How Document-Tracking Dots Helped The FBI Track Down Russian Hacking Doc Leaker

from the just-metadata-things dept

The surprising story that quickly followed the somewhat-less-surprising Intercept leak was the arrest of Reality Leigh Winner for the leak of the document. It was an incredibly fast leak investigation that apparently began when The Intercept reached out for comment after obtaining the document on May 30th.

There's been a lot of talk that The Intercept acted carelessly when speaking to government officials and burned its source. But the evidence trail laid down by the FBI's affidavit suggests Winner did most of the burning herself. The document given to The Intercept was either an original printout or a scan of it. It showed telltale creases where it had been folded and placed into an envelope by the leaker.

More importantly, the document contained something else: data that indicated where and when the document had been printed. This made it much easier to link Winner to the posted document. Rob Graham of Errata Security walks through the steps he took to decipher the physical metadata created by the NSA printer used by Winner. Printers -- and not just those owned by secretive government agencies -- can help rat out leakers.

The problem is that most new printers print nearly invisibly yellow dots that track down exactly when and where documents, any document, is printed. Because the NSA logs all printing jobs on its printers, it can use this to match up precisely who printed the document.

Using a paint program to invert the document's color scheme and the EFF's handy spy-in-the-printer tool, Graham obtained the following information using only the auto-printed dots on the Intercept document:

The document leaked by the Intercept was from a printer with model number 54, serial number 29535218. The document was printed on May 9, 2017 at 6:20. The NSA almost certainly has a record of who used the printer at that time.

Very definitely it does have such records, as do a great many entities not heavily involved in national security. Many documents in many companies are considered "uncontrolled" if printed, and built-in document tracking allows them to track down employees who may have jeopardized nothing more than their own employment.

However, this does bring everything back around to the "just metadata" argument. The government has often claimed the wholesale collection of metadata is harmless, because it's nothing more than transactional records. Obviously, metadata can be quite damaging. Winner's decision to print the document ended her very short stint as a leaker.

Conversely, the government also claims -- when raising the "going dark" specter -- that metadata and other transactional records aren't nearly as useful as intercepted communications and/or device contents. To some extent, that's true. But it's obvious that metadata/transactional records aren't nearly as useless as they're portrayed by law enforcement handwringers. Either way the government spins the metadata argument, it's insulting the intelligence of Americans.


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Anonymous Coward, 6 Jun 2017 @ 7:40pm

    Re: Re:

    Simple don't buy a printer that has an IP address. Buy one that is hard-wired to the computer using a USB cable is the way to go. Doing that, and paying with cash will guarantee that nothing will trace back to you if your printer is stolen and someone does something illegal with it.

    My issue with these dots is what will happen is the printer is stolen, and someone does something nafarious with it. Having no bank trail leading back to me keeps me out of trouble, if that happens.

    That is why you want to buy a that is wired to the computer and not connected directly to the network, and always pay with cash

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: I Invented Email
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.