www.pwnallthethings.com
Pentagon Leaks: What's the Damage?
Matt Tait
16 - 20 minutes
Pentagon leak: How secret US files spread then vanished online - BBC News
Every national security leak is a saga in five parts. This one is no different.
The first of these stories is always the one written by the national security apparatus itself, though originally intended for a more select audience. It shows the world as the intelligence community sees it, and with the curtain pulled back. Along with the stories of foreign governments and targets, it also tells a story about the IC itself, and its analysis, priorities, and the mechanics and people through which they see the world and report on it out to policymakers.
The second story is the rush of the chase and the scramble to catch the leaker; the trail of clues that starts with a picture of a classified document and the journey as journalists and government investigators race to identify its photographer.
This second story gives way to the third: the human story of the leaker themselves. Who are they? How did they do it? What signs did their friends, family, and colleagues see as they changed from trusted official into public leaker? And what motivated them to reveal the things they were supposed to keep secret?
For many, the saga ends here. With the documents published and the leaker starting their long and arduous journey through the federal criminal justice system, the story moves on to other, more current things.
But the story doesn’t end here. Two more stories are due. The next part is the damage assessment and the unfortunate reminder that leaks often come at a price. And the fifth is the story of the future, and what the government will try and do to stop it happening again.
For a variety of reasons, these final two stories usually get little attention. They are more bureaucratic and inward-facing than the others, and are usually poorly explained. They’re also written by the government—who are no neutral party in the story they are trying to tell—and it usually suffers itself from over-classification, over-abstraction, and, perhaps most unforgivably to the public in the relentless news cycle: they’re late to the party. By the time those stories are ready to be told, it’s old news, and the world has moved on.
But while those last two stories are the least well understood, they’re also important. So let’s talk about the damage. What’s in this leak? Is it really so bad? Were sources and methods lost? Is it repairable? And who pays the price when leaks like this occur?
The Discord Leaks is a collection of approximately 300 photographs taken from the JCS daily brief over a few months, as well as from the CIA Operations Center Intelligence Update. Eight of these are high-resolution images from a briefing in early March that are readily available on the Internet. These eight mostly relate to Ukraine’s planned Spring counteroffensive and the operational status of a few active combat areas in Ukraine.
One of these documents was clumsily altered by a Russian Telegram channel last Thursday. That laughably terrible attempt at photoshop changed a table of Russian casualty numbers down by a factor of about 10 and inflated Ukrainian casualty numbers. Amazingly, despite the photoshop being glaringly obvious, they were quoted by Tucker Carlson to his nightly audience of 2.5 million conservative viewers nearly a week after they were shown as fabricated.
Beyond those eight high resolution images floating round the Internet, a second set of about 50 high-resolution images exist, and two publications appear to have additional images beyond that set—about 100.
The full archive covers a far broader set of IC analytic product than might be obvious just from the public eight photographs, and they cover the whole spectrum—it’s not just maps and military intelligence. This information is mostly, but not entirely, in the form of short-form summary reports, and so is relatively dense in its coverage of global events and equally dense in the variety of sources and methods that underlie that analysis.
From a damage-assessment perspective, it’s important to notice that the information in these documents isn’t all the same. Some are essentially inert; the IC will lose no sleep to lose it. Other bits will have had senior intelligence officials throwing anything not nailed down across the room, clearing their schedule, and trying desperately to extinguish the dumpster fire.
So let’s categorize them and take them in turn. The information here splits broadly three ways: military intelligence about Ukraine, political analysis using non-fragile sources, and foreign intelligence. They’re quite different.
The first part of the leaks is intelligence regarding Ukraine’s military operations in the very immediate term. These leaks include maps of then-current operational areas and positions, training timelines, and confirmed delivery estimates for plausible and planned force deployment with a timeline in the days-to-weeks ahead. The documents also reveal a lot of technical information and plausible windows of opportunity for Ukraine’s planned Spring offensive.
The damage of losing this kind of information is extremely acute if the information is fresh and sustained. But the information is also extremely time-sensitive, and so the damage of this particular category of information in the leak tapers off very quickly. So far as I can tell, most of the people downplaying the damage of the leak are basing it on this observation.
Image: the classified documents here being cross-posted out of Teixeira’s private Discord and on to the public Internet—here via the Minecraft Earth Map Discord—within days of them being created
One document, titled “Ukraine: Disposition of Ukraine Armed Forces Around Bakhmut, February 24” shows a very detailed map of Ukrainian forces in and around Bakhmut from the day of the report. Another, titled “Bakhmut City Map as of 01 0600 EST Mar 2023”, shows Ukraine’s precise military locations within the city at the time with high granularity.
