Everything About the Ukraine Leak Is Incredibly Weird

Secrets were “sitting in a … Discord server for a month, and nobody noticed.”

illustration of Ukrainian flag with collage elements of Pentagon papers.
The Atlantic; Getty

A recent U.S. intelligence leak is already shaping up to be one of the most damaging breaches in years, revealing highly sensitive information about the war in Ukraine, Israeli domestic politics, America’s deep penetration of high-level Russian military plans and operations, and more. By last count, approximately 100 pages of classified slides and briefing materials from the Pentagon have been discovered floating around the internet. Many pages included intelligence that is stunning in its timeliness. Some materials were marked “top secret.” Most are considered genuine. The Justice Department has launched a criminal investigation, furious military leaders are reviewing how the Pentagon handles classified information, and an interagency task force is scrambling to assess whether the damage is a bad nightmare or a really bad nightmare.

Big breaches are nothing new. Chelsea Manning, then an Army intelligence analyst, handed over hundreds of thousands of classified documents about the wars in Iraq and Afghanistan to WikiLeaks. The former National Security Agency contractor Edward Snowden stole an estimated 1.5 million documents containing information about some of the most highly classified intelligence programs in the U.S. government. Another NSA contractor, Hal Martin, pleaded guilty to willful hoarding of national-defense information after being accused of stashing perhaps 500 million pages of secrets in his house, car, and garden shed.

Protecting secrets has always been a strange business in which trust can be dangerous, deception can be useful, and things may not be what they seem. A spy turns out to be a double agent. Real intelligence is fed to an adversary to gain trust so they can be duped with fake intelligence later. Cracking a code works only if the other side doesn’t know it’s been compromised. James J. Angleton, the CIA’s first counterintelligence chief, famously described his job as a “wilderness of mirrors,” a phrase from a T. S. Eliot poem.

But this latest breach stands apart for its sheer weirdness.

The leak apparently began weeks ago, when an anonymous member of a small online group posted some files on Discord, a messaging platform popular with video gamers. The documents were reposted to larger Discord channels focused on the Minecraft computer game and a Filipino YouTube celebrity. They eventually found their way—in doctored form—to a Russian-propaganda account on Telegram, entered the wilds of Twitter, and got picked up by the mainstream media.

Whodunit? Ordinarily, the three most likely causes of a breach are a hack conducted by a foreign intelligence service, a human mole planted by a foreign intelligence service, or a trusted insider who went rogue, spilling secrets for other reasons.

The current breach doesn’t bear the usual hallmarks of any of these possibilities. If a foreign intelligence service had successfully penetrated the U.S. government with a hack or a human, posting the fruits of those efforts online would be the last thing it would do. Why? Because revealing the intelligence would send American officials hunting for who or what caused the leak, which could cut off its hard-won collection stream forever. Protecting intelligence sources and methods isn’t some throwaway line from the movies. It’s a core intelligence mission precisely because gaining access to another country’s secrets is so difficult and valuable.

For the sake of argument, let’s assume there is some reason a foreign intelligence service would want the world to know it had obtained access to American secrets. Even then, posting on Discord would be a bizarre way to do it. No intelligence playbook says, “The best way to reveal your intelligence feat is by posting on the most obscure gamer messaging channel you can find, preferably with a Filipino YouTuber fan club.” As Aric Toler, a researcher for the open-source-investigation group Bellingcat, told CNN, “This shit was sitting in a Minecraft Discord server for a month, and no one noticed.” Unless—bear with me here—the aim was to protect the actual source of the leak by posting on Discord in the hopes of sending U.S. investigators on a wild-goose chase. But the wilderness of mirrors has limits.

Which leaves the insider-gone-bad-for-other-reasons possibility. But why would a U.S. official leak this particular trove of information—which includes not only highly detailed materials about the Ukraine war but also a grab bag of intelligence about South Korea, Israel, and Russia? It’s not clear whether the leaker sought to help or hurt Ukraine by revealing that the country urgently needs more U.S. military assistance. And leaking so quietly is strange too. Research into American traitors since the 1940s has found that ideology and ego are two of the most common motives. And yet, in this case, neither ideology nor ego seems to be at play. Nobody sent classified materials to WikiLeaks, as Manning did, or to the press, as Snowden did. Nobody has come forward claiming to be pursuing a higher cause. Nobody is granting media interviews, writing manifestos, or seeking to star in documentaries. At least not yet.

A massive leak of highly classified information revealed on a small online gamer channel by an anonymous user with no clear policy goals or telltale signs of the usual motives is an utter mystery—even in the wilderness of mirrors.