Monday, June 05, 2017

How The Intercept Outed Reality Winner

Today, The Intercept released documents on election tampering from an NSA leaker. Later, the arrest warrant request for an NSA contractor named "Reality Winner" was published, showing how they tracked her down because she had printed out the documents and sent them to The Intercept. The document posted by the Intercept isn't the original PDF file, but a PDF containing the pictures of the printed version that was then later scanned in.

As the warrant says, she confessed while interviewed by the FBI. Had she not confessed, the documents still contained enough evidence to convict her: the printed document was digitally watermarked.

The problem is that most new printers print nearly invisibly yellow dots that track down exactly when and where documents, any document, is printed. Because the NSA logs all printing jobs on its printers, it can use this to match up precisely who printed the document.

In this post, I show how.

You can download the document from the original article here. You can then open it in a PDF viewer, such as the normal "Preview" app on macOS. Zoom into some whitespace on the document, and take a screenshot of this. On macOS, hit [Command-Shift-3] to take a screenshot of a window. There are yellow dots in this image, but you can barely see them, especially if your screen is dirty.

We need to highlight the yellow dots. Open the screenshot in an image editor, such as the "Paintbrush" program built into macOS. Now use the option to "Invert Colors" in the image, to get something like this. You should see a roughly rectangular pattern checkerboard in the whitespace.

It's upside down, so we need to rotate it 180 degrees, or flip-horizontal and flip-vertical:

Now we go to the EFF page and manually click on the pattern so that their tool can decode the meaning:

This produces the following result:
The document leaked by the Intercept was from a printer with model number 54, serial number 29535218. The document was printed on May 9, 2017 at 6:20. The NSA almost certainly has a record of who used the printer at that time.

The situation is similar to how Vice outed the location of John McAfee, by publishing JPEG photographs of him with the EXIF GPS coordinates still hidden in the file. Or it's how PDFs are often redacted by adding a black bar on top of image, leaving the underlying contents still in the file for people to read, such as in this NYTime accident with a Snowden document. Or how opening a Microsoft Office document, then accidentally saving it, leaves fingerprints identifying you behind, as repeatedly happened with the Wikileaks election leaks. These sorts of failures are common with leaks. To fix this yellow-dot problem, use a black-and-white printer, black-and-white scanner, or convert to black-and-white with an image editor.

Copiers/printers have two features put in there by the government to be evil to you. The first is that scanners/copiers (when using scanner feature) recognize a barely visible pattern on currency, so that they can't be used to counterfeit money, as shown on this $20 below:


The second is that when they print things out, they includes these invisible dots, so documents can be tracked. In other words, those dots on bills prevent them from being scanned in, and the dots produced by printers help the government track what was printed out.

Yes, this code the government forces into our printers is a violation of our 3rd Amendment rights.





While I was writing up this post, these tweets appeared first:








Comments:
https://news.ycombinator.com/item?id=14494818


75 comments:

  1. Poof goes a darn fine tracking tool.

    ReplyDelete
  2. Not really.

    This has been a pretty standard thing for the last decade or so and even NSA contractors forget, or are simply unaware, that it exists.

    ReplyDelete
  3. 3rd amendment? Really? You'll liken these yellow dots to quartering soldiers?

    ReplyDelete
    Replies
    1. Yes. The reason why the third Amendment is there is not because the founders were angry at being forced to run a hotel for British troops. It is because a common way of quelling dissent was to place soldiers in the homes of rabble rousers, and have them report on the dissenters' activities. Nowadays, the just do the same thing electronically with NSA email intercepts and the like.

      Delete
  4. It's forcing you to run software on behalf of the US Government. That's against the 3rd Amendment.

    ReplyDelete
    Replies
    1. "Forcing"? ... no it isn't. You are buying a printer that chooses to run that software. You can overwrite the software yourself if you have the motivation to do so.

      Delete
    2. Or the know-how..... said the extremely tech-challenged 67 year old.... me.