Had Russian artillery commanders obtained these maps within a few hours of the JCS writing it, it would have been an unmitigated disaster for Ukraine. There’s really no way to gloss over that. Had that map reached Russian artillery commanders on the same day, Russia could have killed a lot of Ukrainians as Ukraine scrambled to figure out what was happening and urgently repositioned everyone to try and mitigate it. That repositioning would have, in itself, been a massive disruption for Ukraine’s operations in the area, and an extremely valuable window of opportunity for Russian forces.
But wars are dynamic, and nothing stays still for long. The spots on the map no longer show where Ukrainians are; only where Ukrainians were. The intelligence value of those maps has mostly, though not entirely, “aged off” already.
Another map shows detailed air-defense locations in Ukraine, down to the types, locations, and effective range of the equipment. Let’s not be coy here: this is information that Russia has expended vast sums of money and equipment trying to obtain. Losing maps like these to the Russian military is horrific, and nobody should downplay it. It is less acute several weeks after the fact than had Russia gained it and used it while it was fresh—air defense systems in Ukraine are also mobile—but it is genuinely horrific for this information to have been lost. Don’t forget: Ukrainian air defense protects not just their forces, but also their cities from Russian bombardment. Ukraine and its allies have expended huge effort and costs to provide this air defense equipment. This map would have let Russian drones, missiles, and aircraft completely bypass it.
Other awful leaks in the set include detailed schedules and plans for Ukraine’s Spring counteroffensive. By colossal luck, the documents became public at the tail end of this schedule, depriving Russia of most of the value they contain. But it goes without saying that advance knowledge of schedules, equipment, and scale of a counter-offensive is very, very valuable to Russia’s military as they plan how to defend against it.
In short, this is a leak with a very direct cost that will certainly be paid in Ukrainian lives and destroyed equipment. Thanks only to sheer luck, the severity is far lower than could have been the case. And not to labor this point, but this luck is despite Teixeira, not thanks to any proactive attempt by him to mitigate those harms, or lack of damaging material in the documents as he posted them. At the point where he posted them, those maps were current. He posted it to a channel that had overtly pro-Russian members. The channel he shared it in was called “Bear-vs-Pig”; named for a racist slur commonly used by Russians against Ukrainians. That the documents didn’t route immediately into the hands of Russian commanders is not due to any attempt on his part to mitigate the harms prior to leaking those documents.
We don’t know yet if Teixeira wanted lots of Ukrainians to die as a result of his leak. But we definitely know he didn’t care if they did, and they certainly had the potential to cause colossal amounts of death—both military and civilian—in Ukraine, even if that huge potential was never fully realized.
The second group of leaks in the archive is political analysis of public events. These do appear with classification markings in the documents, but don’t be fooled: the classification here derives from the accompanying analysis, not the fragility of the source.
Let me give you an example to show what I mean.
In the archive, one report talks about Hungarian Prime Minister Orban describing America as one of its “enemies” during his State of the Union speech. This paragraph is marked “C/NF”—short for Confidential / NOFORN. This is a great example of over-classification, but leaving that aside for a minute, notice that the classification marking here isn’t about a fragile source. Orban’s speech was televised, and the transcript was even posted on the Hungarian government’s website. There is nothing secret about it. The (C/NF) designation comes not from the source, but from the (amazingly banal) analysis that accompanies it, specifically the local US embassy’s view that it’s an escalation from Orban’s prior rhetoric.
Importantly, the IC’s source in this case is not fragile with respect to the leak. Orban will not mitigate his public speeches knowing that the US embassy is watching them. If anything, it probably encourages him. And he’s certainly not going to start doing his State of the Union speeches in secret.
A more complicated example is a document discussing circumstances under which Israel might take a more active role in helping Ukraine militarily. There is not obviously any direct source underlying this document, and it is marked “Exploratory Analysis”. It’s not reporting in response to a human source’s observations or some intercepted communication, but rather the output of informed brainstorming by IC analysts, almost certainly in response to a specific question posed by senior US officials. Israel might be unhappy with the IC thinking about this topic, and also upset that US seniors are asking questions about it. But there’s nothing fragile here. Israel can’t easily thwart the IC making such analysis in future because, to the extent that the reporting is based on any fragile sources at all, it does so extremely indirectly.
