© Margaret Small/AP
Massachusetts Air National Guardsman Jack Teixeira appears in U.S. District Court in Boston on Friday. He is accused in the leak of highly classified military documents.

The leak of hundreds of classified intelligence documents about the war in Ukraine and U.S. spying on allies has left many officials asking: How did this happen again?

Jack Teixeira, a 21-year-old, low-level National Guard member assigned to an intelligence support squadron in Massachusetts, allegedly removed hundreds of classified documents from his office on base and brought them home. He then shared them with his friends in an online community united by their love of guns and video games, the government says.

On Friday, he was charged with unlawfully taking and unlawfully transmitting sensitive information — crimes that carry a potential maximum sentence of 15 years in prison. Teixeira will be held in jail until a detention hearing next week, but bail is rarely granted in such cases.

It’s still unclear how closely Teixeira was monitored, if at all. But the timeline of his alleged activities, based on interviews with members of his Discord server group, as well as an FBI affidavit, shows that he was able to remove page after page of classified material, for months on end, with apparently no notice.

“I just don’t know why he should be able to print lots of documents. That makes no sense,” said one former senior intelligence official familiar with past leaks, who, like others, spoke on the condition of anonymity to discuss sensitive matters. “What were we not doing, not noticing that pattern of behavior? Who’s not checking that? Where’s the human monitoring?”

Teixeira was far from the first insider in recent years to expose government secrets, and his case raises fresh questions about whether earlier efforts to plug leaks were sufficient or if the U.S. intelligence system, which is designed to promote collaboration and information sharing, is fundamentally vulnerable to disclosures from within.

Every time a trusted employee has walked off the job with classified information, U.S. officials have reassured the public that lessons learned will lead to new guardrails that will make breaches less likely. They have consistently proved insufficient.

© Jahi Chikwendiu/The Washington Post
Chelsea Manning leaves the U.S. District Courthouse in Alexandria, Va., on March 5, 2019.

In 2010, after Army Pvt. Chelsea Manning shared hundreds of thousands of classified State Department cables and military reports with WikiLeaks, the Defense Department tightened up the rules for using its most widely-used classified computer networks. Someone’s need to know classified information was supposed to be commensurate with their degree of access to it, recalled several former senior intelligence officials.

Three years later, another massive leak occurred. Edward Snowden, a contractor for the National Security Agency, removed vast amounts of classified data on thumb drives from the facility in Hawaii where he worked. “The irony was we had gotten rid of thumb drives in 95 percent of [NSA] computers,” said the first former intelligence official.

That new rule followed a penetration of the Defense Department’s most widely-used classified network, in 2008, by a virus loaded onto a thumb drive. After five years, the Hawaii facility still hadn’t gotten around to putting the new rule in place, the former official said.

© Frederick Florin/AFP/Getty Images
Edward Snowden speaking via video link from Russia to a Council of Europe hearing in Strasbourg, France, in 2015.

After the Snowden incident, the intelligence community undertook yet more new security measures, including reexamining who had access to classified information and starting “continuous monitoring” to ensure that people with clearances were regularly watched.

Members of the Discord group said that Teixeira began sharing classified information about eight months ago. After one member of his tightknit group shared some of the documents outside their circle in early March of this year, they bounced around the internet for five weeks before any officials spotted them. The New York Times first reported on April 6 that classified documents had shown up on other Discord servers and on social media platforms.

While many FBI investigations into leaks start with a look at which government insiders had access to the information, court papers suggest that in this case, agents worked from the outside, tracing data from the internet to eventually identify Teixeira.

On April 10, according to the affidavit, the FBI interviewed the individual who had shared some of the classified documents beyond the close-knit group, a violation of what members described as a mutual agreement to keep the information to themselves. That person described the leader of the group as having first shared text write-ups of classified information and later photographs of documents.

