The arrest warrant says nothing about printer dots, actually. It says that once they saw it was printed (per the Intercept showing them a copy to confirm its legitimacy) they simply looked at who'd printed the original document. Upon looking into the desk computers of those 6 people, she was the only person who'd had email contact with the Intercept.
They didn't even need the yellow dots. She literally emailed the Intercept from her work email and was one of a trivial number of people who'd printed it in the first place.
This was a significant clue that The Intercept did not have to give up. The warrant says they looked at all people who had accessed the report, and because the document appeared to have been printed, then at those 6 who printed it.
The yellow dots might have not been a factor, but it's nevertheless the same type of carelessness which might have exposed a whistleblower otherwise.
(But yes, this whistleblower would have been discovered by other means as well).
1. The actual reason she was arrested is because she admitted leaking it.
2. The story about only six printouts and e-mail correspondence is the official cover to draw public attention away from the yellow dots.
3. The yellow dots is how they actually found her and why she had no reasonable choice but to admit leaking, which allowed 1 to happen without drawing attention to the yellow dots.
It's merely speculation but I think it's plausible:
If some random journalist was able to decode the dots, the NSA probably decoded them too because why not.
The fact that they know how many people printed this document shows that they keep detailed printing logs so they shouldn't have trouble finding out who exactly used this specific printer at this specific time. And if you think about it, this is exactly what they should be doing instead of relying solely on weaker evidence.
Then they searched her work computer and got some more evidence (the e-mail contact, maybe more they aren't sharing).
They presented whatever evidence was sufficient to convince her and the public that they know it was her, she doesn't seem very tech-savvy, freaked out, told everything and now it's done.
this is an interesting angle, i assume because there are no references this is merely speculation?
actually, since the dots are not at all a secret, #3 cant be right. #2 is a bold claim, obviously pure speculation. So #1, is this true? please link source.
I don't know why everyone is blaming The Intercept for publishing a document leaked to them anonymously for that exact purpose. They always publish the source document. So does NYTimes and WaPo and other news orgs. It's common practice.
Assuming The Intercept detected the printer dot, how could they possibly know the printer dot wasn't some random one from a printer a library vs her work computer?
If I was The Intercept receiving a document from someone claiming to be an intelligence officer I would assume they used some very basic OPSEC - such as not printing the document out on a MONITORED WORK COMPUTER. This is basic stuff.
I don't see what more The Intercept could have done here to protect her.
Whether she got caught because of her own mistakes is immaterial.
What matters is that if she had not made any mistakes the intercept made it trivially easy to reduce the pool of possible suspects. That´s fairly stupid if your whole reason for existence is to handle documents sent to you by vulnerable people.
If this is not the last article by the Intercept based on stuff leaked to them it would highly surprise me.
Why did she even print it off in the first place? It seems like a unusual way to leak in 2017. Why not take a picture using a cellphone and send it digital to the encrypted dropbox on their website?
Still I don't see how the Intercept could have handled this better. Maybe they should have been looking for printer dots in documents received in the mail and then block it out when they digitize it. But is this really a common practice among news orgs handling leaked docs?
I see people on Reddit attacking The Intercept because, they say, the printer dot thing is 'common knowledge'. But to me this seems like an easy thing to overlook. Especially if most other leaks were digital. News organizations and leakers will certainly all be looking for this going forward (I hope).
As far as I'm concerned all the 'common knowledge' stuff that was overlooked was all via the leaker.
If you are in the business of dealing with such information then yes, printer dots should be on your radar. I know about them, so the Intercept should definitely know about them and many things besides that I probably do not know.
The intercept could have handled this better by describing the article and maybe a citation or two, to pass the originals back in some form to the government is about as stupid as it gets.
If anything this article shows how easy it is to play 33 bits if you have help from the subject or some outsider that is just doing their job in a ham fisted way.
Fair enough. Maybe their experience with already outted leakers like Snowden, where publishing the full docs in original form was common practice, and they never fully developed a security system for handling printed documents. They are no doubt probably better experts at crypto than most of the bigger and older news orgs, I know they have some quality infosec guys, but they were ill-prepared for a traditional style leak.
Everyone is not a hypercompetent superhero / supervillian.
There's a hell of a lot of capability which comes about through opportunity, chance, and simple dumb luck or repeated attempts to do something. This tends to show up frequently in terror and mass-criminal activities. Simply wanting to accomplish some negative effect, and having general means to do so, is frequently enough, particularly if that threat is underappreciated and/or requires a high degree of vigelance.
There are numerous attacks (water, food, infrastructure) which have been highlighted for decades as potential attack vectors, though they appear not to have been undertaken.
Another possiblity, of course, is that there is constant low-level probing of such attacks, which are lost either at the internal or public-discourse level as noise or accidents. There remain cases -- the San Jose electrical power substation attack via small-arms fire, US military seeding of infectious agents over urban populations[1], the CIA's attacks on Soviet gas infrastructure via control equipment[2] and Iranian nuclear material refining via stuxnet[3]. In which case, much of the expressed concern of US intelligence agencies is an awareness of their own capabilities, and practices. Other foreign powers have their own history here -- Russian tea[4], Israeli hotel service[5], and Chinese messenger service[6] come to mind.
Criticisms of The Intercept are validated, IMO, by the Intercept's own positioning of itself as a safe channel for such leaks,[7] and specific in-house expertise on the matter, Micah Lee.[8]
Even if The Intercept's actions didn't directly contribute to identification or confirmation of Ms. Winner as the source of these documents, the fact that they could have is absolutely material, and represents a massive failure on the part of Intercept staff and procedures.
Other points to consider: people's technological savviness is on general exceedingly poor, and even domain experts are generally only experts within that specific domain. At the level of the general population, only 5-8% of users have "advanced" skills -- which means ability to use such features as "sort" or "find and replace" within a word-processing tool.[9]
This means that an organisation such as The Intercept should focus as a principle priority on protecting its sources against themselves.
