Slashdot Mirror
How a Few Yellow Dots Burned the Intercept's NSA Leaker (arstechnica.com)
On Monday, news outlet The Intercept released documents on election tampering from an NSA leaker. The documents revealed that a Russian intelligence operation sent spear-phishing emails to more than 100 local election officials days before the election, which ran through a hack of a U.S. voting software supplier. Hours later, the Department of Justice charged 25-year-old government contractor Reality Leigh Winner with sharing top secret material with the media. The DoJ said it Winner had "printed and improperly removed classified intelligence reporting, which contained classified national defense information" before mailing the materials. But how could the DoJ know that it was Winner who had printed the documents, or that the documents were printed at all? ArsTechnica explains: [...] The Intercept team inadvertently exposed its source because the copy showed fold marks that indicated it had been printed -- and it included encoded watermarking that revealed exactly when it had been printed and on what printer. The watermarks in the scanned document The Intercept published yesterday -- were from a Xerox Docucolor printer. Many printers use this or similar schemes, printing faint yellow dots in a grid pattern on printed documents as a form of steganography, encoding metadata about the document into its hard-copy output. Researchers working with the Electronic Frontier Foundation have reverse-engineered the grid pattern employed by this class of printer; using the tool, Ars (and others, including security researcher Robert Graham) determined that the document passed to The Intercept was printed on May 9, 2017 at 6:20am from a printer with the serial number 535218 or 29535218. Further reading: How The Intercept Outed Reality Winner.
If you're going to leak documents, take a photo and crank up the jpeg compression level to help hide the watermarks.
Your color printer does it too. Treacherous hardware.
Do not use colour printers.
#DeleteFacebook
Yellow, then orange (once convicted) is the new black
Sig Follows: "Suppose you were an idiot. And suppose you were a member of Congress. But I repeat myself." -- Mark Twain
Okay, who leaked the information about how they spotted the leak source?
-Bob-
Dang. Found on the PDF scans even though you can't see them. Lessons learned:
1. make sure to take really really low quality scans only of senstitive printouts.
2. Use someone else's printer
3. The "swamp" being drained is evidently people who are reporting on wildly unethical things the government is doing.
Obligatory yes the last guy did it too. STFU and focus on the current abomination in office, maligning the last guy doesn't help anything more than you losing sleep at night.
As a non-native english speaker, I ask: is this an actual, socially acceptable name in english-speaking countries? "Reality Winner", just like somebody who won a reality show?!
While not everybody knows about the yellow dots, almost everybody involved with infosec does. How can The Intercept can be trusted to hold or publish any leakers' information securely?
Was this one reporter who screwed up? Didn't he have a second person reviewing his work? Isn't there a team of people at The Intercept who discuss whistleblowing publications? Isn't anybody on such a team aware of digital privacy issues?
This will be a huge loss if The Intercept becomes useless as it was basically founded to handle stories like this. But given that, how could the outcome have been so bad in this case?
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Or, get this, they checked the printer logs. You think the NSA doesn't already have a log of every document that every device prints?
SELECT user FROM printer_logs WHERE document_id = 'greased_up_yoda_doll.pdf'
Your hair look like poop, Bob! - Wanker.
While interesting, and certainly providing confirmation, this wasn't the primary mechanism that was used to track her down according to the affidaivat. Before even IDing a specific printer, they simply looked for someone that had printed it out, period.
Internal auditing showed that only six employees had printed out the item in question. A search of the six computers showed that she had emailed The Intercept from her work computer (and that no one else had). Coded metadata just backs it up, but it's dumber than that.
Hire a Linux system administrator, systems engineer,
Welcome to the future, Conan.
you just lost 100$
In The Year Two Thouuuusand....
Once they figured out that the document was taken all they had to do was look and see who accessed the document. They did that and showed that 6 people printed the document. They did a forensic scan of all 6 desktops and found that one had a record of emailing the Intercept.
She was busted without needing the microdots at all. The only thing the microdots did was nail her ass to the wall. It was her own stupidity that put her against the wall to begin with.
