The Justice Department charged an intelligence contractor with sending a classified report about Russia’s interference in the 2016 election about an hour after an online news outlet published the apparent document, a May 5 intelligence report from the National Security Agency.

Share story

WASHINGTON — An intelligence contractor was charged with sending a classified report about Russia’s interference in the 2016 election to the news media, the Justice Department announced Monday, the first criminal leak case under President Donald Trump.

The Justice Department announced the case against the contractor, Reality Leigh Winner, 25, about an hour after the national-security news outlet The Intercept published the apparent document, a May 5 intelligence report from the National Security Agency (NSA).

The report described two cyberattacks by Russia’s military intelligence unit, the GRU — one in August against a company that sells voter registration-related software and another, a few days before the election, against 122 local election officials.

The Intercept said the NSA report had been submitted anonymously. But shortly after its article was published, the Justice Department said that the FBI had arrested Winner at her house in Augusta, Georgia, on Saturday. It also said she had confessed to an agent that she had printed out a May 5 intelligence file and mailed it to an online news outlet.

The case showed the department’s willingness to crack down on leaks, as Trump has called for in complaining that they are undermining his administration. His grievances have contributed to a sometimes tense relationship with the intelligence agencies he oversees.

An accompanying FBI affidavit said Winner, who has been charged under the Espionage Act, has worked for Pluribus International, at a government facility in Georgia since Feb. 13. While it did not identify the agency or the facility, the NSA uses Pluribus contractors and opened a branch facility in the suburbs outside Augusta in 2012.

The FBI affidavit said reporters for the news outlet, which it also did not name, had approached the NSA with questions for their story and, in the course of that dialogue, provided a copy of the document in their possession. An analysis of the file showed it was a scan of a copy that had been creased or folded, the affidavit said, “suggesting they had been printed and hand-carried out of a secured space.”

The NSA’s auditing system showed that six people had printed out the report, including Winner. Investigators examined the computers of those six people and found that Winner had been in email contact with the news outlet, but the other five had not. In a statement, the deputy attorney general, Rod Rosenstein, praised the operation.

“Releasing classified material without authorization threatens our nation’s security and undermines public faith in government,” he said. “People who are trusted with classified information and pledge to protect it must be held accountable when they violate that obligation.”

Espionage Act charges carry a sentence of up to 10 years in prison, although conventional leak cases have typically resulted in prison terms of one to three years.

Once rare, leak cases have become far more common in the 21st century, in part because of electronic trails that make it easier for investigators to determine who both had access to a leaked document and was in contact with a reporter. Depending on how they are counted, the Obama administration brought nine or 10 leak-related prosecutions — about twice as many as were brought under all previous presidencies combined.

Rosenstein helped prosecute one of them, a case against James E. Cartwright, a retired four-star Marine general and a former vice chairman of the Joint Chiefs of Staff accused of disclosing classified information to reporters. Cartwright pleaded guilty to lying to investigators about his conversations with journalists but was later pardoned by President Barack Obama.

Trump called for a crackdown in the context of leaks about what surveillance has shown about his own associates’ contacts with Russian officials. The report Winner is accused of leaking, by contrast, focuses on pre-election hacking operations targeting voter-registration databases and does not mention the Trump campaign.

The U.S. intelligence community has concluded that Russia conducted a broad influence campaign for the purpose of undermining Hillary Clinton’s candidacy and sowing doubts about the democratic process if she had won.

In October, when the Obama administration accused Russia of stealing and releasing Democratic emails, it also said there was a pattern of probing of voter registration-related systems that were traceable to Russian servers, but it stopped short of saying the Russian government was behind them. The intelligence report, citing unspecified information the NSA obtained in April, suggests the government is now satisfied that Moscow was the culprit.

Both attacks described in the report relied on spear phishing, a tactic that uses spoof emails to trick users into clicking links or opening attachments that then install malicious software on their computers. Russia’s GRU sent the emails from two free American web-based email providers, Google’s Gmail and Microsoft’s, it said.

The first attack, on Aug. 24, involved an attack on a U.S. company “evidently to obtain information on elections-related software and hardware solutions.”

The report masked the name of the software vendor, referring to it as “U.S. Company 1,” in keeping with standard minimization rules for intelligence reports based on surveillance. However, the report contained references to an electronic voter-identification system used by poll workers and sold by VR Systems, a Florida company.

VR Systems’ website said its products are used by jurisdictions in California, Florida, Illinois, Indiana, New York, North Carolina, Virginia and West Virginia. The firm’s chief operating officer, Ben Martin, did not respond to a voicemail message.

That attack was likely successful. The report said the GRU used data likely obtained from it to conduct the second set of attacks, a “voter registration themed spear-phishing campaign targeting U.S. local government organizations.”

Specifically, it said, in late October or early November, the GRU sent to 122 local elections officials emails designed to look like they were from that company and containing attachments designed to look like an updated system manual and checklist. Opening the attachment would download malicious software from a remote server, the report said.

Russia’s president, Vladimir Putin, shifted last week from his blanket denials of meddling in the election and suggested that “patriotically minded” private Russian hackers could have been involved in the cyberattacks this past year.

Also Monday, the White House said Trump won’t try to use executive privilege to block former FBI Director James Comey from testifying this week before a Senate panel.

The president fired Comey on May 9 as the FBI was looking into contacts between Russia and Trump’s associates. While Trump and his aides initially said he had acted at the recommendation of the deputy attorney general because of the way Comey handled last year’s investigation into Hillary Clinton’s emails, Trump later said he had already decided to fire the FBI director regardless of any recommendations and that he had the Russia investigation in mind.

On the day after Trump pushed out Michael Flynn, his national-security adviser, who had provided misleading accounts of a phone call with Russia’s ambassador, the president asked Comey to drop the investigation into Flynn, according to notes Comey took.

Comey refused.