Above Photo: via Facebook
An NSA document purporting to show Russian military hacker attempts to access a Florida company which makes voter registration software is sent anonymously to The Intercept. A low-level NSA contractor, Reality Winner, above, is arrested almost immediately. What’s wrong with this picture? A lot.
Who Benefits?
Start with the question of who benefits — cui bono— same as detectives do when assessing a crime.
— Trump looks bad as another trickle of information comes out connecting something Russian to something 2016 election. Intelligence community (IC) looks like they are onto something, a day or so before ousted FBI Director James Comey testifies before Congress on related matters.
— The Intercept looks like it contributed to burning a source. Which potential leaker is going to them in the future? If potential leakers are made to think twice, another win for the IC.
— The FBI made an arrest right away, nearly simultaneous to the publication, with the formal charges coming barely an hour after The Intercept published. The bust is sure thing according to the very publicly released information. No Ed Snowden hiding out in Russia this time. IC looks good here.
— More evidence is now in the public domain that the Russians are after our election process. Seems as if the IC has been right all along.
What Happened is… Curious and Curiouser…
Now let’s look at what we know so far about how this happened.
A 25-year-old improbably-named Reality Winner leaves behind a trail long and wide on social media of anti-Trump stuff, including proclaiming herself a member of The Resistance. Never mind, she takes her Top Secret clearance with her out of the Air Force (she had been stationed with the military’s 94th Intelligence Squadron out of Fort Meade, Maryland, co-located with the NSA’s headquarters) and scores a job with an NSA contractor. Despite the lessons of too-much-access the Snowden episode should have taught the NSA, Winner apparently enjoys all sorts of classified documents — her Air Force expertise was in Afghan matters, so it is unclear why she would have access to info on Russia hacking of U.S. domestic companies.
Within only about 90 days of starting her new job, she prints out the one (and only one apparently, why not more?) document in question and mails it to The Intercept. She also uses her work computer inside an NSA facility to write to the Intercept twice about this same time.
Winner has a clearance. She was trained as a Dari, Pashto, and Farsi linguist by the Air Force. She knows how classified stuff works. She has been told repeatedly, as all persons with a clearance are, that her computer, email, printing, and phone are monitored. She mailed the document from Augusta, Georgia, the city where she lives and where the NSA facility is located. She practiced no tradecraft, did nothing to hide her actions and many things to call attention to them. It is very, very unclear why she took the actions she did under those circumstances.
The Document
The Intercept meanwhile drops by their friendly neighborhood NSA contact and shows them the document. NSA very publicly confirms the veracity of the document (unusual in itself, officially the Snowden and Manning documents remain unconfirmed) and then makes sure the open-court document filed is not sealed and includes the information on how the spooks know the leaked doc was printed inside the NSA facility. Winner went on to make a full confession to the FBI. The upshot? This document is not a plant. The NSA wants you to very much know it is real. The Russians certainly are messing with our election.
But funny thing. While the leaked NSA document seems to be a big deal, at least to the general public, it sort of isn’t. It shows one piece of analysis suggesting but not confirming the GRU, Russian military intelligence, tried to steal some credentials and gain access to a private company. No U.S. sources and methods, or raw technical intel, are revealed, the crown jewel stuff. There is no evidence the hack accomplished anything at all, never mind anything nefarious. The hack took place months ago and ran its course, meaning the Russian operation was already dead. The Russians were running a run-of-the-mill spearfishing attack, potentially effective, but nothing especially sophisticated. You get similar stuff all the time trying to harvest your credit card information. The leaked document looks like a big deal but isn’t.
Another issue. The Intercept has a lot of very smart people working for it, people with real-world intelligence and tradecraft experience. People who know about microdot encoding on printed documents, one of the tells here, and people who know they don’t show their whole hand when asking the NSA for a comment. The Intercept journalist volunteered to an NSA contracting company that the envelope received was postmarked to Augusta, where Winner lived and worked. Like Reality Winner and her own security training, it is very, very unclear why the Intercept took the actions it did under those circumstances.
So For Now…
So, look, what we know about this story may represent .01% of the whole picture, and that tiny sliver of visible information is only what the government has chosen to reveal. And sometimes a coincidence is just a coincidence. Sometimes smart people make dumb mistakes.
But that’s not the way you place your bets, especially when dealing with the IC who are good at these kinds of games. At this very early stage I’m going to say there are too many coincidences and too many mistakes to simple shrug it all off. Too many of the benefits in this have accrued on the side of the IC than is typical when a real whistleblower shares classified documents with a journalist.
If it frightens you that I invoke the question of the Deep State using journalists to smear the President, just forget I said anything. But if we’re willing to believe the Russians somehow successfully manipulated our entire society to elect their favored candidate, then we can at least ask a few questions.
Otherwise, if anyone hears Winner’s lawyer use the word “patsy,” let me know, OK?