Barebones recap of the story so far: Jeremy Corbyn waved a copy of the publicly released redacted NHS documents during a debate with Boris Johnson. At a later date Corbyn held a press conference to wave around the unredacted version. The unredacted version has been available on Reddit for 5 weeks, and was pushed on Twitter (as well as 4chan’s /pol/) 4 weeks ago. No one cared about these leak events until they were discovered by journalists. Now these failed attempts are important.
Info Ops and the NHS doc leak
The origin of the NHS document leak that Corbyn has been waving around is starting to become the story. Who is behind the leak? Is it Russian disinformation? Are the GRU meddling in the election? Everyone is hunting for clues and publishing whatever they find. But raw data without rigorous analysis is not intelligence. Let’s do some analysis with what is known right now and try to produce some intelligence.
Easy Answers to Easy Questions
- Is the leak of the NHS document an information operation?
- Yes. Releasing non public information in an attempt to influence politics is definitely an info op. That doesn’t mean it is a professional info op by a state backed intelligence agency
- Is the NHS leak Russian disinformation?
- No. Emphatically not. The redacted version was released publicly, and the unredacted version has not been identified as fraudulent. There is no disinformation campaign around the document (yet.)
- Who is behind the leak?
- I don’t know, and neither does anyone else writing about it in public. We’ll try to figure out what we can from the details available.
- Are the GRU meddling in the election?
- I’d be surprised if they weren’t doing something. I’d be surprised if they were orchestrating this NHS leak. They have demonstrated superior tradecraft and the amateurishness of this leak would be a departure for them.
The Right Questions
There is only one question that really matters about the origin of the document leak:
Is the leaker a private individual, or an organisation (in particular, a state intelligence agency)?
Creating a matrix for an Alternate Competing Hypothesis analysis is pretty easy when there are only two options.
The ACH Matrix
|Targeting failures: Reddit||😋||😱|
|English grammar mistakes and such.||😁||😁|
|Packaging: 451 pages, no press pack, limited highlighting||😋||🤔|
|Twitter: spamming the @’s of major accounts||😋||😱|
|No evidence of direct emails to stakeholders (journalists, political parties, professional leakers.)||🤷♂️||🤷♂️|
There is insufficient evidence available to rule out either hypothesis. There are glaring mistakes that indicate amateur hour:
- Bad targeting:
- posting to r/WikiLeaks (with bad Reddit Markdown) and then taking it down, is strange for an organisation. They usually prepare and have a plan, and don’t change things up on the fly (that is how mistakes are made.)
- posting to a large subreddit, r/worldnews, that doesn’t care that much about UK politics is poor targeting. However, it could go either way.
- not posting on the most relevant subreddit is a serious lapse in targeting. Failure to correct this oversight later, when it was clear that the leak attempt had failed, seems particularly bad for an agency.
- Gut Feel: There is no conclusive data to rule either way, but the general sense is “someone tries to leak on Reddit, fails, gives up.” That is not how professionals operate. This leaker doesn’t know how to leak.
- English Mistakes:
- Although some people are making a big deal of this, I don’t think it points either way. It definitely doesn’t falsify either hypothesis. The mistakes are suggestive of a Slavic language speaker, which is intriguing, but what can we draw from that?
- Gut Feel: Nothing of consequence.
- Bad Leaking Technique:
- The leaker seems to be operating on an “if you leak it, they will come” approach. They are unaware of the amount of leg work necessary for effective leaking. Firstly, the data must be packaged to make it easier for the receiver to process it rapidly and see why it is important. That means, essentially, there has to be a press pack — summary, why this matters, what this shows, who is liable.
- The bad packaging is coupled with bad releasing. Successful leaks have either recruited an established stakeholder to champion the leak and guide it into the headlines, or they have flooded the input channels for the target stakeholders.
- This leaker did not flood the input channels, they made only a few Reddit posts then vanished. They did not package the data for easy leak consumption. They apparently did not directly contact potential leak champions to drag the data into the headlines.
- Gut Feel: Amateur hour, again. Spamming the mentions of major Twitter accounts with a link to the Reddit post is basically a Hail Mary leak attempt. There are many more effective options that to resort to basically just begging should be unnecessary.
There is no hard evidence to support, or nullify, either hypothesis. As a result, no solid conclusion can be made. However, the poor leak technique and indications of poor planning, hesitation, second guessing, and nothing but Hail Mary attempts on Twitter “feels” like an amateur to me.
Intelligence agencies, indeed many organisations, are well versed in publicising data that they want to promote. They know to interact directly with journalists, or other stakeholders. They know how to package content to make it more palatable for the people that will have to consume it. This leaker appears to have done none of the things that would help to make the leak successful.