One of the worst national security leaks in U.S. history began with classified documents on Russia’s war in Ukraine and other issues spreading across fringe social media sites and messaging rooms for gamers.
The leak, which is being investigated by the Justice Department and Pentagon, was first reported last week by The New York Times.
Yet the earliest documents were spreading across Discord servers for at least a little over a month, even though they are only now being investigated by the Justice Department and Pentagon.
Discord is a messaging platform popular with gamers.
Here’s how the documents spread.
A ‘Wow Mao’ chatroom
Photographs of dozens of pages of the documents were shared on Feb. 28 and March 2 on Discord to a server called “Wow Mao,” The Washington Post reported.
The “Wow Mao” Discord server, seemingly named after a YouTuber’s account, may not have been the first Discord channel where the documents spread, however.
Members of a separate Discord community told Bellingcat the images were among a larger set of photos of documents posted to a since-deleted server on Discord dating back to January, said Aric Toler, Bellingcat’s director of research and training.
Bellingcat was not able to independently verify claims of those earlier documents.
The jump to Minecraft
After the photos were shared to the Wow Mao server, some of them were shared on another server about the popular video game Minecraft, Toler said.
Ten documents were posted in the server about Minecraft maps, which had a larger community following than the Wow Mao server.
In response to a “brief spat” with another person in the Minecraft chatroom, one user replied “here, have some leaked documents” and attached the 10 documents about Ukraine, some of which had the “Top Secret” markings, according to the Bellingcat.
From the Minecraft server, a handful of posts migrated over to 4chan and Telegram — and then “all hell breaks loose,” Toler said.
The images shared on a pro-Russian Telegram channel on Wednesday came after a user on 4chan posted seemingly similar but mostly different documents, according to Bellingcat.
For example, in one common image on the two posts is a map with statistics that include the cumulative number of Russian and Ukrainian soldiers killed in action.
While the image is identical, the posts show different numbers killed in action. The image shared on 4chan showed more Russian losses than Ukraine, and the image shared on Telegram showed the reverse.
Toler said the second image, with the higher Ukrainian killed in action numbers posted on Telegram, appeared to have been manipulated.
How are platforms responding to the leak?
The breach, and reported manipulation of at least one of the images, is raising concerns about how information is being circulated online.
Steven Ward, a resident privacy and security follow for R Street’s Cybersecurity and Emerging Threats team, said the leaking of classified intelligence documents is concerning but “we should be cautious of the leaked documents’ authenticity.”
“In the last few years, dark underground communities like 4chan and Telegram have garnered more attention, expanding their reach and making them a viable option for distributing information to a larger audience,” Ward said in an email.
A Discord spokesperson said they are cooperating with law enforcement in regards to the “apparent breach of classified material.”
“As this remains an active investigation, we cannot provide further comment at this time,” the spokesperson said.
The spokesperson added that when Discord is “made aware of content that violates our policies, our Safety team investigates and takes the appropriate action, including banning users, shutting down servers, and engaging with law enforcement.”
Discord is not the only platform where the information is spreading. Images are now circulating on much more mainstream social media platforms, such as Twitter.
It’s not clear if Twitter has plans to try to bar the spread of the images. Twitter CEO Elon Musk, who bought the platform in the fall, seemed to sarcastically brush off the idea in a tweet last week.
“Yeah, you can totally delete things from the Internet – that works perfectly and doesn’t draw attention to whatever you were trying to hide at all,” Musk tweeted.