A federal contractor has been charged with removing classified material from a government facility and mailing it to a news outlet, the U.S. Department of Justice announced on Monday.
Reality Leigh Winner, 25, of Augusta, Georgia, had worked as an NSA contractor with Pluribus International Corporation since mid-February. Winner allegedly abused her top secret clearance to access a classified intelligence report, which she printed and mailed to a news outlet that has not been named by authorities.
The news outlet in question is said to be The Intercept, which published an article on Monday based on top secret NSA documents claiming that hackers linked to Russia’s military had repeatedly attempted to break into U.S. voting systems before last year’s presidential election. The Intercept said it obtained the NSA materials from an anonymous source.
According to court documents, reporters informed intelligence officials of their intention to publish an article. The copy of the document provided by the news outlet to officials was “folded and/or creased,” which allowed government investigators to determine that the document had been printed and physically carried out of the facility.
An internal audit showed that a total of six individuals had printed the leaked report and one of them was Winner. An analysis of the desk computers used by these six individuals revealed that Winner had contacted the news outlet via email.
The FBI obtained a search warrant for Winner’s residence, and authorities said the woman admitted printing the report and mailing it to the news organization, despite knowing that the material was classified.
Winner printed the classified report on May 9 and mailed it a few days later. She was arrested by the FBI on June 3 and on Monday she was charged with removing classified material from a government facility and mailing it to a news outlet.
“Exceptional law enforcement efforts allowed us quickly to identify and arrest the defendant,” said Deputy Attorney General Rod J. Rosenstein. “Releasing classified material without authorization threatens our nation’s security and undermines public faith in government. People who are trusted with classified information and pledge to protect it must be held accountable when they violate that obligation.”
The article published by The Intercept based on documents provided by Winner revealed that hackers associated with Russian military intelligence, specifically the Russian General Staff Main Intelligence Directorate (GRU), sent spear-phishing emails to employees of VR Systems, a Florida-based vendor of electronic voting services and equipment, in order to trick them into handing over their credentials.
The hackers then used the compromised credentials to deliver malware to local government employees by posing as the vendor. It’s unclear, however, if this phase of the attack was successful.
The United States has officially accused Russia of attempting to interfere with its presidential elections, but Moscow has repeatedly denied the accusations. Last week, Putin once again denied that the Russian government is involved in hacking operations, but admitted that patriotic hackers could launch politically motivated attacks against “those speaking ill of Russia.”
The U.S. is currently conducting an investigation to assess the impact of cyberattacks on the outcome of the elections, but Putin is convinced that hackers cannot influence an election campaign.