WASHINGTON
— An intelligence contractor was charged with sending a classified
report about Russia’s interference in the 2016 election to the news
media, the Justice Department announced Monday, the first criminal leak case under President Trump.
The case showed the department’s willingness to crack down on leaks, as Mr. Trump has called for in complaining
that they are undermining his administration. His grievances have
contributed to a sometimes tense relationship with the intelligence
agencies he now oversees.
The
Justice Department announced the case against the contractor, Reality
Leigh Winner, 25, about an hour after the national-security news outlet
The Intercept published the apparent document, a May 5 intelligence report from the National Security Agency.
The
report described two cyberattacks by Russia’s military intelligence
unit, the G.R.U. — one in August against a company that sells voter
registration-related software and another, a few days before the
election, against 122 local election officials.
Continue reading the main story
ADVERTISEMENT
Continue reading the main story
The
Intercept said the N.S.A. report had been submitted anonymously. But
shortly after its article was published, the Justice Department said
that the F.B.I. had arrested Ms. Winner at her house in Augusta, Ga., on
Saturday. It also said she had confessed to an agent that she had
printed out a May 5 intelligence file and mailed it to an online news
outlet.
It was not immediately clear who is serving as the defense lawyer for Ms. Winner, who has been charged under the Espionage Act.
An accompanying F.B.I. affidavit
said she has worked for Pluribus International Corporation at a
government facility in Georgia since Feb. 13. While it did not identify
the agency or the facility, the N.S.A. uses Pluribus contractors and opened a branch facility in the suburbs outside Augusta in 2012.
The
F.B.I. affidavit said reporters for the news outlet, which it also did
not name, had approached the N.S.A. with questions for their story and,
in the course of that dialogue, provided a copy of the document in their
possession. An analysis of the file showed it was a scan of a copy that
had been creased or folded, the affidavit said, “suggesting they had
been printed and hand-carried out of a secured space.”
The
N.S.A.’s auditing system showed that six people had printed out the
report, including Ms. Winner. Investigators examined the computers of
those six people and found that Ms. Winner had been in email contact
with the news outlet, but the other five had not. In a statement, the
deputy attorney general, Rod J. Rosenstein, praised the operation.
“Releasing
classified material without authorization threatens our nation’s
security and undermines public faith in government,” he said. “People
who are trusted with classified information and pledge to protect it
must be held accountable when they violate that obligation.”
Espionage
Act charges carry a sentence of up to 10 years in prison, although
conventional leak cases have typically resulted in prison terms of one
to three years.
Once
rare, leak cases have become far more common in the 21st century, in
part because of electronic trails that make it easier for investigators
to determine who both had access to a leaked document and was in contact
with a reporter. Depending on how they are counted, the Obama
administration brought nine or 10 leak-related prosecutions — about
twice as many as were brought under all previous presidencies combined.
Mr.
Rosenstein helped prosecute one of them, a case against James E.
Cartwright, a retired four-star Marine general and a former vice
chairman of the Joint Chiefs of Staff accused of disclosing classified
information to reporters. General Cartwright pleaded guilty to lying to
investigators about his conversations with journalists but was later pardoned by President Barack Obama.
Mr. Trump called for a crackdown
in the context of leaks about what surveillance has shown about his own
associates’ contacts with Russian officials. The report Ms. Winner is
accused of leaking, by contrast, focuses on pre-election hacking
operations targeting voter registration databases and does not mention
the Trump campaign.
The American intelligence community has concluded that Russia conducted a broad influence campaign for the purpose of undermining Hillary Clinton’s candidacy and sowing doubts about the democratic process if she had won.
In October, when the Obama administration accused Russia of stealing and releasing Democratic emails, it also said
there was a pattern of probing of voter registration-related systems
that was traceable to Russian servers but stopped short of saying the
Russian government was behind it. The intelligence report, citing
unspecified information the N.S.A. obtained in April, suggests the
government is now satisfied that Moscow was the culprit.
Both
attacks described in the report relied on so-called spear phishing, a
tactic that uses spoof emails to trick users into clicking links or
opening attachments that then install malicious software on their
computers. The G.R.U. sent the emails from two free American web-based
email providers, Google’s Gmail and Microsoft’s Outlook.com, it said.
The
first attack, on Aug. 24, involved an attack on an American company
“evidently to obtain information on elections-related software and
hardware solutions.”
That
attack was most likely successful. The report said the G.R.U. used data
most likely obtained from it to conduct the second set of attacks, a
“voter registration themed spear-phishing campaign targeting U.S. local
government organizations.”
Specifically,
it said, in late October or early November, the G.R.U. sent to 122
local elections officials emails designed to look as if they were from
that company and containing attachments designed to look like an updated
system manual and checklist. Opening the attachment would download
malicious software from a remote server, the report said.
The
report masked the name of the software vendor, referring to it as “U.S.
Company 1,” in keeping with standard minimization rules for
intelligence reports based on surveillance. However, the report
contained references to an electronic voter identification system used by poll workers and sold by VR Systems, a Florida company.
VR
Systems’ website said its products were used by jurisdictions in
California, Florida, Illinois, Indiana, New York, North Carolina,
Virginia and West Virginia. In a statement, VR acknowledged that there
had been a problem, while stressing that none of its products dealt with
vote marking or tabulation.
“When
a customer alerted us to an obviously fraudulent email purporting to
come from VR Systems, we immediately notified all our customers and
advised them not to click on the attachment,” it said. “We are only
aware of a handful of our customers who actually received the fraudulent
email and of those, we have no indication that any of them clicked on
the attachment or were compromised as a result.”
Correction: June 6, 2017
The headline on an earlier version of this article incorrectly described the charge that Reality Leigh Winner is facing. It is for leaking, not espionage.
The headline on an earlier version of this article incorrectly described the charge that Reality Leigh Winner is facing. It is for leaking, not espionage.
No comments:
Post a Comment