Posts

Jack Teixeira’s Polish (or Croatian) Missile

To support a supplemental bid to keep Jack Teixeira jailed pre-trial, prosecutors provided proof that on three instances, the young enlisted man had been caught improperly accessing classified information. Even after formal warnings on September 15 and October 27, 2022, on January 30 of this year, a female Master Sergeant observed Teixeira “viewing content that was not related to his primary duty.”

Days later, amid a discussion of “fed cars sneaking around,” Teixeira fantasized about making an “assassination van.”

Nevertheless, even after three chances to stop all this, Teixeira was still actively stealing classified information for over a month after that, and as an earlier filing laid out, he offered to take requests about “happenings that pertain to your country” after that.

TEIXEIRA: Like to thank everyone who came to the thread about the current event, going on and participated and listen to me, cover set event since it’s beginning, I was very happy and willing and enthusiastic to have covered this event for the past year and share with all of you something that not many people get to see something very few people in fact, get to see, but despite all of this, I’ve decided to stop with the updates

TEIXEIRA: If you guys do you want happenings that pertain to your country or events or politics or whatever you can DM me and I can tell you what I have, but it’s going to always be a brief summary

TEIXEIRA: I can’t promise, speed or prompt response, but I will respond to you eventually so offers on the table. If you want to take it until then I’ll still be sticking around here still be posting shit, so not going anywhere don’t worry about that.

I suspect the non-response to these three incidents may be one reason the Commanding Officers of this base have been temporarily suspended and the entire unit stripped of its intelligence mission.

But the more important supplement for Teixeira’s ultimate fate may be this exchange from November 15.

Teixeira: I remember reading that on a TS network

Teixeira: I work in airforce intel

User: Would have been nice

User: If you alerted us that a drone was heading to crash in the middle of a suburb of our capital?

Teixeira: We did

Teixeira: Just not that simple

User: Official government statement was nobody said shit

User: And nobody saw it

Teixeira: Yeah I expect that to be the official statement

Teixeira: My gov would have done the same downplay strategy

User: What is a ts network

Teixeira: Top secret

Teixeira: Like SCI noforn, hcs

User: What is being said now about this loose ukrainian missile?

Teixeira: I mean I’m hoping to get back to work in the next week rn I have covid

Teixeira: When I do get back however I will let u know

This exchange may be a response to this incident from the same day, when a Ukrainian air defense missile attempting to shoot down an incoming Russian attack went astray and killed two Poles (though Przewodów is nowhere near Warsaw).

If that’s right, by extrapolation this interlocutor must be have been presenting as a Pole. After Teixeira stated that he worked in Air Force intel with access to a Top Secret network, his interlocutor elicited information, challenged Teixeira’s response, then probed how much access Teixeira really had. Teixeira responded by telling someone presenting as a citizen of a NATO ally that he had access to compartmented information and HUMINT. Then the supposed Pole asked for more information.

And Teixeira agreed to get it for him.

Perhaps this presumed Pole was just shooting the shit in a gamer chat room. Or perhaps this guy was something else, someone with the training to know how to coax someone into greater and greater compromise.

Perhaps there were others in the chat room who saw all this go down and exploited the situation accordingly.

This filing, as the earlier one also did, specifies that these chats do not reflect the full extent of Special Agent Luke Church’s knowledge of the situation.

The interactions described above do not reflect all my knowledge on this matter or all relevant, inculpatory, or violent messages that I observed. They are instead offered to provide the Court with representative sample of certain messages attributable to TEIXEIRA.

Church might well be withholding the full context of these exchanges, too, perhaps withholding what happened after Teixeira went back to work after recovering from COVID.

Thus far, DOJ’s filings speak just of the existing charges against Teixeira, 18 USC 793(b) and (d). But this willful sharing of HUMINT with foreigners soliciting it — whether they really are citizens of a NATO ally or something else — gets a closer to espionage, an 18 USC 794 violation of the sort that can carry life imprisonment.

