Researcher Wants To Protect Whistleblowers Against Hidden Printer Dots (bleepingcomputer.com) 218
An anonymous reader writes: "Gabor Szathmari, a security researcher for CryptoAUSTRALIA, is working on a method of improving the security of leaked documents by removing hidden dots left behind by laser printers, which are usually used to watermark documents and track down leakers," reports Bleeping Computer. "Szathmari's work was inspired by the case of a 25-year-old woman, Reality Leigh Winner, who was recently charged with leaking top-secret NSA documents to a news outlet." According to several researchers, Winner might have been caught after The Intercept had shared some of the leaked documents with the NSA. These documents had the invisible markings left behind by laser printers, which included the printer's serial number and the date and time when the document was printed. This allowed the NSA to track down Winner and arrest her even before she was able to publish the leaked documents. Now, Szatmari has submitted a pull request to the PDF Redact Tools, a project for securely redacting and stripping metadata from documents before publishing. Szathmari's pull request adds a code routine to the PDF Redact Tools project that would allow app operators to convert documents to black and white before publishing. "The black and white conversion will convert colors like the faded yellow dots to white," Szathmari said in an interview. Ironically, the project is managed by First Look Media, the parent company behind The Intercept news outlet.
Called a black and white PHOTOCOPY (Score:2)
Turns colored dots into black ones. Problem solved.
Re: (Score:2)
How does making the markings easier to identify help in anonymizing the document?
Re: (Score:2)
Presumably light colors are mapped to white rather than black.
Re: (Score:3)
Unless you can find an analog copier. The digital ones will put the watermark of the copier on it. And the analog copier often has defects due to analog technology that could allow it to be traced back.
Re:Called a black and white PHOTOCOPY (Score:4, Informative)
Just use a copier in a public place. I have even paid for copies made in a bookstore once of a document I had.
Re:Called a black and white PHOTOCOPY (Score:5, Informative)
No, it doesn't allow it to be "traced back" because there is no registry of analog copiers. Color laser printers are special because you need no other detective work for finding the printer: the yellow dots are designed to make that identification trivial.
For other printing technologies (inkjet, black and white printers, etc.), you can only prove that a document came from a particular printer once you have "traced it back" via some other means.
Re: (Score:2, Informative)
Sigh - use a cheap consumer camera or phone. Photograph some secret documents. Pictures will be slightly unsharp, obliterating any small "dots" that the original printer put there. Text will still be readable.
Now, of course any digital camera add its own identifications but:
1. You can buy your cheapie camera/phone anonymously at a flea market, stopping the trace there. Toss it after use.
2. You can easily strip all EXIF from an image so the pixels are all that is left. In theory, there may be information hi
Re: Called a black and white PHOTOCOPY (Score:2)
Good luck with that, the last analogue copiers came out mid/late 90's and are certainly crushed and recycled by now
Re: (Score:2)
Re: (Score:2)
Didn't they always image every document copied??
Re: (Score:2)
Spies could just make as many copies of secret documents they could walk out with every day.
New paper was ready the next day.
Once that issues was finally understood a lot of internal and external changes got made to photocopy equipment for the mil/gov.
Re: (Score:2)
False confidence (Score:3)
I'd operate under the assumption that the NSA has hacked their hardware and software to put document tracking information into things like font rendering and image dithering artifacts.
OCR into a plain text file and strip out any formatting. It's the only way to be even remotely sure.
Re: (Score:2)
It's probably enough to a) strip all the non white/black pixels with a threshold filter and b) convert down to a very low resolution, like 72dpi, suitable for screen viewing, especially if you c) run it through another threshold filter at the end. This will make it look like crap, but preserve formatting which helps verify the validity of a document.
Re: (Score:2)
That sounds like sending a fax to me.
Re: (Score:2)
My gut feeling is no. They could do some neat stuff with, say, playing with word spacing or kerning that would still flow through if formatting were preserved. The number of bits that need to be coded is so small...
