Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researcher Wants To Protect Whistleblowers Against Hidden Printer Dots (bleepingcomputer.com)

Posted by BeauHD on from the invisible-ink dept.

An anonymous reader writes: "Gabor Szathmari, a security researcher for CryptoAUSTRALIA, is working on a method of improving the security of leaked documents by removing hidden dots left behind by laser printers, which are usually used to watermark documents and track down leakers," reports Bleeping Computer. "Szathmari's work was inspired by the case of a 25-year-old woman, Reality Leigh Winner, who was recently charged with leaking top-secret NSA documents to a news outlet." According to several researchers, Winner might have been caught after The Intercept had shared some of the leaked documents with the NSA. These documents had the invisible markings left behind by laser printers, which included the printer's serial number and the date and time when the document was printed. This allowed the NSA to track down Winner and arrest her even before she was able to publish the leaked documents. Now, Szatmari has submitted a pull request to the PDF Redact Tools, a project for securely redacting and stripping metadata from documents before publishing. Szathmari's pull request adds a code routine to the PDF Redact Tools project that would allow app operators to convert documents to black and white before publishing. "The black and white conversion will convert colors like the faded yellow dots to white," Szathmari said in an interview. Ironically, the project is managed by First Look Media, the parent company behind The Intercept news outlet.

6 of 218 comments (clear)

  1. Re:Reality Winner by Quarters · · Score: 1, Insightful

    No, no one. Well maybe just you. The rest of us are intelligent enough to realize that security clearances aren't determined by discriminatory items such as a person's name.

  2. Re: Reality Winner by Anonymous Coward · · Score: 2, Insightful

    100% this. I am NOT a fan of Donald Trump and if he were impeached I'd be thrilled. I do think the Russians were involved on some level in the election and I do think there might have been some shady things going on with his staff.

    But at the same time, she's leaking sensitive information that's not her place to decide on. It may be part of an ongoing investigation where we don't have all the facts yet, it may be enough to reveal a source or method, or it may have been disproved by new information she didn't have access to.

    It wasn't her place to leak this. There is currently an ongoing investigation in congress. If she wanted to get this out, contact one of the progressives or anti-Trump Republicans on the committee, meet them in a SCIF, and tell them the information in a classified setting.

    Leaking this doc doesn't help anyone. It doesn't help her cause... if anything, it hurts it, and it has the potential to hurt ongoing intelligence collection.

  3. Re: Reality Winner by I'm+New+Around+Here · · Score: 2, Insightful

    Because the document is really nothing more than all the bogus stories that have been printed and reported since the election. There is no actual evidence of the claims they make, other than a possible IP address. Everything else is supposition based on "We know the Ruskies were in on it, somehow.".

    --
    If you think I voted for Trump because of this post, you're wrong. I voted for Dr. Jill Stein of the Green Party. Again.
  4. Re:any laser will watermark the document by TWX · · Score: 3, Insightful

    So the solution is to either scan/OCR the smuggled-out document and destroy the printed-copy original before presenting to the third-party source, or else to utilize a third-party source that's smart enough to do this themselves.

    The dot-pattern in the printer is not meaningful if it doesn't exist, and since it takes a forensic examination of the printout to identify the dot pattern it's not something that a security guard is going to be able to routinely check at a building security point.

    Fundamentally it comes down to understanding the technology one is using, and to mitigate the pitfalls. If you're ignorant or stupid then you'll probably get caught.

    --
    Do not look into laser with remaining eye.
  5. Re:Easier by dbIII · · Score: 4, Insightful

    She clearly did this as a political act

    Yes, she'd prefer the USA to be run along the values of George Washington and not a Tsar - definitely political but what exactly is wrong with that?

    It's not just R vs D here. It's gone international. Do you really want to back a side other than the home team?

  6. Re:OCR removes authenticity by GuB-42 · · Score: 5, Insightful

    There is kind of a conundrum here.
    The best way to prove authenticity is to reveal as much metadata as possible. This is also how you get caught.
    In fact getting caught is a great proof of authenticity. And we now know that all documents with the same printer dots as the ones that got the guy caught are likely to be authentic.