OSINT Blog / Post

July 17, 2024

How Do Critical National Security Leaks Happen?

Governments across the globe continue to be deeply worried about leaks of national security information. Such leaks can have severe consequences, including triggering disputes between countries, harming diplomatic relations, and putting the lives of intelligence personnel at risk. Given the potential high stakes involved, it is critically important to promptly detect and investigate instances of classified information leaks, with the aim of identifying their source and minimizing the fallout.

In today's digital age, detecting and addressing national security leaks has become more challenging and complex than in years past. With global connectivity and the internet, sensitive information can be disseminated more quickly and easily than ever. However, open-source intelligence (OSINT) can aid government agencies, law enforcement, and other organizations in accelerating the discovery of crucial data breaches and accurately tracing them back to their origin.

In the most recent headline-grabbing incident, the US government and journalist community were racing against time to uncover the source of a leak of over 100 classified Pentagon documents containing sensitive intelligence. These documents were dated between January and early March 2023, and their unauthorized release posed a serious threat to national security. Initially, photographs of the leaked documents appeared on Discord and later spread to Telegram and 4Chan before eventually reaching Twitter. Although not unexpected, the rapid spread of the leaked data further underscored the challenges in preventing and detecting leaks in the current digital environment.

How Do Critical National Security Leaks Happen?

National security leaks occur when classified or sensitive information is disclosed to unauthorized parties, such as the media or the general public. There are various reasons why and how these events happen, including:

  • Human Error: Leaks can occur when individuals with authorized access to sensitive information unintentionally disclose it. In 2021, UK senior civil servant Angus Lapsley, who was on track to become the UK's ambassador to NATO, inadvertently left almost 50 classified Ministry of Defence documents containing details about HMS Defender and the British military at a bus stop in Kent. While Mr. Lapsley avoided being charged, his mistake led to him missing out on his professional promotion.
  • Insider Threat Actors & Whistleblowers: In contrast to the previous example, individuals with authorized access to sensitive information may also make conscious decisions to deliberately leak information for various reasons, including malicious intent, personal gain, whistleblowing to gain public attention, and political motivations. W. Mark Felt, Chelsea Manning, and Edward Snowden are all famous individuals who conducted this type of leak.
  • Social Engineering: Government and corporate employees can also unintentionally become involved in national security leaks when they are manipulated by attackers through social engineering techniques. Bad actors may exploit human emotions in order to convince employees to disclose sensitive information through deception, such as pretending to be someone an employee trusts.
  • Cyber Rings: Finally, national security leaks can be caused solely by external threat actors. Hackers working for foreign nations or for financial gain may conduct sophisticated cyberattacks against secure government servers and databases to access sensitive data.

Regardless of the cause or underlying motivation, data leaks have a variety of downstream impacts on national security and intelligence-gathering efforts. To enhance security posture, it is essential for government agencies and private organizations to maintain robust security protocols, regularly review access controls, and provide ongoing training to employees and contractors who handle sensitive information. By taking these essential steps, organizations can better safeguard their critical information and protect against potential threats.

Skopenow-Investigating-Critical-National-Security-Leaks-inline-blog-image (2)

The Investigative Process for National Security Leaks

On April 14, 2023, Jack Douglas Teixeira, a 21-year-old airman from Massachusetts, was arrested and charged with the unauthorized removal, retention, and transmission of classified national defense documents and materials. The Pentagon leaks were subject to an extensive investigation that employed numerous OSINT tools and techniques. To gain a more comprehensive understanding of the investigation, the Skopenow team scrutinized the case and identified essential measures that could be implemented in probing comparable leaks. These steps include:

Detecting the initial leak: Organizations, including government agencies, can utilize situational awareness tools to detect potential national security leaks. These tools analyze public data sources like social media, online forums, and messaging platforms, looking for patterns of behavior and keywords that may indicate a potential national security leak. In the case of the Pentagon leaks, the discovery of leaked documents may have resulted from journalists and government officials finding them in chats or forums, such as this archived 4chan board where a sensitive document was shared.

