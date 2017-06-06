How a Few Yellow Dots Burned the Intercept's NSA Leaker (arstechnica.com) 77
On Monday, news outlet The Intercept released documents on election tampering from an NSA leaker. The documents revealed that a Russian intelligence operation sent spear-phishing emails to more than 100 local election officials days before the election, which ran through a hack of a U.S. voting software supplier. Hours later, the Department of Justice charged 25-year-old government contractor Reality Leigh Winner with sharing top secret material with the media. The DoJ said it Winner had "printed and improperly removed classified intelligence reporting, which contained classified national defense information" before mailing the materials. But how could the DoJ know that it was Winner who had printed the documents, or that the documents were printed at all? ArsTechnica explains: [...] The Intercept team inadvertently exposed its source because the copy showed fold marks that indicated it had been printed -- and it included encoded watermarking that revealed exactly when it had been printed and on what printer. The watermarks in the scanned document The Intercept published yesterday -- were from a Xerox Docucolor printer. Many printers use this or similar schemes, printing faint yellow dots in a grid pattern on printed documents as a form of steganography, encoding metadata about the document into its hard-copy output. Researchers working with the Electronic Frontier Foundation have reverse-engineered the grid pattern employed by this class of printer; using the tool, Ars (and others, including security researcher Robert Graham) determined that the document passed to The Intercept was printed on May 9, 2017 at 6:20am from a printer with the serial number 535218 or 29535218. Further reading: How The Intercept Outed Reality Winner.
Re: (Score:2)
Even worse she worked for an NSA contractor. So she's incompetent as well. Of all people someone working in Intel should know about those watermarks, they have been around for over a decade. But Black? I've seen her picture and it's always possible she has black ancestors but you'd never know it from her picture. Maybe Black like Rachel Dolezal?
Re: (Score:2)
Take a photo (Score:3)
If you're going to leak documents, take a photo and crank up the jpeg compression level to help hide the watermarks.
Re: (Score:2)
Or print on yellow paper.
Re: (Score:2)
Or just don't print in color.
Re: (Score:2)
Or ask The Bruce: https://www.schneier.com/blog/... [schneier.com]
Re: (Score:2)
Re: (Score:2)
Okis don't. Per the EFF.
Lesson to learn (Score:2)
Do not use colour printers.
Re: (Score:2)
Then again, they also (reportedly) gave away her location (Augusta GA) to the government person they were trying to verify the documents with.
Re: (Score:2)
"The U.S. Government Agency determined that six individuals printed this reporting. WINNER was one of these six individuals. A further audit of the six individuals' desk computers revealed that WINNER had e-mail contact with the News Outlet. The audit did not reveal that any of the other individuals had e-mail contact with the News Outlet."
Also, don't use your work computer or email account to send/receive emails to the organization you're leaking classified documents to.
It seems in this case (Score:2)
Yellow, then orange (once convicted) is the new black
More Leaks than a Porcupine's Rain Coat (Score:2)
PDFs too? (Score:2)
1. make sure to take really really low quality scans only of senstitive printouts.
2. Use someone else's printer
3. The "swamp" being drained is evidently people who are reporting on wildly unethical things the government is doing.
Obligatory yes the last guy did it too. STFU and focus on the current abomination in office, maligning the last guy doesn't help anything more than you losing sleep at night.
"Reality Winner"?! (Score:2, Insightful)
As a non-native english speaker, I ask: is this an actual, socially acceptable name in english-speaking countries? "Reality Winner", just like somebody who won a reality show?!
Re: (Score:1)
As a non-native english speaker, I ask: is this an actual, socially acceptable name in english-speaking countries?
It's socially acceptable. But it is a bit odd.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
[signed] Moon Unit, Diva, and Dweezil Zappa
FTFY.
Re: (Score:2)
her parents are probably hippies
Re: (Score:2)
Re: (Score:3)
She should have kept it. Remember, everybody doesn't like something, but nobody doesn't like Sara Leigh...
Re: (Score:2)
Re: (Score:2)
You'd be surprised what some parents name their kids. I was once responsible for uploading baby photos and one of the names was "Secret Angel" (first and middle name). This was long ago enough that Secret would be a teen now. Knowing how kids are, I can't help but feel sorry for all of the teasing she probably gets over her name.
