I continue to believe the leaked documents reported in the media this week are genuine, as is the consternation voiced by the Brandon Administration. Even a broken clock is right twice a day. But the documents tell us nothing about the current situation on the ground in Ukraine. The documents reported on line that I have seen show only two dates — 28 February and 1 March. So the information revealed is considered “old” in the world of current intelligence.
One of my friends who is still active in the intelligence community voiced surprise that this has not happened sooner given the unrest among some in the rank and file of the intelligence community about the U.S. policy in Ukraine and concerns that the U.S. is stumbling towards an unnecessary war with Russia.
Another friend, a retired intelligence officer, commented on my latest piece. He noted some important data points:
Larry, of the few documents I have seen, I agree, they look legit. IF only FVEY documents were released, we’d have a much wider net. But, the Noforn marking limits it to a U.S. person. TS focuses the universe down even further. Taking photographs of the documents may eliminate the ability to determine the specific printer. The printer code is embedded in the paper. I am inclined to believe that the leaker is military associated vice IC. Most IC personnel wouldn’t give these documents the time of day. Too power pointy! Also the PPT is very, very busy, so I would opine it was probably produced at a higher level staff instead of a maneuver element. (I know – DUH.) Probably not DIA. It doesn’t talk about enemy plans, capabilities etc. That leaves us with the Joint Staff and EUCOM. My guess is EUCOM. Just a guess. Someone who is closer to the slaughter would be more motivated to do something about it.
One of the readers of my blog, who has no background in intelligence, asked the following legit question:
If a document (or documents) are marked “NOFORN”, then why would you say “REL FVEY”? FVEY are foreigners by default, so I am confused as to why you would have two contradictory markings, unless I am misinterpreting things?
It makes no sense to say “no foreigners, but FVEY can take a look”.
So I will try to help those with no experience know how to intelligently read the documents released so far from the standpoint of process and procedure. For starters, these documents appear to have been part of a summary report prepared by an organization, possibly the Defense Intelligence Agency, for senior officials and the content deals with a variety of current intelligence matters around the world. That said, a significant portion of that report not surprisingly focuses on the war in Ukraine. Like any newspaper, the Intel Community reports on the “hot” story.
It appears that the overall report is classified TOP SECRET because it contains at least one document that carries a TS classification. However, because it is a summary of intelligence from the various agencies that comprise the U.S. Intelligence Community, not all of the documents are TOP SECRET. Hopefully I can clear up some of the confusion.
For example, the report dated 28 February 2023 (image below) is marked, “SECRET/REL TO FIN, UKR, FVEY, NATO.” This means that specific document can be shared with foreigners. It is not marked NOFORN.
But there also is an image of another document posted on Twitter that is NOT for foreigners. It is dated 1 March 2023. It is marked SECRET//NOFORN:
And I have seen media reports that there is at least one document that carries a TOP SECRET classification. If I was going to write an intelligence piece for the National Intelligence Daily and used three separate pieces of intelligence where one was marked CONFIDENTIAL, one was classified SECRET and one was from TOP SECRET material, the overall report would be classified TOP SECRET, but the paragraph with the CONFIDENTIAL material would be marked CONFIDENTIAL. The CONFIDENTIAL paragraph could be shared with out allies as long as it was not also marked NOFORN.
It appears that whoever purloined these documents took steps to cover their tracks. First, the images of the documents show they were folded. This likely means that someone printed this briefing inside a SCIF (aka Sensitive Compartmented Information Facility) and then hid them, maybe in their clothing or in a backpack, and removed the documents from the SCIF.
Second, as my retired intel buddy pointed out, the documents appear to have been photographed, probably an attempt to obscure the printer code is embedded in the paper. The blog, ERRATA SECURITY, describes the process with respect to the Reality Winner case:
Today, The Intercept released documents on election tampering from an NSA leaker. Later, the arrest warrant request for an NSA contractor named “Reality Winner” was published, showing how they tracked her down because she had printed out the documents and sent them to The Intercept. The document posted by the Intercept isn’t the original PDF file, but a PDF containing the pictures of the printed version that was then later scanned in.
As the warrant says, she confessed while interviewed by the FBI. Had she not confessed, the documents still contained enough evidence to convict her: the printed document was digitally watermarked.
The problem is that most new printers print nearly invisibly yellow dots that track down exactly when and where documents, any document, is printed. Because the NSA logs all printing jobs on its printers, it can use this to match up precisely who printed the document.
You can see a full demonstration of this process at their site. I lack the technical expertise to examine the leaked documents to see if the photographed images succeeded in obscuring the markings. We will find out in the coming weeks because counter intelligence officials are certain to consider that possibility.
I have seen some comments around the internet surprised by the banality of the content revealed. Where is Peggy Lee when we need her?
I think the information in these leaked documents is interesting from a historical perspective, albeit recent history. It is a nice benchmark for bloggers and pundits to examine their analysis from that time period in light of this “official” information. But the content, based on what I have seen, probably is not news to the Russian intelligence officers. Like their U.S. counterparts, the Russians are focused on the here and now and the implications for the future.
From a security standpoint, however, it is a big problem for the counter intelligence community. A hunt for the leaker (or leakers) is underway according to press reports and this will be disruptive to the U.S. and NATO intelligence effort. I think that is the serious problem. Whether that was the intent of the leak I do not know. What do you think?