A 21 year-old cybersecurity journeyman for the Massachusetts Air National Guard, suspected of leaking classified Pentagon intelligence on the war in Ukraine, may have posted sensitive information online months earlier than previously known and in a chat group with a much wider membership.
Jack Teixeira was arrested following an FBI investigation into the “alleged unauthorized removal, retention and transmission of classified national defense information.” Teixeira held the highest level of security clearance granted by the federal government for top secret information and stands accused of posting secret intelligence on the Russian war effort to a private chat group on Discord, a social media gaming platform, in a group of about 50 members named Thug Shaker Central. However, another Discord user informed the New York Times about a larger, previously undisclosed chat group with about 600 members where Teixeira allegedly posted additional classified information including details about Russian and Ukrainian casualties, activities of Moscow’s spy agencies and updates on aid being provided to Ukraine. According to the New York Times, the user claimed to be posting information from the National Security Agency, the Central Intelligence Agency and other intelligence agencies.
Initially the classified information shared by Teixeira included transcriptions of intelligence documents typed up, likely by his hand, along with added annotations and commentary; however, many of the later documents appear to have first been printed out and then transported outside of the workplace to be photographed. The leak itself was only discovered when, after some weeks, the documents began floating around external servers and channels – Wow_Mao, Minecraft, Twitter and Telegram – and were eventually reported on, first in open-source reporting, then by journalists at the New York Times.
This newly-uncovered second chat group was publicly listed on a YouTube channel and easily accessed in seconds by New York Times reporters. The posts to this group were linked to Teixeira through a “chain of digital evidence.” The first leak appears as far back as 48 hours within Russia’s invasion of Ukraine in February 2022. “I have a little more than open source info. Perks of being in a USAF intel unit,” Teixeira wrote after members of the group questioned his intelligence.
Other posts reportedly displayed knowledge of Ukraine’s targeting priorities, activities of Russian intelligence agencies, and troop movements before they happened. Teixeira reportedly brags in one message, “The job I have lets me get privilege’s above most intel guys.” In another, Teixeira allegedly offers to share classified information privately with members of the group living outside the United States, claiming that this information was “found on an NSA site.”
Teixeira further claimed to have access to intelligence from U.S. allies, including the Government Communications Headquarters, the British agency for intelligence, security and cyber affairs, at one point stating “I usually work with GCHQ people when I’m looking at foreign countries.”
Teixeira does not appear to have been acting as a foreign agent, a private hoarder, or a ‘whistle-blower’ trying to educate the general public by sharing secrets for publication in news media, making his case incredibly unique from both intelligence and judicial perspectives.
The collaborative structure of the intelligence community post-9/11 is said to have expanded access to its network of information in order to facilitate availability between agencies, invariably creating more points of vulnerability.
North Korea – 3CX
North Korean hackers breached 3CX, a software firm with hundreds of thousands of customers, using targeted phishing attacks to gain access to the firm’s systems. In what is the first proven instance of a successful and sophisticated supply-chain attack, the hackers first compromised software made by a separate firm – derivatives trading platform Trading Technologies – at which point a 3CX employee downloaded the now-defunct Trading Technologies software which the hackers had tampered with, allowing the hackers to infiltrate the company’s software production environment. Once the hackers had access to the firm’s systems they were able to steal sensitive data, including customer information and intellectual property. The data was then used to launch further cyberattacks and/or sold on the black market.
Consumer Financial Protection Bureau (CFPB)
An employee at the Consumer Financial Protection Bureau (CFPB) sent confidential data about hundreds of thousands of consumer accounts to their personal email, including approximately 14 emails with personally identifiable information (PII) related to customers of at least 7 identified institutions, along with two spreadsheets containing names and transaction-specific account numbers related to about 256,000 consumer accounts at one institution.
The CFPB is working with these institutions to notify the affected consumers, as well as with law enforcement to investigate the incident, determine the extent of the data breach, and assess the risk to consumers. The employee in question has since been fired, although despite being asked to delete the emails and subsequently provide proof, they have yet to comply. The Office of Inspector General has been notified.
These incidents are a reminder of the importance of data security. Businesses and organizations should take steps to protect sensitive data from unauthorized access, use, or disclosure. This includes implementing strong security measures and educating employees about cybersecurity best practices.