      Delete
  5. Simply converting to b/w is not sufficient!
    http://imgur.com/a/kLovh

    And even when you mask them out so that they are no longer visible in the "all white" (paper) background, e.g. by messing with the white/black point of the image there's still the possibility that they could be recovered with correlation methods in grey areas where they aren't visible to the naked eye or just by increasing the contrast.

    ReplyDelete
    Replies
    1. black and white is not greyscale, btw.

      Delete
  6. Technically I think she had already outed herself in multiple and more obvious ways like using her gmail to communicate with the Intercept, social media activities, etc. Still, a mistake on the part of the Intercept in providing evidence to finger and prosecute her.

    ReplyDelete
    Replies
    1. they v much want you to think this. her gmail was used for a completely unrelated communication with TI

      Delete
  7. Don't print in color or on a color printer unless the document warrants it. Black monochrome only people. It's also cheaper. Have two printers.

    ReplyDelete
  8. That's why, when Greenpeace leaked the TTIP documents, they first manually re-typed a copy of the original document that was then released.

    Especially The Intercept should had have known better.

    A terrible professional error that not only destroyed the life of one of the rare courageous citizens, but also shows that The Intercept cannot be considered as safe “whistle blower” platform anymore.

    This is sad and very dangerous, as we need independent human rights defending journalism more than ever - and this can only work if these journalists are able to protect their sources.

    ReplyDelete
  9. I consider it highly illegal that people are trackable that way in general.

    That this is possible shows that the goverments do not work for the people but for other interest groups.

    ReplyDelete
  10. I don't think anti-counterfeiting measures mean the government is being evil to me.

    ReplyDelete
  11. Wrong amendment! No Constitutional violation. What you expose to public even unknowingly is not protected. Government has to protect itself from saboteurs. Writer has head screwed on wrong if he thinks this is evil.

    ReplyDelete
    Replies
    1. This comment has been removed by the author.

      Delete
  12. (that comment was directed to KiTA--the interface I was using had a reply-to-comment button and I wasn't sure how obvious it would be that I was replying to them)

    ReplyDelete
  13. Christian Vogel, black and white means indexed (1-bit color palette). Every pixel is either pure black or pure white. There are no gray pixels. I believe this does defeat printer dots. The leaker should have done this themselves rather than trusting the journalist.

    ReplyDelete
  14. Nice work. How could The Intercept be so naive by seeking contact with the NSA? I don’t get it, Glenn Greenwald, you know better. Do you?

    ReplyDelete
    Replies
    1. they had one successful leaker - one who did reveal himself publicly because journalist were conspiring with him to create this (TI) medium and provide him with money for life. otherwise he would leak it on cryptome which had long tradition of sucessful leaking

      Delete
    2. also dont forget wikileaks

      Delete
  15. Is there any chance people would realize the Amendment comment was a joke and stop failing to be pedantic with their "corrections."

    ReplyDelete
    Replies
    1. Amendment comments should be mandatory so they have more clicks and shares😋

      Delete
  16. #JWICs is a thing. Winner outed herself.

    ReplyDelete
  17. Great article, but there is no such built in program called Paintbrush on macOS.

    ReplyDelete
  18. This was not a courageous citizen! She was a deranged anti American communist like 90% of the journalist today. This leak does nothing but alert foreign gov't of our capabilities. Claiming to be helping when your actually sabotaging our country is Straight out of the Alinsky playbook acuse others of what your actually doing

    ReplyDelete
    Replies
    1. This comment has been removed by the author.

      Delete
    2. Please read Alinsky's work. His "playbook" is all about how to give powerless people organizing tools to stand up to authority to protect their rights. If that is evil, or communist in some way, then I'm also guilty - as are many others.

      Delete
    3. But when these people attain power and continue to use Alinskyite tactics - that's a problem as we found out during the Obama administration.

      Delete
    4. Haithabu could you explain what you mean there. I'm unsure of whom you are referring to.

      Delete
    5. Assume that anything outed on the general Internet has already been detected by ISIL and similar entities who aim to do us harm.

      Delete
  19. She may have assumed that secrecy laws are a dead letter with all the consequence-free leaking going on.

    ReplyDelete
    Replies
    1. Not if she's working at NSA...