Ms. Winner's OpSec was poor on multiple counts. The Intercept amplified those weaknesses.
Finally: Information isn't power, but is a force-multiplier. It may amplify either your strength's or your opponents'. In this case, the question (from the NSA's perspective) was to identify just who it was that might have provided the information in question. Any one individual can be uniquely identified by 33 bits of information. In the NSA's case, most of those bits are already defined by a simple basis of access to information. The documents here had only to discriminate amongst the much smaller set of people -- call it 3-6 bits -- who might have supplied them to The Intercept.
Other lessons are that in previous totalitarian societies, registration of typing and duplicating equipment was routinely used to identify a potential source of documents. Because those determinations were based on fixed characteristics, that was all they could divulge. Today's printers define not only the specific machine, but time, and potentially metadata of the document itself or submitting user.
The Intercept did not encourage her to steal this information, nor did it give her any direction on how to do so. She chose her own method of exfiltrating the data, and in this case it turned out to be an quickly identifiable one. She knew this document was going to be published by the Intercept; that was the entire point of leaking it. Once published, regardless of form, you can bet that the FBI would have agents knocking on the Intercept's door asking to see the physical source material.
Furthermore, In order to prove the veracity of its published claims, the Intercept provides its source documents - if they do not, they simply open themselves up to accusations of fake news and falsified material. Any editing they do to the document will be ammunition for the FAKE NEWS crowd - so where is the compromise here?
The compromise is that you should assume that if the material is genuine that someone will end up in a large amount of trouble if you go about your verification round in a dumb way. That she stole the information and made mistakes does not excuse the Intercept for making mistakes of their own.
Greenwald is not located in the United States for a reason (so good luck knocking on that door), and if they wanted to verify the documents they could have done so with a bit more care.
Assuming the text did not contain steganographic tricks (yes, that works) they could have cited back a few paragraphs and the document title. That would have been enough.
I partly agree with your concerns that the Intercept should be more cautious about attribution of leaks, although there may not have been anything they could have done to protect this alleged source in this situation. I just wanted to respond to
> Greenwald is not located in the United States for a reason (so good luck knocking on that door),
Greenwald has said he moved to Brazil because he wanted to be with his partner and that was the solution that they chose; at the time, one couldn't sponsor an immigrant visa for a same-sex partner in the United States.
This document wasn't reported by Glenn Greenwald, but rather by Matthew Cole, Richard Esposito, Sam Biddle, Ryan Grim, who all appear to live in the United States. Almost all of the Intercept's reporters who report on and publish leaked classified materials live and work in the U.S.
As opposed to sending the originals back to them...
I am trying to come up with a suitable analogy to illustrate how stupid this is. I imagine a WWII intercept of an Enigma message being decoded and the clerk in charge then calling up the German High Command to verify the accuracy of the decoder. It is totally baffling to me that they did this in the way described without for one second thinking about how vulnerable their source was.
Maybe. How does one know that when the document is viewed, random synonyms of certain words aren't used specific to that viewing, and logged along with the identity of the viewer.
Corporate emails sometimes use this trick to catch company leakers.
Are you sure this is something NYTimes/WaPo/WSJ/etc would have detected and removed? I'm not familiar with the established practices for news orgs handling leaked documents arriving the mail from intel officers. It seems a lot of people are, so I'm curious to hear more about it...
It's not just some dots, although that's a massive failure too, of course. TheIntercept reporter contacted some random govt contractor to see if they could verify the documents. Ok so far. But the reporter also revealed the mail was sent from Augusta, Georgia, which is a major breach of confidentiality.[0]
> Are you sure this is something NYTimes/WaPo/WSJ/etc would have detected and removed?
No, I'm not sure about that, and if they'd made the mistake after having claimed to be safe for whistleblowers I'd be gently complaining about them on an Internet message board too.
>This was a significant clue that The Intercept did not have to give up.
I have no idea why people are leaking to rinky-dink operations like the Intercept. If you want to leak, then leak to the Washington Post or New York Times. I can't imagine the Intercept having the expertise to handle such documents. This was a fairly obvious screw up.
I also question their methods of receiving and storing such documents and if they aren't compromised by one or more nation state intelligence services. Are these documents being stored through a third party email or web server? Is there end-to-end encryption?
The copier explanation may be a believable fiction as not to reveal other sources.
You know who the intercept is, right? It was started by Glenn Greenwald and Laura Poitras, specifically for safely handling, processing, and releasing the Snowden documents and others like it.
Personally I would trust them MUCH more than the New York Times. Well, unless the documents were specifically only damaging to Trump.
Here's how Greenwald initially handled Snowden's leak [1]:
Snowden anonymously sent him an e-mail saying he had documents he wanted to share, and followed that up with a step-by-step guide on how to encrypt communications, which Greenwald ignored. Snowden then sent a link to an encryption video, also to no avail.
“It’s really annoying and complicated, the encryption software,” Greenwald said as we sat on his porch during a tropical drizzle. “He kept harassing me, but at some point he just got frustrated, so he went to Laura.”
From another source [2] I cited in another comment:
"it took Greenwald several more months and help from experts before he could learn relatively basic tools like PGP encryption."
1. That doesn't refute or otherwise respond meaningfully to parent's points.
2. It makes clear that providing better channels to enable legitimate whistleblowers to find a publication channel was critically important.
3. It's exceedingly easy for anyone to ignore a critical insight -- whether it's some annoying anonymous leaker, or an odd set of lab results, monitoring readings, etc. Those insights are critical in large part because they fall outside norms and expectations. (This is, generally, a major block to creativity.)
4. There are a lot of contacts which aren't of mind-blowing significance. Filtering the noise is another problem.
5. Greenwald and The Intercept were specifically created to address these shortcomings. Among The Intercept's staff is Micah Lee, technologist with the EFF. (I've pinged Lee on Mastodon over the Intercept's gross failure here -- it is a massive fuckup.)
