Slashdot Mirror
Researcher Wants To Protect Whistleblowers Against Hidden Printer Dots (bleepingcomputer.com)
An anonymous reader writes: "Gabor Szathmari, a security researcher for CryptoAUSTRALIA, is working on a method of improving the security of leaked documents by removing hidden dots left behind by laser printers, which are usually used to watermark documents and track down leakers," reports Bleeping Computer. "Szathmari's work was inspired by the case of a 25-year-old woman, Reality Leigh Winner, who was recently charged with leaking top-secret NSA documents to a news outlet." According to several researchers, Winner might have been caught after The Intercept had shared some of the leaked documents with the NSA. These documents had the invisible markings left behind by laser printers, which included the printer's serial number and the date and time when the document was printed. This allowed the NSA to track down Winner and arrest her even before she was able to publish the leaked documents. Now, Szatmari has submitted a pull request to the PDF Redact Tools, a project for securely redacting and stripping metadata from documents before publishing. Szathmari's pull request adds a code routine to the PDF Redact Tools project that would allow app operators to convert documents to black and white before publishing. "The black and white conversion will convert colors like the faded yellow dots to white," Szathmari said in an interview. Ironically, the project is managed by First Look Media, the parent company behind The Intercept news outlet.
I'd operate under the assumption that the NSA has hacked their hardware and software to put document tracking information into things like font rendering and image dithering artifacts.
OCR into a plain text file and strip out any formatting. It's the only way to be even remotely sure.
Log in or piss off.
Long before laser printers, investigators were tying people to typewriters based on unique per-unit imperfections and wear patterns. You can do something similar based on drum and toner distribution variances even on a monochrome non-watermarked printer.
Granted, the judas dots also report the date and time, which helps nail a culprit on a shared resource, but the safest thing to do would be to OCR the printed documents rather than photocopy them.
by removing hidden dots left behind by laser printers, which are usually used to watermark documents and track down leakers,
This is incorrect. The purpose of the dots and why they are limited to color printouts is because they are intended to be used to identify currency counterfeiters.
wiki
During the 1990s Xerox and other companies sought to reassure governments that their printers would not be used for forgery.
Anons need not reply. Questions end with a question mark.
A color printer will print faint yellow dots for a water mark. Simply print the documents on yellow paper, then photocopy them on to white paper (and a low quality scan setting to be safe).
Back in the day typewriters were traced back because of manufacturing defects so the e may be typed 1/24th of an inch higher and 1/12th inch to the left.
A dot matrix printer could have pins that are in tolerance but have defects that could allow it to traced. The same with line impact printers.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Unless you can find an analog copier. The digital ones will put the watermark of the copier on it. And the analog copier often has defects due to analog technology that could allow it to be traced back.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
How can you call her a whistle blower? The value of the information to the American public was small or non-existent and it tipped off the Russian that we were on to them.
love is just extroverted narcissism
Every agency office should install a special "whistleblowers only" printer in a prominent location near the office entrance.
100% this. I am NOT a fan of Donald Trump and if he were impeached I'd be thrilled. I do think the Russians were involved on some level in the election and I do think there might have been some shady things going on with his staff.
But at the same time, she's leaking sensitive information that's not her place to decide on. It may be part of an ongoing investigation where we don't have all the facts yet, it may be enough to reveal a source or method, or it may have been disproved by new information she didn't have access to.
It wasn't her place to leak this. There is currently an ongoing investigation in congress. If she wanted to get this out, contact one of the progressives or anti-Trump Republicans on the committee, meet them in a SCIF, and tell them the information in a classified setting.
Leaking this doc doesn't help anyone. It doesn't help her cause... if anything, it hurts it, and it has the potential to hurt ongoing intelligence collection.
Who besides old geezers use printers anymore?
Convert the data to a textfile.
Use TOR at a Starbucks coffeeshop with a beard, sunglasses and a Trump hat and send the fucker to the New York Times Leaker page.
Just use a copier in a public place. I have even paid for copies made in a bookstore once of a document I had.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
No, it doesn't allow it to be "traced back" because there is no registry of analog copiers. Color laser printers are special because you need no other detective work for finding the printer: the yellow dots are designed to make that identification trivial.
For other printing technologies (inkjet, black and white printers, etc.), you can only prove that a document came from a particular printer once you have "traced it back" via some other means.
Print on yellow paper.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
What you said hints at the big picture. Removing the means of identification would protect criminals, who are far more common than actual whistle blowers (of which Reality Winner is not). Forgery is just one crime, but there are a whole lot of other crimes where printer signature is significant. I'd argue that the majority of those happen to be white collar crimes.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
Because the document is really nothing more than all the bogus stories that have been printed and reported since the election. There is no actual evidence of the claims they make, other than a possible IP address. Everything else is supposition based on "We know the Ruskies were in on it, somehow.".
