The Biden administration is looking at expanding how it monitors social media sites and chatrooms after U.S. intelligence agencies failed to spot classified Pentagon documents circulating online for weeks, according to a senior administration official and a congressional official briefed on the matter.
The possible change in the intelligence-gathering process is just one potential shift as officials scramble to determine not only how the documents leaked but also how to prevent another damaging incident.
President Joe Biden and Defense Secretary Lloyd Austin were briefed about the disclosure last week, administration officials say, but the secret documents appeared online in early March on the Discord social media app, according to Bellingcat, the open-source investigative group. Some documents may have appeared as early as January, the group said.
The president and other officials were dismayed when they learned the documents had been online for at least a month.
“Nobody is happy about this,” said the senior administration official.
The administration is now looking at expanding the universe of online sites that intelligence agencies and law enforcement authorities track, the official said.
The secret Pentagon documents appeared in an obscure part of the internet focused on gaming, and some former intelligence officials said it was understandable that U.S. authorities did not spot the disclosure.
The U.S. government may not have been looking there, but cybersecurity experts have long known that Discord has been used by criminals and hackers to spread malware and stealthily transfer stolen information.
“The Discord domain helps attackers disguise the exfiltration of data by making it look like any other traffic coming across the network,” said a 2021 report by Cisco’s Talos cybersecurity team.
The intelligence community is now grappling with how it can scrub platforms like Discord in search of relevant material to avoid a similar leak in the future, said the congressional official.
The disclosure also has raised fresh questions about how sensitive intelligence information is handled inside the government, and whether the pool of people allowed to access it needs to be scaled back.
In the aftermath of the leak, the administration has already tightened access to classified information and is looking at other steps, officials said.
The leaked documents appear to contain “sensitive and highly classified material” and pose a potentially serious risk to national security, the Pentagon said on Monday. NBC News obtained more than 50 of the documents, which appear to be briefing slides for the U.S. military’s Joint Staff based on information from a range of U.S. intelligence agencies.
The documents include detailed intelligence on Russian tactical moves in the war in Ukraine, descriptions of Ukraine’s combat power and weaknesses, alleged sabotage by Ukrainian agents inside Belarus and Russia, and spying reports on allies, including South Korea and Israel. Much of the intelligence reporting in the documents signals intelligence — or electronic eavesdropping — as the source of the information, a crucial tool for America’s spy services.
The Office of the Director of National Intelligence, the CIA, the National Security Agency and the Pentagon have declined to comment on the information contained in the documents.
This intelligence leak doesn’t appear, at least so far, to resemble previous incidents that involved double agents handing over information directly to foreign adversaries or self-described whistleblowers providing secret documents to media outlets. Instead, the information appeared in a private online chatroom, not a typically secure location to pass along sensitive material to a spy service, but also not an obvious means to reveal secrets to the world.