This seems pretty untrue. The excerpt shows that at one point, pre-Snowden, Greenwald was an unsophisticated user who didn't want to deal with PGP, just like 99% of reporters. But it's responding to a point about Greenwald, post-Snowden, establishing The Intercept specifically to handle security reporting and anonymous leaks. That's not a claim that he's Moxie Marlinspike, it's a claim that The Intercept has much more emphasis on security than news orgs without those origins.
And, more broadly, citing his pre-Snowden behavior seems unreasonable. For literally all people, there was a point where they didn't know PGP, and another point where they were confused and just learning to use it. If you trust their current knowledge of it, that's hardly a serious criticism.
You are responding as if I claimed that Greenwald's association with the Intercept implies that therefore it is insecure, but I did not. There seems to be a problem with logical quantification under negation in your response.
I think you misunderstood me - I'ma actually making a stronger statement than you think, so there's no issue with negation here.
As I read you, you did not say that Greenwald's association with The Intercept implies it is insecure. You did say that Greenwald's delays in adopting PGP mean "that Greenwald's association with the Intercept cannot be used to imply that it practices good security".
I didn't miss that distinction, but I'm making a stronger assertion - I think his presence does (weakly) imply good security. I think that "Greenwald's association... cannot be used to imply" is false.
If we're resorting to logic for this, you're suggesting that Greenwald's presence should not raise our expectation of good security (which is, as you point out, different than saying it should lower our expectation). I'm saying that it should raise that expectation, so we really do disagree.
You may not have claimed that, but ckastner's comment, "That's not exactly trust-inspiring, I'd say," pretty much directly impugnes The Intercept's security and trust.
I don't see that as the argument being made, which renders it a strawman.
It's possible for someone, without a specific talent X, to create an institution to ensure proper application of some talent X, when the need for competent execution of X makes itself apparent.
Again: you're not arguing a relevant point, despite the truth value of your statements. This is an irrelevant discussion.
> I don't see that as the argument being made, which renders it a strawman.
But that's how I, and apparently others, read the grandparent's argument.
The grandparent made a personal statement about trust in The Intercept, and did not really substantiate this trust other than by mentioning two key players.
> It's possible for someone, without a specific talent X, to create an institution to ensure proper application of some talent X
I fully agree -- one need only think of huge conglomerates who manufacture everything from light bulbs MRI machines to aircraft engines, to use GE as an example.
> when the need for competent execution of X makes itself apparent.
And therein lies one problem as I see it: it has to make itself apparent to the creator (resp. leader).
Because the converse is also true: It's possible for someone, without a specific talent X, to create an institution which fails ensure proper application of some talent X.
From another comment, we seem to agree that there should absolutely have been policies and procedures in place that should have prevented this mess in the first place.
I posit that this is one of the things that should have been apparent from the start (as preserving anonymity is crucial to The Intercept's cause), yet most probably weren't.
I differ on the first claim, though agree it's possible to read it that way, and accept that you have. I see this more as "a need was seen and the initiative was taken" argument, perhaps poorly articulated.
The following arguments you make, here, are actually pretty good. The one you you'd lead with was poor, as I've already addressed.
I'd especially like to emphasise your point on the failure of good intentions. That's highly salient, and something that should probably be kept generally in mind with tech startups -- many of which seem to sprout like mushrooms from the dark and ... fecund substrata of Silicon Valley and YC ... and yet fall short of their respective putative aiming points.
(That The Intercept can trace its roots to start-up culture may also be relevant here, through Omidyar.)
The interesting (and troubling) part of this story is that it involves four members of the staff, working together, none of whom is named "Glen Greenwald", and presumably with the technical support of Micah Lee. And yet we've still seen what we've seen.
Definitely room for improvement.
But it's still a bit rich to pin the fault on Greenwald specifically, and pre-Intercept Greenwald especially.
Who started it has no weight, that is just an appeal to authority. What does matter is how they conduct themselves and they made enough mistakes here to avoid them like the plague if you have something important.
Uh, I suggest you read about how poorly he handled the Snowden materials and how he's about as tech savvy as my grandpa. This fuck-up alone is inexcusable.
Why is this downvoted, it is factually correct. Greenwald did not appear to be at all tech savvy or prepared to deal with such sensitive info. And this fuck up certainly does nothing to improve the picture.
Notably, this article specifically points out a much more obvious NYT screwup - they released a Snowden doc using digital PDF 'black highlights' that didn't destroy the underlying data.
That's a mistake I think most security-conscious, tech-savvy non-professionals would avoid. The printer steganography here is a substantially more subtle error than the one we already say the NYT commit.
> Are these documents being stored through a third party email or web server? Is there end-to-end encryption?
This is something that can be learned with a few minutes research, so raising it as "questioning their methods" seems like FUD.
The answer is yes, there is end-to-end encryption handled via Tor. Using SecureDrop, the same tool as the Washington Post and New York Times. Treating that as some kind of distinction between these organizations is absurd.
Third possibility: that she suspected she'd be caught regardless, and decided that releasing this specific information publicly was more important than her personal freedom.
Fourth possibility: that the NSA did use the forensic marks in question to identify her, and fabricated a parallel construction in order to avoid acknowledging the existence of said marks.
(But still, most likely this is Hanlon's Razor. What's there to be suspicious about?)
Yes, it's been well known for years to anybody who wants to know, but staying quiet still appears to be working very damn well for the NSA - right here you have a leaked NSA document where both the leaker and journalists failed to redact the dots.
That they were in two articles 10 years ago is not evidence either that it's common knowledge or that no one cares. They have their own wikipedia article.
I was just speaking to a co-worker about this and they didn't know about the dots. Anecdotal as always, but we shouldn't take for granted that everyone is aware of this.
