exp pentagon leaks bertrand FST 041110ASEG1 cnni world_00002001.png
Potentially deadly consequences from the Pentagon leak
05:22 - Source: CNN
Washington CNN  — 

The Pentagon has begun to limit who across the government receives its highly classified daily intelligence briefs following a major leak of classified information discovered last week.

Some US officials who used to receive the briefing materials daily have stopped receiving it in recent days, sources familiar with the matter told CNN, as the Pentagon’s Joint Staff continues to whittle down its distribution lists.

The Joint Staff, which comprises the Defense Department’s most senior uniformed leadership that advises the president, began examining its distribution lists immediately after learning of the trove of leaked classified documents – many of which had markings indicating that they had been produced by the Joint Staff’s intelligence arm, known as the J2.

All the email lists have been reviewed, a senior defense official said, and some restrictions may only be temporary. Everyone on the lists had proper clearance, but not everyone needs to receive that information daily, the official added.

Pentagon spokesman Brig. Gen. Pat Ryder in a interview with News Nation on Wednesday said the Pentagon is looking at “mitigation measures in terms of what we can do to prevent potential additional unauthorized leaks.”

The leaked documents have exposed what officials say are lingering vulnerabilities in the management of government secrets, even after agencies overhauled their computer systems following the 2013 Edward Snowden leak, which exposed the scope of the National Security Agency’s intelligence gathering apparatus.

It is unlikely, however, that those safeguards would have prevented the most recent leak, sources said. The documents that circulated online appear to have been printed largely from briefing books that staffers spend hours putting together for senior officials on the Pentagon’s Joint Staff.

Previously, slides from the Joint Staff briefing deck could be accessed by hundreds, if not thousands, of people across the government, officials said. The Pentagon has now stopped distributing the updates to as many people across different government agencies.

“Way too many people have access to very sensitive information,” a senior US official told CNN, noting that “thousands” of people likely saw these documents before they hit the internet.

It is unclear to what extent the Defense Department has already pared down the distribution lists and whether more people will be denied access to the intelligence briefing documents as the investigation continues.

On Wednesday night, the Washington Post reported that the person behind the leak worked on a military base and shared the sensitive briefing documents to a chatroom of about two dozen people on Discord – a social media platform popular with video gamers.

Paper vs tablets

In addition to email distribution lists, senior Pentagon officials are provided with tablets every day with the latest intelligence. But hard copies are prevalent, too – many Pentagon officials are also given binders of printed intelligence daily, said two senior US officials, as well as another source familiar with the process.

“Colonels and generals have their staff killing trees because they like paper, want to hold it closer with their reading glasses on, want to take it to in-person meetings or to read in between meetings,” said a former US official familiar with the Pentagon’s classified system.

Because the leaked documents appear to have been printed out copies that were then photographed, investigators will undoubtedly be examining printer logs from the last several months, officials said.

“All classified systems have multiple levels of risk controls, but a determined insider will find the weak points over time,” said the former US official. “And paper is still a liability, predominantly perpetuated by senior ranks.”

Another former senior defense official said the probe will likely lead to fewer paper versions of the documents.

“I think one of the things that will probably come out of this will be more of a move to providing information on tablets,” the former official said. “Senior leaders, some of them more technically astute, some like to have the papers so they can scribble on the margins and stuff like that.”

Effect of Ukraine

Prior to the leak, the Joint Staff’s intelligence arm had been trying to get the other joint staff directorates to improve their information security practices, in part so that the chairman’s daily intelligence brief could be shared more broadly, according to a source with knowledge of the matter.

Since Russia invaded Ukraine last year, demand for the Pentagon’s daily intelligence briefing has risen, another official said, as multiple people at agencies across the government are eager for updates on Ukraine’s military capabilities and plans, which the Joint Staff tracks and analyzes closely.

“Having to scale that distribution back, even temporarily, is a bitter pill,” said the source familiar with internal joint staff deliberations.

One former official who previously had access to the daily brief while serving at an agency outside DoD during the Trump administration also lamented the fact that this leak almost certainly means there will be restrictions on who will now be allowed to see it, telling CNN that the deck was a helpful resource for top officials across the executive branch.

FBI leak hunters

The criminal investigation, meanwhile, is being led by the FBI’s Washington field office, including a team of counter-intelligence investigators experienced in hunting leaks.

Those investigators are also working with Pentagon officials on the damage assessment, which would become part of the evidence to be used in any potential prosecution that results.

US officials say the breach reflects the limits of changes made after the Snowden leak a decade ago.

In its aftermath, federal agencies including the NSA, FBI and others overhauled their computer systems to better track access to sensitive documents. Some systems now record which employees open access to specific documents and agencies use printers that record which employee print specific documents.

In recent years, the NSA and other agencies have also improved their capabilities to detect anomalies in internet traffic from US-based systems, aimed in part at helping to deter foreign hackers moving large amounts of data from US computers. Those systems don’t monitor domestic US internet traffic.

The Defense Department, because of its vast size and some of its operational needs, has been slower to adopt some of the post-Snowden changes, current and former officials say.

FBI investigators are now facing the prospect of sifting through a vast forensic trail left by thousands of people who had access to the Defense Department documents.

“Whenever we do these investigations, we continue to be surprised at just how many people have access to these products,” one former US official said.

But if the documents posted to social media sites were photographs, it is possible that a camera phone could yield troves of metadata that could help investigators.

CNN’s Oren Liebermann, Jennifer Hansler, Haley Britzky, and Kylie Atwood contributed to this story.