My willingness to publish sensitive documents has earned me a lot of haters, particularly in the major media. Would it surprise you that they don’t like it when I let the public see that they’ve decided to suppress? My criteria for publication is simple: newsworthiness. 

Since the major media don’t want to admit they decline to publish for fear of pissing off their sources in government, they hide behind what they claim are questions about “newsworthiness”. But newsworthiness is the exact reason that I published J.D. Vance’s vetting file, and it is the reason I published the leaked U.S. intelligence documents on Israel last week —both of which the major media still have not published. By some extraordinary coincidence, the major media’s definition of newsworthiness almost always coincides with the national security state’s.

Another common line of attack is to ask how I can know that these documents are authentic. Besides verifying the leaked intelligence reports with a source in the intelligence community, I also assess format and nomenclature unique to the national security field. For all the media hand wringing about authentication — which often amounts to them simply getting a thumbs up from the White House or public affairs office — forgeries are surprisingly easy to spot. 

That’s what happened today when one such forgery was flagged for me.

“The leaks continue,” Israeli journalist Ben Caspit posted to his over 400,000 followers on X (née Twitter) early this morning. The post linked to an alleged highly classified U.S. intelligence assessment showing that Israel had planned to strike Iran before being called off due to pressure from the Biden administration. The claim echoes inaccurate reports that have appeared in mainstream media outlets suggesting that Israel delayed its strike on Iran because of the leaked U.S. documents. It is a claim that is false, as is the document Caspit has circulated, which is a forgery. I’ve included a copy of the fake intelligence report below.

The document Caspit promoted is an object lesson in how to spot forgeries, which in the case of intelligence reports are often quite obvious. Caspit, a reporter for Israeli outlets like Channel 12 and Walla (owned by the Jerusalem Post), should have done his due diligence as a reporter. Replies to his post included many Israelis expressing outrage at the U.S. and the Biden administration in particular. “What's crazy is the leaks, not Biden's defense of Iran,” one user replied. “The Democratic Party = Islamism.”

Caspit did not immediately respond when asked why he had posted an obvious forgery.

Here are some of the most glaring errors in the intelligence report:

• “REL TO USA”: This marking, “releasable to the United States” suggests that the document is prepared by the United Kingdom (or even Israel). And yet this is not a marking used by either country. As to whether this is a U.K. document, there are clear signs that this is not British, such as in the spelling of the word “defense” with an “s” and not a “c”. There are other reasons (below) why it is not an Israeli document.

• “RSEN”: Another marking used for the document is “risk sensitive,” another U.S. marking that is not used by the U.K. (or Israel.)

• “TK”: The document is also marked TK, which means “Talent Keyhole,” a U.S. marking that indicates the information comes from satellite imagery from the National Reconnaissance Office.

• “18 October 2024”: The date in the first sentence is in European format. And it is doubtful that the year would be used.

• “confirmed intelligence”: The first sentence says “confirmed intelligence,” a phrase that is not used in this case. A U.S. intelligence document would merely say intelligence, or the type of intelligence, and only say confirmed if there was a question about the issue of confirmation.

• “reveals”: This is a journalist’s word, not an intelligence word. U.S. intelligence would say indicates.

• “pre-emptive”: Though the term is spelled both with and without a hyphen by U.S. intelligence, its use here is suspect. U.S. intelligence wouldn’t refer to an Israeli strike as preemptive. If anything, the adjective would be retaliatory, which is the term the U.S. uses.

• “0300 and 0400”: Such a time would never be used without specifying whether that was Greenwich Mean Time (GMT), local time (L), or Washington time (ET or EST).

• “19 October 2024”: Again the date is not in U.S. format, and the use of 2024 is likely redundant.

• “U.S. President Biden”: The expression would be POTUS.

• “due to”: The suggestion that Biden was “in the air” because of “growing concerns over Iranian cyberattack” is false. Nor are there “growing concerns” in the intelligence community of an Iranian attack. 

• “crippling cyber offensive on U.S. critical infrastructure”: There are no concerns of any “crippling” Iranian attack.

• “forward airbases”: The notion that Israel might have “forward airbases,” as if they’ve moved aircraft to Jordan or some other country, is absurd. Plus there is no evidence that Israeli aircraft redeployed anywhere. And the word “airbases” probably would be two words as “air bases.”

• “increasing Iranian aggression”: This is an obvious Israel formula, one that would not be uttered by U.S. intelligence, especially the word “aggression.”

• “cyber-attack plans”: Now cyber-attack is used with a hyphen when previously it was not.

• “and the U.S.”: This is a formulation that wouldn’t pass muster with the editors as the end of a sentence.

• “Sources confirm”: There is not a formulation for an American intelligence report. The U.S. would say “IAF [Israeli Air Force] has loaded” not “sources confirm that the IAF has loaded. Unless there was a question as to whether Israel had loaded weapons or not, in which case, it would either be observed or a human source might tell. But that wouldn’t be conveyed as “sources.”

• “advanced bunker-buster munitions”: This again is a journalistic phrase. The actual authentic Israel-related documents refer to air-launched ballistic missiles and air-to-surface missiles and not to “bunker-buster” munitions. It is also a fabrication if the supposed Israeli strike is to be on Iran’s missile and air defense forces, where such weapons would likely not be used. In fact, the use of named air-launched missiles in the authentic documents suggests that Israel is not preparing to overfly Iranian targets but fire upon them from a distance.

• “Satellite imagery”: This is not a phrase used by U.S. intelligence at the Secret level. It would be merely imagery.

• “Ramat David and Ovda”: These are Israeli air bases but they are not the two air bases referred to in the authentic documents, which were Hatserim, Ramat David and Ramon.

• “intercepted SIGINT”: Again, SIGINT wouldn’t be identified as the source in a paragraph marked Secret and the phrase intercepted SIGINT would never be used. The correct usage would be SIGINT. And the word “reveals” is used again, where the actual phrase used would be “indicates.”

• “prompted U.S. forces to place missile defense systems on heightened alert” against a cyber attack: U.S. forces would not place missile defense systems on heightened alert to thwart a cyber attack. What is more, there is no evidence that U.S. forces have called any missile defense alert.

• “FGI ISR//NF”: This marking means “foreign government information Israel” and “no foreign dissemination”, neither marking that would make sense in a U.K. (or Israeli) document. Therefore, as a document of U.S. origin, it is obviously forged.

• “Minimizing diplomatic fallout while maximizing operational secrecy”: It is not clear even what this means but it would not be a conclusion based on any of the evidence presented in the (forged) document.

• “SIGINT intercepts have revealed”: Again, the word intercepts would not be used here. And imagery would more likely indicate Iranian military forces on alert, through observation. SIGINT might indicate a plan to put forces on alert, or an order to do so.

Leave a comment

Share

— Edited by William M. Arkin