Not that common, and intelligence institutions often have policies not to acknowledge things that are known to be true. I think that not discouraging people from mailing printouts when they don't want to be identified is a good enough reason to pretend that they didn't just read all the info they needed from the printout itself.
The Intercept was conceived as a more pro-left-wing alternative to Wikileaks, so I doubt it. They are exactly as biased as Wikileaks, but in the opposite direction.
I think it is a good thing; truth is discovered in the clash of opposing forces.
Seven: someone with sysadmin privileges sent mail from her account, having printed the document from six accounts and only managing to get to "her" printer before loose documents were destroyed.
we are asked to believe a HS grad is a triple linguist, named Reality Winner, and within first few months on job ever with NSA was allowed to print and email a TS doc. and that she was arrested on same day within hours
so yes, there is at least circumstantial evidence this was not a "real" thing that happened. either a plant or make believe
Air Force Cryptolinguist training is up to 480 days[0]. So, someone out of high school can sign up to the Air Force and complete the training in a little under 2 years. Her first job as a cryptolinguist would be working at a DoD related agency working on TS material. So yes, you are asked to believe this because this is a common occurrence.
One of the smartest people I've met had this exact job immediately after HS. If this is the type of career you want it's actually a very good path. It gets you relevant experience while most of your HS classmates are still in college, you can get a degree either during your tour or immediately after, debt free, and by the time you're done you've been pretty extensively vetted.
Her background, according to the Guardian, is former Air Force and being fluent in Middle Eastern languages. None of that indicates that she would be especially knowledgeable of how access logs are implemented. I mean, she should have gave the NSA the benefit of the doubt given the massive clusterfuck caused by Snowden 3+ years ago. But even today, we see reports of massive data incompetence by Booz Hamilton (Snowden's employer) top secret contractors: http://gizmodo.com/top-defense-contractor-left-sensitive-pen...
The whole idea of 'top secret contractors' is wrong to begin with. You can't have people access information at that level without making them part of your culture. If you take that risk then there is a fair chance your 'top secret' is in fact 'public domain'.
It's not about whether someone is a contractor or a full time government employee. Contractors work on the government site just as much as FTE's, receive the same security training, and are indoctrinated into the same culture.
The problem is inadequate access control to classified materials. There tends to be a lot of information that people can access without a need to know, that is not rigorously tracked and locked down. This means that someone looking to steal or leak can get their hands on a lot of stuff they shouldn't without raising suspicions if they're not stupid about it.
The reason we may be seeing a number of spillage incidents with contractors is simply because there a lot of contractors working at government agencies. In IT a lot of the time contractors outnumber government people by a significant margin.
Yeah, America has not only had an over-classification problem, but it's been inundated with contractors with unnecessary top clearances. The Washington Post had a great investigation back in 2010 cataloguing the sheer size and complexity of America's security and intelligence system:
> Some 1,271 government organizations and 1,931 private companies work on programs related to counterterrorism, homeland security and intelligence in about 10,000 locations across the United States.
> An estimated 854,000 people, nearly 1.5 times as many people as live in Washington, D.C., hold top-secret security clearances.
> Analysts who make sense of documents and conversations obtained by foreign and domestic spying share their judgment by publishing 50,000 intelligence reports each year - a volume so large that many are routinely ignored.
Not stupid, it is just hard to not get caught. Once you see how someone is caught you can say "oh of course I'd never do that", but you'd probably make some other mistake.
Could she and should she have taken better precautions, without a doubt. Would the average intelligence analyst who is not being coached by a foreign power do a better job, I doubt it. In fact many foreign spies have done a far worst job and not been caught immediately. This is because the intelligence they stole was not published. Being a source of a journalist is much harder than being a source for a foreign power.
Well, that's one way to look at it. The other is that NSA's internal security is so botched that a fresh-out-of-school 3 months on the job external contractor managed to outfox the NSA's security measures. What she did should not have been possible in the first place.
Not a chance. She will spend a long time in jail if convicted and during the court case such stuff will surely come out if her defense is any good. (Assuming you are aware that she admitted to being the leaker.)
From what's publically known, the email to The Intercept related to their podcast, of which we supposedly was a listener and not to the matter at hand.
Agreed. Whenever I leak, I make sure to pin it on some derp. Throws them off my trail so I don't end up like Manning. As for the derp, she'll get a book deal which is more than she ever had going for her.
(Kind of annoyed that the derp became the story while the actual leak never made the front page.)
As an aside, how else would one sneak top-secret stuff out of the NSA ? I assume all IO ports have been cut, and the input devices soldered onto the motherboard ?
Send some xor-ed file out using a non-secure connection and sneak the key out somehow ?
Take photographs/video using the phone, cold-war style ?
Without having visited the site in question, the underlying theme is that you, as the security people, have to choose your battles because employees start to get very upset when you make their jobs difficult in order to show them how little you trust them.
> Send some xor-ed file out using a non-secure connection and sneak the key out somehow ?
Stray thought: You don't have to sneak a OTP out, you only need to sneak it in. Then you do your XORing, transmit the mangled data, and erase that copy of the key.
Taking photographs on an (offline) phone is probably the safest and easiest way to go about it. Obviously no flash, if you can't do it in non-monitored environments make it look like you're just looking at your phone. Go home, take pics out of device, delete them and destroy the phone.
This said, it's been reported some contractors and employees routinely took home loads of external drives, so your expectation that IO ports are completely disabled might be unrealistic; the NSA is good but it's just another large org, just a bit more paranoid than average.
Phones aren't allowed in SCIFs (the facility she worked in).
Hard drives labeled unclassified can be removed from those facilities with special permission but I think hard drives are under more scrutiny nowadays.
You can't just "look at your phone" while processing classified information. Its highly forbidden to even have a phone in your possession while processing classified information.
She did not email TheIntercept from her work address, she subscribed to their podcast mailing list via her personal email.
