What you need to know about the leaked US secret documents
It could be the most serious domestic intelligence breach in years.
The posting on social media of what appears to be several highly classified U.S. intelligence documents might be just the beginning of what could turn out to be the most serious U.S. intelligence breach in more than a decade.
After last week's seeming leak, an ABC News review found dozens more top-secret documents posted in early March in a hard-to-find corner of the internet shortly after the documents were drafted.
The content of those additional documents appears to be U.S. intelligence about the war in Ukraine and in other parts of the world. And the disclosure has raised diplomatic issues as it appears that U.S. intelligence has been spying not only on its adversaries, but on allies and partners.
The apparent leak has triggered a criminal investigation by the Justice Department that will try to find out who posted the documents on the internet and why.
Here's what you need to know about what happened and what the documents contain.
What are the leaked documents?
What has been posted on the internet are dozens of photographs of printouts of what appear to be highly classified documents that show creases from having been folded.
ABC News has been able to review 38 of these apparently classified U.S. intelligence documents drafted in late February and on March 1 and March 2.
The documents are a mix of tactical statistics and maps of the battlefield in Ukraine apparently drafted by the Pentagon's Joint Staff. Others appear to be more strategic-level U.S. intelligence analyses that touch on Ukraine's fight with Russia and other regions of the world that seem to have been put together by the CIA and other U.S. intelligence agencies.
Almost all of the 38 documents are classified as top secret and contain specific information about whether they can be shared with foreign partners. They also include how the information was obtained, including signals intercepts.
More than a dozen documents apparently prepared by the Joint Staff describe the military situation in Ukraine on March 1 especially around the battlefields of Bakhmut, Kharkiv and the Donetsk region of eastern Ukraine.
They contain many statistics about Ukrainian troop levels, the training of Ukrainian forces, equipment provided to Ukraine by the U.S. and other countries and casualty numbers. One of these documents posted on social media last week was apparently altered from the previous version posted in early March to reflect lower fatality numbers for Russian forces.
The bulk of the remaining documents appear to have been produced by U.S. intelligence and are presented in paragraph form. They describe specific analytical intelligence for other parts of the world and include intelligence gathered from both adversaries and friendly nations.
There is also what appears to be a two-page CIA document summarizing the major intelligence analysis for March 2.
Who had access?
It is unclear how many U.S. government officials would have had access to any of the documents since they were not limited to only military personnel or those working only on issues related to Ukraine.
Because of their content, the documents, apparently produced by the Joint Staff, would presumably have been made available to hundreds of U.S. military personnel or U.S. officials involved in the situation in Ukraine, not just at the Pentagon but in other U.S. government departments as well.
But they would not be limited to just those officials -- so those with access could conceivably include hundreds and possibly thousands of U.S. military or civilian officials based stateside or overseas.
In order to access the materials, these officials would need access to the secure classified servers where this information would be available to them.
What's in the 38 pages of documents reviewed by ABC News?
The 38 documents reviewed by ABC News use different styles, formatting and cover varying topic areas.
They include the dozen or more slides about the battlefields of Ukraine that were apparently prepared by the Joint Staff.
Two of these documents appeared to note that Ukraine's air defense systems are at risk of experiencing supply shortfalls in coming months. Another slide lays out scenarios under which the U.S. could apparently pressure Israel into providing Ukraine with lethal aid. Other slides contain information providing apparently specific casualty numbers for Ukraine and Russia, as well as what appears to be highly specific information about the number of tanks, armored vehicles, helicopters and aircraft that have been destroyed or are available for combat.
Also included in the documents is a two-page copy of what appears to be the CIA worldwide intelligence summary for March 2. The copy of this apparent CIA document includes analysis, among other things, about the Russian Defense Ministry's views on supplying munitions to the Wagner Group, Iran readying for a space launch, South Korea's National Security Council concerned about the U.S. request to provide artillery ammunition to Ukraine, an update on the Nigerian elections and North Korea preparing for an intercontinental ballistic missile launch.
