Governance & Risk Management , Insider Threat

Feds Describe Intelligence Leak Probe as Criminal Matter

National Guard Airman Jack Teixeira Charged With Mishandling Intelligence
Feds Describe Intelligence Leak Probe as Criminal Matter
U.S. Air Force Brig. Gen. Pat Ryder, the Department of Defense's press secretary, speaks to reporters on April 13, 2023. (Photo: DOD)

The arrest of a low-level U.S. military IT specialist on suspicion of leaking highly classified documents begs this question: Why did he have access to them in the first place?

See Also: 2024 Global Threat Report- Infographic

Jack Teixeira, 21, is due to be arraigned Friday in the U.S. District Court for the District of Massachusetts after the FBI detained him Thursday "for his alleged involvement in leaking classified U.S. government and military documents."

Attorney General Merrick B. Garland, in a brief statement, announced Teixeira's arrest Thursday "in connection with an investigation into alleged unauthorized removal, retention, and transmission of classified national defense information."

Department of Defense officials have said that while the cyber defense operations journeyman's access to classified information was legitimate, the leaks have prompted them to review the guidelines.

A criminal indictment filed Friday in Massachusetts federal court charges Teixeira with two offenses: transmitting defense information to others, in violation of the Espionage Act, which the Department of Justice has previously used to prosecute leakers, and unauthorized removal and retention of classified documents or materials. Each charge under either act carries a jail sentence of up to 10 years. Teixeira could be charged separately for each allegedly leaked document.

"The FBI has been investigating the unauthorized disclosure of classified national defense information in connection with the posting of dozens of images of documents on various public internet sites," according to an FBI affidavit submitted to court. "Certain of the images appear to depict government information that was used to inform senior military and civilian government officials during briefings at the Pentagon in Arlington, Virginia."

As with prior high-profile leaks, the collective focus isn't just on the leaker's identity, but also the circumstances that allegedly allowed Teixeira, an airman first class in the Massachusetts Air National Guard who originally enlisted in September 2019, to gain access to sensitive intelligence. Experts who have reviewed the leaked intelligence say it may amount to hundreds of different reports, covering everything from assessments of Russia's invasion of Ukraine to China and to North Korea's missile program and much more.

The FBI affidavit said Teixeira was required to hold a top secret security clearance for his job, and it was granted in 2021. "To acquire his security clearance, Teixeira would have signed a lifetime binding non-disclosure agreement in which he would have had to acknowledge that the unauthorized disclosure of protected information could result in criminal charges," FBI Special Agency Patrick M. Lueckenhoff, who specializes in counterintelligence and espionage investigations, wrote in the affidavit.

Intelligence Leaked to Discord Group

Just before his arrest, The New York Times first publicly named Teixeira as "OG," the leader of a Discord server called Thug Shaker Central. As Bellingcat reported, textual extracts of the documents were first posted beginning late last year, before photographs of the documents began to get posted in January, continuing until March. From there, the documents eventually spread via 4Chan, Telegram and Twitter accounts.

Many of the leaked documents appear to have originated from the military's Joint Staff. Last Friday, it began dramatically restricting access to daily briefings, the Times reported.

Previous high-profile leaks include former U.S. Army junior intelligence analyst Chelsea Manning sharing hundreds of thousands of secret government cables with WikiLeaks in 2010, in part as a reaction to the Iraq War. In 2013, then National Security Agency contractor Edward Snowden leaked thousands of NSA documents, in part to detail illegal mass surveillance programs.

The new so-called Discord leaks are different. Fellow users of the Discord server Teixeira allegedly ran told The Washington Post that rather than whistleblowing, his alleged leaking appeared to be designed to impress or amuse his peers - who often discussed guns, military tech and gaming, sometimes using racist language - and were never intended for mass distribution.

An Air Force spokeswoman told the Times that Teixeira was assigned to the 102nd Intelligence Wing at Otis Air National Guard Base, part of Joint Base Cape Cod.

Pentagon Reviews Underway

Air Force Brig. Gen. Pat Ryder, the Pentagon's press secretary, declined Thursday to address questions about whether a 21-year-old airman had a need to know the highly sensitive information to which he allegedly had access.

Instead, Ryder noted that a wide-ranging review, led by U.S. Central Command, is underway. Distribution lists for sensitive information are one of the things being reviewed. So is the efficacy of existing approaches to monitoring access and protecting information. "We have safeguards in place, we have processes, we have procedures," he said. "We'll continue to do due diligence as part of this review to ensure that we're doing everything we can to prevent potential unauthorized disclosures in the future - recognizing that, again, this was a criminal, deliberate act."

He added that the military trains personnel "on how to spot insider threats," and said the imperative when an insider acted maliciously was obviously "to clue in on those signals" as fast as possible, and that the review would inform how current approaches need to be refined.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.