Sometime in January, seemingly unnoticed by the outside world, an anonymous member of a group numbering just over a dozen began to post files – many labeled as top secret – providing details about the war in Ukraine, intercepted communications about US allies, such as Israel and South Korea, and details of American penetration of Russian military plans, among other topics.

The documents, which appear to have numbered in the hundreds, stayed among the members of the tiny group on the Discord messaging platform until early March, when another user reposted several dozen of them to another group with a larger audience. From there, at least 10 files migrated to a much bigger community focused on the Minecraft computer game.

On Wednesday, with the US government apparently still unaware, a Russian propaganda account on Telegram posted a crudely doctored version of one of the documents, alongside a few unedited ones.

The Federal Bureau of Investigation and the Justice Department are now on a sprawling hunt for answers on how the dozens of images that purport to show secret documents surfaced online. A government probe, launched Friday at the request of the Defence Department, is searching for the source of the leak.

A Justice Department spokeswoman declined to comment Sunday on the status of the investigation.

The leak is shaping up to be one of the most damaging intelligence breaches in decades, officials said. The disclosure complicates Ukraine’s spring offensive. It will likely inhibit the readiness of foreign allies to share sensitive information with the US government. And it potentially exposes America’s intelligence sources within Russia and other hostile nations.

A decade after National Security Agency contractor Edward Snowden leaked a giant cache of top-secret documents about surveillance and other intelligence activities, the US government is still unable to protect against such breaches.

“How the heck are we back here again?” said Brett Bruen, president of Global Situation Room, a national security consulting firm, and a former White House official in the Obama administration. “These kinds of large scale security breaches were supposed to be a thing of the past. New controls and checks were put in place. Yet, clearly it wasn’t enough and we need a major rethink [and] revision to the classified protection process.”

Who had access

The Wall Street Journal wasn’t able to independently authenticate the documents, but they contain enough detail to give them credibility. Defence officials have said they believe some of the documents could be authentic.

In total, just over 50 documents with Secret and Top Secret classification markings have surfaced so far, and have been viewed by the Journal and a variety of independent intelligence analysts. A critical question is who had access, and when, to the hundreds of others that were posted in the original group between January and March, and how significant are the secrets that these files contain.

The US intelligence community is expected to take measures to protect the sources and methods used in the collection of data in that material. “You have to assume it is compromised,” said Thomas Rid, professor of strategic studies at Johns Hopkins University. “But assuming that the adversary has it is one thing, knowing it is another.”

The probe into the leak will be among the FBI’s top priorities as investigators search for who had access to the information, and who would have motive to make it public, said Joshua Skule, a former FBI senior executive who is now the president of the government contracting firm Bow Wave.

“They are going to be looking to get to the bottom of who did it as expeditiously as possible, they are going to be sparing no resource,” Mr. Skule said. “The FBI is approaching this as if someone has committed a treasonous act.”

The leaked documents are photographs of presentations and files that had been printed out on A4 paper. They appear to have been folded twice, perhaps to be smuggled out of a secure facility. A variety of items can be seen in the margins of the photos, including Gorilla glue, shoes and instructions for a GlassHawk HD spotting scope, details that could facilitate the search for the leaker.

Mykhailo Podolyak, an adviser to Ukrainian President Volodymyr Zelensky, said in a Telegram post that it was unlikely that Russia was behind the original intelligence breach.

“If you have an operating channel to obtain intelligence from the Pentagon, you don’t burn it for a one-day publicity drive,” he wrote. By publicising the leak, he added, Russia aimed to distract attention from Ukraine’s preparations for the offensive, and to “sow certain doubts and mutual suspicions” between Kyiv and its partners.

Mr. Zelensky reacted to the leak by ordering new measures to clamp down on unauthorised disclosures of military information. The US has also changed how military personnel access such documents, defence officials said last week.

