The scale of the leak was enormous – thousands of secret documents, some of the most sensitive and important held by United States intelligence, downloaded and put into the public domain in a huge blow to Western security.
Classified information was downloaded from the computers of the National Security Agency (NSA) and Defense Intelligence Agency by a civilian private contractor who had been vetted and provided with one of the highest levels of security clearance.
That was Edward Snowden, whose devastating disclosures were made almost exactly 10 years ago.
Now there has been another huge security leak from the Pentagon, with Jack Teixeira, 21-year-old junior member of the Massachusetts Air National Guard, arrested on Thursday afternoon over the leak.
Day after day there are new reports about what American intelligence agencies have gathered from intercepting communications between the country’s allies as well as between its enemies.
Many similarities exist between the two sets of leaks, a decade apart. For example, revelations include that the US spies on supposedly friendly states, such as Israel and South Korea. Snowden revealed that the US spied on Germany – an ally and fellow Nato member – even bugging the mobile telephone of its chancellor at the time, Angela Merkel.
The difference between the respective leaks can be seen in both motivation and dissemination.
Snowden maintained he was a whistleblower motivated by alarm at the aggressive actions of the US administration and its breaches of human rights. He chose to give the files he had obtained to senior journalists at serious media outlets such as The Washington Post and The Guardian.
The current tranche of documents was dumped on a web server, apparently to impress fellow users of a chatroom rather than for ideological reasons.
US defense secretary Lloyd Austin pledged to “investigate and turn every rock until we find the source of this and the extent of it ... they were somewhere in the web, and who had access at that point, we simply don’t know”. CIA director William Burns said the leak was “deeply unfortunate”, adding: “We are trying to find out all we can about this. It’s something the US government takes extremely seriously.”
Investigative journalism group Bellingcat claims Texeira posted the documents in an online group he oversaw, called “Thug Shaker Central”.
The secret files also appeared on a Discord channel run by a 20-year-old British-Filipino student based in the UK and known online as Wow Mao; he describes himself as a “shit-posting internet micro-celebrity”.
Some material also appeared on another Discord server, “Minecraft Earth Map”, where, after an argument about the Ukraine war, a user posted “Here, have some leaked documents” and attached 10 of them.
What does appear to be the case is that the revelations are not the work of a state actor, such as Russian or Chinese intelligence services or those of other adversaries. And that makes such an event harder to foresee, or to mitigate.
Both the Snowden leak and the current one are in part the result of a move towards the privatisation of security. The Pentagon has granted high-level security clearance to a very large number of civilians. The number of employees and contractors across the US administration with top-secret clearance is currently more than 1.25 million.
Britain has three levels of security clearance: counter terrorist check (CTC), security check (SC) and developed vetting (DV). Since 2018, an average of 164,000 CTC and SC and 17,900 DV clearances have been issued each year.
Jake Williams, a former NSA operator and an analyst with cybersecurity consultancy firm IANS Research, comments: “It seems like the Department of Defense thought they had sufficient controls in place to detect would-be leakers after incidents like Snowden. But obviously, whoever is doing this got around that, or learned from past techniques and mistakes.”
Robert Emerson, a British security analyst, says the concept of a leak-proof security world is fanciful. “The volume of information is so much, being transmitted at such speed, that it’s virtually impossible to ensure total control.
“At the same time, it would not be possible to operate in such an environment without extending security clearance to junior ranks and private contractors. And if, as we are told in this case, there were no strong ideological or political motivation in the leaking, it’s difficult to weed out individuals during vetting.”
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies