Get all your news in one place.
100’s of premium titles.
One app.
Start reading
ABC News
ABC News
National
Emily Clark in Washington DC and Lucy Sweeney

The Pentagon leak that landed on a chat forum about Minecraft exposes an unavoidable weakness in US national security

As part of the investigation, officials will need to trace the origins of the leaked documents through online spaces dedicated to Minecraft and YouTubers. (Reuters/US Defense)

US officials have arrested the man believed to be at the centre of a huge leak of highly classified Pentagon documents, after days of investigation.

The leak forced officials at the highest levels of the United States Department of Defense into the online worlds of gamers, meme lords and their leagues of followers.

The full scope of the 50-plus documents at the centre of this leak is not yet clear, but it represents one of the worst breaches of US national security this century.

The documents that have attracted the most attention include details from US military briefings on the war in Ukraine and there are fears this episode will massively undermine trust between the nations, ultimately to Russia's benefit.

There are many questions yet to be answered, including why this happened. 

According to analysts, the possible answers range from a failure of operational procedure inside the Pentagon to someone trying to win an argument on the internet.  

The absurdity of the leak

Over the past week, the investigation into who is responsible for the leak has had two fronts. 

First the official probes: the Department of Defense and its inter-agency effort to figure out what impact the leak will have on national security as well as a criminal investigation launched by the Department of Justice to establish how the documents were obtained and released. 

The second effort is that of open source investigators and journalists who have also been combing the far reaches of the internet, following digital clues that might also reveal the how and the who. 

On Wednesday, The Washington Post published a detailed account of the man allegedly behind the leak: a "young, charismatic gun enthusiast" who shared the documents with a tight-knit group of online acquaintances.

Then, The New York Times identified the alleged leaker as Jack Teixeira, a 21-year-old member of the intelligence wing of the Massachusetts Air National Guard.

By Thursday afternoon, local time, FBI agents had arrested Teixeira at his home and taken him into custody.

Former White House national security analyst and senior fellow at the Carnegie Endowment think tank Gavin Wilde said this leak was different to those that have most recently rocked US administrations.  

"The last 10-plus years in Washington DC, from WikiLeaks to the Snowden leaks, to Shadow Brokers, and everything else, there's a lot of trauma within the US national security bureaucracy around leaks," he said. 

"I think the novelty of this one compounds that sense of crisis because there doesn't seem to be a clear motive." 

The documents were marked as highly classified, so while that limited access to people with a certain level of security clearance, the actual number of people who might have been in that group is reported to be significant. 

Some are "similar in format to daily updates given to senior leaders", according to Chris Meagher from the Department of Defense, and are "used by a variety of people and [teams] within the department to inform their work". 

There is no clear answer on how many documents were leaked. Associated Press has viewed approximately 50 documents, CNN reports having access to 53 and the New York Times said it could be more than 100.

The Washington Post reported the alleged leaker shared several documents a week, beginning late last year, right up until last month. 

The New York Times first reported the leak after a select few documents were shared on Russian Telegram channels crawling with journalists trying to understand what Russian groups are doing in Ukraine and looking for original images or information from inside the war. 

When photographs of creased documents marked 'Top Secret' landed, it didn't take long for them to be noticed, but they had already been circulating in more obscure online spaces, potentially for months.   

Open-source investigative outlet Bellingcat established the Ukraine documents were first posted on messaging platform Discord, before making their way to Telegram, 4chan and eventually Twitter.

"On 4 March — over a month before the Telegram and 4chan posts — 10 documents were posted in a Discord server called Minecraft Earth Map," Bellingcat investigator Aric Toler wrote.

"After a brief spat with another person on the server about Minecraft Maps and the war in Ukraine, one of the Discord users replied, 'here, have some leaked documents', attaching 10 documents about Ukraine, some of which bore the 'Top Secret' markings."

Bellingcat found evidence that, two days before landing in the Minecraft chat, the cache of documents had been shared to another Discord channel for fans of meme creator wow_mao, and before that, to another thread called Thug Shaker Central.

Wow_mao addressed their Discord channel being used to share the leaked documents.  (YouTube: Wow_mao)

The Washington Post described the original Discord server as an invitation-only clubhouse with about 25 active users, where an elder-like figure known as OG lectured the younger members of the group on global affairs and secretive government operations. 

The group — which splintered off from a larger fan base of military-enthusiast YouTuber "Oxide" — was mainly interested in video games, music and Orthodox Christianity. Racial slurs and racist memes were reportedly shared widely.

It will be up to the Department of Defense, the Department of Justice and the FBI to fully investigate how the leak could have played out on Thug Shaker Central.

"This is a failure of imagination, as far as counterintelligence goes, but I think … the absurdity of the leak is also something we need to grapple with," Wilde said. 

"An understanding of these communities is not something you would expect senior folks in the US government to have been able to build a threat model around." 

Wilde said a "niche and specific talent pool" inside the US government had "their work cut out for them" in tracking down the original leaker. 

From Lady Gaga to Minecraft 

The major leaks from the past decade have had a clear motive.

In 2009, US Army intelligence analyst Chelsea Manning began covertly gathering sensitive military documents while on assignment in Iraq.