Of course, and OCR filter assumes they don't mess with the actual document content. If they go that far, nothing short of paraphrasing will hide the source
Re: (Score:2, Interesting)
What if they add random casual text that is specific to a given document for a given user ? Or changing random words with synonyms, only to make the document unique ? Even little grammar/typing mistakes would do, as long as the message stays similar... Probably one should make pass it through a chatbot to be "remotely sure" ;-) In short : "add noise, a lot of noise" ?
Re: (Score:3)
Expect layers of new software and hardware to create documents that will show a or a few staff who had access or created access.
The problem is the US media likes documents to send to different outside experts to prove they are real.
Font, date, designs, format, spelling, names mentioned, layout are all expected and then get reported on.
The US is now using the demand for real documents as a method to ensure their per document surveillance will
Re: (Score:2)
I'd operate under the assumption that the NSA has hacked their hardware and software to put document tracking information into things like font rendering and image dithering artifacts.
Three words: National Security Letters.
Call it "2024" instead of "1984". (Score:2)
"This is useful to detect whistle blowers in the US."
Again, we are sacrificing billions around the world to dictatorships who will just use the exact same products to clamp down on their own people.
If 1984 were to be rewritten, it should have been from the point of view of many billions living in grinding dictatorship, being spied on by their governments simply using commercial products sold to them by some hundreds of millions living in relative freedom, embedding spying tech in those products to catch mun
Actually no... (Score:5, Informative)
by removing hidden dots left behind by laser printers, which are usually used to watermark documents and track down leakers,
This is incorrect. The purpose of the dots and why they are limited to color printouts is because they are intended to be used to identify currency counterfeiters.
wiki [wikipedia.org]
During the 1990s Xerox and other companies sought to reassure governments that their printers would not be used for forgery.
biting off the nose to spite one's face (Score:3)
Re: (Score:2)
Oh, yes, another technology that's fine to use, because you have nothing to hide. Let's put a GPS on your car as well, and log everywhere you drive. After all, it will help catch criminals, and it should bother law abiding citizens.
This technology has been around for so long that we've come to accept it, but seriously: think about it. Every document that you print can be tracked back to you, along with the exact time that you printed it. This may be only a small part of it, but it is part of the totalitaria
Re: (Score:2)
Every document that you print can be tracked back to you, along with the exact time that you printed it.
Every document I print cannot be traced back to me since it is unlikely the government has a record of all the serial numbers of every printer and who bought which one. Arguably, with a good deal of investigation they might be able to find out that a printer with a specific serial number was shipped to a certain store near me, and - assuming I used a credit-card - that I bought a similar model printer fr
Re: (Score:2)
More and more, I come to appreciate these flashing lights that conservadroids wear to make identification either.
Re: biting off the nose to spite one's face (Score:2)
I am pretty much as far left as a lefty ever lefted.
Have you actually read the material she leaked? You might want to. You're making the left look even sillier. Really, read it.
Re: (Score:2)
Re: (Score:2)
I miss drugs. I really do.
1) Few people are technically traitors. For example, even if Trump is guilty of EVERYTHING people claim, he is not technically a traitor.
2) I'm pretty sure you're insane. It's okay, some of my best friends are insane. She didn't release a damned thing of interest/value.
You're welcome to make a whole bunch of assumptions about my beliefs and voting habits. In fact, I encourage you to do so.
Again, I remind you, I'm as left as a lefty ever lefted. I'm left enough to make a European bl
Re: (Score:2)
I like how you attempt to twist the end. You call it a hopelessly naive retard.
You know what? I maintain that a person without hope is the lowest point of humanity. If you don't have hope, why bother commenting?
Nah... I have hope in humanity. Really, I do. I just figure it's probably going to *actually* be several hundred generations. If we can live that long, I have hope.
Re: (Score:3)
Just be aware that there's no reason to turn off the feature just because the printing is in black and white. Many color printers still uses all colors to print black and white prints, even though it's wasting toner. I have discovered that myself - printing a large pile of papers black and white and the level for all colors went down.
Re: (Score:2)
If you print a black-and-white document in color mode, the yellow dots will be there.