Re: (Score:2)
I checked the US Census and as of 2010 there are 3,853 people with the last name Winner. The most babies named Reality in one year has been 17. I'm going to guess she is the only one with that combination.
They should have given her the middle name Show.
Re: (Score:2)
As a non-native english speaker, I ask: is this an actual, socially acceptable name in english-speaking countries? "Reality Winner", just like somebody who won a reality show?!
You know those subtle clues that let you know you're actually living in the Matrix? Like the same cat walking by twice in a row?
This is one of those -- except it's not a clue that we're living in The Matrix -- it's a clue that we're living in Idiocracy. Pass the Brawndo.
Trusting The Intercept? (Score:5, Interesting)
While not everybody knows about the yellow dots, almost everybody involved with infosec does. How can The Intercept can be trusted to hold or publish any leakers' information securely?
Was this one reporter who screwed up? Didn't he have a second person reviewing his work? Isn't there a team of people at The Intercept who discuss whistleblowing publications? Isn't anybody on such a team aware of digital privacy issues?
This will be a huge loss if The Intercept becomes useless as it was basically founded to handle stories like this. But given that, how could the outcome have been so bad in this case?
Re: (Score:2)
Re: (Score:2)
Possibly thought that anybody in infosec sending them this stuff would have already thought of that and cleaned or otherwise created a false trail. Still, i wonder if there is something they could get stuck with by destroying the originals that they get after transcribing them.
Maybe this was a false trail and the real informant is still at large...
Re: (Score:2)
/. posted about it 11 years ago.
https://yro.slashdot.org/story... [slashdot.org]
I haven't seen much about it in a while so I suppose maybe people have just forgotten about it since then.
Re: (Score:2)
Heck, even under the relatively sane last administration, Snowden didn't seem to have much hope of remaining covert. He seems to have been extremely meticulous, careful, and well versed in remaining [theintercept.com]
Or (Score:2)
Or, get this, they checked the printer logs. You think the NSA doesn't already have a log of every document that every device prints?
SELECT user FROM printer_logs WHERE document_id = 'greased_up_yoda_doll.pdf'
Re: (Score:2)
They did... and noticed 6 people had printed the doc, one of which was Miss Winner... who later confessed to being the one who mailed it.
Re: (Score:2)
That's my point, they probably didn't need the microdots because they could already easily find which printer and when based on the document.
This wasn't the only way (Score:3)
While interesting, and certainly providing confirmation, this wasn't the primary mechanism that was used to track her down according to the affidaivat. Before even IDing a specific printer, they simply looked for someone that had printed it out, period.
Internal auditing showed that only six employees had printed out the item in question. A search of the six computers showed that she had emailed The Intercept from her work computer (and that no one else had). Coded metadata just backs it up, but it's dumber than that.
Re: (Score:3)
How can someone work for the NSA and NOT be aware that they track everything? If I was an NSA leaker, I certainly wouldn't be e-mailing my leaks from my work computer/e-mail account. I'd set up a throwaway account (and even then would be looking over my shoulder every second).
Re: (Score:1)
Welcome to the future, Conan.
Re: (Score:2)
Re: (Score:2)
It's not just you. One of the headlines on Google News right up top was "Who is Reality Winner?" I kept wondering why Google News would put reality TV show news at the top of my feed. "I don't care who won the latest Reality TV show... Just tell me about the NSA leaking story." It's like a bad version of Who's On First.
It was inevitable (Score:2)
Once they figured out that the document was taken all they had to do was look and see who accessed the document. They did that and showed that 6 people printed the document. They did a forensic scan of all 6 desktops and found that one had a record of emailing the Intercept.
She was busted without needing the microdots at all. The only thing the microdots did was nail her ass to the wall. It was her own stupidity that put her against the wall to begin with.
Re: (Score:2)
And to think she worked for an Intel contractor. No wonder Russia, China and all these other people eat our lunch. The entire Intel community is incompetent. They leak like a sieve.
She's also a blonde (Score:2)
I was shocked at first when I saw her photo, but now it all makes sense
Re: (Score:2)
I wouldn't bet my freedom on it.
Server Logs Busted This Idiot, Not Dots (Score:2)
This story makes quite a bit about "hidden" printer steganography. But the real way this idiot got caught was from server access and printer logs. The spooks narrowed it down to six people, only one of which had contact with the Intercept.
How is it this person had a top secret clearance in the first place? She is "nice to look at"...