      Delete
  20. Nothing wrong with microdots - especially when run on government hardware to protect government property from criminal intent.

    ReplyDelete
  21. Someone was definitely either careless or maliciously trying to out Winner, but I'm not sure we can jump to blaming The Intercept just yet. A WashPo article said the FBI questioned Winner -- who admitted everything -- on June 3rd, two days before the Intercept story went live.

    ReplyDelete
    Replies
    1. this is because TI shared documents on 5/30 with the NSA who notified the FBI. winner was already in custody when the article was finally run

      Delete
    2. exactly, so intercept can not be sued or shutdown

      Delete
  22. The specific constitutional rights violation is not of consumers, it is of private companies who manufacture printers being compelled to add this technology. Familiar to many following the case with Apple and encryption recently.

    ReplyDelete
  23. Angelique is slightly right but mostly wrong. I agree that leaks can harm our ability to legitimately intercept nefarious foreign governments and foreign individuals seeking to harm our republic and citizens. On the other hand the fact that a foreign power has corrupted our election process in numerous ways and may very likely put in power an illegitimate president is a serious concern. When the only authority and oversight is the same president and his cronies then turning to the free press seems like a pretty good idea. This woman was very brave for bringing forth this information.

    ReplyDelete
  24. Michael, fyi, the reason they questioned the girl is because The Intercept contacted them to see if they wanted anything redacted before printing, they gave them a copy of the document so as to not release sensitive information. It is common in media these days.

    ReplyDelete
    Replies
    1. youre naive, if they wanted what you wrote, then they will sanitize leak then sent it to state and thats it. they didnt do it they sent documents with identificators so they wont be sued or shot down or living on ecuadorean embassy

      Delete
  25. This comment has been removed by the author.

    ReplyDelete
  26. She is a criminal and belongs in jail...

    ReplyDelete
    Replies
    1. yes but this article is about toxic culture in your media industry so you wont forget that its not only about "fakenews"

      Delete
  27. I don't know that this would be any more a violation of 3rd Amendment rights than, for example, the ability to trace typewriting to a specific old-school typewriter would be. Let's put aside this specific case for a moment, given that she printed the doc on an NSA/work printer. If, say, the FBI wanted to track a specific printed document to a specific printer, there would need to be one of the following: 1) a catalog of all dotmark patterns, presumably registered by the manufacturers, or b) a record maintained by each individual manufacturer which the FBI could access, possibly with a warrant, that would narrow the printer to the retail location but possibly no further, or c) the FBI would have to match the document to the exact printer-- in which case, they perhaps have narrowed the search down to a possible printer and this is used for confirmation. This is quite different from planting either a government agent or a form of bug (computer, audio, whatever) in a private residence.

    ReplyDelete
  28. This comment has been removed by the author.

    ReplyDelete
  29. A point of consideration is that the the Intercept knows this because of Snowden and they purposefully outed Winner as a message to leakers.

    ReplyDelete
    Replies
    1. yes if leaker sends them materials its problem for them bcs they have to deal with government instead of cashing hundreds of thousands dollar checks every month from fearmongering

      Delete
  30. http://observer.com/2017/06/reality-winner-intercept-nsa-leak-explained/

    ReplyDelete
    Replies
    1. you have truly american mind

      Delete
  31. This document is a PDF.. there is no scanner that can acctually capture those dotes even in 1600P.. so HOW was that scanned?

    ReplyDelete
  32. Is it because it was OUR election and Trump won that has all you people so upset, or is the general principle of thing — in which case, were all of you equally upset about Obama's 2015 attempts to influence Israeli elections (using US taxpayer dollars), and all the other US attempts to influence foreign elections between 1947 and 2000?

    https://townhall.com/tipsheet/mattvespa/2016/12/16/flashback-that-time-the-obama-administration-spent-hundreds-of-thousands-of-dollars-to-defeat-benjamin-netanyahu-n2260711

    http://www.latimes.com/nation/la-na-us-intervention-foreign-elections-20161213-story.html

    Just curious...........

    ReplyDelete

  33. This could all be elaborate theater - cleverly designed to help the oligarchy/establishment achieve certain objectives. It's good to be open minded, but not too gullible. Just because 300 million people believe a pack of lies, does not change the matter.

