Did the CIA Set Up NSA Leaker Reality Winner?
Throughout January, a deluge of previously concealed evidence exposing how journalists, spies and social media platforms perpetuated and maintained the RussiaGate fraud has entered the public domain at long last, via the Elon Musk-approved “#TwitterFiles” series.
While Twitter’s Pentagon-connected owner evidently has a partisan agenda in releasing this material, the at-times explosive disclosures amply confirm what many independent journalists and researchers had long argued. Namely, false claims of Kremlin-directed bot and troll operations online were duplicitously weaponized by an alphabet soup of U.S. intelligence agencies to bring major social networks to heel, and enduringly enshrine their status as subservient wings of the national security state.
Yet, while RussiaGate only becomes ever-more dead and buried over time, and the true purposes it served becomes increasingly stark, a central component of the conspiracy theory stubbornly clings to life. In June 2017, The Intercept published a leaked N.S.A. document, which it claimed revealed “a months-long Russian hacking effort against the U.S. election infrastructure.”
Ever since, it has been an article of faith in the mainstream media and among Democratic politicians that Russian G.R.U. cyberwarriors “hacked” the 2016 election, if not others too, by malevolently attempting to alter vote tallies to skew results. Moreover, Reality Winner, the N.S.A. analyst who leaked the document and ended up in jail as a result, has been elevated to the status of a heroic whistleblower on a par with Edward Snowden.
These outcomes, or at least something like them, may well have been the specific objectives of the individual and/or entity that furnished the N.S.A. with the information contained in the leaked report. For as we shall see, there are strong grounds to believe Winner unwittingly walked into a trap laid by the C.I.A.
G.R.U. “Hacking Operations”
Before The Intercept had even published its scoop on the leaked file, Reality Winner was in jail, pending trial for breaches of the Espionage Act. Her arrest, announced by the Department of Justice on the same day the story was published, only added to the mainstream frenzy that erupted in the wake of its publication.
Overnight, the hitherto unknown Winner, a United States Air Force Intelligence Squadron veteran who’d received a medal for aiding the identification, capture, and assassination of hundreds of “high-value targets,” became a major cause célèbre for Western liberals, and campaigns calling for her release backed by major press freedom and digital rights groups sprouted in profusion.
Winner’s incarceration, and the failure of the N.S.A. to take action on the report’s findings publicly or privately, also furthered suspicions that proof of Donald Trump’s ties to the Kremlin being subject to a politicized coverup at the highest levels, in which the ostensibly independent U.S. intelligence community itself was implicated.
It is perhaps due to Winner becoming the main focal point of the scandal, combined with desperation among liberal politicians and journalists to substantiate the RussiaGate narrative, that the leaked report’s details were never subject to serious mainstream scrutiny.
While The Intercept declared the document “displays no doubt” that a wide-ranging cyberattack in which spear-phishing emails were dispatched to over 100 local election officials mere days before the 2016 election “was carried out by the G.R.U.,” its contents suggest nothing of the kind.
The report, authored by an N.S.A. intelligence analyst, does attribute this activity to the G.R.U. But the underlying “raw intelligence” – evidence upon which that conclusion is based – is not contained in the file. It is abundantly clear, though, the finding was far from concrete anyway.
For one, the report states, “it is unknown if the G.R.U. was able to compromise any of the entities targeted successfully.” Still, more significantly, the agency is said only to be “probably” responsible – an “analyst judgment” based on the purported hacking campaign having “utilized some techniques that were similar to other G.R.U. operations.” The analyst is nonetheless forced to concede “this activity demonstrated several characteristics that distinguish it [emphasis added]” from known prior G.R.U. hacking operations.
Yet further cause for doubt about the report’s clearly unsupported headline claim is provided by the extremely unsophisticated methods employed by who or what was behind the spear-phishing efforts, which included the use of a blatantly fraudulent Gmail account. Evidently, this was not a professional operation and had very little chance of succeeding. Why would an elite intelligence agency stoop to such rudimentary tactics, particularly if its operatives were seriously determined to compromise U.S. election integrity?
Even more dubiously, among the named recipients of a purported G.R.U. spear-phishing email is the election office of American Samoa, an unincorporated U.S. territory located in the South Pacific, southeast of Samoa itself. Its population is just 56,000, and they cannot vote in mainland elections.
While a criminal hacker might have an interest in personal data held by such an entity, it is difficult to conceive what possible grounds a military intelligence agency would have for seeking access to such a trove. This interpretation is furthered by a chart in the N.S.A. report referring to how the same hacker also attempted spear-phishing campaigns targeting other email addresses, including those registered with Mail.ru, a Russian company.
These shortcomings, rather than a concerted coverup, may account for why the report was not publicized or acted upon by the N.S.A. The Intercept, however, bombastically dubbed the document “the most detailed U.S. government account of Russian interference in the election that has yet come to light.”
“Speed and Recklessness”
When asked by journalist Aaron Maté in a September 2018 interview about “the possibility that the significance of this document has been inflated,” Jim Risen, senior national security correspondent at The Intercept and director of First Look Media’s Press Freedom Defense Fund (which supported Winner’s legal defense) was at a total loss.