Update: dc-turtle suggests the drone could have been in Croatia, not Poland (which I’ve added to the title). It would still amount to Teixeira sharing information with someone presenting as a citizen of a NATO ally.

Jack Teixeira’s February 2022 Logs

In a motion to keep Jack Teixiera jailed, the government provided more details about what an unstable nut they gave access to the US’ most sensitive secrets. While it remains to be seen whether any of Teixeira’s leaks got people killed, the government is lucky he didn’t go postal before he was caught. In high school he was suspended for making racist, violent comments.

In March 2018, while still in high school, the Defendant was suspended when a classmate overheard him make remarks about weapons, including Molotov cocktails, guns at the school, and racial threats.

Last July, he was searching on mass killings in government holdings.

[O]n or around July 30, 2022, TEIXEIRA searched for the following terms: “Ruby Ridge”; “Las Vegas shooting”; Mandalay Bay shooting”; Buffalo tops shooting”; and “Uvalde.”

He fantasized about creating what he called an assassination van.

TEIXEIRA: To make people disappear and shit

TEIXEIRA: I’ve been tempted to buy one and make it an assassination van

User: Speaking of caravan

TEIXEIRA: Set up an ar and sniper blind

And one of his colleagues believed that he would be the first person Teixeira would shoot if he ever did go postal.

The same colleague told me that Teixeira was very quiet, but often talked about guns. He also said he believed he would be the first person Teixeira would shoot if Teixeira were to shoot anyone in the workplace.

The Air Force has suspended two commanders of the base where Teixeira worked, which seems like a sound move if there were colleagues worried that a guy with access to TS/SCI information might shoot them.

The commander of the 102nd Intelligence Support Squadron and the detachment commander overseeing administrative support have both been temporarily suspended from their leadership positions and have temporarily lost access to classified systems and information.

In a letter submitted to get a gun permit in 2020, Teixeira claimed that an incident from high school that had previously led to a denial, had been thoroughly investigated as part of his security clearance investigation.

In order to go to Tech School, I needed an adjudicated Top Secret clearance with the Government, which I have now.

The investigation was extremely thorough, and the events that happened on March 27th, 2018 at Dighton Rehoboth High School were discussed. Everything was explained to the investigator about the incident as well as police reports, school letters and any or all documents that were submitted to the investigator that were generated from this event. I was very concerned that my decisions that I made at 16 would haunt my future in serving my country in the military and am glad they did not.

If the fact that he was alarming fellow high school sophomores actually was investigated as part of his clearance process, it raises real questions why he wasn’t booted from the military, much less given clearance.

The package of materials provides more evidence that this leak started as a response to the Russian invasion. A review of Teixeira’s searches showed that many focused on the invasion.

These audit results indicated that TEIXEIRA conducted hundreds of searches on the classified network on a number of subjects, many of which related to the Russia-Ukraine conflict.

In March he told the server that he was going to stop giving updates on “set event,” which seems to be a reference to the war. At the same time, he offered to respond to requests “about your country.” The government says that the people with whom he shared classified information, “likely included foreign citizens.” If he got requests from foreigners and responded to them, he’ll be facing far more serious charges, on top of the multiple counts of 18 USC 793 he’s already likely to face.

TEIXEIRA: Like to thank everyone who came to the thread about the current event, going on and participated and listen to me, cover set event since it’s beginning, I was very happy and willing and enthusiastic to have covered this event for the past year and share with all of you something that not many people get to see something very few people in fact, get to see, but despite all of this, I’ve decided to stop with the updates

TEIXEIRA: If you guys do you want happenings that pertain to your country or events or politics or whatever you can DM me and I can tell you what I have, but it’s going to always be a brief summary

TEIXEIRA: I can’t promise, speed or prompt response, but I will respond to you eventually so offers on the table. If you want to take it until then I’ll still be sticking around here still be posting shit, so not going anywhere don’t worry about that.

And it’s not clear whether the government will be able to reconstruct why he started leaking classified materials when Russia invaded Ukraine.

