The US government and its close allies are scrambling to assess the impact of a document leak that has appeared on social media. Officials are reviewing photos of classified documents, apparently from the Pentagon, that have been shared on platforms such as Discord and YouTube. The documents appear to contain a broad range of sensitive and highly classified information, from eavesdropping on adversaries and allies to blunt assessments of the war in Ukraine. Some of the images are reportedly doctored, including casualty assessment slides for both sides in the conflict that appear to be designed to minimize Russian losses and amplify Ukrainian losses.
The documents were first posted to the 4chan political imageboard /pol/ and then spread on pro-Russian Telegram channels, where they were altered. The US military and intelligence agencies have cut off access to highly classified daily briefings for thousands of officials in response to the leak. The Defense Department has stepped up its search for the person who leaked the documents.
While it may be tempting to act quickly and disclose the leak publicly, it is important to do so with discretion. The best approach is to first gather as much evidence as possible, such as access logs and copies of the leaked material. Then, it is critical to temporarily suspend normal deletion cycles across email servers, cloud platforms, and document repositories, as well as halting any centralized shredding or printing systems until the investigation can be completed. We also use structured mapping to track chain-of-custody from the source to the point of leak, allowing us to identify and isolate potential pathways through the organization.