If you print any document in an actual black-and-white mode on the printer, the black cartridge is all that will be used (i.e., no yellow dots).
So, you need to select the correct printing mode.
Re: (Score:2)
I did set the driver to B&W mode and it still used color cartridge toner too.
Of course it may depend on the printer how it works, just don't rely on the yellow dots being omitted just because you set B&W since the amount needed for those dots is minimal and not possible to be measured.
Re: (Score:2)
Black and white is a mode of the driver.
Steganographic dots are included on the firmware layer.
Besides that... grayscale or even pure black and white are no protection from steganography.
Stegatone encodes about 2k bytes/square inch. [hp.com]
Re: (Score:2)
This might also explain why my printer refuses to print in B&W when it's out of one of the color inks.
The black cartridge is a bit larger than the color ones, and I rarely use the inkjet for B&W printing. Once in a while I find myself in a situation where I want a printout, don't care if it's color or not, while I'm low on ink and my laser printer is acting up. The inkjet printer refuses to print and I'm forced to take the time out of my day to run for office supplies when I'd rather just do that
Re: Actually no... (Score:2)
Originally, yes, if you try to copy currency now, it will lock out a board that needs to be sent to factory, along with a lot of questions to answer by the factory and secret service, and your copier will be bricked in the meantime
Re: (Score:2)
Whatever the reason, it's open to abuse.
I wonder if it would be better to add some fake dots too.
Actually, yes... (Score:2)
by removing hidden dots left behind by laser printers, which are usually used to watermark documents and track down leakers,
This is incorrect. The purpose of the dots and why they are limited to color printouts is because they are intended to be used to identify currency counterfeiters.
1) They where originally designed to identify currency counterfeiters.
2) They are as well quite often used to track down leakers (both government and business).
Re: (Score:2)
That is the justification, not the intended purpose or the actual functions. Those three concepts are entirely different.
TFA is correct: the yellow dots are "used to watermark documents and track down leakers". That is one of their functions, even if it wasn't the justification.
I suspect it was also their intended purpose (i.e., the political justification was proba
Irony much? (Score:2)
There is an easy enough solution (Score:3)
Re: There is an easy enough solution (Score:2)
A copier which possibly retained a high resolution scan of the original.
Perhaps... (Score:2)
Re: Perhaps... (Score:2)
I've seen this a few times, as I read the thread. Paper may not reflect the same spectrum as ink does, regardless of the reflected wavelengths that your eyeball is able to receive. What is yellow to you may not be the same to a machine that is able to receive more of the spectrum than your eyeballs can.
Easy (Score:5, Funny)
Every agency office should install a special "whistleblowers only" printer in a prominent location near the office entrance.
Easy solution (Score:2)
Why? (Score:3)
Who besides old geezers use printers anymore?
Convert the data to a textfile.
Use TOR at a Starbucks coffeeshop with a beard, sunglasses and a Trump hat and send the fucker to the New York Times Leaker page.
Re: (Score:2)
Original document copies lend credibility to the leak. It's like the headers in an email leak, they give the reader some confidence that the leak isn't fake because of the extra effort required to produce them and the increase probability of a scammer making a detectable mistake.
Re: (Score:2)
How did you exfiltrate the text to Starbucks?
Easier (Score:4, Interesting)
Look, just throw the stupid document on a copier and they're gone.
This isn't rocket science. What sort of a moron would print a document IN THE NSA and then hand that original to a reporter?
She needs to go to prison for the maximum span.
I personally believe Snowden should be pardoned, and they should stop pursuing Assange, but not every leak is sacrosanct, nor is every leaker a saint.
She clearly did this as a political act, despite signing documents affirming she would keep information confidential.
Basically, leaking info is like using a legally-carried handgun: you should do it only if you accept that the consequences of not using it are worse than the punishment you'll receive, and be perfectly ok with that result.
Re:Easier (Score:5, Insightful)
Yes, she'd prefer the USA to be run along the values of George Washington and not a Tsar - definitely political but what exactly is wrong with that?
It's not just R vs D here. It's gone international. Do you really want to back a side other than the home team?