Another set of presumably highly classified documents provides more strategic-level intelligence about America's adversaries and partners. Among the details included in this apparent set of documents is information that a pro-Russia hacking group has gained access to Canadian gas infrastructure. There is also what appears to be an assessment that a Ukrainian military strike deep inside Russia or targeting Russia's leaders could give China the opportunity to provide lethal aid to Russia. This set also contains what appears to be intelligence on North Korean preparations for an ICBM test flight and describes North Korea's display of ICBM launchers at a recent parade as overselling their actual capabilities.
There is also what appears to be an eight-page strategic analysis document where most of the contents appear to have been gleaned from intercepted communications, including descriptions of South Korea's National Security Council's internal discussions about the U.S. request to push artillery ammunition to Ukraine via a third country.
Indicative of how U.S. intelligence appears to have been able to penetrate Russia's internal communications, this set of documents includes specific information about Russia's plans in Ukraine and elsewhere.
For example, there are what appear to be precise descriptions of Russian plans to carry out two separate aerial attacks in early March aimed at Ukrainian military targets and Ukrainian energy infrastructure and bridges. There is a description of what appears to be Russia's plans for combatting the tanks being sent to Ukraine by NATO countries by setting up a layered defense and training Russian troops on the tank's vulnerabilities. This set of documents also describes apparent plans by Russia's intelligence agency to conduct an influencing campaign in Africa to promote Russia's foreign policy.
The documents appear to show the U.S. has not only been spying on Russia, but also apparently on Ukraine: They describe what are said to be internal Ukrainian discussions about striking at Russian troop locations deployed to a region inside Russia.
Managing the diplomatic fallout
The State Department has not announced any plans to correct any potential misinformation contained in the documents.
Ukraine has publicly dismissed the leaked material as Russian disinformation and an attempt to sew distrust between Kyiv and Washington. But at least one report citing a source close to President Volodymyr Zelenskyy asserts that the leak has forced Ukraine to alter some of its military plans.
While the leak may temporarily complicate coordination between the U.S. and South Korea on support for Kyiv, lasting damage to the relationship appears unlikely. South Korea's president said on Monday that the alliance was still strong, and his office has said that it will hold off on making demands of the Pentagon until investigation wrap.
The Israeli government hasn't commented on the claims about the Mossad or what it might take for Israel to provide lethal aid to Ukraine.
What's next in the DOJ's criminal investigation?
The Pentagon announced this week that the Justice Department is now carrying out a criminal probe into the documents and who posted them on the internet.
According to David Aaron, a former top national security lawyer for the Justice Department involved in past high-profile leak investigations, a first step at this juncture is determining the potential line of custody of who would have had access to the materials posted online.
"If it's a lot of information, then sometimes that gives you an opportunity to narrow down your list because you're making a matrix with it," Aaron said. "If it's at a relatively low level of classification or if it's operational and needs to be widely available, that gets harder to do. And if it's going into repositories that people don't have to log into with certificates that identify them specifically, then that also gets obviously harder to do."
"If photos of printed documents were posted, then you might not have to rely on the photos. You could look at who printed the document," Aaron said.
He said once a potential suspect or suspects are identified, there will be a variety of factors for investigators to consider in moving towards charging and arresting the person or people.
"You're probably going to not want to charge them until you have more than probable cause," he said. "So you'll watch them. You'll watch them electronically. You'll watch them physically. And if they do something that forces your hand, maybe you'll arrest them sooner than you might otherwise."
"As a general matter, a counterintelligence case is usually a slower burn than a counterterrorism case, but this case may be different if it involves an ongoing leak of current operational information," Aaron said.
Another complicating factor for investigators, he noted, could be that some of the documents appear to have been posted several months ago.
"Depending on how all of this was done there could be electronic evidence that has been lost," he said. "If there was information that you could have gotten and followed up on, within days of the incident, have you lost either access to that initial information or other places it would take you with the passage of more time? That's always a big impediment."