Billing records of an Internet social media platform and interviews with another user helped the FBI identify a Massachusetts Air National Guardsman as a suspect in the leak of highly classified military documents, according to court records unsealed Friday.

The new details came as Jack Teixeira, 21, appeared in court to face charges under the Espionage Act of unauthorized removal and retention of classified and national defense information.

A federal magistrate judge ordered him held until a detention hearing next week.

Teixeira was arrested by heavily armed tactical agents on Thursday following a weeklong criminal investigation into the disclosure of the government records, a breach that exposed to the world unvarnished secret assessments on the war in Ukraine, the capabilities and geopolitical interests of other nations and other national security issues.

He appeared in court Friday in tan jail clothes for a brief proceeding at which U.S. Magistrate Judge David Hennesy ordered him held pending a hearing next Wednesday.

Investigators believe Teixeira was the leader of an online private chat group on Discord, a social media platform popular with people playing online games. Billing records the FBI obtained from Discord, which has said it was cooperating with the bureau, helped lead investigators to Teixeira, according to an FBI affidavit unsealed Friday.

According to the document, the FBI interviewed someone familiar with Teixeira’s online posts on Monday. That person, who is not identified in the affidavit, told the FBI that a username linked to Teixeira began posting what appeared to be classified information roughly in December.

The affidavit suggests Teixeira switched from typing out documents in his possession to taking them home and photographing them because he “had become concerned that he may be discovered making the transcriptions of text in the workplace.”

That’s different from what posters have told The Associated Press and other media outlets, saying the user they would call “the O.G.” started posting images of documents because he was annoyed other users weren’t taking him seriously.

The affidavit also alleges Teixeira was detected on April 6 – the day The New York Times first published a story about the breach of documents – searching for the word “leak” in a classified system. The FBI says that was reason to believe Teixeira was trying to find information about the investigation into who was responsible for the leaks.

The Biden administration has scrambled to contain the potential diplomatic and military fallout from the leaks since they were first reported, moving to reassure allies and assess the scope of damage.

Video below: National Guardsman arrested in connection with classified document leak

The classified documents — which have not been individually authenticated in public by U.S. officials — range from briefing slides mapping out Ukrainian military positions to assessments of international support for Ukraine and other sensitive topics, including under what circumstances Russian President Vladimir Putin might use nuclear weapons.

In previous Associated Press stories, the leaker was identified as “the O.G.” by a member of the online chat group. Known as Thug Shaker Central, the group drew roughly two dozen enthusiasts who talked about their favorite types of guns and also shared memes and jokes. The group also held a running discussion on wars that included talk of Russia’s invasion of Ukraine.

In that discussion, “the O.G.” would for months post material that he said was classified — originally typing it out with his own notations, then a few months ago switching to posting images of folded-up papers.

It was not immediately clear how Teixeira would have had access to the records, but a Defense Department official told the AP on Thursday that as an information technology specialist responsible for military communications networks, the young Guardsman would have had a higher level of security clearance

Defense Secretary Lloyd Austin, in a statement issued after the arrest, said the Pentagon would conduct a review of its “intelligence access, accountability and control procedures” to prevent such a leak from happening again.

___

AP writers Tucker and Merchant reported from Washington.

BRIGHTON, Colo. — Cyberattacks are becoming more common and more disruptive to our daily life, and many experts worry the nation’s food supply is the next big target.

“In the past, I don't think we gave a lot of thought to cybersecurity,” said Robert Sakata, a farmer in Brighton, Colorado.

Sakata’s family has farmed for decades.

“So, my dad started the farm, and he and his family actually were farming in San Francisco when World War Two broke out, so they were moved to an internment camp, ended up in a camp in Utah,” said Sakata. “When he was released from that camp, Colorado was one of the few places that were actually not discouraging Japanese-Americans from coming in.”

Once the war ended, the Sakata family rebuilt their life and started a new farm 30 minutes outside of Denver.

Their farm, along with the thousands of other farms across the country, is now facing a new threat that didn’t exist just a few years ago.

“When you talked about security, it was somebody maybe coming out here, and believe it or not, that's what they've actually done—come out here and steal the wheels off of this sprinkler, steal the copper wire that's along there,” said Sakata.

But now, it’s also cybercriminals Sakata worries about. Any machine, like a tractor or a sprinkler system that’s connected to the internet could be hacked and remotely controlled.

These threats could mean interruptions to daily life for millions of Americans.

“If a CPA firm gets breached, a bunch of social security numbers get stolen, you're dealing with identity theft. That's one thing, right? But when people don't have food, you're talking about riots in the streets,” said Joseph Brunsman, founder of the Brunsman Advisory Group. Brunsman is a provider for cybersecurity insurance.

Brunsman said these attacks, if large enough, could leave families hungry.

“A lot of people living on fixed incomes or people that are, you know, lower on the socio-economic scale, when food prices go up, you know, 10, 20, 30%, that means they have to make that decision: Am I going to pay for food? Am I going to pay for heating this month? So, it's really a serious, serious idea for a lot of people.”

Hackers can also stop farming equipment or food production equipment from working and demand a ransom be paid. Ransomware attacks have become more common, and food production has seen multiple large attacks in recent months.

Meatpacking company JBS was hacked in June and plants were shut down across the country after a ransomware attack.

JBS paid hackers $11M to get operations back online.

“This was a very difficult decision to make for our company, and for me personally,” said Andre Nogueira, the CEO of JBS USA. “However, we felt this decision had to be made to prevent any potential risk for our customers.”