Re: (Score:2)
Sounds like a hanging offense to me.
And before you try and pull that "he's the President, it was legal" crap, he arguably broke his oath of office. And anyone capable of rational thought should realize that "high crimes" should include blabbing secrets no matter who your are.
How to protect your documents (Score:3)
Look into the past of every staff member. Education, politics, languages, university, mil, gov, internet, protests, work, hobbies, interests.. walk the resume and interview everyone in person. Educators, friends. See what a person was like.
Learn from the issues the UK had from 1930-70's. Learn how the UK solved its internal security issues.
Learn why the USA was so good at security from the 1950's-80's.
Once a person has a job with security considerations keep on looking at their work and how they use the "internet", their politics, education, interests, hobbies, friends..
Keep looking, all year, every year.
Two contractors now working together is not a new security policy.
Create perfect bait projects and files just for staff given their politics, see if they respond.
Don't strip them, add different dots (Score:2)
The Ice Station Zebra option should add cartoons of Disney characters as faint yellow dots after stripping the original finger printing.
Imbeciles (Score:2)
It's clear that the staff at The Intercept are complete and utter imbeciles. It really seems that they didn't even know about the hidden printer dots which everyone (and I mean everyone) has known about for the last decades. Everyone at the Intercept should be fired and not ever work as a journalist again. This is just really really stupid. Even if you didn't know about the printer dots, sharing the documents with NSA is just mindboggling. Everyone should be fired.
Intel Specialist? Really? (Score:2)
Well...
Being an "Intel Specialist", if she was worth her salt, she could have simply memorized bits of the content over a few days and recreated it at the library in a text document.
Or, if she was inventive, she could simply have made it all up and created a realistic document. I'm surprised this doesn't happen more often, if you know the format it's very easy to create believable stuff, and the formats and classification markings are documented in publicly available government regulations / instructions as
Here's a better idea/hint for whistle blowers (Score:2)
Moral of the Story: (Score:2)
Don't trust The Intercept with your leaked documents--those fuckers will rat you out to the NSA.
Journalists have a moral responsibility to protect their sources when necessary, and The Intercept fails.
The Intercept wants everyone to know: "We won't break your story. We'll turn you in."
Just get a Dynatyper (Score:2)
When I was in high-school in the early 1980s, I had a few teachers who refused to accept term papers that came off a dot-matrix printer because as everyone should know, the quality of the content is far less important than the appearance. So, a couple of us nerds bought a nifty little gadget called a Dynatyper. http://www.computerhistory.org... [computerhistory.org]
Problem solved.
But seriously, any parent that would name their kid "reality" a) has a screw loose and b) is setting the kid up to have a vastly over-inflated ego.
Re: (Score:2, Insightful)
No, no one. Well maybe just you. The rest of us are intelligent enough to realize that security clearances aren't determined by discriminatory items such as a person's name.
Re: (Score:2)
Re: (Score:2, Informative)
Names are typically very representative of culture, in particular parents culture. In this case "Reality Winner" pretty directly points to `hippy idealist nutcase' culture. Mohammed is typically muslim, whilst something like Eriksen in the US would typically be Scandinavian and of a higher cultural educational level (not having changed their name to a local one as most US poor or low culture immigrants do) etc. If you select or avoid people according to their surname then that will lead to unreasonable d
Re: Reality Winner (Score:2)
This is true. I often ignore posts from Anonymous Coward. It depends on how much time I have. If I don't have much time, I mentally filter them out. If I have time, I read them. Oftentimes, they don't say much that is worth my time. So, I sometimes miss out on good posts, but I consider it worth it.
Re: (Score:2)
Re: (Score:2)
Her actions in putting her own country before Russia should be considered before making fun of her name.
There's more news to come I'm sure - stay tuned for more Russian backchannel action.
Re: (Score:2)
Yes.
There have been a lot of denials of what her information claims to be true so she released it to citizens to deny official propaganda.
It's about putting country before King - something George Washington was keen on.
Actually no, it was your duty to vote and not mine. However you appear to be putting a Party ahead of your country - how Soviet of you!