When Teixeira was trying to get one of the guys in his server to delete his activity, he focused on February 2022.

TEIXEIRA: Whenever you get this, try to delete all my messages in civil discussions

TEIXEIRA: Especially those not in the thread User: kk

TEIXEIRA: Wait got an idea

TEIXEIRA: Give me an invite

TEIXEIRA: Then ban me and delete all messages

User: alright

User: gave you access

TEIXEIRA: Ok now do it

TEIXEIRA: It should give an option to delete all messages

User: it only goes to past 7 days

TEIXEIRA: Fuck AIr nvm

TEIXEIRA: Just find stuff from Feb 2022 in civil discussion and delete it during your free time

Ultimately, Teixiera deleted the entire server.

In or around April 2023, the server where the Government Information described in Complaint was posted ceased to exist, suggesting that the server administrator—the Defendant— deleted the server in its entirety.

The most alarming detail in the documents submitted is that the record of Teixeira’s searches of government holdings only goes back to February 26, 2022, two days after the Russian invasion started.

On April 17,2023, I observed an audit conducted by a subject matter expert affiliated with u.S. Government Agency 2 for all searches TEIXEIRA conducted across an Intelligence Community-wide system for which U.S. Government Agency 2 acts as a service provider. The audit yielded results dating back to February 26, 2022.

So FBI only got Discord chats going back to November 1 (though it’s unclear whether this reflects a narrow limit from an initial warrant or retention policies by Discord). The server in question was deleted. The logs for government searches stop before the invasion. And Texiera attempted to destroy all his devices.

The FBI will be able to reverse engineer some of these attempts to destroy evidence. But it’s not entirely clear they’ll be able to reconstruct what happened in February 2022 to lead Teixeira to start spilling the nation’s secrets.

Jack Teixeira: Leak Dumps Don’t Care about (the Story You Tell about) Motive

Dan Froomkin says reporters should call Jack Teixeira’s release of highly classified documents “theft,” not a leak, distinguishing “public-spirited” leakers from “self-serving … thieves.” Spencer Ackerman muses that Teixeira, “leaked for that most ineffable thing, something nonmaterial but nevertheless hyper-real in the logic of the poster, and particularly the right-wing-chud poster: clout.” Charlie Savage suggests something distinguishes this case, legally, from those of everyone else (among a limited subset) who took classified information. Glenn Greenwald has been all over the map, in one breath calling this, “a bullshit leak, despite some relevant docs, the impact of which has been severely overblown from the start,” but then applauding Tucker Carlson’s focus on the altered casualty numbers in Ukraine and Tucker’s claims that even Fox has factchecked as an example of, “the significant revelations these leaks provide.”

Now he’s just making shit up about WaPo and NYT hunting down Teixeira, shit that a quick reading of the arrest affidavit readily debunks, shit that ignores that WaPo’s source(s) for hundreds of still-unpublished documents, at least, are one or more of the Discord chat kids, to whom WaPo has given source protection (that will be utterly meaningless in the face of the subpoenas already served).

A bunch of people who made their careers because a young, narcissistic IT guy stole a shit-ton of records about which he had little personal expertise — some incredibly important, a great many useful only to America’s adversaries — seem to be uncertain what to make of Jack Teixeira, who, early reports at least suggest, is an even younger narcissistic IT guy who stole a smaller shit-ton of records about which he had even less personal expertise, some newsworthy, some useful primarily to America’s adversaries.

We will likely have the rest of Teixeira’s young life to get a better understanding of why he allegedly did what he did, which may well be very different than what he told the kids in the Discord chat rooms about why he did what he did, who in any case are entirely unreliable narrators. But then, they may be no more unreliable, as narrators, than Greenwald is about Edward Snowden, and for a similar reason: because their identity is wrapped up in a certain narrative about this dude.

Since this age of the leak dump started, journalists have been sustaining self-serving stories about what leak dumps really are.