List of Printers Which Do or Do Not Display Tracking Dots
https://www.eff.org/pages/list-printers-which-do-or-do-not-display-tracking-dots
It's not just you. One of the headlines on Google News right up top was "Who is Reality Winner?" I kept wondering why Google News would put reality TV show news at the top of my feed. "I don't care who won the latest Reality TV show... Just tell me about the NSA leaking story." It's like a bad version of Who's On First.
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
The EFF decoded the dots years ago.
This story makes quite a bit about "hidden" printer steganography. But the real way this idiot got caught was from server access and printer logs. The spooks narrowed it down to six people, only one of which had contact with the Intercept.
How is it this person had a top secret clearance in the first place? She is "nice to look at"...
If you want news from today, you have to come back tomorrow.
Even worse she worked for an NSA contractor. So she's incompetent as well. Of all people someone working in Intel should know about those watermarks, they have been around for over a decade. But Black? I've seen her picture and it's always possible she has black ancestors but you'd never know it from her picture. Maybe Black like Rachel Dolezal?
I wouldn't bet my freedom on it.
Sadly, she is being charged under the Espionage Act. There is no defense, no mitigating circumstances, and she will spend many long years in prison as an example. Even if you disagree with her actions , this sounds inappropriate. Like the Soviet Union or China.
> and picked a more socially acceptable name
Her birth name is Sara, not "Reality". She chose to be Reality Winner instead of the normal name her parents had chosen.
IIRC, they put this tech in to stop counterfeiters from printing HQ currency with color laser printers. At least this invasive, Big Brother-like technology was used for a good purpose this time.
If she had just put the documents down her pants like the Sandy Burger did, this would be a much more interesting story!
"I say we take off, nuke the site from orbit. It's the only way to be sure."
People never got caught because of them.
They share the whole thing and even work with newspapers that stab them in the back.
"There are only two hard things in Computer Science: cache invalidation and naming things." -- Phil Karlton
I always check SchneierFacts
https://www.schneierfacts.com/
Yeah, like Daniel Ellsberg, she broke the law to serve the law
With THIS supreme Court however, she won't even get a hearing, even if Trump is finally implicated, impeached, convicted, tried, convicted and hanged.
Why not Hillary?
Ask a lawyer
Lack of demonstrations of intent where intent is part of the statutory definition = no crime.
Failed to protect a source?!
Could have run it through GIMP, or a POS copier, converting to black-and-white, and messing with contrast settings, cropping out anywhere not needed, and vetting the images with a team of in-house experts before publication.
Could have faxed it low-rez, black-and-white, within the news office, to another in-house fax, and used the poor-quality fax image in publication, to also help wipe any tracers.
Ugh!
Uh, Linux geek since 1999.
She should have just openly taken a copy of the document, posted it to her private server, and demanded the Hillary treatment!
I can't believe no one here is being more skeptical of this. The contractor and the Intercept should have known about the watermarks. All they had to do was transcribe the documents into a plain text document. In addition, there is no actual information revealed other than again supposed hacking, without any information on what that hacking did before or during the election. Nothing about what systems were compromised, or what became of that. Why do I think that "Reality" is not going to jail? Because she was probably part of an NSA leak plan that made the Intercept look bad. This was not critical enough information to put your life and freedom on the line for.
A brain is a terrible thing to waste... Mind? That's debatable.
Trey Gowdy on Hillary emails
He talks about intent around 1:55, but the lead up is not bad either. They chose to pretend there was no intent. There was proof of intent, but no prosecutor to prosecute her.
List of Printers Which Do or Do Not Display Tracking Dots
https://www.eff.org/pages/list-printers-which-do-or-do-not-display-tracking-dots
FWIW, there is a strong belief that in black and white, similar data is encoded steganographically.
As an example as to how that can be accomplished, intrinsically, all common laser printers exhibit banding artifacts. A horizontal projection of the printed image followed by some frequency analysis shows characteristic peaks created by the gear-train mechanisms. Careful modulation of the micro-feeds with steganographic encoded data can introduce other embedded frequency peaks that appear as common intrinsic banding artifacts.