Political analysis can be embarrassing—sometimes acutely—but rarely degrade the IC’s capability over the long-term. The local ambassador, or, heaven forbid, the Secretary of State, might have to eat some humble pie and do an apology tour over it. But such is life. Everyone will move on quickly enough.
The third group of leaks is the meat of the IC: foreign intelligence, derived from the IC’s non-public signals intelligence and human source-based collection activities. What the IC refers to as “sources and methods”.
The leaked documents have dozens of examples of end-product foreign intelligence reporting. It discusses foreign leaders and their interactions with or about US adversaries; foreign businesses flirting with or actively engaging in sanctions evasion; foreign businesses and leaders planning strategic re-alignments towards America’s adversaries; political and military decisions being made everywhere, from Africa, to Asia, to the Middle East, and even of allied governments from Israel, the UK, South Korea, and even Ukraine, along with accompanying assessments as to their likely success and significance to America’s medium and long-term interests.
Foreign intelligence leaks are not like the other types of leak in this archive. Battlefield intelligence leaks tends to have a very fast age-off rate. Political analysis rarely have lasting impact because their sources are non-fragile. But foreign intelligence analysis really does rely on fragile collection capabilities, and the tail of damage for these can be both locally acute and age-off slowly.
This point is, hopefully, fairly straightforward. If the IC’s human sources are killed, jailed, or have to be extracted from country, or if sources stop helping the US because it cannot protect their identities, the IC loses the visibility and insights that come from those sources’ access. If influential people learn that they are being watched by American signals intelligence—not just in an etherial abstract sense, but the concrete knowledge that they really are targeted—they will become more paranoid and reorient their communications to use better secrecy.
To be fair, sometimes that reorientation will fail, and NSA will be able to get at their newly hidden information in some other way. But sometimes they will succeed, and NSA will just lose visibility of what those targets are doing. Worse, if the target knows not just that they are surveilled, but how, that reorientation away from NSA’s gaze is much more likely to be successful.
Unfortunately—and perhaps non-obviously—leaks can derail IC operations in ways that are rather unintuitive to a casual observer. A document that doesn’t explicitly name a source or method can nevertheless destroy it, and can cause harms in ways that are completely non-obvious to an ordinary reader.
A simple example of this, weirdly enough, is Bellingcat’s identification of Teixeira. For a full week, thousands of people have seen some of these leaked photos and the objects in the background. Almost none will have noticed a tiny patch of granite lurking in the background. But this tiny fact was important to a tiny number of people with extensive backgrounds in online investigations, and even then, only because of the addition and context from other non-public sources discovered during their investigation.
In other words, just because you can’t see the significance of how something tiny in a photo can have massive repercussions doesn’t mean that experts with extensive experience and that little bit of extra context can’t.
That might all sounds a bit hypothetical. So let’s be concrete here. The documents reveal at least one human source to a specificity that means the IC will have had to intervene to protect them. For signals intelligence, picking it apart is even easier. It is fairly easy with this set of documents to identify a dozen specific NSA targets and the exact mechanism used to surveil them. Some of these targets won’t notice. Others will.
But why does it matter? Is the benefit of the disclosure worth the costs that they incur? That’s depends a lot on your priors. But beyond the human sources themselves for whom a sudden exposure can be life-threatening, the IC losing fragile accesses generally reduces the volume and quality of the IC’s reporting out to the US’ principal decisionmakers. In isolated cases, that’s painful, but manageable. But as the IC’s reporting degrades to rely more on guesswork and second-order sources, it ultimately starts producing weaker analysis, and that, in turn, means more errors by policymakers—both in terms of volume and severity. It means more unhappy surprises for America as global events shift without warning, and fewer opportunities for America to mitigate them before they become a critical issue that is far more expensive in blood and gold to resolve. Those costs are real as they build up in the aggregate.
Anyway, this post has gone on long enough, so I’ll just end with a thought experiment to ponder on.
Imagine a CIA officer walks into the Director’s office. “We’ve found a way to get the daily briefing for the Russian General Staff!” They say. “But, unfortunately, this op will be very expensive. To do it, we’ll need $ X”. Where is the tipping point where $ X grows large enough to flip from a “yes” to a “no”?
The real answer is probably eye-wateringly large. Just as we’d pay through the nose to see those documents because of the information they contain, our adversaries would dearly, dearly love to see these types of documents, and would unquestionably spend heavy resources to get them.
Ideally they shouldn’t just be able to log on to Discord to get them.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.