Reality Winner, N.S.A. Contractor, Sentenced to 5+ Years in Leak Case

A former NSA contractor, Reality L. Winner, has plead guilty on charges of leaking classified information, regarding a report on election meddling by Russian operatives in the 2016 U.S. elections. She was charged with espionage and was sentenced to more than five years in prison and three years of supervised release.

According to court documents, Winner, who is the first person prosecuted by the Trump administration for leaks, admitted to obtaining a copy of the report, printing it out and then emailing copies to the Intercept media outlet.

Winner, 26, entered her plea in Federal District Court in Augusta, Ga., and was convicted of one felony count under the Espionage Act.

“All of my actions I did willfully, meaning I did so of my own free will,” Winner told Chief Judge J. Randal Hall on Tuesday.

According to reports, Winner was honorably discharged from the Air Force in 2016, and was working as a contractor for the NSA at the time of the leak. According to the New York Times, she was arrested last June after an investigation identified her as the only one out of six people with access to the report who used a work computer to email the Intercept. A search-warrant application also showed that she located the report using keywords that fell outside her normal work duties; and, the report printout contained a microdot watermark that showed the serial number of the printer used, which she had access to.

A judge must approve her sentence, for 63 months in prison, after reviewing a prosecutor’s report.

Such leaks are obviously not without precedent; Both Edward Snowden and Chelsea Manning both made leaking a high-profile activity long before Trump.

“Five years ago, Edward Snowden become a household name,” Ken Spinner, vice president of global engineering at Varonis, told Threatpost, adding that in a recent survey of federal decision-makers, 71 percent of respondents said inappropriate data access or theft by insiders represented a significant or moderate agency challenge. “Whether you think he’s a hero or a traitor, the impact of the leaks changed security by releasing a variety of powerful exploits into the hands of attackers.”

The Justice Department is also pursuing two other leaking cases, including former Senate Intelligence Committee staff member James Wolfe, who was arrested and charged with lying to the FBI earlier this month about his contacts with reporters (no classified information is involved, however). He has pleaded not guilty.

Another, more serious case is pending against Josh Schulte, a former CIA software engineer believed to be responsible for the 2017 Vault 7 dump of thousands of CIA hacking tools, including malware, weaponized zero-day exploits and related documentations. Wikileaks, which published the trove, claims this is the CIA’s entire hacking catalog. Schulte was charged with violating the Espionage Act and other laws; and, he had already been charged with child pornography offenses. He faces up to 135 years in prison.

For the government, many organizations are still catching up with spotting and stopping insiders from abusing their privileges.

“Federal agencies and private-sector organizations are spending millions to develop technology and IP and protecting it with the equivalent of a $5 lock you’d find on a high-school locker,” Spinner added. “Organizations have gotten sloppy when it comes to protecting their secrets. All it takes is one motivated individual to take whatever they can get their hands on. In many cases that can mean thousands, or even hundreds of thousands, of sensitive documents when files are unprotected and open to every single person in the organization. It’s a smash-and-grab without the smash.”