The Trump administration on Monday brought its first case under the Espionage Act, charging an intelligence agency contractor with leaking a classified document to a news outlet.
The leaked document described in the charges appears to match a top-secret National Security Agency analysis published Monday afternoon by The Intercept, detailing Russian efforts to tamper with U.S. election systems.
The NSA report describes how Russia’s military intelligence agency, the GRU, cracked into a U.S. voting database software supplier and then used the information it pilfered to craft fake emails laden with malware that were sent to more than 100 local election officials, according to The Intercept’s story. The GRU is the same agency that U.S. intelligence officials previously linked to the theft and release of massive troves of internal emails from the Democratic Party and Hillary Clinton’s presidential campaign.
Several news outlets, including CBS News and Reuters, said they have independently confirmed the NSA document’s authenticity.
The NSA report is dated May 5, 2017, nearly matching the intelligence agency report described in the Justice Department’s criminal complaint against the intelligence agency contractor, 25-year-old Reality Leigh Winner. The government said the pilfered report was “published on or about May 5, 2017.”
Media outlets also reported Monday afternoon that Winner was The Intercept’s source. The Intercept itself said it had “no knowledge of the identity of the source.”
Winner, a Georgia-based intelligence community contractor with a top secret clearance, was arrested on Saturday. She admitted to leaking the document to a news outlet and appeared Monday in a federal district court.
The apparent NSA document is perhaps the most granular account to-date of a Russian hacking operation during the U.S. presidential election.
Previously, the intelligence community had only publicly described Moscow’s digital meddling campaign — which included hacks at the Democratic National Committee and Hillary Clinton’s campaign, as well as the embarrassing leaks of internal emails — in broad strokes.
But the apparent NSA report published Monday alleges that Moscow’s cyber warriors wanted to pose as election software vendors to dupe local election staffers into opening infected Microsoft Word documents, thus giving the hackers full access to their computers.
The report indicates — but does not confirm — that these digital meddlers successfully infiltrated VR Systems, a Florida-based election technology manufacturer. CNN reported last October that the government was investigating a Russian-linked hack at a Florida election systems contractor.
VR Systems declined to comment to The Intercept on the potential hack and did not immediately respond to a request from POLITICO for comment.
The alleged NSA report says the Kremlin-linked digital spies used the information purloined from this contractor to craft fake emails to 122 addresses of local officials likely involved in managing the voter registration systems. The malicious messages were sent on either Oct. 31 or Nov. 1 — just days before the election — according to the intelligence analysis.
However, the document says it’s unclear whether the Russian hackers successfully compromised any devices. And even if the hackers infected the computers, they would have had to take several other steps to tamper with voter information or the machines themselves.
Still, the digital assault described in the document would seem to shed light on Russian tactics designed to potentially target the election system itself.
Intelligence officials have maintained there is no indication that digital meddlers successfully tampered with the vote. But the document says the Russian hackers behind the operation are part of a team with a “cyber espionage mandate specifically directed at U.S. and foreign elections,” focused specifically on the voter registration process and voter rolls.
Cybersecurity experts have long warned that hackers could affect vote outcomes by manipulating or deleting portions of the voter rolls.
The apparent leak of the top-secret document is just the latest in a string of unauthorized disclosures from the intelligence and law enforcement communities during the Trump administration. Some of the leaks — including many regarding the FBI’s investigation into Russia’s election meddling and potential collusion between the Kremlin and aides to President Donald Trump — have hampered the White House’s ability to pursue its agenda.
Trump and Attorney General Jeff Sessions have decried the leaks and vowed to take a more aggressive stance against those releasing the information to news outlets.
Monday’s charges against Winner are the most concrete action the administration has taken to follow through on that pledge.
According to the DOJ criminal complaint, an unnamed government agency informed the FBI on Thursday that a news organization had recently contacted it to authenticate a leaked document. The unnamed agency confirmed that the document was real and classified at the top secret level.
According to the criminal complaint, Winner printed out the document “on around about” May 9 and subsequently sent it to “an online news outlet” through the mail.
The unnamed agency that produced the report determined that only six people had printed it out. After investigating those individual’s work computers, the government determined that only Winner had emailed the news outlet.
“Releasing classified material without authorization threatens our nation’s security and undermines public faith in government,” Deputy Attorney General Rod Rosenstein said in a statement. “People who are trusted with classified information and pledge to protect it must be held accountable when they violate that obligation.”