Even without embedded stegano data, a forensic fingerprint of the printer's banding can be usually extracted from a BW printed document and compared to the one confiscated with a search warrant. Of course a sparse text page makes the signal harder to extract in BW, but a few well place border lines, or an embedded continuous tone image (which can have additional embedded signals placed into it via the half-toning algorithm on the printer) would make it a dead-giveaway.
Yeah, that's not what Hillary did.
The worst thing is not only that the Intercept was exceptionally careless, the worst thing is that this specific attack technique has been known for decades. It is used in color-printers to detect what machine paper-money (e.g.) was copied or printed on. My guess is this use here was just a side-effect.
Lets hope the Intercept fixes their act and goes back to manual copying (i.e. typing it in) for things where their sources really need to be protected.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
I agree that it will not stop. As long as decent people are around, information that the government would keep secret to hide its dirty laundry will get leaked. Fortunately, no government in history has ever managed to get rid of decent people, despite most of them having tried.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
She did nothing but to serve her own interests of hating the President.
Moral: Never publish an analog copy made by an untrusted device. There is just too much unused bandwidth that can be used to embed something.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
She should have made a manual screenshot with a camera. (I have done that for "locked down" customer systems when I needed to document things. With authorization, of course.) Then this should have been copied by manually typing it in again. I guess people are just too stuck in their regular ideas about "workflow".
A shame, but at least this way future leakers will be more careful.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
That _is_ a possibility. But covering up a false-flag operation like this is difficult. I would say it was naivety on her side. At 25, most people do not have a good grasp of what is important and what is not.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Someone, appearing to be in Russia, sent spear phishing emails to election officials, about 100 of them. None of those attempts we're successful.
You can untwist the knot in your knickers.
That is all that was confirmed.
"So long and thanks for all the fish."
Umm... What, exactly, do you believe she leaked?
I am kinda confused here. Did you actually read what was leaked? If not, you might want to. If so, I'm even more confused by your response.
The summary, someone using IP addresses in Russia sent spear phishing emails, the day before the election, to about 100 election officials. None were successful. The NSA knows this much.
That's what the email contained.
Err... I'm not sure what more to tell you. I'm quite baffled by your response to this and thinking one of us may not actually have paid enough attention. I admit, that could be me. However, it doesn't actually say, or imply, more than that. At least not as far as I know.
"So long and thanks for all the fish."
Here is the EFF's guide on yellow dots.
And it's not in any way limited to Xerox.
You can test it yourself by photographing a piece of paper from a suspect printer, loading it into the GIMP and showing just the blue channel. The "yellow" dots will show up as a darker shade of blue than the surrounding page.
"Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
There was no proof of intent. Gowdy only says that there is some circumstantial evidence is given for intent. Circumstantial evidence *can* prove a point, but only if it's overwhelming.
Other circumstantial evidence, such as the fact that the emails labeled as classified were labelled in such a way that they could easily be missed, the fact that the amount of classified material was very small and inconsequential, the fact that much of it was under the purview of the Secretary of State, the fact that the deleted emails were recovered and were not in anyway incriminating are evidence for lack of intent.
Gowdy knows this of course, knows Comey is right, but is a scumbag who has no problem holding up his end of the Benghazi! witch hunt.
Play Command HQ online
Can you explain why releasing info on election hacks might hurt the president? Do you believe his election was illegitimate?
Play Command HQ online
Oh, this one was clearly naive both about what she leaked and how to do it. That does not negate the motivation.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Winner, Winner Chicken dinner.
In GOD we trust, all others we monitor.
Trying to keep the false "Russia" story hanging over Trump's head the entire presidency. Also harms US/Russian relations because there is no solid evidence that it was even the Russians. The documents are TS for part of the reason they "think" it might be the Russians, but in order to collect REAL PROOF, the hackers must NOT know what the US knows about them. Now hackers , know exactly what information was collected and what to fix.
