Tuesday, June 06, 2017

Remember Boys and Girls - If You Wanna Be a Reality Winner - Don't Be a Technology Loser!

WaPo | Winner was arrested Saturday. When FBI agents questioned her at her home, she admitted “removing the classified intelligence reporting from her office space, retaining it, and mailing it from Augusta, Georgia, to the news outlet,” court documents read. She remains in jail pending a detention hearing. Her lawyer declined to comment on the charges.

After the charges were announced Monday, some cybersecurity experts remarked on the apparent ease with which investigators were able to trace the leak back to Winner. Some went so far as to say the Intercept had “outed” her by posting copies of the document online. The Intercept said the materials were submitted anonymously.

According to Rob Graham, who writes for the blog Errata Security, the Intercept’s scanned images of the intelligence report contained tracking dots — small, barely visible yellow dots that show “exactly when and where documents, any document, is printed.” Nearly all modern color printers feature such tracking markers, which are used to identify a printer’s serial number and the date and time a page was printed.

“Because the NSA logs all printing jobs on its printers, it can use this to match up precisely who printed the document,” Graham wrote Monday.

Graham’s post gave a step-by-step demonstration of how investigators could have easily done just that. Using a tracking dot decoding tool from the Electronic Frontier Foundation, he said he determined that he document “was from a printer with model number 54, serial number 29535218″ on May 9, 2017, at 6:20 a.m.

“The NSA almost certainly has a record of who used the printer at that time,” Graham wrote.

Others picked up on the same point.

“Just a reminder, colour printers spy on you,” tweeted data analyst Tim Bennett. “This one embedded the exact time a U.S. government employee printed a subsequently leaked doc.”