On Wednesday, Discord provided authorities with the user information for the account that originally shared the classified information. The billing name for that user, according to court papers, was Teixeira, with his address in North Dighton, Mass. That same day, The Washington Post published a detailed account of a member of the group describing how Teixeira had repeatedly shared and discussed sensitive intelligence documents, in part, out of a desire to show off how much he knew about the world of government secrets.

Agents arrested Teixeira on Thursday, arriving at his home in protective tactical gear. In its report, The Post described Teixeira as a gun enthusiast and described a video in which he yells racist and antisemitic epithets before firing off several rounds from a rifle.

The charging document shows that while social media data might have initially put the FBI on Teixeira’s trail, agents have secured additional evidence. On April 6, as the news of the leaks was starting to spread, Teixeira allegedly used his government computer to look for any intelligence reports with the word “leak.” Court papers charge “there is reason to believe that Teixeira was searching for classified reporting regarding the U.S. Intelligence Community’s assessment of the identity of the individual who transmitted classified national defense information.”

Records from Teixeira’s login account on the Joint Worldwide Intelligence Communications System, a top secret intranet he was authorized to use, may also yield some evidence. If Teixeira had accessed documents directly, perhaps from an intelligence agency’s classified systems, there should be a record of that, said one U.S. official familiar with how JWICS works. But if Teixeira accessed documents that someone else had downloaded and placed somewhere on a computer network, such as inside a shared drive, it might be harder for investigators to follow the trail to him, the official said.

One of the Discord members said Teixeira understood that there were rules about conduct at work where classified information could be read and printed. The member said Teixeira told him that a more senior person at his job threatened to nail cellphones to the wall if he found anyone carrying them.

The member also claimed he asked Teixeira to conduct research on topics that interested him, including reports he had read about a secretive aircraft, the TR-3 Black Manta, that the United States was rumored to have developed. The claims were more urban legend than fact, but the member said Teixeira told him he had searched government records and found no mention of the plane.

Texeira, in his tech support role, had a legitimate need for access to the systems that house classified information, said a second former intelligence official who bemoaned Snowden’s ability to use thumb drives. “But a ‘need to know’ is a separate thing. You have the ability to receive the information for which you have a need to know. But there should be controls on how you access that information, what you do with it.”

The official asked, “Did he need to download and print off the daily briefs? They [the Defense Department] were supposed to have cleaned that up. Who’s watching the store?”

On Friday, President Biden said he had “directed our military and intelligence community to take steps to further secure and limit distribution of sensitive information,” indicating that yet more rules and procedures may be in store.

This image made from video provided by WCVB-TV, shows Jack Teixeira, in T-shirt and shorts, being taken into custody by armed tactical agents on Thursday in Dighton, Mass.

A day earlier, Secretary of Defense Lloyd Austin said he was directing a senior Pentagon official “to conduct a review of our intelligence access, accountability and control procedures within the Department to inform our efforts to prevent this kind of incident from happening again.”

Glenn Gerstell, who served as general counsel at the NSA during leaks by two other employees, including one who gave a classified document to the press and another who hoarded documents in his home, noted how “the pendulum swings back and forth … between clamping down access after a leak to recognizing that the nature of the threats we face are so significant that we need more and deeper access.”

“We constantly struggle with the balance,” Gerstell said.

Lawmakers intend to examine how Teixeira committed his alleged crimes. “While we seek to learn the extent of classified information released and how to mitigate the fallout, the House Intelligence Committee will examine why this happened, why it went unnoticed for weeks, and how to prevent future leaks,” Rep. Michael R. Turner (R-Ohio), the panel’s chairman, said in a statement.

Teixeria’s case highlights what some longtime intelligence officials often refer to as the “clerk problem.” Any organization that handles sensitive information will always need a significant number of junior employees to help manage and share it.

Ultimately, the security of information comes down to trust.

“People who sign agreements to be able to receive classified documents acknowledge the importance to the national security of not disclosing those documents,” Attorney General Merrick Garland said in remarks at a news conference Friday on an unrelated issue. In charging Teixeira, Garland said, “We intend to send that message how important it is to our national security.”