Finally the entire it's the Russian story stinks of a colored revolution to build discontent in the US. The CIA invented colored revolutions , now a foreign government using it on the US. I wouldn't be surprised if there are MSM "journalists" that a really spies for this exact reason, again the CIA did that before also.
Some of the documents that we previously received through FOIA suggested that all major manufacturers of color laser printers entered a secret agreement with governments to ensure that the output of those printers is forensically traceable.
Moral: Buy Chinese.
That is why you photocopy with a black and white rough copier (say 10-15 years old) all documents and use that to be published. After that your yellow dots are invisible.
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
Leaker could have had built one of theseand went about leakers daily business for weeks with it in his breast pocket, raising no suspicions whatsoever.
"what's that thing?"
"Fitness tracker"
You are being ripped off every second of every day, so that advertisers can help rip you off even more tomorrow.
The yellow dots theory is interesting, but The Intercept shared a copy with the government, which I presume was a scan or a photocpy of the original. Maybe their scanners & copiers are much better than mine but those yellow dots are really tiny. Would they survive a scan or photcopy intact?
Check out this copy of the search warrant which discusses a different method of how they identified her:
https://d3vv6lp55qjaqc.cloudfr...
Starting on page 11, they describe:
"Government Agency conducted an internal audit to determine who had accessed the intelligence reporting since its publication ... determined that six individuals had printed this reporting"
"A further audit of the six individuals' desk computers revealed that WINNER had e-mail contact with the news outlet."
Sounds like they saw a crease in the copy provided by TI which clued them in that it was a printer & identified her from there.
It just seems fishy. It will be interesting to see how the Intercept handles the back story of their whistle blower now. They encourage people to come forward, and tell them they can do it anonymously, so it will be informative to see how they deal with that system apparently breaking down for such a dumb reason. Maybe if they had read /. over the years the watermark issue would have been more on their minds.
A brain is a terrible thing to waste... Mind? That's debatable.
What a waste. She could have told us who really killed JFK, that Obama really was born in Kenya, who really shot JR (Probably too long ago for /. people).
Well she'll have a while to think about it. Maybe she'll get Chelsea Manning's old cell.
I'll stay more serious. This is information that the deep state wanted out anyway, this is not information that is embarrassing or harmful for the spooks. It also gives us no real information on what supposedly happened. I smell a big fat rat.
And by the way everyone knows the show's writers shot JR. Hagman knew too much.
A brain is a terrible thing to waste... Mind? That's debatable.
You smell a big rat, I think it was a document to help flush out leaks. No details. Really nothing more than what we've already seen on /. Being able to hack a Diebold machine, well no kidding! Why it's so easy a caveman could do it, there are even web sites with how to do it. I think I even saw a youtube video on it.
Classify it at top secret, let it cook.... See if anything bites. Someone really dumb did. Seems they were watching. Anyone leaking stuff right now is just asking for it. You might as well go flashing hundred dollar bills while walking down the street in SE Washington.
Maybe I should have said I smell a honey pot, filled with stuff that TPTB wanted released. They got a two for one deal.
A brain is a terrible thing to waste... Mind? That's debatable.
You're right to be sceptical. Maybe most of the sceptics aren't bothering to post, for whatever reason.
Oh fuck aye. Of course they should, if they were competent at InfoSec, an had been aware for the 15-odd years that this technology has been deployed.
Ah, you don't understand how it works. There is nothing in the document that stores this watermarking information. It is ADDED to the document BY the printer, AFTER the printer has rendered the provided information to being an image. In fact, one of the methods promoted years ago for identifying which printers did this (and for obtaining enough information to crack their steganography encoding), was to print a blank document on pale blue paper - which made the contrast of the pale yellow dots much more visible.
The information in the steg encoding included the printer's serial number, date and time, and quite conceivably, the printer-user's network authentication. Which I assume is how they nailed the perpetrator.
As a corollary, whoever was publicising this should have known to photocopy the documents provided onto monochrome (ie black/white, not grey-scale) output, then burned the originals. Precisely to avoid having to hand over such steg to agents.
Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
Do any American butchery states still use the rope?
Probably best to not have him tried in one of those states. I want him to have to suffer the cognitive dissonance of having to prey that Europe keeps it's tight hold on death-by-lethal-injection drugs, so that he stays alive for a few days more.
I believe that it's called "cruel and unusual punishment". As an alternative to execution. Or as a supplement.
Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
Unnecessarily complicated. For a document sent as text+layout information, then you could do things like messing with the horizontal character spacing to encode data. For images, ... hmm, that's harder. But I'm sure still doable.
Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
Any release of classified information is a violation. Intent is NOT required. The two lowest charges (failure to protect and failure to report) are both negligence charges. Comey flat out lied about that. The pertinent charges do not require intent. Further Comey stated that much of the Intel belonged to other agencies, not State, thus she did not have the discretion to just let it slide, not that even she could just say, no that's not classified. She was an original classification authority, but even they have to document
Failure to protect classification is prosecutable for sheer negligence. Also for any information sent too her falls under failure to report. Comey Lied, there was no need for intent. Negligence alone is the felony criminal act.
I'm too lazy to compose a creative sig.
She didn't leak any dirty laundry. Well, not our dirty laundry, at any rate. It's pretty much the most pointless leak ever. I am unable to think of a more pointless leak. There probably are a few, I just can't think of them.
"So long and thanks for all the fish."
If a phishing email is sent to help one candidate, the other guy (or girl here) should automatically win.
This will COMPLETELY stop foreign governments from being able to manipulate the process!
Overall the dots don't really prove any wrongdoing. Just because someone printed it, doesn't mean they're the one who took it and mailed it to someone who shouldn't have it.
Failure to protect classification for negligence is not prosecuted, as far as I can tell. One person I read about agreed to plead guilty to a misdemeanor (and that will not normally get you jail time), but didn't have to. There were cases of security clearances being lost temporarily or indefinitely, people losing their jobs, and I doubt it's ever been a career-enhancing move.
You may not think this is right, but it's how it's been done for as long as I can tell. Prosecuting Clinton would have been special treatment. Not prosecuting her is normal treatment.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
What if two phishing emails were sent to help the *same* candidate?
The other candidate cannot win twice, therefore your plan is a failure.
Play Command HQ online
I mock your unreasoned outlook.
lol. I can picture you in your fedora.
I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
Ah, touche !
Yes, Utah offers it as an option
BTW, it's a "She"
Since we have triple EYEWITNESS testimony to Trump's ATTEMPTs to obstruct justice, your lead is false
There is real smoke and fire there.
Show me the proof
Comey reviewed, there was no intent.
Regardless of that, why the fuck did she (or anybody else) want to leak this. It's not whistleblowing by any sense if the word, nor did it benefit the public to know this yet. They've now spoiled an investigation, which gives the Russians an opportunity to further cover their tracks, and any further investigation into Trump is now most likely fucked.
If it was her, (and it seems likely) put her ass in jail for 10 years.
Because you would have to string together a series of circumstances by which the president knew of said spear-phishing tactic and either paid said person or group to conduct such an action either directly or through various parties. Then and only then could you remotely put the pieces together that Trump rigged or attempted to rig an election outcome in his favor. But it has been provably stated that even if this spear-phishing tactic had worked, it would never have changed the outcome of the election, much less a vote tally. Since no such vote fraud or vote tally has occurred, it can be assumed with provable facts and has been stated by many election officials in their respective states that no such vote manipulation has taken place.
Triple eyewitness testimony? By whom and when?
Still fapping to this fantasy? Fap harder.
The Russia hack story is the biggest fabrication in recent history. There is 0 evidence, and no reason to believe a word of it.
http://www.truthdig.com/report...
A brain is a terrible thing to waste... Mind? That's debatable.
Comey, Coates and Rodgers, all either testified that Trump asked for an end to the Russian connection or refused to say if Trump asked.
She wasn't the first to use her own mail server. Feel free to prosecute the other half dozen politicians (democratic and republican) doing the same.