That Ackerman treats Josh Schulte’s hack-and-dump in the same breath as the leak dumps of Chelsea Manning or Edward Snowden, calling Teixeira’s leaks, “something different than the Snowden leaks, Manning leaks or, say, the Vault 7 hack,” is a great example of that. At trial, Schulte didn’t so much claim he was a whistleblower as he was a scapegoat, someone the CIA already hated to blame for an embarrassing compromise. But in his second trial, in the course of representing himself, he performed precisely what the government said he was: a narcissistic coder — KingJosh, he called himself — exacting revenge for the escalating personnel problems he caused after his manager moved his desk. “I think you are playing into the government’s theory of the case,” Judge Jesse Furman warned in a sidebar during Schulte’s cross-examination of a former supervisor, “by making clear to the jury that even today you remain aggrieved by you as being mistreated.”

Vault 7 was not a noble leak. It was an epic act of nihilism. A man-boy retaliating because he couldn’t get his way at work.

And except for security researchers in the business of attributing CIA hacks, the Vault 7 files weren’t all that newsworthy, either — though they did give Julian Assange a way to pressure the Trump Administration. Plus, the fate of both the Vault 7 files during the nine months between leak and publication, during a period when Assange was a key part of a Russian influence operation, as well as the Vault 8 source code included in Schulte’s guilty verdict, remains unknown. In a letter attempting to exonerate himself (even while exposing the protected identities of several colleagues), Schulte himself described the value that the source code would have for Russia, particularly during that nine month window before the CIA learned Schulte had hacked them:

So much still unknown, and with potential (yet unconfirmed) link between wikileaks and Russia–Did the Russians have all the tools? How long? It seems very unlikely that an intelligence service would ever leak a nation’s “cyber weapons” as the media calls them. These tools are MUCH more valuable undiscovered by the media or the nation that lost them. Now, you can secretly trace and discover every operation that nation is conducting.

I don’t imagine that these issues were what Ackerman had in mind, when comparing Schulte to Manning and Snowden, but perhaps he should give some thought to why he believes otherwise.

Meanwhile, Marjorie Taylor Greene is already creating a heroic myth about Teixeira not all that dissimilar from the myths WikiLeaks spun about Schulte that Ackerman appears to still believe.

Maybe, like Chelsea Manning, a struggle with his own demons made Teixeira more apt to leverage classified records to win the adulation of a bunch of teenagers. Or maybe, like Schulte, he really is the racist shithole he sounds like.

Or both.

We may never learn how much damage these leaks did such that we could adequately balance their value against their cost. We will undoubtedly get inflammatory claims from prosecutors if Teixeira is ever sentenced, which may or may not be backed by some damage assessment that will get declassified in a decade or three.

Because it’ll be some time before we really understand this guy, because journalists seem to be struggling to understand how to treat him, I thought it worthwhile to lay out some lessons I have learned from covering leak-dumps for 15 years, lessons that have resulted in a radically different view than the Manichean belief in good dumps or bad dumps others have.

Leak dumps don’t care about all that.

In what follows, I’m not questioning the value of (some) of Snowden’s and Manning’s leaks. I’m saying that some of the people most closely involved haven’t taken a step back, in the decade since, to see what we’ve learned since, including some things these celebrated leakers have in common with what we know, so far, of Teixeira.

It’s worth distinguishing leaks from people knowledgable about what they’re leaking

Those who’ve worked on past leak dumps like to compare the leakers with Daniel Ellsberg, a comparison Ellsberg has welcomed.

But for most, there’s something that clearly distinguishes this later group of leakers: many don’t have expertise on the specific files they’re leaking.

Indeed, several of these leakers obtained new jobs while they were already contemplating leaking (or, in Snowden’s case, long after he had started collecting documents to leak). Several took files entirely unrelated to their jobs.

By comparison, Ellsberg was a PhD who leaked the Rand study he worked on himself.