“You hear about ransomware where you would totally lock up and we couldn't have control. That would be a real, real issue that then we couldn't water the crop at all,” said Sakata.

“Because everyone needs to eat, an attack, a successful attack within the food and agriculture industry can quickly cascade into a national security concern,” said Scott Algier, the executive director of the Information Technology Sharing and Analysis Center, known as IT-SAC. “We're seeing a lot of the same attacks on other industries already, but some of the potential consequences could be a little more impactful.”

In addition to ransomware, there’s concern about groups hacking and stealing intellectual property – like seed formulas.

“There's a lot of intellectual property that the fruit and agriculture industry has that that is of interest to other organizations, other countries,” said Algier.

“We could lose our entire year of income by somebody taking over something and creating a problem by not letting the sprinkler run or not having that shipment go through,” said Sakata. “So, it's a big risk not only just for my family, but then for whoever is depending on those food sources.”

These threats are why Sakata goes old school on some things. He doesn’t connect his storage refrigerator to Wi-Fi to keep his crops safe.

“The only way somebody can hack it is really to break in at the door and change the settings,” said Sakata. “Even then, I have a password!”

What he can protect digitally, he does, and he said he and other farmers now often discuss how to defend themselves from cybercriminals.

“Whether it's going now to multiple-step verification, you need maybe another key fob that identifies yourself, that is all going to be critical as we move forward,” said Sakata.

Brunsman said cybersecurity insurance can also help, but there are several other inexpensive options for smaller farmers as well.

“Even really basic, very affordable controls, such as multi-factor authentication, having multiple backups, having offline backups, email security, security awareness training, that kind of stuff. It's not super expensive. It's really quite affordable. In many cases, it's like the cost of a cup of coffee per person per month. That can really go a long way,” said Brunsman.

Those who study these attacks say they’re happening every single day on a small scale. It’s only a matter of time before the next large-scale attack occurs.

“The threats are coming up and several different sides, we're seeing, we've already seen threats against both producers and production facilities,” said Doug Jacobson, a professor of electrical and computer engineering at Iowa State University. “We had a co-op here in Iowa that was attacked. So, we see it from the large organization side of things. But anybody on the internet, even a farmer can be attacked.”

“It's kind of scary,” said Sakata. “I think if you dwelled on it too long, it would keep you up at night.

He just hopes other farms will take the steps he’s taking to protect what we all can’t live without: our food supply.

“We need to really ensure that we're doing everything we can to protect that. It would be really scary if we ever got to the day where people would go to the grocery store and there wasn't, wasn't any food,” said Sakata.

Algier echoed the need for collaboration to stop cybercriminals.

“Cyberattacks are happening everywhere all the time. So, it is something that every enterprise, no matter your size, and no matter industry, something you need to pay attention to,” said Algier. "The cybersecurity threat is so big that nobody can do it, nobody can defend it against on their own.”

The pandemic slammed businesses, including health care systems. On top of the stress of COVID-19, they also saw more cybersecurity attacks.

“Health care has always been a target, but it tremendously just blew up when the pandemic started,” said Angela Kobel, Chief Financial Officer of Lincoln Health in Hugo, Colorado.

She’s talking about cybersecurity. As the pandemic stressed health care systems, the industry also saw more attempted cyberattacks.

“A lot of our employees were working remotely as we closed the hospital down, which made us vulnerable,” Kobel said. “Everybody was so busy fighting COVID and trying to figure out what was happening with COVID that we didn't have the resources to put towards IT security.”

Hospitals are at a higher risk for attacks. Many of us have personal, private information shared with our doctors, often stored digitally. So for the past few years, Lincoln Health has used a third-party company to manage its IT system. That’s where Lance Goudzwaard with ReliableIT comes in.

“Health care organizations, they need to be very careful with that information. And I'll tell you the value of each of these records is very high. It's scary to think how much a hacker can sell one record for,” said Lance Goudzwaard, Virtual CIO at ReliableIT.

And hacking is getting easier.

“My 15-year-old daughter could go to the internet and download instructions on how to hack a lot of health care systems,” Goudzwaard said.

“It's incredibly easy to find and use hacking tools, and there are services you can outsource all of this too, if you want to,” cybersecurity expert Nathan Evans said.

It’s not just hospitals that are seeing these data breaches and ransomware attacks. Earlier this year, a cyberattack on the Colonial Pipeline caused a disruption in fuel transportation, leading to gas shortages in the southeastern U.S.

And JBA USA, a large meat supplier, recently announced it too was targeted by a cybersecurity attack. There are more that go unreported, as there aren’t regulations in place in most industries to report these incidents.

“The health care sector and financial sector have government requirements to report when they actually get breached,” said Nathan Evans, an assistant teaching professor at the University of Denver.

So what does all of this mean for your data, and your accounts? Evans said part of it is trust in the organization you give your information to.

“There's not really anything we can do on an individual basis to protect our medical information. There are HIPAA guidelines that require you to, if you're handling patient data, to encrypt it and make sure it's protected when it’s in transit or in storage,” Evans said.

Another safety net you can control is enabling two-factor authentication for your accounts.

“Two-factor authentication is combining something you know, which would be like a password, with something physical, so either your cell phone or a hardware key device,” he said. “The idea is that if an attacker gets just your password, they won't be able to log into your account because they won't have this second factor.”

It all boils down to education.

“The more we are aware of these common exploits, the better job we’re going to do at preventing them,” Goudzwaard said.

He said they are able to educate employees about common attacks and tools they can use to monitor themselves, especially with e-mails where many hackers can pose as co-workers, clients, or vendors.

“We’ve definitely become more aware,” Kobel said.