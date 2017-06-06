How a Few Yellow Dots Burned the Intercept's NSA Leaker (arstechnica.com) 29
On Monday, news outlet The Intercept released documents on election tampering from an NSA leaker. The documents revealed that a Russian intelligence operation sent spear-phishing emails to more than 100 local election officials days before the election, which ran through a hack of a U.S. voting software supplier. Hours later, the Department of Justice charged 25-year-old government contractor Reality Leigh Winner with sharing top secret material with the media. The DoJ said it Winner had "printed and improperly removed classified intelligence reporting, which contained classified national defense information" before mailing the materials. But how could the DoJ know that it was Winner who had printed the documents, or that the documents were printed at all? ArsTechnica explains: [...] The Intercept team inadvertently exposed its source because the copy showed fold marks that indicated it had been printed -- and it included encoded watermarking that revealed exactly when it had been printed and on what printer. The watermarks in the scanned document The Intercept published yesterday -- were from a Xerox Docucolor printer. Many printers use this or similar schemes, printing faint yellow dots in a grid pattern on printed documents as a form of steganography, encoding metadata about the document into its hard-copy output. Researchers working with the Electronic Frontier Foundation have reverse-engineered the grid pattern employed by this class of printer; using the tool, Ars (and others, including security researcher Robert Graham) determined that the document passed to The Intercept was printed on May 9, 2017 at 6:20am from a printer with the serial number 535218 or 29535218. Further reading: How The Intercept Outed Reality Winner.
Take a photo (Score:2)
If you're going to leak documents, take a photo and crank up the jpeg compression level to help hide the watermarks.
Re: (Score:2)
Or print on yellow paper.
Re: (Score:2)
Or just don't print in color.
Re: (Score:2)
Or ask The Bruce: https://www.schneier.com/blog/... [schneier.com]
Re: (Score:2)
Okis don't. Per the EFF.
Lesson to learn (Score:2)
Do not use colour printers.
Re: (Score:2)
Then again, they also (reportedly) gave away her location (Augusta GA) to the government person they were trying to verify the documents with.
It seems in this case (Score:2)
Yellow, then orange (once convicted) is the new black
More Leaks than a Porcupine's Rain Coat (Score:1)
PDFs too? (Score:2)
1. make sure to take really really low quality scans only of senstitive printouts.
2. Use someone else's printer
3. The "swamp" being drained is evidently people who are reporting on wildly unethical things the government is doing.
Obligatory yes the last guy did it too. STFU and focus on the current abomination in office, maligning the last guy doesn't help anything more than you losing sleep at night.
"Reality Winner"?! (Score:1)
As a non-native english speaker, I ask: is this an actual, socially acceptable name in english-speaking countries? "Reality Winner", just like somebody who won a reality show?!
Re: (Score:1)
As a non-native english speaker, I ask: is this an actual, socially acceptable name in english-speaking countries?
It's socially acceptable. But it is a bit odd.
Re: (Score:2)
Trusting The Intercept? (Score:4, Interesting)
While not everybody knows about the yellow dots, almost everybody involved with infosec does. How can The Intercept can be trusted to hold or publish any leakers' information securely?
Was this one reporter who screwed up? Didn't he have a second person reviewing his work? Isn't there a team of people at The Intercept who discuss whistleblowing publications? Isn't anybody on such a team aware of digital privacy issues?
This will be a huge loss if The Intercept becomes useless as it was basically founded to handle stories like this. But given that, how could the outcome have been so bad in this case?
Re: (Score:2)
Or (Score:2)
Or, get this, they checked the printer logs. You think the NSA doesn't already have a log of every document that every device prints?
SELECT user FROM printer_logs WHERE document_id = 'greased_up_yoda_doll.pdf'
Re: (Score:2)
They did... and noticed 6 people had printed the doc, one of which was Miss Winner... who later confessed to being the one who mailed it.
This wasn't the only way (Score:2)
While interesting, and certainly providing confirmation, this wasn't the primary mechanism that was used to track her down according to the affidaivat. Before even IDing a specific printer, they simply looked for someone that had printed it out, period.
Internal auditing showed that only six employees had printed out the item in question. A search of the six computers showed that she had emailed The Intercept from her work computer (and that no one else had). Coded metadata just backs it up, but it's dumber
Re: (Score:1)
Welcome to the future, Conan.