To the extent that prior leak dumpers leaked files they didn’t have specific reason to want to expose, they often did so out of a generalized malaise, usually stemming from America’s war on terror policies. While I think Manning and Daniel Hale’s reaction to the war on terror was just and righteous, and while Teixeira thus far seems like a badly misguided conspiracy theorist, the type of motivation, a general malaise about American conduct, may not be that dissimilar.

Similarly, Teixeira clearly doesn’t have the knowledge or maturity to make an ethical decision to leak these documents. But it’s not clear some of his predecessors did either.

False claims about authentic documents are still false claims

Over the years, Greenwald and others — most recently #MattyDickPics Taibbi — have completely collapsed the distinction between “true” and “authentic.” There’s a good deal of Snowden reporting, for example, that remains uncorrected. Ackerman even repeated one such error, from the Guardian’s report on PRISM, in his 2021 book — “the NSA could conduct what internal documents described as ‘legally-compelled collection’ from the servers—the exact form of access remains unknown”—of PRISM participants. [my emphasis] This description of getting data directly from tech companies’ servers came from a guy who was overselling the program, effectively a Deep State hypester snookering civil libertarian journalists to buy into his hype.

As Bart Gellman described in his own book, not only was the direct access misleading, but it distracted from the more important policy points of the Section 702 collection.

Companies that had declined to comment in advance, or had said nothing of substance, now issued categorical denials that any U.S. agency had “direct access” to their servers. I scrambled to reconcile those statements with the NSA program manager’s explicit words—repeated twice—in the authoritative PRISM overview. Later that night I found a clue in another document from the Snowden archive. There, in a description of a precursor to PRISM, I found a variation on Rick’s formula. “For Internet content selectors, collection managers sent content tasking instructions directly to equipment installed at company-controlled locations,” it said. That sounded as though the U.S. government black box was on company property but might not touch the servers themselves. I updated my story to disclose the conflicting information and the new evidence.

[snip]

The “direct access” question became a big distraction, rightly essential to the companies but not so much to the core questions of public policy.”

The Snowden reporters were under a real time crunch and unbelievable security pressure to report, so have a good excuse, but others don’t.

#MattyDickPics blithely started reporting on Twitter without first bothering to get the least understanding of what he was looking at and he still has never gotten records showing what requests Trump made of Twitter, the only thing close to real censorship in question. Yet because he has some screen caps to wave around, vast swaths of people believe his false claims.

The same is true of the “laptop.” Virtually the entire Republican Party has refused to distinguish between authentic emails on a hard drive allegedly obtained from a Hunter Biden laptop, and the authenticity of the laptop itself, even after people in Rudy’s orbit started altering that hard drive. To say nothing of whether provably authentic emails say what the GOP breathlessly claims they do, which so far, they have not.

As noted, Tucker has already magnified (with Greenwald applauding) two of the false claims about the documents that Teixeira released: the doctored casualty numbers put out by Russia, and misrepresentations about the role of Special Operations forces in Ukraine, which have been debunked by the same Fox News reporter that Tucker tried to get fired one of the previous times she corrected the network’s false claims.

Notably, I think one thing that is contributing to more accurate reporting based on these files is more hesitation from responsible outlets to publish or magnify the files themselves, while still using them as a basis for stories, though as WaPo races to beat its competitors that may be changing.

Documents can serve to distract

And that’s because authentic documents have, from the start of these leak dumps, often served to distract attention from the actual content.

As I noted the other day, FBI’s cooperating troll witness in the Douglass Mackey trial, Microchip, described unashamedly how the trolls ensuring the John Podesta emails would go viral in the last weeks of the 2016 election knew there was no there, there. But they also knew that so long as they could invent some kind of controversy out of them, they could suck the air out of substantive political coverage.

Q What was it about Podesta’s emails that you were sharing?

A That’s a good question.

So Podesta ‘s emails didn’t, in my opinion, have anything in particularly weird or strange about them, but my talent is to make things weird and strange so that there is a controversy. So I would take those emails and spin off other stories about the emails for the sole purpose of disparaging Hillary Clinton.