The most damaging files, security analysts say, are the roundups of vetted intelligence material compiled in the Central Intelligence Agency’s operations centre intelligence update. They include information on conversations that the US had intercepted within allied governments, such as communications of the leaders of Israel’s Mossad intelligence service and discussions among members of South Korea’s national security council on whether to sell ammunition that could end up in Ukraine.

Even more sensitive is the information that appears derived from the US penetration of the Russian government, such as details on how a Russian hacker shared screenshots with the FSB security service on accessing Canada’s natural-gas infrastructure, internal Russian ministry of defence deliberations on supplying ammunition to the Wagner paramilitary group, and plans by Russian military intelligence to foment an anti-Western and anti-Ukrainian campaign in Africa.

Aric Toler, head of research and training at the Bellingcat investigative consortium, which has carried out several probes of Russian intelligence operations, said that he has been in touch with three original members of the Discord group.

The group’s members saw hundreds of classified files before the channel was wiped clean, he said. Most members are based in the US The identity of the original poster remains unknown.

Baffling pattern

Document leaks have emerged as a common tactic during the war in Ukraine, but the posting of the apparent US intelligence files on Discord, an online chat service favoured by video game players, follows a different, somewhat baffling pattern, according to analysts.

Once global attention was drawn to the leak, members of the Discord groups scurried to delete their accounts and to purge their servers, fearing retribution by the US government and unwelcome attention from foreign intelligence agencies.

“I left that server and I really hope that I am safe,” one of the users, who had uploaded some of the leaked files to the Minecraft community, posted on Friday, adding a crying emoji.

Founded eight years ago in San Francisco, Discord first gained popularity as software that gamers could use to talk to each other in a group. The majority of these chat servers are private – shared by friends – but they can be public, too. Discord also hosts communities supporting Ukraine’s cause.

On Sunday, Discord’s website listed more than 20,000 public servers, the majority of them concerning gaming. “It’s a very reliable service when the games are acting glitchy,” said Levi Gundert, chief security officer with the intelligence firm Recorded Future.

Researchers at Mr. Gundert’s firm have also found unsavoury content on the platform, such as terrorist propaganda and tools for hackers. “It really looks more like a kind of free-for-all in terms of the content that’s available,” he said.

Discord would likely have information about the users of the original group’s server that would be of use to law enforcement investigators, Mr. Gundert said.

A Discord spokeswoman declined to comment.

The latest leak isn’t the first time sensitive documents have shown up on a gaming-related server. Last year, a player of the WarThunder military vehicle combat game posted real classified information on the British Challenger 2 tanks, while a year earlier another user posted a classified manual for the French Leclerc tanks.

The new disclosures are far more significant. They include information about the types of heavy weapons and equipment of the nine Ukrainian brigades that the US and allies are preparing for the coming spring offensive; precise details on the quickly dwindling ammunition of the Ukrainian air defence systems; the level of protection of critical infrastructure sites; and details on how many tanks, artillery pieces and military aircraft Ukraine operates.

The slide initially publicised on Wednesday and Thursday by Russian propaganda Telegram accounts had been doctored to inflate Ukrainian battlefield casualties and to minimise Russian ones. The crude nature of the alteration suggests this wasn’t a high-level intelligence operation, security analysts said.

Another purported Pentagon document that emerged on Friday contained the same estimate of Ukrainian and Russian battlefield fatalities as the unaltered slide: up to 43,000 Russian troops and up to 17,500 Ukrainian troops, in addition to as many as 41,000 Ukrainian civilians.

Dow Jones

More Coverage

Withdrawal from Afghanistan emboldened Russia

Editorial

More related stories

World

‘Fat’ chance: whale-size cabinet male, stale

Prabowo Subianto’s “fat” cabinet aims to eliminate all parliamentary opposition and reward all those who backed his third-time lucky presidential race.

Read more

The Wall Street Journal

Austin won’t budge on Ukraine’s biggest weapons requests

Lloyd Austin has helped bolster Ukraine’s fight against Russia but has argued for limiting military aid.

Read more