HideLast chance! Campaign ends at midnight! Get your copy of the CIA's declassified training game by backing CIA: Collect It All on Kickstarter »
HideLast chance! Campaign ends at midnight! Get your copy of the CIA's declassified training game by backing CIA: Collect It All on Kickstarter »

How Document-Tracking Dots Helped The FBI Track Down Russian Hacking Doc Leaker

from the just-metadata-things dept

The surprising story that quickly followed the somewhat-less-surprising Intercept leak was the arrest of Reality Leigh Winner for the leak of the document. It was an incredibly fast leak investigation that apparently began when The Intercept reached out for comment after obtaining the document on May 30th.

There's been a lot of talk that The Intercept acted carelessly when speaking to government officials and burned its source. But the evidence trail laid down by the FBI's affidavit suggests Winner did most of the burning herself. The document given to The Intercept was either an original printout or a scan of it. It showed telltale creases where it had been folded and placed into an envelope by the leaker.

More importantly, the document contained something else: data that indicated where and when the document had been printed. This made it much easier to link Winner to the posted document. Rob Graham of Errata Security walks through the steps he took to decipher the physical metadata created by the NSA printer used by Winner. Printers -- and not just those owned by secretive government agencies -- can help rat out leakers.

The problem is that most new printers print nearly invisibly yellow dots that track down exactly when and where documents, any document, is printed. Because the NSA logs all printing jobs on its printers, it can use this to match up precisely who printed the document.

Using a paint program to invert the document's color scheme and the EFF's handy spy-in-the-printer tool, Graham obtained the following information using only the auto-printed dots on the Intercept document:

The document leaked by the Intercept was from a printer with model number 54, serial number 29535218. The document was printed on May 9, 2017 at 6:20. The NSA almost certainly has a record of who used the printer at that time.

Very definitely it does have such records, as do a great many entities not heavily involved in national security. Many documents in many companies are considered "uncontrolled" if printed, and built-in document tracking allows them to track down employees who may have jeopardized nothing more than their own employment.

However, this does bring everything back around to the "just metadata" argument. The government has often claimed the wholesale collection of metadata is harmless, because it's nothing more than transactional records. Obviously, metadata can be quite damaging. Winner's decision to print the document ended her very short stint as a leaker.

Conversely, the government also claims -- when raising the "going dark" specter -- that metadata and other transactional records aren't nearly as useful as intercepted communications and/or device contents. To some extent, that's true. But it's obvious that metadata/transactional records aren't nearly as useless as they're portrayed by law enforcement handwringers. Either way the government spins the metadata argument, it's insulting the intelligence of Americans.


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Anonymous Coward, 7 Jun 2017 @ 9:05am

    Re: Re:

    CCTV cameras are probably wireless. Just have a jammer that will prevent the CCTV cameras from being able to record your face. To the security detail in the store, it will simply appear to be malfunction, and they will have no idea the camera was being jammed. CCTV cameras use the same frequencies as WiFI, so a Wifi jammer would suffice for this. This would prevent your face from being recorded at the checkout counter. Security would never be the wiser.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Special Affiliate Offer
Anonymous number for texting and calling from Hushed. $25 lifetime membership, use code TECHDIRT25
Report this ad  |  Hide Techdirt ads
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.