NSA contractor charged with leaking report on alleged Russian election hacking

By Patrick Martin

7 June 2017

A 25-year-old contractor for the National Security Agency, Reality Leigh Winner, was arrested Monday and charged with leaking a top-secret NSA document to the Intercept. The arrest came barely an hour after the on-line publication posted an account of an NSA report sent in anonymously, summarizing NSA findings about alleged Russian hacking during the 2016 US elections.

The circumstances of the document being leaked to the Intercept and the leaker being arrested on the day of publication are extremely murky, even suspicious. Press accounts suggest that efforts by Intercept reporters to confirm the authenticity of the document in effect tipped off the FBI and NSA to the fact of the leak, and they quickly traced it to Winner, who had made little effort at concealment.

Intercept reporters told an intelligence contact that the document had been mailed with an Augusta, Georgia postmark and asked him to verify it was genuine. The publication also submitted a copy of the document to the office of the Director of National Intelligence, announcing the intention to make it public. The DNI asked for redactions—in effect, confirming the document was genuine—and the Intercept agreed to make some of the requested cuts.

Subsequently, the FBI had little difficulty tracing Winner, who had worked at Pluribus International, an NSA contractor in Augusta, since leaving the US military in December 2016. She was one of six employees at the Augusta facility who had printed out the document, and the only one who had been in email contact with the Intercept from her own computer. The document posted by the Intercept also apparently had a barely visible marker that indicated the time when and location where it was printed.

The entire investigation lasted only five days: the FBI received the document on June 1, interviewed Winner on June 3, when she admitted leaking the report, and arrested her on June 5. She is now held in the county jail in Lincolnton, Georgia, charged with “removing classified material from a government facility and mailing it to a news outlet,” in violation of the Espionage Act. She faces a prison term of as much as 10 years.

According to several press accounts, Winner was a linguist in the Air Force for six years, trained in the main languages of Afghanistan and Iran, Pashto, Dari and Farsi, and had held a top-secret security clearance. Her most recent deployment was at Ft. Meade, Maryland, where the NSA headquarters is located. Her exact work is undisclosed, but likely involved monitoring telecommunications and Internet intercepts from Afghanistan, Iran and Pakistan.

Winner was reportedly upset over the election of Donald Trump and had vented her outrage on Twitter as recently as mid-March. She had subscribed to a podcast from the Intercept where founder Glenn Greenwald expressed skepticism about US intelligence agency claims that the Russian government carried out the hacking of the Democratic National Committee and Hillary Clinton’s campaign chairman, John Podesta, in an effort to help Trump win the election.

The document Winner leaked adds nothing probative to the campaign waged by the Democratic Party and a section of the military-intelligence apparatus over alleged Russian hacking.

Like previous public “findings” by the intelligence agencies, released in October and January, the NSA document only summarizes conclusions reached by NSA analysts, with varying levels of “confidence,” but does not include any of the raw intelligence that would constitute actual evidence.

Nevertheless, the Intercept’s article, co-written by Matthew Cole, Richard Esposito, Sam Biddle and Ryan Grim, begins with the provocative statement, “Russian military intelligence executed a cyberattack on at least one U.S. voting software supplier and sent spear-phishing emails to more than 100 local election officials just days before last November’s presidential election,” according to the document.

The Intercept has published a number of articles in recent weeks generally supportive of the Democratic Party’s Russia-centered campaign against the Trump administration.

The NSA document claims that Russian military intelligence probed a US vendor of software used by voter registration agencies in eight states, using a hacking method of little sophistication, to gain information needed to send spear-phishing emails to dozens of local election agencies, most of them at the county level.

These emails purported to come from the vendor, identified in press reports as VR Systems of Florida, and sought to trick employees of the election agencies to click on a word document infected with malware. How many such emails were successful was not clear.

The Intercept article, published June 5, acknowledges the absence of actual documentation to support the conclusions of the NSA analysis, adding, “A U.S. intelligence officer who declined to be identified cautioned against drawing too big a conclusion from the document because a single analysis is not necessarily definitive.”

The bulk of the article rehashes the unsupported assertions by the NSA while noting that none of the alleged hacking targeted facilities where votes were tabulated or had any effect on the outcome of the election. The eight states included California, Florida, Illinois, Indiana, New York, North Carolina, Virginia and West Virginia, but none of the three industrial states that gave Trump his Electoral College victory, Wisconsin, Michigan and Pennsylvania.

In only one of the states using VR Systems software, North Carolina, was there any software malfunction on Election Day. The registration system failed in Durham, forcing local officials to switch to paper ballots and extend voting hours to accommodate long lines. State election officials said the VR Systems software was not responsible for the problems, which they attributed to user errors, adding that there was no evidence of “any suspicious activity during the 2016 election.”

While the substance of Winner’s leak seems less than compelling, the Democratic Party and pro-Democratic media outlets immediately seized on this supposed confirmation of the allegations of Russian hacking in the 2016 elections.

The ranking Democrat on the Senate Homeland Security Committee, Senator Claire McCaskill of Missouri, declared Tuesday that the report in the Intercept meant that “we now have verified information” of Russian intervention. “In any other circumstances this would be an earthquake,” she said at the beginning of a committee hearing where Secretary of Homeland Security John Kelly was the main witness. McCaskill pressed Kelly to take steps to protect voting systems in the future.

WikiLeaks publisher Julian Assange called for public support to Winner, saying that she was “accused of courage in trying to help us know.” He continued in a tweet Monday, “It doesn’t matter why she did it or the quality the report. Acts of non-elite sources communicating knowledge should be strongly encouraged.”

Please enable JavaScript to view the comments powered by Disqus.