Still an opsec failure of sorts, true, but far less so than you try to make it sound
Nevermind that. Go down the rabbit hole that is COINTEL and realize that thinking that you can really know or trust anything you think you know is futile. The tactics have been used in the past and there is no reason they wouldn't still be in use: they work.
Bonus points? Any mention of possible COINTEL tactic gets you labeled a conspiracy theorist. A lovely term invented by the CIA that readily dismisses anyone who points out that a COINTEL tactic might be in use. Lucky for them most the general public bought it hook, line, and sinker.
the real issue is not how she was caught, the real issue is how someone like her got to this position in the first place. with a social media existence that is littered with dislike/to hate for the current administration, high activity on social media, a name change, and more? these should all be red flags that either block such positions or remove you from then.
back in the last world war they managed to pull off creating an atom bomb with even the vast majority of people in office knowing about it, today every damn snowflake is looking for their five minutes of fame.
"FBI special agent Justin Garrick told a federal court that Winner – a cross-fit fan who graduated high school in 2011 and was in the US Air Force apparently as a linguist – confessed to reading and printing out the document, despite having no permission to do so. "
So, she joined the company 3 months prior, and it was 'permission' rather than enforced access rights that they relied on for new trainees not to color outside of the lines.
It's not about 'permission', it is all about 'capabilities'.
It's the same with the NSA's excuse.. "Yes we gather Americans' communications, but there are rules against agents listening to that!".
Or Facebook apps, "Yes apps can see your name, dob, email and your friends list, but they are not allowed to abuse this information"... Thanks, I feel secure now.
They work sometimes, sometimes people do rob you. That's still a thing that happens. So I lock my door to deter thieves, and buy insurance so that if I do get robbed I'm not doomed.
The NSA's statements aren't "we've lowered risk to an acceptable level, and put in safeguards for when leaks inevitable occur". They're "we're the only ones using this data, so there's no problem". That's provably false several times over.
To continue the metaphor, they didn't buy insurance because they trusted their home security so highly, and lately it's starting to look like they also forgot to lock the door.
Physical security metaphors are irrelevant to the Internet because there is no physical equivalent to issuing one command that will simultaneously try to break into every door in the United States and report back to you the ones its succeeds with. That is just one example of a relevant difference that prevents physical metaphors from working. I could come up with half-a-dozen more without hardly trying, but one is adequate.
I once went around and taped a note to about 50 doors in my neighborhood. As I recall, two of them opened at my touch - they weren't securely latched. At that point, it didn't matter if they were locked.
you find that level of permission quite common across many different employers. until employers (government or otherwise) treat security properly there will always be means to circumvent security in name only.
According to the FBI arrest affidavit, only six people printed that document, and she emailed The Intercept from her own work computer.
So she would have been identified even if she or The Intercept had the sense to remove or alter the DocuColor dots.
"The U.S. Government Agency conducted an internal audit to determine who accessed the intelligence reporting since its publication. The U.S. Government Agency determined that six individuals printed this reporting. WINNER was one of these six individuals. A further audit of the six individuals' desk computers revealed that WINNER had e-mail contact with the News Outlet. The audit did not reveal that any of the other individuals had e-mail contact with the News Outlet"
Not that that makes it any less concerning that The Intercept forgot to scrub the dots, unless the email in question contained instructions along the lines of "lol dont worry bout opsec i dont care if i get caught kthx <3 <3".
From The Intercept's "how to pass on tips" page [1]:
> We’ve taken steps to make sure that people can leak to us as safely as possible. Our newsroom is staffed by reporters who have extensive experience working with whistleblowers, as well as some of the world’s foremost internet security specialists. Our pioneering use of the SecureDrop platform enables you to communicate with our reporters and send documents to us anonymously.
I think it's shocking that nobody at The Intercept was aware of the yellow dots, or other metadata (eg printer-specific output artifacts) that might facilitate the revelation of the anonymous source. This is so careless of them that I'm led to believe that they don't have a formal scrubbing step at all.
Of course, I might be biased a bit here because I dislike Greenwald so much for how he handled the Snowden leaks. The risks Snowden took and the sacrifices he made are incomparable, but "it took Greenwald several more months and help from experts before he could learn relatively basic tools like PGP encryption."
Edit: I think it's shocking because assisting whistleblowers and protecting their anonymity seems central to The Intercept (which I believe is commendable), so they, of all people, should know better -- if not best.
Despite my criticisms of other comments of yours, this is an extremely cogent point. The Intercept should, nay, must have policies, procedures, and checks in place to prevent foul-ups of this nature. And must also produce a post-mortem on this incident.
Screw-ups happen. Repeated screw-ups show a systemic failure.
> other metadata (eg printer-specific output artifacts)
This is actually a really good point. I've been rolling my eyes a bit at people smugly pretending they knew what DocuColor was last week, or equating it with things like EXIF data that are far more widely known.
But you don't have to know about DocuColor specifically to avoid this issue, you just have to suspect that printer outputs are a threat vector for something identifiable.
It's worse than that. OK, so someone contacts The Intercept, claiming to have juicy NSA documents. Before anything gets shared, don't they have a duty to make sure that the source has good OPSEC?
Snowden had to hand-hold the guy at Intercept to use GPG. Guardian leaked encryption keys in a book, before/after handing all of Wikileaks' stash to the Mossad.
At this point all we have left is 4chan, and anons like myself (who then get blocked by @dang after he's logged the IP addresses). /s
It wasn't the publicated images that set off the investigation, but the images they sent to their sources in the NSA for verification. Verification is obviously hindered by sending manipulated documents, so they might simply have trusted their source not to pass them on.
The arstechnica article[1] reports, based on the FBI document, that the NSA determined who leaked the info by finding creases in the documents provided to them for authentication by the Intercept demonstrating that they were leaked by being printed out.
