Nope, I don't buy the story on A1C Texiera
I think A1C Jack Texiera is a patsie, and we will soon see all the ways his misfortune and idiocy will be exploited to the gain of people with much more serious intentions than he had.
It's almost like Martians are covering the World Series, the difference between how the New York Times and other mainstream media are covering the case of A1C Jack Texiera, the Massachusetts Air National Guard member who photographed Top Secret information and posted it on a Discord channel, versus how actual people who know how these things really are see it.
The media plays up some weird motive about why a 21-year-old kid would post that kind of stuff to an online group:
He guided a group of 20 to 30 people, mostly young men and teenagers, as they bonded over guns, racist memes, video games and international politics.
I've been in the cybersecurity field for decades, and I've seen 17-year-olds go for the brag on how they cracked this or that site, not knowing that they're talking to a sysadmin in a chatroom, who is recording their every word for the D.A. to use against them, while running a trace to find exactly who is behind that keyboard. So yeah, I think maybe this started out as a brag.
But there are really two possibilities here, as I wrote a few days ago. One is that the leaker, A1C Texiera, was able to bypass and subvert all the INFOSEC controls, at what we now know is the 102nd Intelligence Wing at Joint Base Cape Cod (Otis Air Reserve Base). He was able to sit at his cubicle, access all kinds of documents to which he had no legal right to view, transcribe that information, bring it out with him, and eventually print the #$%*#$%* documents and take them out of the secure environment, known as a SCIF, photograph them at home, and post the images to Discord.
The technical controls around the Top Secret / Sensitive Compartmentalized Information (TS/SCI) protected data are more than just "enter your password here" (Oh, you used "p@$$w0rd" as your password? No problem!) and boom, bada bing, here's the files. There are layers and authentication steps, and logs and auditable events, and system alerts galore attached to these files. Whole books and standards (start with NIST 800-60 and FedRAMP control baselines) have been written on how government secrets must be protected.
If Texiera indeed acted totally alone and nobody saw what he did until the other day when the images were flying around Twitter and 4Chan, then whoever is in the chain of command, from the SSGT supervising this kid's office to the directorate chief, to the friggin' wing commander, should be relieved, if not brought up on charges for gross incompetence. Nevermind the people who run the servers and data centers where the information originated, those folks would probably lose their jobs or at least their clearances.
But from everything in the news, none of that happened. There was barely any shock, other than words like "deep concern" about the state of our military's INFOSEC program and the way we protect our secrets.
Well, I'm not buying it.
The second possibility is that our counterintelligence folks knew exactly who A1C Texiera was, and what he was doing. They probably knew the moment he spent a bit too long browsing some files he had no "need to know" seeing. It's one thing if in your job, you have to pull a file or move it to another secure location, or print it for some briefing, and in the process, you see it. That's why the government gives out TS/SCI clearances to 21-year-old A1Cs. But when I was dealing with classified data, decades ago, they made us account for every page we printed in the secure environment. I doubt things are less secure today than they were then.
The moment Texiera started spending too much time on these files or moved around to other files, I guarantee someone in the back end saw some kind of digital flashing red light. This is not an Edward Snowden situation, where Snowden had almost unlimited system administrator access to raw data, as a highly trusted contractor. Plus, Snowden got caught almost immediately--he had planned his data dump and his exit from the country, knowing he had a very limited time once he dumped the data.
But Texiera started posting in December 2022, and continued almost right up until he was picked up by the FBI. He knew they were looking for him. And I have to believe there's more to this story than what we're told. The official press line is that this kid got away with taking printed Top Secret briefing material out of a SCIF, because he was a support dog not an intel analyst. Maybe they can get away with it once, but not for months. Nope: if that's true then the entire wing is going to get the hammer--but I suspect there's something else here.
You should read the Reddit thread of actual Air Force folks who deal with cyber. This link here. User ncsubp wrote "That whole wing better be ready to bend over." User enemyweeb posted "Even if he had a tippy top TS there ain’t no way a random intel A1C had anywhere close to the need-to-know for all the stuff that ended up being leaked. There must’ve been numerous OPSEC failures from top to bottom."
But we don't see the FBI or DIA or AFOSI raiding the 102nd Intel Wing. We see a few random "we're shocked!" comments from some allies, but in general it's, as the Washington Post noted "crickets." As if they already knew.
In conversation with folks I personally know, who have run military IT shops, I hear that "there's more to the story" and we probably will never know most of it. There's a response being prepared, and the government is going to use this event to further the interests of whatever political and managerial group is writing the response. What happened here happened in full public view, and I suspect the folks who let it play out that way wanted it to be public. Whatever juice Texiera leaked (which wasn't really that damaging) was, to them, worth the squeeze when they get to play their political tune out of it.
When the DIA or AFOSI or whoever had Texiera on their radar, they could have acted at any time, quietly done a UCMJ, Article 15, court-martial, and dishonorable discharge on the mixed-up idiot who broke INFOSEC. But there would be no story. So maybe they let him continue, and just fed him stuff they knew would not really cause problems, letting some of the chain of command in on the operation, and tipping off a few of our allies. Maybe even planted someone in the Discord group to egg him on.
Of course, that's a cynical take, but I am not the only one who shares it. The folks who work day and night, who spent 20 year military careers in cyber or intelligence, aren't buying this story.
There's a word we use for useful idiots who are left to dig their own holes, so that other people with agendas can push them in and shovel the dirt on top, while they play king-of-the-mountain. That word is "patsie." I think A1C Jack Texiera is a patsie, and we will soon see all the ways his misfortune and idiocy will be exploited to the gain of people with much more serious intentions than he had. (Like monitoring your personal communication to limit your political views.)
From what I’ve seen, it wasn’t just a computer leak. Part of how they identified him was by identifying items in the margins of pictures of paper documents that he posted to the internet. He either had to print the documents himself (that would probably be traceable) or he picked up undestroyed documents somewhere.
https://twitter.com/trbrtc/status/1646592080293122067?s=61&t=X6XxCDIBmdrPHrSiKT5oaQ
"Of course, that's a cynical take, but I am not the only one who shares it. The folks who work day and night, who spent 20 year military careers in cyber or intelligence, aren't buying this story."
You basically have fleshed out what I've been mulling around since yesterday. I've been wondering if he was pulling documents out of a honeypot set up for him to to peruse and pull from.