Conducting a preliminary investigation: To understand the extent of the leak and identify avenues for investigation, the organization also needs to determine what was leaked, how much information was contained in those assets, who may have had access to the information, and what other information is at risk.

Conducting interviews: To supplement the information gathered from public data sources, organizations can conduct interviews with personnel who had access to the leaked information. These interviews can provide valuable insights into the potential sources of the leak, allowing investigators to rule out employees and narrow down the list of those potentially responsible.

Tapping into OSINT: Investigators can further identify potential sources of a leak by utilizing OSINT to probe insiders who had access to leaked information. By scanning public data sources, such as social media, consumer records, vehicle records, and court and criminal records, investigators can obtain valuable insights into the views, lifestyle, and circumstances of the individuals who may be responsible for the leak, as well as identify any warning signs.

The New York Times used link analysis and social media mapping to connect Jack Teixeira to the Pentagon leaks. After mapping out social media connections, The New York Times team utilized profile photos to uncover Jack Teixeira's username, 'jackdjdtex,' and eventually, it was revealed that a kitchen countertop inside his childhood home was matched to leak-related photos published online. 

To validate these results independently, the Skopenow team used its own automated link analysis solution to analyze Jack Teixeira's network associations as well as processed the username through Skopenow's Workbench solution to determine what public data was available that could help solve the case. Workbench generated a range of actionable intelligence in an automated report, including his name, home address, family members, cell phone number, the details of an SUV and truck registered to his home address, and social media accounts across Etsy, Instagram, and more.

Preserving evidence: When conducting an internet investigation, it's vital to be aware that digital evidence can disappear in a flash. It is therefore essential to preserve any evidence that could be relevant to the investigation. Modern OSINT platforms like Skopenow forensically preserve screen captures, metadata, and hash data for all digital information collected, which should be standard practice for any OSINT practitioner conducting investigations. 

Analyzing the data: After gathering public data, analysts can go deeper by synthesizing both open and closed-source data to help determine who leaked the information. Automated solutions like Skopenow can assist analysts through the analysis stage of the intelligence cycle by providing a range of AI/ML features and capabilities, such as behavior recognition across images, text, and videos. With these advanced tools, investigators can streamline the analysis process and make more accurate determinations about a leak’s origins.

Making recommendations and allocating resources: Once the investigative work is complete, analysts and investigators can provide recommendations based on relevant and timely intelligence. With these informed decisions, organizations can then allocate resources swiftly and efficiently to deal with the leak. In the case of the Pentagon leak, investigators armed with OSINT insights, like the actionable intelligence generated with Skopenow, were able to quickly locate Jack Teixeira's home address and track his location via his phone. Skopenow would have additionally enabled investigators to monitor Teixeira's social media posts for new posts related to leaked data, his personal location, and the location of his vehicle and then even follow it on approach to the home address via recent LPR (license plate recognition) pings.

With the right open-source insights, a team of heavily armed FBI agents was eventually able to converge on Teixeira's address in North Dighton and apprehend him, while a government surveillance aircraft watched overhead. Advanced OSINT tools minimized potential harm to national security and enabled investigators to act quickly to address the leak. The investigation of the Pentagon leak demonstrates the invaluable role of automated OSINT solutions in detecting and investigating national security threats.

Automating National Security Leak Detection

Essential and reliable tools that can quickly gather relevant insights and intelligence to help identify sources of a leak and inform appropriate action can counterbalance the threat of leaks posing risks to the safety and security of nations and organizations. By utilizing Skopenow's advanced features and AI-driven algorithms, investigators can analyze a broad range of data sources, including social media, court records, and consumer data, to identify potential warning signs and generate actionable intelligence. The ability to act quickly and decisively is crucial when it comes to national security leaks and, with Skopenow's powerful OSINT tools, governments and organizations can ensure that they have the capabilities to safeguard their sensitive information and prevent potential harm to their operations.

At Skopenow, we understand the importance of staying up-to-date on the latest developments, trends, and techniques in OSINT. Start unlocking the power of open-source intelligence with a free trial today: www.skopenow.com/try.