The scale of the leak was enormous – thousands of secret documents, some of the most sensitive and important held by United States intelligence, downloaded and put into the public domain in a huge blow to Western security.
Classified information was downloaded from the computers of the National Security Agency (NSA) and Defence Intelligence Agency (DIA) by a civilian private contractor who had been vetted and provided with one of the highest forms of security clearance.
That was Edward Snowden, whose devastating disclosures were made almost exactly 10 years ago.
Now there is another huge security leak, from the Pentagon, almost certainly carried out by another civilian contractor. Day after day there are new reports about what American intelligence agencies have gathered from intercepting communications of both allies and enemies.
Many similarities exist between the two sets of leaks, a decade apart. For example, revelations include that the US spies on supposedly friendly states such as Israel and South Korea. Snowden revealed that the US spied on Germany – an ally and fellow Nato member – even bugging the mobile telephone of Chancellor Angela Merkel.
The difference in the respective leaks can be seen in motivation and dissemination.
Snowden maintained he was a whistleblower motivated by alarm at the aggressive actions of the US administration and breaches of human rights. He chose to give the files he had obtained to senior journalists on serious media outlets such as the Washington Post and Guardian.
The current tranche of documents was dumped on a web server, apparently to impress fellow users of a chatroom rather for any ideological reason.
Who exactly carried out the leak remains unclear. US defence secretary Lloyd Austin pledged to “investigate and turn every rock until we find the source of this and the extent of it… they were somewhere in the web and who had access at that point, we simply don’t know.” CIA Director William Burns said the leak was “deeply unfortunate, we are trying to find out all we can about this. it’s something the US government takes extremely seriously.”
One report in the Washington Post says the original source of the documents was a teenager with the initials ‘OG’ – a gun enthusiast with racist and antisemitic views who worked in a military base viewing classified information.
The chatroom he used – ‘Thug Shaker Central’ which has since been shut down – was named as the platform for the leak by investigative journalism outlet Bellingcat. Members of ‘Thug Shaker Central’ say they had viewed up to 300 photographs of classified documents.
The secret files also appeared in a Discord channel run by a 20 year old British-Filipino student based in the UK and known online as Wow Mao; he describes himself as a “shit-posting internet micro-celebrity”.
Some material also appeared in another Discord server, ‘Minecraft Earth Map’, where, after an argument about the Ukraine war, a user posted “ here, have some leaked documents” and attached ten of them.
What does appear to be the case is that the revelations are not the work of a state actor such as Russian or Chinese intelligence services or other adversaries. And that makes such a debacle harder to foresee or mitigate.
Both the Snowden and the current leaks are partly the result of a move towards privatisation of security. The Pentagon has granted top security clearances to a very large number of civilians. The number of employees and contractors across the US administration with top secret clearance is currently more than 1.25 million.
Britain has three levels of security clearance: Counter Terrorist Checks (CTC), Security Checks (SC) and Developed Vetting (DV). Since 2018, an average of 164,000 CTC and SC, and 17,900 DV clearances have been issued each year.
Jake Williams, a former NSA operator and an analyst with cybersecurity consultancy firm IANS Research, comments: “It seems like the Department of Defence thought they had sufficient controls in place to detect would-be leakers after incidents like Snowden. But obviously, whoever is doing this got around that or learned from past techniques and mistakes.”
Robert Emerson, a British security analyst, says the concept of a leak-proof security world is fanciful. “The volume of information is so much, being transmitted at such speed that it’s virtually impossible to ensure total control.
“At the same time, it would not be possible to operate in such an environment without the use of private contractors. And if, as had happened in this case, there was no strong ideological or political motivation in the leaking, it is difficult to weed out individuals during vetting.”