T[y]ing John Podesta to those emails, coming up with stories that had nothing to do with the emails but, you know, maybe had something to do with conspiracies of the day, and then his reputation would bleed over to Hillary Clinton, and then, because he was working for a campaign, Hillary Clinton would be disparaged.

Q So you’re essentially creating the appearance of some controversy or conspiracy associated with his emails and sharing that far and wide.

A That’s right.

Q Did you believe that what you were tweeting was true?

A No, and I didn’t care.

Q Did you fact- check any of it?

A No.

Q And so what was the ultimate purpose of that? What was your goal?

A To cause as much chaos as possible so that that would bleed over to Hillary Clinton and diminish her chance of winning.

In this model — the exact model adopted by the Twitter Files (and, frankly, virtually all of Trump’s tweets) — the actual documents themselves are just a hook for viral dissemination of the false claims made about the documents, just like most of the Twitter Files are.

Microchip even admitted that disinformation can increase buzz.

Q As you sit here today, back in that time period, did you like to get a rise out of people?

A Sure, yeah.

Q And that’s one of the reasons you posted things on Twitter; correct?

A Correct.

Q Was it your belief back then that disinformation increases buzz? A Um, disinformation sometimes does increase buzz, yes.

The claims about the documents don’t work like truth claims do; instead, they serve to short-circuit rational thought, making it far easier to believe conspiracy theories or intentional disinformation.

We’re seeing some of that now from the disinformation crowd, starting with Tucker and Greenwald.

You can’t always tell who is in a chat room

The Discord kids told WaPo there were “roughly two dozen” active members of the Discord chat room where Teixeira allegedly first released the documents, about half of whom were overseas, including in Ukraine and elsewhere in post-Soviet countries.

Of the roughly 25 active members who had access to the bear-vs-pig channel, about half were located overseas, the member said. The ones who seemed most interested in the classified material claimed to be from mostly “Eastern Bloc and those post-Soviet countries,” he said. “The Ukrainians had interest as well,” which the member chalked up to interest in the war ravaging their homeland.

But the affidavit to search Teixeira’s house says there were twice that many members, approximately 50. WSJ reports that the group was more pro-Russian than the Discord kids have thus far admitted. So while initial reports suggest this was not espionage, it’s far too early to tell either what Teixeira’s motive was or whether he was cultivated by someone else in his server, encouraged to leak certain kinds of documents just as Chelsea Manning was encouraged to seek out certain things over a decade ago.

That’s why I harped on this earlier: I’ve learned, both stuff that’s public and not, about how easily sophisticated actors can manipulate precisely the kinds of people, usually young men, who inhabit these kinds of chat rooms.

Foreign intelligence services have been searching out these opportunities, eliciting both criminal hacking and leaks, for at least a decade.

For example, the LulzSec hackers knew there were Russians in their chat rooms, but didn’t much care. But it might explain why some documents hacked as part of the Syria Leaks that would be particularly damaging to Russia never got published by WikiLeaks, even though multiple sets of the documents were shared with the outlet.

Even the FBI, with subpoena power, may have troubles identifying everyone who participated in a chat room. And if the FBI can’t do it, the teenagers involved likely can’t either. That’s especially true as operational security increases. Which means they may have no idea who they were really talking to, no matter what they tell the WaPo and FBI.

So while Teixeira paid for with this server with his own credit card, it has been shut down long enough that FBI may never be able to figure out who else was in the chat room, much less their real identity. So we may never know what happened before someone decided to ruin their lives by leaking documents with what inevitably will be inadequate operational security.

Which, in the case of Teixeira’s leaks, means we may not know all the people who got advance access to documents months before their publication on Twitter and Telegram alerted the IC about them, to say nothing of whether those people were nudging Teixeira for certain kinds of leaks.