If you think I voted for Trump because of this post, you're wrong. I voted for Dr. Jill Stein of the Green Party. Again.
Sigh - use a cheap consumer camera or phone. Photograph some secret documents. Pictures will be slightly unsharp, obliterating any small "dots" that the original printer put there. Text will still be readable.
Now, of course any digital camera add its own identifications but:
1. You can buy your cheapie camera/phone anonymously at a flea market, stopping the trace there. Toss it after use.
2. You can easily strip all EXIF from an image so the pixels are all that is left. In theory, there may be information hidden in pixels too, but the cameras tend to be Japanese/Korean not American. So less such nonsense.
3. Further obscurity by converting the image between formats several times, using different sw each time. Perhaps do some smoothing & sharpening to loose small details. Definitely convert to b&w. One of the steps might be "show it on screen", then do a screendump. The dump would remove all metainformation an image editor otherwise attempt to preserve.
If you are really paranoid, use an analog camera with b&w film that you develop yourself. Lots of photo artist/hobbyists still do that.
Look, just throw the stupid document on a copier and they're gone.
This isn't rocket science. What sort of a moron would print a document IN THE NSA and then hand that original to a reporter?
She needs to go to prison for the maximum span.
I personally believe Snowden should be pardoned, and they should stop pursuing Assange, but not every leak is sacrosanct, nor is every leaker a saint.
She clearly did this as a political act, despite signing documents affirming she would keep information confidential.
Basically, leaking info is like using a legally-carried handgun: you should do it only if you accept that the consequences of not using it are worse than the punishment you'll receive, and be perfectly ok with that result.
-Styopa
Contractors will always have a lot staff ready for any level of US security.
Look into the past of every staff member. Education, politics, languages, university, mil, gov, internet, protests, work, hobbies, interests.. walk the resume and interview everyone in person. Educators, friends. See what a person was like.
Learn from the issues the UK had from 1930-70's. Learn how the UK solved its internal security issues.
Learn why the USA was so good at security from the 1950's-80's.
Once a person has a job with security considerations keep on looking at their work and how they use the "internet", their politics, education, interests, hobbies, friends..
Keep looking, all year, every year.
Two contractors now working together is not a new security policy.
Create perfect bait projects and files just for staff given their politics, see if they respond.
Domestic spying is now "Benign Information Gathering"
So the solution is to either scan/OCR the smuggled-out document and destroy the printed-copy original before presenting to the third-party source, or else to utilize a third-party source that's smart enough to do this themselves.
The dot-pattern in the printer is not meaningful if it doesn't exist, and since it takes a forensic examination of the printout to identify the dot pattern it's not something that a security guard is going to be able to routinely check at a building security point.
Fundamentally it comes down to understanding the technology one is using, and to mitigate the pitfalls. If you're ignorant or stupid then you'll probably get caught.
Do not look into laser with remaining eye.
Names are typically very representative of culture, in particular parents culture. In this case "Reality Winner" pretty directly points to `hippy idealist nutcase' culture. Mohammed is typically muslim, whilst something like Eriksen in the US would typically be Scandinavian and of a higher cultural educational level (not having changed their name to a local one as most US poor or low culture immigrants do) etc. If you select or avoid people according to their surname then that will lead to unreasonable discrimination which is why recruiting places in civilised countries often avoid showing the surname on CVs during recruitment.
In other words, in the grandparents terminology, names are a "discriminatory item", or in longer form, a piece of information which could be used for immoral (and probably illegal) descrimination and which you shouldn't take into account when recruiting.
This.
And even if you feed a color printer a black and while document, what's to stop it's firmware from inserting the yellow dots? AFAIK, these watermarks aren't part of the PDF content. The printer generates them.
Of course, I could mess up the watermarking process by refusing to replace my printer's yellow ink cartridge.
Have gnu, will travel.
One printout is just as unconvincing as another. The thing that brought down Dan Rather was that in his case the computer printout in question used anachronistic fonts. But an email dump with full headers can be cross-referenced back to its sources, even if you have it replicated by monks on an illuminated manuscript.
The important thing here is that the original printer isn't going to be made accessible to people trying to confirm the truth of the leaks - only to people trying to trace them.
Not true. Though neither is proof, an actual copy is more convincing than notes taken by someone, who claims to have seen the document. Or, for another example, the posted scan of a copy of Obama's birth certificate was less convincing, than a scan of original. And so on — the further away it is from the source, the less convincing it is.
In Soviet Washington the swamp drains you.
I wonder if that's like the pseudoscience behind bite mark "experts".
There is kind of a conundrum here.
The best way to prove authenticity is to reveal as much metadata as possible. This is also how you get caught.
In fact getting caught is a great proof of authenticity. And we now know that all documents with the same printer dots as the ones that got the guy caught are likely to be authentic.