If you have proper full disk encryption and know the caveats, it really doesn’t matter what you name your files. If you’re the anal-retentive spy handler type, you are probably very organized, and you name files with exactly what’s in them.

He was a spy handler who handled secret and top secret documents and worked in intelligence for a number of years. I’m sure he knew how to encrypt his hard drive.

He may have even used a VPN, or tor for the searches which has (had?) a very curious ongoing network-wide DDoS attack (very useful if you wanted to do timing attacks) for at least a year in 2022-2023. The tor project themselves tell you that if your adversary is a nation-state, you need to use more protection than just browsing from your normal laptop on your home network.

I imagine he at minimum used private browsing to search Google and reddit for this stuff, but they logged the search and the DoD was later able to easily get the customer details of the IP from his ISP at the time the searches took place, and also all other searches during a time.

But it’s also just as likely he thought he’d be in the clear, knows how incompetent the beurocracy seems since he was inside of it, but something he did tipped them off and he was scrutinized (maybe his VISA application for China and plans to travel there yearly).