Re: (Score:3)
Re: Reality Winner (Score:2, Insightful)
100% this. I am NOT a fan of Donald Trump and if he were impeached I'd be thrilled. I do think the Russians were involved on some level in the election and I do think there might have been some shady things going on with his staff.
But at the same time, she's leaking sensitive information that's not her place to decide on. It may be part of an ongoing investigation where we don't have all the facts yet, it may be enough to reveal a source or method, or it may have been disproved by new information she didn'
Re: (Score:2)
It may be a stupid action, I have no idea, but when this material of national importance is being denied at the highest levels maybe it's time to get the word out and put the country first instead of the chain of command.
Re: (Score:2)
Re: (Score:2)
How can you call her a whistle blower? The value of the information to the American public was small or non-existent and it tipped off the Russian that we were on to them.
Absolutely
The value of the leak is not in what it says, which any smart person probably assumed was happening anyway, but in that we knew it at all, which is to say the Russians now know that path has been detected where as before they did not.
There is one small thing which is that the Administration can not continue to deny the level of Russian interference with stuff like this out, but that's not really a bomb-shell because no one believed them anyway.
Re: (Score:2)
It tipped off the public.
The Russians appear to have already known and already put pressure on to stop the investigations.
Re: (Score:2)
How can you call her a whistle blower? The value of the information to the American public was small or non-existent and it tipped off the Russian that we were on to them.
Without completely disagreeing with the first clause, I feel compelled to note that the Russians have been aware the US is on to them for some time. There's nothing in the publicly released parts of the analysis that they didn't know.
And the question of whether whistle-blowers can blow the same whistle twice is sufficiently abstruse that I feel it's safe to say that in the grander scheme of things, I don't give a flying fuck. She acted in the public interest and provided us with material that reinforced an
Re: (Score:3, Insightful)
Because the document is really nothing more than all the bogus stories that have been printed and reported since the election. There is no actual evidence of the claims they make, other than a possible IP address. Everything else is supposition based on "We know the Ruskies were in on it, somehow.".
Re:any laser will watermark the document (Score:5, Informative)
Long before laser printers, investigators were tying people to typewriters based on unique per-unit imperfections and wear patterns. You can do something similar based on drum and toner distribution variances even on a monochrome non-watermarked printer.
Granted, the judas dots also report the date and time, which helps nail a culprit on a shared resource, but the safest thing to do would be to OCR the printed documents rather than photocopy them.
Re: (Score:3)
I wonder if that's like the pseudoscience [washingtonpost.com] behind bite mark "experts".
Re: (Score:2)
Re: (Score:3)
One printout is just as unconvincing as another. The thing that brought down Dan Rather was that in his case the computer printout in question used anachronistic fonts. But an email dump with full headers can be cross-referenced back to its sources, even if you have it replicated by monks on an illuminated manuscript.
The important thing here is that the original printer isn't going to be made accessible to people trying to confirm the truth of the leaks - only to people trying to trace them.
Re: (Score:2)
Not true. Though neither is proof, an actual copy is more convincing than notes taken by someone, who claims to have seen the document. Or, for another example, the posted scan of a copy of Obama's birth certificate was less convincing, than a scan of original. And so on — the further away it is from the source, the less convincing it is.
Re:OCR removes authenticity (Score:5, Insightful)
There is kind of a conundrum here.
The best way to prove authenticity is to reveal as much metadata as possible. This is also how you get caught.
In fact getting caught is a great proof of authenticity. And we now know that all documents with the same printer dots as the ones that got the guy caught are likely to be authentic.
Re: (Score:2)
A dot matrix printer is the solution to the problem then.
In some countries it's however illegal to try to identify sources that have leaked to the press.
Re: (Score:2)
Because you can so surreptitiously print-off dozens of pages of incriminating documents in a cublcle-farm on a dot matrix printer that you had to bring-in with you and that no one has ever heard run before...
Re: (Score:2)
Re: (Score:2)
I suppose he's thinking of the case where one scans to PDF, and distributes the electronic version.
