Jack Teixeira: Trail of digital breadcrumbs led to alleged Pentagon leaker

What Bellingcat and the New York Times showed was how widespread sharing of the documents became and suspect’s apparent negligence in covering his tracks

Massachusetts Air National Guardsman Jack Teixeira appears in court in Boston. Illustration: Margaret Small/AP
Massachusetts Air National Guardsman Jack Teixeira appears in court in Boston. Illustration: Margaret Small/AP

Until Jack Teixeira appeared in federal court on Friday morning, the unmasking of the alleged Pentagon leaker had taken on the air of a fascinating mystery novel.

Among those vying for starring roles were the online sleuthing group Bellingcat, which on April 9th publicly identified the private Discord server where Teixeira is said to have posted classified documents; and the New York Times, which matched images of the Teixeira family kitchen where the top secret papers were supposedly photographed to the 21-year-old defendant’s social media profile.

Adding further intrigue was an assertion from the Times that its journalists were already gathered at the Teixeira residence in Dighton, Massachusetts, shortly after publishing Teixeira’s identity on Thursday when a six-strong team of federal agents arrived and “pushed into the home”.

But it seems the FBI were onto Teixeira too, at least according to court documents made public on Friday detailing the criminal complaint against him.

READ MORE

The affidavit, signed by FBI special agent Patrick Lueckenhoff, does not reveal in any great detail what led the bureau to the young Massachusetts air national guardsman, nor does it reveal what role the revelations published by Bellingcat and others might have played at any given stage. But it does show that investigators were pursuing their own inquiries that were at least parallel and had already zeroed in on their suspect.

Suspect in Pentagon leaks praised by right-wing US figuresOpens in new window ]

The probable-cause affidavit cites conversations between the FBI and another user of the so-called Thug Shaker Central chat group on Discord on April 10th, in which the user said Teixeira was posting classified material as early as December 2022.

It notes that when the FBI subpoenaed Discord for Teixeira’s account details, the records produced on April 12th showed that Teixeira had put his own name and address as the billing information.

It also disclosed that an unnamed “second US government agency, which can monitor certain searches conducted on its classified networks”, found Teixeira used his government computer to search for the word “leak” on April 6th.

US security agencies are now reviewing protocols and dealing with the diplomatic fallout from the recent release of confidential briefings on Ukraine.

In a tweet posted on Friday, shortly after Teixeira’s court appearance, Aric Toler, Bellingcat’s director of research and training, whose name also appears on New York Times coverage of the story, said the FBI was ahead of the curve in identifying Teixeira.

“This should have been obvious, but no, our story naming the Pentagon/Discord leaker didn’t help the feds find him,” Toler wrote.

“They already knew at least a day before we identified him.”

Pentagon leaks: when ‘top secret’ is not so secret after allOpens in new window ]

Still, what Bellingcat and the Times showed was how widespread the sharing of the documents had become and Teixeira’s apparent negligence as he left a plethora of digital breadcrumbs leading to his identity being revealed.

In addition to the Thug Shaker Central group, copies of some of the documents also showed up on another Discord server hosted by a prominent YouTuber named Wow Mao. They could have been shared there by Teixeira, or more likely others who had picked them up, thereby exposing them, and by consequence, the suspect himself, far beyond the tight group of 20 or so active users of the original private Discord group.

From there, the leaked documents spread to right-wing online message board 4chan and smaller groups on Telegram – including one analysts say included an edited image with inaccurate casualty figures.

The New York Times first reported on the leaked documents on April 7th, mentioning the work of Bellingcat in finding a tranche of documents shared on Discord in March.

Several US news outlets, including the Times and the Washington Post, spoke with users of the Discord group before US officials arrested Teixeira on April 13th.

The New York Times and Bellingcat did not immediately respond to requests for comment about whether and when they alerted federal officials of their findings during the reporting process.

Pentagon leaks: Jack Teixeira, the gamer who shook the intelligence worldOpens in new window ]

But the saga has revealed major shortcomings in the US government’s management of classified information, said Theresa Payton, cybersecurity expert and former White House chief information officer.

“Everyone should take this as a huge wake-up call,” she said. “To not do a bottom-up review of how this happened would be a dereliction of duty – because this will continue to happen if we don’t really get to the root cause.”

The leak has spotlighted concerns over the systems the US employs to manage that information, with experts warning the country’s cyber infrastructure is woefully outdated.

The files Teixeira accessed were stored on what is known as the Joint Worldwide Intelligence Communications System (JWICS), a 30-year-old system that originally handled materials produced by the intelligence community for distribution among a much smaller segment of the defence department. It has since expanded.

Experts say agencies are lagging in their ability to modernise systems such as JWICS, particularly as the volume of material they are meant to hold has exponentially increased.

The challenges the intelligence community is facing in that respect are in line with broader difficulties the US government has faced in modernising its systems, including in areas such as social services.

Part of the problem is staffing. Since 2016, the US government has tried to staff up aggressively in the cyber infrastructure space, with the Department of Homeland Security hiring for hundreds of new roles in the past year. But experts say it is not enough – and the department itself has called for thousands of more staff.

The Biden administration has attempted to address the weakness with $26.2 billion (€23.6 billion) in funding announced in March, but concerns are ongoing. – Guardian