I don't want to sound like a tinfoil hat wearer, but there's a lot of trivial data that a leaker could/should guard against. Multi-layer PDFs and their metadata. Microsoft Office metadata. Photograph EXIF data. Tracking cookies. File access logging. Print job logging. Printer microdot steganography. Traffic and license plate cameras. Cell tower connections logs. Email headers. Windows event logs.
Many of these can be circumvented through the use of tech like VPNs, Tor, or GPG, and through careful behavior such as scrubbing metadata and the use of burner phones/laptops, cash, and public internet connections. And we're not even getting to the level of wireless carrier, home ISP, or NSA web activity tracking, NSA Tor exploitation, or zero-day exploits. Furthermore, this assumes that the documents themselves are not themselves subject to punctuation, word replacement, typesetting, or other content steganography. Should The Intercept be responsible for ensuring that its sources adhere to safe leaking behaviors? They probably should, at some level.
But what if - as I'm reading here - The Intercept got an email from reality.winner@nsa.gov, subject "NSA Report on Russia Spearphishing.pdf", body "Hey, I was browsing some stuff out of curiosity in our SCIF and thought this study might be useful to you. I printed it off and smuggled it out in my purse, then scanned it and attached it to this email. Please publish it so the American people can know what's really going on. Hope this helps! -- Reality". There's not really any point to worrying about printer steganography, protecting your IP address, or GPG at that point.
Your assessment is totally correct. Steganography can be put everywhere. Perhaps the Free Software Foundation can take advantage of these cases for pushing for more use of open source, non-fingerprinted software.
OR for enforcing fingerprinting! (It can help with fighting against corrupt governments)
Yes, this has been for ages, but I never saw an explanation on how to read the dots. I thought they were to be more subtle or more concealed, but they are very evident!!
As pointed out, probably there is more steganography being put into devices / software by the NSA/etc (tinfoil hat nonwithstanding); that will probably insert things like meaningful whitespace with information about the source.
The article is also very relevant because we do need tools free from such fingerprinting. It makes me want to use only and only open source for all my documents. Even for file storage!
They (the Intercept) are playing in a dangerous game, and they should be extra careful about such things. After all the drama about smashed hard drives, Greenwald's BF being detained in London, etc. etc. you'd think they'd know better.
I'm not in the security business, and even I knew about the dots (and circles in the $20 bills). It's been on HN several times: http://goo.gl/h1kqbu
So, shame on you, Intercept. Your callous disregard for your sources is now going to send one to prison for a looong time.
"Yes, this code the government forces into our printers is a violation of our 3rd Amendment rights"
FYI: The 3rd Amendment reads as follows:
"No Soldier shall, in time of peace be quartered in any house, without the consent of the Owner, nor in time of war, but in a manner to be prescribed by law."
I don't see the connection. Why does this violate our 3rd amendment rights?
One could argue that the "spirit" of the 3rd Amendment is that the government cannot compel you to use your own resources for their benefit on an ongoing basis. It's a stretch, but possibly no more so than other interpretations of the Constitution that courts have made.
Good point, but in this case I don't know if it's quite reaching the level of compelling. Maybe co-opting? I imagine the government uses us in many, many ways for their own gain that we may not know of. Perhaps a better connection might be the 1st Amendments implied right to freedom of association.
Probably Griswold v. Connecticut, which established the derived right to privacy. Justice Douglas cited the Third Amendment (among others) as implying the right to keep one's home free from agents of the state.
That said, this pretty obviously isn't a clear Third Amendment violation. There's virtually no caselaw around the 3rd, and what there is has held it pretty narrowly. The only successful Third Amendment defense I know of was Engblom v. Carey, which was about evicting prison guards to give their housing to National Guard troops.
So - I think they meant "right to privacy", but the 3rd is one of the smallest and least-cited components of that right.
And even when you mask them out so that they are no longer visible in the "all white" (paper) background, e.g. by messing with the white/black point of the image there's still the possibility that they could be recovered with correlation methods in grey areas where they aren't visible to the naked eye or just by increasing the contrast.
Why would there be grey in a thresholded image? The entire point of the transform is that it maps everything above a certain threshold to pure white and everything else to pure black.
Very good point. But even then, assume that one page of a leaked document contains a large picture with areas around the thrshold value: With the agency being able to recreate a perfect replica of the initially scanned paper version, but without yellow dots, it might be possible to extract the (very few) bits necessary to boil it down to a single printer serial number by statistical methods.
Reduce to black and white, and proofread for dots. If they're still there, they will be easy to see, since you only have two colors. You can white out an image that came out looking like a test pattern.
It's trivial to inject systematic, minor changes in whitespace or fonts that create a serial number in an image based document format. Every individual obtaining a TS document could be given their own numbered copy for traceability.
I'm not sure how to say this, but I've been in a position to see what the US government considers some of its most valuable technical resources. More than a decade ago, a very specific breach of security happened in a specific place, operated by "a company". That organization sent in a team of people from D.C. for five days that specifically were "extraordinarily good" at their jobs in order to analyze the machines where this breach happened. All three of these folks were stumped for three days by deleted browser cookies on a Windows machine, no kidding. I was originally one of a handful of suspects, but hearing about their ineptitude was so fucking infuriating that I wouldn't keep quiet. Eventually, one of the people in power in that place (who was on my side) convinced the "crack forensics team" to hear me out. So I met with them and discussed the plan, and then I walked them through installing a stupid FOSS utility for recovering deleted browser cache and cookies, and they were able to extract a URL, account name, and timestamp from the cookies on the machine which then let them pull up the right footage from the security camera, and catch the criminal responsible. The person in charge of the whole thing offered me a job (which I did not take). Ever since that day, whenever I hear something like "extraordinary law enforcement effort" I think about those stupid contractors and how I could have somehow suffered legal problems because of them. I absolutely do not trust the US government's claims about its own technical capabilities. I mean obviously not everyone working for the government is an ID-10-T, but here is supposedly one of the best technical teams this organization has to offer, and they can't even get this really basic shit right. And not just "can't get it right" but consider the ramifications of their being wrong! Amazing, and eye-opening, and frightening.
