Leakers of classified material and national security journalists alike know that publishing government secrets carries risks. But rarely have the revelation of a bombshell leak and the criminal charges against its source come in such quick succession—in the latest exposé of Russian election hacking, not much more than an hour apart.
The Department of Justice on Monday afternoon released a criminal complaint against Reality Leigh Winner, a 25-year-old intelligence contractor, accusing her of violating her top-secret security clearance to print and mail a classified document to the media early last month. That classified document appears to be the one published by the Intercept just hours earlier Monday.
The NSA file asserts that hackers, believed to be associated with the Russian military, had attempted to break into VR Systems, a Florida tech firm that sells voting registration equipment used in the 2016 election. (Aside from the more-than-coincidental timing, NBC News has confirmed that the DOJ charged Winner with leaking the document to the Intercept.) That near-instant outcome for Winner underscores the grave risks of sharing top secret information—and the pitfalls of public-interest journalism that depends on illegal leaks.
“Releasing classified material without authorization threatens our nation’s security and undermines public faith in government,” wrote Deputy Attorney General Rod J. Rosenstein in a statement. “People who are trusted with classified information and pledge to protect it must be held accountable when they violate that obligation.”
In its complaint against Winner, an employee of a contractor firm called Pluribus assigned to an Augusta, Georgia government facility, the Justice Department writes that Winner removed the NSA report from her workplace on May 9, and mailed it to a news outlet. In its story Monday, the Intercept notes that it received the top-secret report on Russian election hacking from an anonymous source. Intercept reporters then shared the report, in some form, with intelligence officials at the Office of the Director of National Intelligence and the NSA prior to publication to discuss redacting any details that might be damaging to national security.
Almost as soon as the Intercept alerted those agencies, however, federal authorities began tracing the leak. In the criminal complaint, FBI special agent Justin Garrick describes how the NSA noticed that the file was creased, based on lines in the image the Intercept shared, offering a clue that the document had been folded and mailed. Investigators then checked printer logs, and determined that only six people had printed the Russian election hacking report.
But Winner’s real mistake, according to the complaint, was emailing with the Intercept’s reporters from her work computer. When investigators checked the computers of their six suspects, they quickly found evidence of her communications with the news outlet—though it’s not clear if those communications took place before or after her leak, or whether they were directly associated with her leaks at all. Just days before the Intercept published its article based on the NSA document, the FBI’s Garrick visited Winner at her home and questioned her. According to the complaint, she confessed to knowingly violating her security clearances.
The Intercept, for its part, maintains its ignorance. The outlet’s director of communications Vivian Siu told WIRED in an email that the Intercept has no knowledge of its source’s identity, and declined to comment further.
The leaked document the Intercept published, regardless of its source, represents new evidence of just how far Russian hackers were willing to go to disrupt the 2016 US presidential election. It shows that just days before the November election, those state hackers sent phishing emails to staff at VR systems that the NSA believes were intended to gain access to the firm’s internal networks. That access could potentially have prevented registered voters from voting on election day in as many as eight states, though there’s no indication that the intruders actually did so. Intelligence agencies and the cybersecurity community have agreed for months that the Russian government sought to disrupt the 2016 election by hacking and leaking information from Democratic organizations. But the new report represents the strongest sign yet that Russian hackers also sought to actively disrupt the election’s technical infrastructure, too.
If Winner is in fact the Intercept’s source, her risky revelation represents a significant advancement in the public’s understanding Russia’s hacking playbook. But as with the leaks of so many other whistleblowers and sharers of secrets, it comes at a serious cost.