No one controls what happens with dump leaks

Back in 2021, former Principal Deputy Director of National Intelligence Sue Gordon and former DOD Chief of Staff Eric Rosenbach seemingly confirmed that the files released by Shadow Brokers in 2016 and 2017 were obtained after two NSA employees, Nghia Pho and Hal Martin, brought them home from work; there’s no evidence that Pho, at least, ever tried to share them and no proof Martin did either.

In two separate incidents, employees of an NSA unit that was then known as the Office of Tailored Access Operations—an outfit that conducts the agency’s most sensitive cybersurveillance operations—removed extremely powerful tools from top-secret NSA networks and, incredibly, took them home. Eventually, the Shadow Brokers—a mysterious hacking group with ties to Russian intelligence services—got their hands on some of the NSA tools and released them on the Internet. As one former TAO employee told The Washington Post, these were “the keys to the kingdom”—digital tools that would “undermine the security of a lot of major government and corporate networks both here and abroad.”

If that’s right, it means the last most damaging leak to DOD wasn’t intentionally leaked at all, which makes it not dissimilar from the way that Teixeira reportedly intended just to share it with the guys in his Discord server. It was exfiltrated from NSA’s secure servers by employees (in Pho’s case, purportedly for work reasons), then stolen, then released.

In the wake of that discovery, DOJ seems to have started pushing to hold leakers accountable for the unintended consequences of their leaks. In a declaration accompanying Terry Albury’s sentencing, for example, Bill Priestap raised the concern that by loading some of the files onto an Internet-accessible computer, Albury could have made them available to entities he had no intention of sharing them with.

The defendant had placed certain of these materials on a personal computing device that connects to the Internet, which creates additional concerns that the information has been or will be transmitted or acquired by individuals or groups not entitled to receive it.

But it’s a lesson journalists don’t take seriously, except (in most cases) their own operational security. What happened to the source code of CIA hacking tools Schulte took? What happened to the damning files on Russia from the Syria leaks? Did Chelsea Manning envision the State cables she leaked would be shared with someone like Israel Shamir, who reportedly shared them, in turn, with Alexander Lukashenko’s regime in advance — the same kind of advance knowledge that Schulte himself reflected on?

Even the laudable, distinguishing aspect of Snowden’s leaks, that he gave them to journalists to determine what was in the public interest (an approach he abandoned when he described CIA infrastructure in his own book), is a double-edged sword. He made multiple copies of his files — most of which weren’t in the public interest — and handed the files to others, including at least one person, Greenwald, that Snowden knew had started out with epically shitty OpSec. We would never know if someone got some the Snowden files as a result unless, like Shadow Brokers or Teixeira’s leaks, someone started sharing them openly on Telegram.

The damage assessment and the reporting goes on

We are nine days into the public part of this leak and, thanks to WaPo reporters’ success at befriending the Discord kids, WaPo has obtained hundreds of otherwise unpublished documents. In addition to about eight background stories on the leaks and charges against Teixeira, WaPo currently has Discord Leak stories on: Taiwan’s military vulnerability, China’s surveillance balloonsSurveillance on Mexican cartels. There’s nothing that makes WaPo’s reporting more or less credible, more or less honorable, because Teixeira released these to show off to his buddies (if that is why he released them).

The Discord Leaks are a leak dump. They may have more in common with past leak dumps than a lot of past leak dump journalists would like to admit. Importantly, no matter what journalists would like to tell themselves, Teixeira’s motive, if he is the source, will have virtually no impact on the damage he does to US national security or the value those documents offer to the public good, both of which will be driven by the content of the documents and the details of any advance notice adversaries may have gotten.

And legally, Teixeira is going to be treated just like Chelsea Manning and Josh Schulte — which is to say, harshly, unless he decides to flip before prosecutors can build charges on another twenty documents and has information of value to prosecutors. That’s not surprising in the least. But — short of proving he knowingly shared these documents with an agent of a foreign power — nor will it be tied to his motive.

Leak dumps don’t care about motive.

Update: PwnAllTheThings’ analysis of the damage caused by the Discord leaks is worth reading. Along with noting that at least one human source has been put in danger by these leaks (as well as a bunch of SIGINT collection), he describes how these releases could have gotten a bunch of Ukrainians killed.

