EXCLUSIVE

U.S. intel agencies may change how they monitor social media, chatrooms after missing leaked U.S. documents for weeks

President Biden and other officials were dismayed when they learned the documents had been online for at least a month. “Nobody is happy about this,” said one official.

SHARE THIS —

The Biden administration is looking at expanding how it monitors social media sites and chatrooms after U.S. intelligence agencies failed to spot classified Pentagon documents circulating online for weeks, according to a senior administration official and a congressional official briefed on the matter. 

The possible change in the intelligence-gathering process is just one potential shift as officials scramble to determine not only how the documents leaked but also how to prevent another damaging incident.

President Joe Biden and Defense Secretary Lloyd Austin were briefed about the disclosure last week, administration officials say, but the secret documents appeared online in early March on the Discord social media app, according to Bellingcat, the open-source investigative group. Some documents may have appeared as early as January, the group said.

The president and other officials were dismayed when they learned the documents had been online for at least a month.

“Nobody is happy about this,” said the senior administration official. 

The administration is now looking at expanding the universe of online sites that intelligence agencies and law enforcement authorities track, the official said.

The secret Pentagon documents appeared in an obscure part of the internet focused on gaming, and some former intelligence officials said it was understandable that U.S. authorities did not spot the disclosure. 

The U.S. government may not have been looking there, but cybersecurity experts have long known that Discord has been used by criminals and hackers to spread malware and stealthily transfer stolen information.

“The Discord domain helps attackers disguise the exfiltration of data by making it look like any other traffic coming across the network,” said a 2021 report by Cisco’s Talos cybersecurity team.

The intelligence community is now grappling with how it can scrub platforms like Discord in search of relevant material to avoid a similar leak in the future, said the congressional official.

The disclosure also has raised fresh questions about how sensitive intelligence information is handled inside the government, and whether the pool of people allowed to access it needs to be scaled back.

In the aftermath of the leak, the administration has already tightened access to classified information and is looking at other steps, officials said.

The leaked documents appear to contain “sensitive and highly classified material” and pose a potentially serious risk to national security, the Pentagon said on Monday. NBC News obtained more than 50 of the documents, which appear to be briefing slides for the U.S. military’s Joint Staff based on information from a range of U.S. intelligence agencies.

The documents include detailed intelligence on Russian tactical moves in the war in Ukraine, descriptions of Ukraine’s combat power and weaknesses, alleged sabotage by Ukrainian agents inside Belarus and Russia, and spying reports on allies, including South Korea and Israel. Much of the intelligence reporting in the documents signals intelligence — or electronic eavesdropping — as the source of the information, a crucial tool for America’s spy services. 

The Office of the Director of National Intelligence, the CIA, the National Security Agency and the Pentagon have declined to comment on the information contained in the documents.

This intelligence leak doesn’t appear, at least so far, to resemble previous incidents that involved double agents handing over information directly to foreign adversaries or self-described whistleblowers providing secret documents to media outlets. Instead, the information appeared in a private online chatroom, not a typically secure location to pass along sensitive material to a spy service, but also not an obvious means to reveal secrets to the world. 

Photographs of some of the documents first appeared on Discord app channels focused on the Minecraft computer game and followers of a minor YouTube celebrity, known as wow_mao, according to Bellingcat and other online experts. The photographed documents then eventually made their way to the image board 4Chan, then pro-Russian Telegram channels and Twitter. The New York Times first reported on the documents last week.

If the administration tries to check online chatrooms more closely, it will have to navigate legal safeguards designed to protect Americans’ privacy and freedom of expression, former intelligence officials said.

Watching a public chatroom is fair game, but law enforcement agencies don’t have the legal authority to monitor a private online chatroom without probable cause, the former officials said.

“We do not have nor do we want a system where the United States government monitors private internet chats,” said Glenn Gerstell, former general counsel of the National Security Agency from 2015 to 2020. 

U.S. laws prohibit searching private chatrooms preemptively and “scanning for classified documents” that may or may not be there, Gerstell said.

As a democracy, the U.S. requires law enforcement authorities to balance national security with civil liberties, said James Lewis, a former senior intelligence official and now a fellow at the Center for Strategic and International Studies think tank.

“If you don’t know there’s a crime being committed, you can’t just burst into the club,” Lewis said.

However, the FBI and the Department of Homeland Security have come under criticism for how they responded to alarming posts on social media in the run-up to the Jan. 6 attack on the Capitol by former President Trump supporters.

The House Jan. 6 committee concluded the FBI and DHS were too cautious about acting on information gleaned from social media out of misplaced concern over potential free speech violations, NBC News previously reported.

Senate Intelligence Committee Chairman Mark Warner, D-Va., said the leak raised yet more questions about how the government manages its secrets, only months after revelations that successive administrations appeared to have mishandled classified documents.

“We’ve now got two examples, you know, the potential mishandling of documents by current and former presidents and now this potential leak, or real leak,” Warner told NBC News in an interview in Harrisonburg, Virginia. 

“I think it does raise a question that in some cases we way overclassify. In other cases, we may ... give out the documents to too many people,” the senator said.

“I think it’s time that Congress plays a role here in setting some parameters,” Warner said.

Ronald Marks, a former CIA officer and a visiting professor at George Mason University, said the pendulum has swung back and forth over the past two decades over how much intelligence should be shared across the government.

“Remember, the whole thing after 9/11 was the need to share. And the concern was that if you kept this stuff too tight, we might miss something,” Marks said. 

“So you get more and more info all the time, which means you’ve got to store this stuff and collate this stuff, which means that you’ve got more and more contractors and other people involved with it all the time,” he said.

A Pentagon team is currently evaluating the potential fallout from the leak. Sen. Warner said “it’s too early to tell” how much damage may have been caused by the disclosure.

The exposure of so much classified reporting from electronic surveillance could have a devastating impact on the country’s intelligence-gathering, according to Gerstell and other former intelligence officials.

“This could be very, very significant in terms of denying us access to information that is strategically important for us, and that would be a bad outcome. Because it would take years for us to recover that kind of access and cost a lot of money,” he said.