Audibly flustered and irritated by this repeated line of questioning, Risen then terminated the interview abruptly when Maté sought to probe him over “criticism” of how The Intercept handled the document, which all but ensured Winner’s identification and imprisonment.
Now departed co-founder of The Intercept Glenn Greenwald rightly branded Winner’s exposure “deeply embarrassing,” claiming it resulted from “speed and recklessness.” A New York Times post-mortem of the debacle confirmed the two reporters who took the lead on the story, Matthew Cole and Richard Esposito – whose sloppiness and dishonesty landed C.I.A. whistleblower John Kiriakou in jail in 2012 for disclosing secrets about the Agency’s torture program – were “pushed to rush the story to publication.”
It would be entirely unsurprising if this pressure emanated from Betsy Reed, then editor-in-chief of The Intercept, a committed RussiaGate advocate who in 2018 slammed left-wing skeptics of the narrative as “pale imitations” of Glenn Greenwald, lacking his “intelligence [and] nuance.” When former FBI director Robert Mueller’s special counsel investigation conclusively found no indication of a secret relationship between Trump and the Kremlin the next year, she claimed the failed probe, in fact, identified “plenty” of “soft loose” collusion.
The outlet’s haste to publicize the leaked N.S.A. report meant in-house digital security specialists at The Intercept were not consulted, leading Cole and Esposito to make a number of shocking blunders in attempting to verify the document pre-publication. First, they contacted a U.S. government contractor via unsecured text message, informing them they had received a printed copy of the document in the mail, postmarked Augusta, Georgia, where Winner then lived. This contractor subsequently informed the N.S.A.
Then, The Intercept approached the N.S.A. directly with a copy of the report. As Winner’s arrest warrant attests, examination of the material showed pages within it were creased, “suggesting they had been printed and hand-carried out of a secured space.”
While all color printers embed borderline invisible patterns on each page, allowing for individual devices to be identified via serial number, the N.S.A. simply checked which of its staffers had printed the document. Six had, and Winner was among them. Further checks of the sextet’s desk computers showed she, and only she had used hers to contact The Intercept.
The outlet’s failure to undertake even the most basic measures to protect their source terminally damaged its reputation and remains a stain upon it and its senior staff to this day. Nonetheless, there has never been any acknowledgment of how inept and incautious Winner’s own actions were.
Even if The Intercept had not readily handed over distinguishing clues to the N.S.A, her highly self-incriminating use of a work computer to email the outlet, along with identifying the specific area where she resided, were in themselves smoking guns that almost inevitably would have led to her exposure.
“Ignore Dissenting Data”
Winner has always claimed she acted alone, and there is no reason to doubt that she felt it was her patriotic duty to release the document. But her clumsiness, naivety and incompetence suggest she may well be easily manipulable, and a great many individuals and organizations had an interest in the dud intelligence report’s release. Foremost among them, elements of the C.I.A. loyal to John Brennan, Agency director between 2013 and January 2017.
Two weeks before Donald Trump took office, Brennan presented an Intelligence Community Assessment (I.C.A.) on “Russian Activities and Intentions in Recent US Elections.” It declared American spooks had “high confidence” that Moscow interfered in the 2016 election to help the upstart outsider seize power. While the document contained nothing to substantiate that charge, its dubious assertions were eagerly seized upon by the media.
It was not revealed until four years later that this “confidence” wasn’t shared by the U.S. intelligence community. Instead, Brennan personally authored the report’s incendiary conclusions, then selected a clique of his own confidantes to sign off on them. This subterfuge irked many analysts within and without the C.I.A. who assessed Russia, in fact, favored a Hillary Clinton victory, given Trump was an unpredictable “wild card” calling for much-increased U.S. military spending.
“Brennan took a thesis and decided he was going to ignore dissenting data and exaggerate the importance of that conclusion, even though they said it didn’t have any real substance behind it,” stated a senior U.S. intelligence official.
The only trace of dissent to be found in the I.C.A. is a reference to the N.S.A. not sharing the “confidence” of the C.I.A. in its findings. While wholly overlooked at the time, this deviation was massively consequential, given the N.S.A. closely monitors the communications of Russian officials. Its operatives would therefore be well-placed to know if high-level figures in Moscow had discussed plans to assist Trump’s campaign or even viewed him positively.
Brennan fudged the I.C.A. findings to keep the F.B.I. Trump-Russia “collusion” investigation alive. Launched by the Bureau in 2016, it found no evidence Trump or members of his campaign were conspiring with Moscow. The N.S.A. publicly breaking ranks would have inevitably been poorly received by Brennan and his allies in Langley, given it undermined their malign objectives.
As such, it is an obvious question whether Winner’s leak – in addition to furthering the RussiaGate fiction and damaging Trump – also served to discredit the N.S.A. by creating the illusion it had been asleep at the wheel over Kremlin meddling, if not actively suppressing evidence of this activity from the public.