Quite. The US government employs contractors more or less on the Charlie Sheen principle: it pays them to go away. There are some really sharp people employed by contractors, and some others that are just billed as if they were.
I'd like to second this. The "crack team" was the company that won the contract. I've seen first hand of companies hiring just about anyone as a contractor before a contract was even granted. Promises of a high potential salary usually lures these people.
There is a perception in the intelligence community that The Intercept has ties to Wikileaks and the kremlin (based on people with ties to the IC on twitter), so I assume they wanted to make a point.
I think we might also assume that other NSA leaks to MSM might have been done with some level of institutional approval.
If you're getting your news from IC twitter, you're going to have a bad time.
IC twitter takes Louise Mensch's insane conspiracy theories seriously, and legitimately believes that every malicious packet on the Internet is attributable Fancy Bear.
Specifics of Russian activities, methods, and US intelligence awareness of same, all of which are relevant.
The fact of the arrest strongly suggests the documents themselves are accurate. If they don't reflect actual Russian activity, they appear to reflect US intelligence of such activity.
If accurate, the documents corroborate a general pattern of activity of election manipulation carried on from at least June of 2016 through November, which would be highly significant.
There is circumstantial evidence of vote tampering in at least North Carolina, based on unexpected vote-tally convergence differences based on precinct size (I'm not entirely sold on the story, though it seems to have some legs): http://www.votesleuth.org/north-carolina-2016-overview/
At a larger scale, this highlights weakensses in multiple elements of liberal democratic institutions, mechanisms, communications, and media, as well as, quite possibly, political bodies and individuals. Arguments which have been in large part theoretical of risks of voting machines, email, and end-to-end encryption are now looking to be substantial, actual, and potentially existential threats.
Nothing really bad yet. Allegedly Russians spear-phished user accounts of some people involved in the election, possibly stole documents and theoretically could attempt using this access to social engineer them into misconfiguring voting systems, installing malicious firmwares etc. but there is no evidence that they tried.
Can someone explain the reference to the Third Amendment at the end of the article? Looking on Wikipedia, the 3rd Amendment is something to do with quartering soldiers in private homes.
The theory is that by pressuring printer makers in to making all printed documents trackable, the printer is an agent of the state quartered in your home to spy on you.
A theory that isn't going to satisfy many people. It is interesting, though, to ponder what would have happened at various points in history, had $state_actor at the time had access to this tech.
The dots would be a violation of the 1st amendment if any of the printer companies were forced to add them but it seems they willingly added them or with a little back room arm twisting.
I remember a HN thread years ago on these yellow dots watermarks, where an employee at a printer manufacturer said there was no indication this was ever used by law enforcement to track who printed what because, for one, the team who implemented the watermarking never documented or taught anyone how to decode these watermarks.
Well, here we are today with this NSA story.
I think it's possible that US-based printer manufacturers implemented watermarking on special request from the NSA. That would also explain why the printer manufacturer employees never needed to teach anyone how to decode them. It wasn't their specs in the first place.
As someone else pointed out already there is no evidence the dots were used. Only 6 people viewed the document and she was the one who printed it. Then they found logs of her emailing it from her work computer.
So there are definitely printer dots in the posted images, but how do we know they are from a printer at NSA? They could be from a printer at The Intercept, a public copy and print shop, or anywhere else, intentionally left in as a red herring.
Of course, as others have posted, she doesn't appear to have tried hard to cover her tracks at NSA so that doesn't seem too likely. But stating that she accidentally left in the printer dots is assuming several facts not in evidence.
tl;dr: the dots may have exposed metadata of the printing, but from what we know officially, NSA's internal access control system was all that was needed to argue probable cause against Reality Winner.
So the dots don't look good in terms of The Intercept's opsec, but from what we know from the Justice Department's affidavit [0] and the search warrant [1], those dots were likely inconsequential as evidence compared to the audit trail that Winner left when she accessed and printed the file. It's not unreasonable to believe that the NSA and its contractors can track access activity by user, post-Snowden; I mean, it's a feature built into states' DMV systems, which is how cops get busted in the occasional scandal of unauthorized lookup of citizen info [2].
The warrant and affidavit allude to such a system when describing the audit that was done as soon as the NSA was made aware (because the Intercept reached out to them) that the document was out in the wild. At that point, it doesn't seem hard to query their own logs to find all users who accessed and/or printed out the document. Unfortunately for Winner, it seems that very few (1 in 6) NSA employees printed out the document, and I'm sure it didn't help that her background (former Air Force, fluent in several Middle Eastern languages) would indicate that her job did not require her to have a physical copy of this particular document.
The affidavit and warrant mention "physical" metadata that they say supports their case, but it's all circumstantial
1. The documents show evidence of creases/folding, which indicates that someone had to secret it out physically (i.e. they printed it first) from the NSA. But that folding/creasing could come from the reporters printing out their own copies of the document.
2. The affidavit says that of the 6 employees to have had printed out the document, Winner was the only one to have email contact with The intercept. But the warrant specifies that this email contact occurred using her private GMail address in March, and it was limited to 2 emails: her subscribing the The Intercept podcast, and a confirmation email. i.e. she didn't use email (that we know of) to talk to the Intercept.
There's no mention of the yellow dots, which, sure, we could argue that the NSA is just keeping that bit of tradecraft secret. But keep in mind that the NSA started their investigation last week, with the FBI interviewing Winner just a few days ago (on a Saturday no less).
The other key point is that, according to the warrant, the Intercept journalist sent along the leaked documents to a NSA source for confirmation using a smartphone, i.e. they texted smartphone photos of the documents. It seems possible that that kind of ad hoc scanning would make the yellow dots illegible, depending on how much care was taken to photograph the documents.
