.”
Crumpled documents with highly classified intelligence
CNN has reviewed 53 documents that were posted on social media sites, which include US intelligence assessments of Ukrainian and Russian forces, as well as details about other countries providing weapons to Ukraine and other intelligence matters. The Washington Post has reported on an additional tranche of documents from the server.
The photos showed crumpled documents laid on top of magazines and surrounded by other random objects, such as zip-close bags and Gorilla Glue, suggesting they had been hastily folded up and shoved into a pocket before being removed from a secure location.
A Discord user told investigators that Teixeira had become concerned “he may be discovered making the transcriptions of text in the workplace, so he began taking the documents to his residence and photographing them,” according to the affidavit.
Four Discord users active in a different Discord chatroom where the documents later appeared told CNN they began circulating on Thug Shaker. Another user who was in the Thug Shaker chatroom told CNN they saw the original posts of classified documents but declined to speak further about them.
While the documents were being shared on Discord, there’s no indication that the US intelligence community was aware they were on the internet. Discord servers are typically small, private online communities that require an invitation to join.
On April 6, The New York Times first reported on the leaked documents and the Pentagon having launched an investigation into who may have been behind the leak.
The investigation into finding the leaker quickly moved into the hands of the Justice Department, while the Pentagon investigation focused on a damage assessment of the leaks themselves.
But the number of leaked documents continued to grow in the hours and days that followed the initial disclosure, revealing new intelligence assessments on everything from South Korea’s hesitance to provide the US weapons that might be sent to Ukraine to intelligence suggesting Egypt planned to supply rockets to Russia.
US diplomats were forced to deal with the fallout. Seoul said it would hold “necessary discussions with the US” following the leak.
A scramble to identify the source of the leaks
The documents that were leaked appear to be part of a daily intelligence briefing deck prepared for the Pentagon’s senior leaders, including Milley, the top US military general. On any given day, the slides in that deck can be properly accessed by hundreds, if not thousands, of people across the government, officials said.
Last Friday’s announcement of a Justice Department investigation underscored just how high a priority the leak was considered.
By Monday, FBI agents from Washington to California to Boston were combing through evidence, conducting interviews and tracking volumes of computer data that within days pointed to Teixeira. They worked with Army CID investigators experienced in classified document probes.
Anthony Ferrante, a former FBI agent, said that the “first few hours are critical” in a case like the Discord leaks as investigators rush to preserve digital evidence before it becomes harder to find online or vanishes altogether.
FBI agents likely worked backward from the initial Discord posts to build a profile of the leaker, combing through his other online accounts to “put a human behind a keyboard,” Ferrante, who is now global head of cybersecurity at FTI Consulting, told CNN.
Even though Teixeira emerged quickly as the most obvious suspect, counterintelligence agents trained in uncovering foreign spies looked through Teixeira’s background to try to find any sign that he could be working with a foreign intelligence service.
The FBI agents’ work was made more urgent because the trove of documents had set off a media frenzy and reporters found ready interviews among members of Teixeira’s Internet social circle.
On Monday, the FBI interviewed a user of the Discord chatroom where the classified information had been posted, according to the affidavit. That person told investigators that a user who went by “Jack” and said he was in the Air National Guard was the server’s administrator.
A day earlier, the investigative news outlet Bellingcat posted an interview with a member of that same chatroom.
On Wednesday, a day before Teixeira’s arrest, the FBI obtained records from Discord that included the subscriber information of the server’s administrator, which had Teixeira’s name and address, according to the affidavit.
By day 5 of the FBI’s search, agents believed they had enough to charge Teixeira, and they began surveilling him.
In a different scenario, without the intense public attention, agents might have watched him for weeks to see if he was meeting anyone suspicious or if he had accomplices.
Instead, they moved to make an arrest Thursday, as news helicopters flew above.
Fallout for the military and intelligence community
Teixeira was charged under the Espionage Act with unauthorized retention and transmission of national defense information and unauthorized removal of classified information and defense materials. He will next appear on Wednesday in federal court in Massachusetts.
For the Biden administration, the episode has already prompted the Pentagon to begin to limit who across the government receives its highly classified daily intelligence briefs, amid lingering questions over why a 21-year-old junior Air National Guardsman had access to such classified information — and why it wasn’t discovered more quickly.
Austin and Milley spent time on the phone speaking with US allies and partners around the world regarding the sensitive intelligence and top-secret documents suddenly thrust into the public sphere. Those conversations were expected to continue through the end of the week, another US official said.
Deputy Secretary of State Wendy Sherman was tapped to lead the diplomatic response to the leaked US intelligence documents, according to a US official familiar with the matter.
Biden was continually briefed on the state of the investigation while abroad, as well as the efforts of his top officials to engage with allies over the leaked information, officials said. Behind the scenes, that effort was a reality that loomed over a deeply personal and important foreign trip for Biden, one official acknowledged.
Still, the leaks didn’t arise when Biden met Wednesday with British Prime Minister Rishi Sunak, a Five Eyes intelligence sharing ally.
Biden publicly downplayed the significance of the leak when he made his first comments on the matter. “I’m concerned that it happened, but there is nothing contemporaneous that I’m aware of that is of great consequence,” Biden told reporters Thursday.
The-CNN-Wire
™ & © 2023 Cable News Network, Inc., a Warner Bros. Discovery Company. All rights reserved.
CNN’s Kylie Atwood, Natasha Bertrand, Haley Britzky, Zachary Cohen, Jennifer Hansler, Oren Liebermann, Alex Marquardt, Philip Mattingly, John Miller, Evan Perez and Hannah Rabinowitz contributed to this report.