In order to get around the Defense Department's ban on external hard drives, Manning transferred the files onto discs disguised as Lady Gaga CDs.

Over several months, she sent more than 700,000 documents, videos and diplomatic cables to WikiLeaks, which went on to publish many of the classified files, exposing human rights violations and damaging state secrets.

The massive leak sent shock waves through the intelligence community and around the world, but by the time Manning was sentenced in 2013, another security breach had rocked the US.

Edward Snowden, a former IT consultant for the National Security Agency, shared thousands of classified documents with a group of journalists, revealing an extensive surveillance program targeting US citizens.

Like Manning and WikiLeaks founder Julian Assange, Snowden said his decision was driven by a moral impulse to expose secrets he believed the public had a right to know.  

Chelsea Manning served seven years before Barack Obama commuted her 35-year sentence, while Julian Assange, an Australian citizen, remains in Britain fighting his extradition to the US.  (AP Photo: Alastair Grant)

However, in this instance, the potential motive is less clear.

"I would definitely not call him a whistleblower. I would not call OG a whistleblower in the slightest," one Discord member told Shane Harris and Samuel Oakford for The Washington Post.

The counterintelligence community has long been wary of its secrets being spilled or citizens being spied upon in the world of online gaming.

Some of the documents released in the Snowden leak revealed that the NSA had been monitoring Xbox Live and World of Warcraft for years. 

More recently, War Thunder, a massively multiplayer online game (MMOG) that simulates battle using realistic models of tanks, fighter jets and warships, has been the arena of several leaks of sensitive or restricted military information.

Players go to great lengths to improve the technical accuracy of the game's models and, in several cases, have shared classified military documents to prove their arguments.

"We tend to think in terms of ideology or ego being drivers of leakers and … that the arenas for those types of actors are geopolitical and, because of WikiLeaks or Snowden, that the media arena for that type of illicit behaviour is vast," Wilde said.

"But in fact, notoriety and fame doesn't need to be very grand in scale.

"It can kind of be confined to those very clustered communities and go, in this case, what seems like at least a month relatively unnoticed, despite how outrageous and inflammatory these leaks appear to be."

US classifies 50 million documents a year 

The nature of the breach presents an ongoing conundrum for the intelligence community.

In an age when so much of the threat to sensitive information comes from the fact it lives on servers, this security breach happened in quite a simple way.

While the US has been bolstering its cybersecurity, someone made a decision to photograph hard copies of sensitive documents and Powerpoint slides and upload them to a space on the internet where people hang out and talk about video games.

Now officials inside the Pentagon — a building that is supposed to stand as a beacon of American military might — are forced to reckon with the inherent vulnerability of the people within it.

"The most secure thing would be to revert to typewriter and hand-carry documents to and fro to protect from attempts at hacking," Wilde said.

"But, there's also a whole discipline in counterintelligence and operational security that exists in meatspace — in the hard copy space — that we also can't disregard, just because we've moved online." 

It's estimated the US government classifies more than 50 million documents a year. 

Since news of the assumed leak broke, the Department of Defense said it had moved to scale back how many people had access to classified documents, tightening its inner circle. 

In the past, there have been questions raised about just how many documents are classified and what the mass approach means for the protection of the most precious secrets. 

"The US system of classification is stuck in a very bygone era, that is only going to age more and more poorly," Wilde said.

In 2016, discussing Hillary Clinton's use of a private email server while serving as secretary of state, Barack Obama said: "There's classified, and then there's classified."

"There's stuff that is really 'top-secret' top-secret, and there's stuff that is being presented to the president or the secretary of state that you might not want on the transom, or going out over the wire, but is basically stuff that you could get in open source."

The FBI conducted a years-long investigation into Hillary Clinton's use of a private email server and ultimately found no evidence of deliberate mishandling of classified information. (Instagram: Hillary Clinton)

Joe Biden's administration hasn't confirmed the veracity of the leaked Pentagon documents, but his National Security Council spokesman John Kirby made it very clear that this is not information that might already be out there in the public domain.   

"It has no business — if you don't mind me saying — on the front pages of newspapers or on television. It is not intended for public consumption and it should not be out there," he said this week.   

Converging on a suspect

Defense Secretary Lloyd Austin said earlier this week the US would "turn over every rock until we find the source" and extent of the leak. 

The FBI is leading the criminal investigation to identify the source and understand the true motivations behind it.

In a brief address on Thursday, Attorney-General Merrick Garland confirmed Teixeira had been arrested in connection with the case and would be charged with the unauthorised removal of classified national defence information.

Officials have not ruled out the possibility that pro-Russian actors could have been involved at some stage.

At least one document appears to have been doctored after it was leaked on Discord, but before landing on Russian Telegram channels. The edited image showed inflated US estimates of Ukrainian battlefield casualties and understated numbers of Russian forces.

As well as examining the access level for the leaked documents, investigators would be looking at printer logs to narrow down the potential spread of paper copies, an official told CNN.

And it will, no doubt, have been someone's job to dive into the defunct Thug Shaker Central server to investigate the leak's origins.  

In a statement, Discord said it was cooperating with law enforcement and declined to comment further. 

As more is learned about this leak, the motivation behind it may or may not become clear.

Wilde expects "it will most likely turn out to be more absurd and less conspiratorial".

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.