At any rate, it's kind of irrelevant. Assuming Winner used her own NSA credentials to peruse the system, the access control logs were all that were needed to out her as fast as the NSA and FBI were able to. However, it's worth noting that if the NSA had been clueless until the Intercept's published report, the actual published document apparently did reveal the yellow dots. This means that if even if Winner were one of many NSA employees to print out the documents, the yellow-dot timestamp would greatly help in narrowing the list of suspects.
So, it's wrong to say the Intercept outed her, because we don't know what would've happened in an alternative reality in which the NSA didn't start its investigation until after seeing the published report. It is OK, probably, to speculate that the Intercept was sloppy in handling the documents...but that's not what led to Winner being outed so quickly.
> There's no mention of the yellow dots, which, sure, we could argue that the NSA is just keeping that bit of tradecraft secret
Printers have been using microdots since the 90's; their use isn't secret. And the NSA would use other forms of forensic fingerprinting. For example, there's some kerning variation in that document, which could easily be another form of steganography. There are numerous other textual/grammar variations they could use to watermark a document.
> the NSA would use other forms of forensic fingerprinting
This is what I'm betting on. The 'creases' story may have some truth to it, but I suspect its primary goal is to take over the narrative and distract from the actual methods of identify the leak.
danso that was detailed and very thorough, thank you. I wonder what your opinion is about the earlier leaks of Russian communications: would this have exposed methods to the Russian officials who thought they had secure channels?
I don't understand why everyone seems obsessed with complex, automated, technical solutions when a simple manual procedure will do. Or are we talking about thousands of pages (sorry, haven't read the article, just responding to the comments)?
If I were the NSA, I'd have a modified graphics driver which overlays pseudorandom very faint grey dots over the screen at all times. A 254 254 254 pixel hidden amongst all while pixels isn't visible, yet thousands of them across a page will encode significant amounts of information, even in the face of quite severe image compression and low quality.
The dots could be based on the computer, currently logged in user, and timestamp.
Then later, if any screenshot or screen photo is leaked, you can decode the dots to identify the source.
You think that they would even be picked up when you take a picture with a camera? Between the external camera, and then compression, I don't think that the 254 254 254 pixels are going to make it into the final image. They might not even make it into the initial picture - screen backlighting consistency, etc, is going to wreak havoc on that from the start, before we even get into sensor noise, etc on the camera, any smudges on the lens, all before it even gets saved a jpg
There's an amazing way of encoding data called "gold codes". By having enough pixels like this, you can correlate the image with the expected pattern, and successfully extract data even though no individual pixel is visible.
It's used in GPS transmissions to allow decoding signals considerably weaker than the background noise. Because the receiver is aware what the signal should look like, it can extract it despite all the noise by averaging across all the samples.
It does require perfect alignment though, which might be tricky considering camera lens warping, etc.
Which shade of yellow? Assuming it's a uniform yellow (which I doubt in an analog to digital conversion), miss it by one bit, and your source is burned.
Sure. Quick thought experiment: you've got a 24-bit scanner, which means 2^24 individual values, so 16.8 million. Let's say 2 million of those are yellow. How many different shades of yellow are you going to get from your scan? Do you take the average? Does the process leave artifacts - that is, does it print yellow over yellow and leave a physical trace? My point is you've got to make sure the signal is well below the noise floor because we're talking about the NSA, and there are more sure ways to filter this signal.
Something smells fishy here. How did the Intercept maintain enough opsec to stay in contact with Snowden (who would have dropped them like a hot potato if they didn't seem competent) and then do this, with the same general staff in place?
From what I learned in Citizenfour, Snowden had to walk his contacts Laura Poitras(Citizenfour maker)/The Intercept through all the steps needed before he would communicate with them, and this latest person mistakenly trusted The Intercept with the original paper document (instead of passing it through a b/w filter, second step as recommended by the link).
Before they even meet, Snowden asked Greenwald to set-up PGP/GPG so they can securely talk/he can tell them what he has, Greenwald didn't manage to do that/ignored this "anonymous person", Snowden found that Laura had a GPG key, and knew Greenwald, so he asked her to help him set that up. This all happened pre-Intercept, Greenwald was working for The Guardian at that time.
Despite his technical ineptitude, Greenwald was the only journalist Snowden trusted with the info, he didn't go to NYTimes after the NYT delayed a story about surveillance during the Bush admin until after Bush's reelection, he was afraid the NYT would just go straight to the government before publication, asking "So is this story legit?"...
It might not be The Intercept, although timing suggests it was. She could have sent it to multiple organizations, one (based in Atlanta, perhaps CNN) sent them to NSA for "verification" according to [1]
It's interesting that the reaction by many here isn't "gee, this was an unfortunate mistake, but the work the Intercept does is valuable, so let's hope they do a better job going forward."
Instead, it's more along the lines of "The Intercept should never be trusted, they need to shut down!" without any discussion of how or who or what to use to disseminate national security leaks going forward. Sounds an awful lot like cheap opportunism from people who didn't even like the Intercept to begin with.
1. The message, from multiple messengers, is diverse.
2. There are people who'd like to see The Intercept shut down. Any excuse will serve a tyrant, as Aesop noted, some time ago. http://www.bartleby.com/17/1/2.html
3. My own view is very much "this was a massive fuck-up on the part of The Intercept, who have staff with opsec talent (Micah Lee) on board for specifically this purpose, and I hope to see a post-mortem on the situation, how the Intercept failed, and what it plans to change in future."
Laura had a flash drive with some documents, which she gave to Glenn on their flight there. He spent most of the flight reading through those documents.
But Snowden was already out of the USA at that point, right? That's how I remember it. Or at the very least he was out of the USA before anything got published.
They didn't even need the yellow dots. She literally emailed the Intercept from her work email and was one of a trivial number of people who'd printed it in the first place.