The easy trail that led the feds to Reality Winner, alleged source of NSA leak

0
202

June 6, 2017

WASHINGTON, D.C. — An intelligence contractor was charged with sending a classified report about Russia’s interference in the 2016 election to the news media, the Justice Department announced Monday, the first criminal leak case under President Trump.

June 6, 2017

WASHINGTON, D.C. — An intelligence contractor was charged with sending a classified report about Russia’s interference in the 2016 election to the news media, the Justice Department announced Monday, the first criminal leak case under President Trump.

Reality Leigh Winner, 25, a federal contractor charged by the U.S. Department of Justice for sending classified material to a news organization, poses in a picture posted to her Instagram account. – Reality Winner/Social Media via REUTERS

The case showed the department’s willingness to crack down on leaks, as Mr. Trump has called for in complaining that they are undermining his administration. His grievances have contributed to a sometimes tense relationship with the intelligence agencies he now oversees.

The Justice Department announced the case against the contractor, Reality Leigh Winner, 25, about an hour after the national-security news outlet The Intercept published the apparent document, a May 5 intelligence report from the National Security Agency.

The report described two cyberattacks by Russia’s military intelligence unit, the G.R.U. — one in August against a company that sells voter registration-related software and another, a few days before the election, against 122 local election officials.

The Intercept said the N.S.A. report had been submitted anonymously. But shortly after its article was published, the Justice Department said that the F.B.I. had arrested Ms. Winner at her house in Augusta, Georgia, on Saturday. It also said she had confessed to an agent that she had printed out a May 5 intelligence file and mailed it to an online news outlet.

It was not immediately clear who is serving as the defense lawyer for Ms. Winner, who has been charged under the Espionage Act.

An accompanying F.B.I. affidavit said she has worked for Pluribus International Corporation at a government facility in Georgia since Feb. 13. While it did not identify the agency or the facility, the N.S.A. uses Pluribus contractors and opened a branch facility in the suburbs outside Augusta in 2012.

The F.B.I. affidavit said reporters for the news outlet, which it also did not name, had approached the N.S.A. with questions for their story and, in the course of that dialogue, provided a copy of the document in their possession. An analysis of the file showed it was a scan of a copy that had been creased or folded, the affidavit said, “suggesting they had been printed and hand-carried out of a secured space.”

The deputy attorney general, Rod J. Rosenstein, in Washington last month. “Releasing classified material without authorization threatens our nation’s security and undermines public faith in government,” he said. – Joshua Roberts/Reuters

The N.S.A.’s auditing system showed that six people had printed out the report, including Ms. Winner. Investigators examined the computers of those six people and found that Ms. Winner had been in email contact with the news outlet, but the other five had not. In a statement, the deputy attorney general, Rod J. Rosenstein, praised the operation.

“Releasing classified material without authorization threatens our nation’s security and undermines public faith in government,” he said. “People who are trusted with classified information and pledge to protect it must be held accountable when they violate that obligation.”

Espionage Act charges carry a sentence of up to 10 years in prison, although conventional leak cases have typically resulted in prison terms of one to three years.

Once rare, leak cases have become far more common in the 21st century, in part because of electronic trails that make it easier for investigators to determine who both had access to a leaked document and was in contact with a reporter. Depending on how they are counted, the Obama administration brought nine or 10 leak-related prosecutions — about twice as many as were brought under all previous presidencies combined.

Mr. Rosenstein helped prosecute one of them, a case against James E. Cartwright, a retired four-star Marine general and a former vice chairman of the Joint Chiefs of Staff accused of disclosing classified information to reporters. General Cartwright pleaded guilty to lying to investigators about his conversations with journalists but was later pardoned by President Barack Obama.

Mr. Trump called for a crackdown in the context of leaks about what surveillance has shown about his own associates’ contacts with Russian officials. The report Ms. Winner is accused of leaking, by contrast, focuses on pre-election hacking operations targeting voter registration databases and does not mention the Trump campaign.

The American intelligence community has concluded that Russia conducted a broad influence campaign for the purpose of undermining Hillary Clinton’s candidacy and sowing doubts about the democratic process if she had won.

In October, when the Obama administration accused Russian of stealing and releasing Democratic emails, it also said there was a pattern of probing of voter registration-related systems that were traceable to Russian servers, but stopped short of saying the Russian government was behind them. The intelligence report, citing unspecified information the N.S.A. obtained in April, suggests the government is now satisfied that Moscow was the culprit.

Both attacks described in the report relied on so-called spear phishing, a tactic that uses spoof emails to trick users into clicking links or opening attachments that then install malicious software on their computers. The G.R.U. sent the emails from two free American web-based email providers, Google’s Gmail and Microsoft’s Outlook.com, it said.

The first attack, on Aug. 24, involved an attack on an American company “evidently to obtain information on elections-related software and hardware solutions.”

The report masked the name of the software vendor, referring to it as “U.S. Company 1,” in keeping with standard minimization rules for intelligence reports based on surveillance. However, the report contained references to an electronic voter identification system used by poll workers and sold by VR Systems, a Florida company.

VR Systems’ website said its products are used by jurisdictions in California, Florida, Illinois, Indiana, New York, North Carolina, Virginia and West Virginia. The firm’s chief operating officer, Ben Martin, did not respond to a voice mail message.

That attack was likely successful. The report said the G.R.U. used data likely obtained from it to conduct the second set of attacks, a “voter registration themed spear-phishing campaign targeting U.S. local government organizations.”

Specifically, it said, in late October or early November, the G.R.U. sent to 122 local elections officials emails designed to look like they were from that company and containing attachments designed to look like an updated system manual and checklist. Opening the attachment would download malicious software from a remote server, the report said.

Russia’s president, Vladimir V. Putin, shifted last week from his blanket denials of meddling in the election and suggested that “patriotically minded” private Russian hackers could have been involved in the cyberattacks last year.


Courtesy: NY Times

LEAVE A REPLY

Please enter your comment!
Please enter your name here