    ReplyDelete
  34. To people who think this is a newer innovation: This has been going on since at least the late 1990s when consumer color laser printers became viable. I had a leadership role at a retail copy chain and one of my stores was involved in a counterfeit money situation; the US Secret Service came in to verify serial numbers of our color laser printers and sat down with me to explain the yellow dots. This was in 1998.

    ReplyDelete
  35. https://en.wikipedia.org/wiki/Printer_steganography

    ReplyDelete
  36. As long as you accept the fact that Hillary Clinton and the DNC are just as Corrupt and Evil as Donald Trump and the RNC you have an argument for returning our Nation to Civil, Honorable, Citizenship-based Rule. If you're still brainwashed by either Party - or ANY Party - than you need to have your brain deprogrammed ..

    Brad Hartliep. America's Independent Candidate 2020

    ReplyDelete
  37. Things are different if you're working for the government with security clearance.

    ReplyDelete
  38. Look on the bright side... she didn't have to pay for the toner.

    ReplyDelete
  39. Who cares who the brave person who leaked this, the question remains, did the hackers change the outcome of the election, and if so what, should be done next.

    ReplyDelete
  40. Everyone is discussing Microdots on printers?
    That she printed a document on a secure printer and then snail mailed it is mind boggling to me. I am a Network Engineer and there is really nothing that she could have done to have not been discovered. They conveniently get admit to microdots on pdf's in this case. I am sure that the NSA is relieved that they do not need to own up to spyware built into firmware on pc's now. No electronic communication is secure at all period.

    The bigger question for me is this: How does a radicalized 25 year old Anti-Trumper find out that a 4 day old document like this even exists in the first place? No one is talking about the DNC server breach any longer. She is obviously a patsy and was used by the Feds to release this information. This is a certainty. And it is unfortunate that her life is over and this might have been prevented. She was used and will be tossed aside.

    I want to reiterate: THERE IS NO FORM OF ELECTRONIC COMMUNICATION THAT IS SECURE AT ALL. Believe this because it is the truth.

    ReplyDelete
  41. Printer dots save lives. Can you imagine the unscrupulous people who would steal government and industrial secrets if they could! She was a vindictive little bitch who gave out a Top Secret document--she has earned her jumpsuit and jail cell!

    ReplyDelete
  42. It's [Command-Shift-4]. Also I'm only ever leaking anything to Cory Doctorow (hacker + journalist) or Bruce Schneier (straight up security expert and privacy advocate)--not that anyone trusts me with anything worth leaking.

    ReplyDelete
  43. Thank you for sharing valuable information. Nice post. I enjoyed reading this post.
    gclub จีคลับ
    gclub online
    gclub online

    ReplyDelete
  44. I read some articles on this site and I think your blog is really interesting and has great information. Thank you for your sharing.
    windows movie maker

    ReplyDelete
  45. If you print on an employers printer don't expect ANY right to privacy! They own the hardware you're using and can monitor how it is used as they wish, including the microdots and logging. Besides, I'm pretty confident every federal employee/contractor signs a legal contract stating they will keep confidential, secret and top secret documents as just that. If they don't want to then they shouldn't have access to those documents.

    ReplyDelete
  46. here's an obvious opportunity for a graphics developer:

    salt-n-peppa! add random yeller dots of the same color and size all over the place,
    expecially in the tagged area!

    if the color is an exact match then the data goes poof!

    ReplyDelete
  47. In the old days, typewriters were identified because of slight differences in the alignment of the typebars and imperfections and wear on each letter. Microdots are an update for technology.

    Society's gravest danger is from non-public organizations, within the government or outside it. Tools like these to enable "us" to discover who did what are important for the continuance of our culture.

    ReplyDelete
  48. Really i like your site...
    I enjoyed...
    boom barriers

    ReplyDelete
  49. Nice post..!Thank you for posting this blog.
    gclub online
    goldenslot
    gclub casino

    ReplyDelete
  50. What happens if you print on yellow paper or use a yellow background of some kind?

    ReplyDelete