Re:any laser will watermark the document (Score:4, Insightful)
So the solution is to either scan/OCR the smuggled-out document and destroy the printed-copy original before presenting to the third-party source, or else to utilize a third-party source that's smart enough to do this themselves.
The dot-pattern in the printer is not meaningful if it doesn't exist, and since it takes a forensic examination of the printout to identify the dot pattern it's not something that a security guard is going to be able to routinely check at a building security point.
Fundamentally it comes down to understanding the technology one is using, and to mitigate the pitfalls. If you're ignorant or stupid then you'll probably get caught.
Re: (Score:2)
People have been caught with leaked documents by tracing back who had access to these files, looking at folds, smudges, and other imperfections in the printed page, and so on. The watermark only adds another level of data to trace back the source.
This has been true in other cases. People could track back typewritten pages to certain models of typewriters by the font, spacing, and so on. Adding further analysis to things like wear patterns and manufacturing defects on the letters can add some additional d
Re: (Score:2)
Because of this I have to wonder about the utility of these color printer watermarks. They may have worked in a handful of cases but once people figure this out then it's trivial to circumvent and it becomes worthless and expensive.
Worthless? Expensive? To whom?
Watermarking is done by the manufacturer as a part of printer's firmware.
The cost of writing it is long amortized. While its implementation is currently costing about as much as a single copy/paste would.
I.e. There is no cost.
There is also no cost of record keeping as all you need to know is printed right there in the watermark.
As for circumvention...
It's like saying there's no point in collecting fingerprints because there are such things as gloves and cloth rags to wipe the p
Re: (Score:2)
Of course there are lots of ways to identify a document back to the originating person. The reason for mentioning printing in the first place is that perhaps in this instance there was no particular means by which to electronically remove the document, such as more thorough logging of the insertion of flash media or copy-access of files, but there could have been a demonstrable need in the office to print, such that printing a limited number of documents for smuggle-out would not really stand out, and wher
Re: (Score:3)
This.
And even if you feed a color printer a black and while document, what's to stop it's firmware from inserting the yellow dots? AFAIK, these watermarks aren't part of the PDF content. The printer generates them.
Of course, I could mess up the watermarking process by refusing to replace my printer's yellow ink cartridge.
Re: (Score:2)
And now you know why.
Re: (Score:2)
Re: (Score:2)
Just put your magenta ink cartridge in the yellow's slot, although some cartridge chips might trigger a "wrong colour in slot #3" warning.
Instead of water, then, mix all the colours up - pour out half the ink from each cartridge, then pour the magenta into yellow, the yellow into cyan, and the cyan into magenta.
Oh, wait. The operator is trying to be surreptitious.
Re: (Score:3)
Back in the day typewriters were traced back because of manufacturing defects so the e may be typed 1/24th of an inch higher and 1/12th inch to the left.
A dot matrix printer could have pins that are in tolerance but have defects that could allow it to traced. The same with line impact printers.
Re: (Score:2)
Was not this in fact a plot point in some recent spy movies? I know fiction is not fact but if some filmmakers can figure this out then others can figure it out too.
Re: Retro tech? (Score:2)
Send it through an older fax machine. Bet Goodwill has one.
Re: (Score:2)
I still have an Epson FX-100.
Re: (Score:3)
Print on yellow paper.
Re: (Score:2)
What of a person that prints with a pattern of dots that makes the watermark unreadable? I can envision someone creating a printer driver that does exactly this and release it on the internet. The government might try to arrest the people that did this and have them put in prison but once it is out there it can't be taken back.
This watermark scheme will be defeated. Recent events put a spotlight on them and so I expect a trivial means to circumvent it to be out in about... 5... 4... 3...
Re: (Score:2)
Even dots that don't move betrays you, they are likely the serial number of the printer in question.
If you want to make a mess, then pick up discarded papers that has passed the printer before and run your print on them. It's not uncommon that some prints have waste blank pages included.
Re: (Score:2)
Those can't be used to print fake currency so the feature was never required.
Re: (Score:2)