Winner need not have been a willing or conscious collaborator in this scenario; the introduction of the report she leaked notes opaquely that information about the purported G.R.U. hacking effort became available in April 2017. The nature of this information and its source is unstated; could it have been the C.I.A. or operatives thereof?
“Exposing a White House Coverup”
Winner was convicted in August 2018 and jailed for 63 months, the longest sentence ever imposed for the unauthorized release of classified information to the media in U.S. history. Her appallingly harsh sentence was accordingly framed as politically motivated, yet further proof then-President Donald Trump had been compromised by and/or owed his upset election victory to the Kremlin and was desperate for this to be swept under the rug.
Released in June 2021, Winner remains under probation until November 2024, is not allowed to leave southern Texas, has to obey a strict curfew, and must report any interaction with the media in advance, a shocking coda to her time behind bars. Still, while allegedly facing imprisonment for discussing the document she leaked publicly, a documentary on her case is in production, and she has conducted multiple interviews with both mainstream and independent journalists.
In Winner’s most prominent media appearance to date, in July 2022, CBS aired a highly sympathetic, lengthy sit-down discussion with her, likely watched by millions. Apparently unconcerned about legal ramifications, she made a number of bold claims and statements throughout, at total odds with comments at her sentencing, when she told the judge, “my actions were a cruel betrayal of my nation’s trust in me.”
For its part, CBS rather unbelievably declared, based on the word of “two former officials,” that her leak “helped secure the 2018 midterm election,” as it revealed the “top secret emails” used by the hackers. Quite what threat those addresses could have posed, or why they would continue to be used a year-and-a-half after the report became publicly available, is not clear.
The program’s framing of Winner, in her own words, “exposing a White House coverup” as “the public was being lied to” was even more curious. A clip of Trump being interviewed by John Dickerson – “typical of the time,” according to CBS – was inserted, in which the President stated, “if you don’t catch a hacker in the act, it’s very hard to say who did the hacking.”
“I’ll go along with Russia, could’ve been China, could’ve been a lot of different groups,” he added before a CBS narrator stated dramatically, “but it was Russia, and the NSA knew it,” as Winner “had seen proof in a top-secret report on an in-house newsfeed.” The program then cut back to the former N.S.A. analyst: “I just kept thinking, ‘My God, somebody needs to step forward and put this right. Somebody.’”
In that clip, Trump was, in fact, discussing which party was responsible for purported cyberattacks on the Democratic National Committee servers (D.N.C.), not the spear-phishing attack on election officials detailed in the leaked N.S.A. report. This dishonest sleight of hand by the program’s producers is nonetheless illuminating, for it highlights another potential utility of that report’s leak from the perspective of the C.I.A. – obfuscating its own role in the hack-and-leak of Democratic Party emails.
That the D.N.C. servers were hacked by Russian intelligence is widely accepted, a conclusion based primarily on the findings of D.N.C. contractor CrowdStrike. Yet, when grilled under oath by the Senate Intelligence Committee on the matter in December 2017, the company’s chief, Shawn Henry, revealed he, in fact, possessed no “concrete evidence” the files were “actually exfiltrated” by anyone – dynamite testimony that was hidden from public view for over two years.
CrowdStrike’s case for Russian culpability was predicated on a number of seemingly injudicious errors on the part of the hackers, such as their computer username referencing the founder of the Soviet Union’s secret police, Russian text in their malware’s source code, and ham-fisted attempts to use the Romanian language. However, WikiLeaks’ Vault 7 disclosures show the CIA’s “Marble Framework” deliberately inserts these apparent failings precisely into a cyberattack’s digital footprint to falsely attribute its own hacking to other countries.
The Agency would have had good reason for falsely attributing the emails’ source. For one, at this time, the C.I.A. was tearing its proverbial hair out attempting to link WikiLeaks – the organization that published them – and its founder Julian Assange with a foreign actor, preferably Russia, to secure legal justification for engaging in hostile counterintelligence operations against the organization and its members.
By framing the emails as Russian-hacked, media and public attention were also diverted from the communications’ contents, which revealed corruption by the Clinton Foundation and meddling in the Democratic Party primaries to prevent Bernie Sanders from securing the Presidential nomination. Meanwhile, concerns about whether D.N.C. staffer Seth Rich’s still-unsolved July 2016 murder was in any way related to his potential role in leaking the material were very effectively silenced.
The fate of Assange (and perhaps Rich, too) is a palpable demonstration of what can so often befall those who publish damaging information powerful people and organizations do not want in the public domain. Winner’s veneration by the U.S. liberal establishment, and post-release promotion by the mainstream media, should, at the very least, raise serious questions about who or what ultimately benefited from her well-meaning, personally destructive actions.
Feature photo | Illustration by MintPress News
Kit Klarenberg is an investigative journalist and MintPresss News contributor exploring the role of intelligence services in shaping politics and perceptions. His work has previously appeared in The Cradle, Declassified UK, and Grayzone. Follow him on Twitter @KitKlarenberg.