A massive document leak is spreading online, exposing sensitive information and sparking a Justice Department investigation. The documents appear to detail the war in Ukraine and are believed to be from the Pentagon. Investigators are scouring the data for clues about the source, which may be a person or an algorithm. The key to identifying the source is chain-of-custody mapping – following the path of information through internal systems, inboxes, and external messaging platforms (e.g., Discord).
The first step is to contain the leak. That involves determining whether the information is limited to a small group or has spread more widely, such as on social media or a private message board. It also involves analyzing the scope of the compromise and the number of people potentially impacted by it, which may involve technical review or cross-checking access logs. This may include requesting takedowns of public content, revoking access permissions, and temporarily suspending normal deletion cycles across email servers, file repositories, and print systems to prevent accidental overwriting.
If authentic, the leaked material spotlights a number of weaknesses in Russia’s military planning and weaponry, at a time when Moscow is stepping up its assault on Ukraine. In addition, it underscores how deeply the US has penetrated Russian decision-making circles. But it also demonstrates how even a small, unauthorized disclosure can hurt US national security. The incident is reminiscent of the 2013 leaks by former NSA contractor Edward Snowden, who disclosed classified information about government surveillance to the Guardian and the Washington Post. Similarly, Mordechai Vanunu revealed details of Israel’s nuclear program to the press in 1986 and Daniel Ellsberg leaked top-secret US military data on Vietnam to The New York Times in 1971.