We don’t know yet if Teixeira wanted lots of Ukrainians to die as a result of his leak. But we definitely know he didn’t care if they did, and they certainly had the potential to cause colossal amounts of death—both military and civilian—in Ukraine, even if that huge potential was never fully realized.

The Investigation into Jack Teixeira

DOJ has unsealed the arrest affidavit for Jack Teixeira.

It describes the following investigative steps (and leaves out the one that Bellingcat got to first):

April 9 [Not described]: Based on conversations with the guys involved, Aric Toler lays out how documents traveled from servers we now know were operated by Teixeira onto WowMao.

April 10: FBI interviews the user who cross-posted a document released by Teixeira (this may be Lucca), who provided information about how Teixeira had first leaked text, then leaked documents, as well as providing basic information about Teixeira.

On or about April 10, 2023, the FBI interviewed a user of Social Media Platform 1 (“User 1”). According to User 1, an individual using a particular username (the “Subject Username”) began posting what appeared to be classified information on Social Media Platform 1 in or about December 2022 on a specific server (“Server 1”) within Social Media Platform 1. According to User 1, the individual using the Subject Username was the administrator of Server 1. User 1 indicated that the purpose of Server 1 was to discuss geopolitical affairs and current and historical wars.

According to User 1, the individual using the Subject Username initially posted the Government Information as paragraphs of text. However, in or around January 2023, the Subject Username began posting photographs of documents on Server 1 that contained what appeared to be classification markings on official U.S. Government documents.

[snip]

User 1 also described to the FBI his interactions with the individual posting under the Subject Username. In the course of those interactions, User 1 learned that the individual posting under the Subject Username called himself “Jack,” appeared to reside in Massachusetts, and claimed that he was in the United States Air National Guard (“USANG”). User 1 described the individual posting under the Subject Username as a white male who was clean-cut in appearance and between 20 and 30 years old.

April 12: Subpoena returns from Discord reveal that Teixeira registered the server in question under his own name, from his mom’s address, which is the same address the Air National Guard had for him.

According to these records, the individual using the Subject Username is the administrator of Server 1, the billing name associated with the Subject Username is “Jack Teixeira,” and the billing address associated with the Subject Username is a specific residence in North Dighton, Massachusetts. Teixeira listed the North Dighton, Massachusetts residence as his primary residence on employment paperwork with the USANG. On April 13, 2023 the FBI arrested TEIXEIRA at that residence in North Dighton, Massachusetts.

April 13: User1 gave a positive ID of Teixeira based on his driver’s license

On April 13, 2023, User 1 also identified TEIXEIRA’s Registry of Motor Vehicles photo from a photo lineup as the individual he knew as “Jack” who had posted Government Information under the Subject Username on Social Media Platform 1.

nd: OGA1 provides log files showing Teixeira printing out the single charged document the day before it got cross-posted.

The Government Document posted on Social Media Platform 1 was accessible to TEIXEIRA by virtue of his employment with USANG. According to a U.S. Government Agency, which has access to logs of certain documents TEIXEIRA accessed, TEIXEIRA accessed the Government Document in February 2023, approximately one day before User 1 reposted the information on the Internet. User 1 told the FBI that the information he reposted was originally posted on Server 1 by the individual using the Subject Username.

nd: OGA2 provides log files showing Teixeira searching for this leak investigation the day the leak was first reported.

In addition, according to a second U.S. Government Agency, which can monitor certain searches conducted on its classified networks, on April 6, 2023, TEIXEIRA used his government computer to search classified intelligence reporting for the word “leak.” The first public reporting regarding the Government Information appeared on or around April 6, 2023. Accordingly, there is reason to believe that TEIXEIRA was searching for classified reporting regarding the U.S. Intelligence Community’s assessment of the identity of the individual who transmitted classified national defense information, to include the Government Document.

Update: Spelling error of Teixeira fixed.