Beware of printer added meta if you're a leaker

Discussions about anything Computer Hardware Related. Overclocking, underclocking and talk about the latest or even the oldest technology. PCA Reviews feedback
Post Reply
User avatar
wvjohn
Posts: 9238
Joined: Wed Nov 22, 2000 7:09 am
Contact:

Beware of printer added meta if you're a leaker

Post by wvjohn »

learn something new every day....

https://arstechnica.com/security/2017/0 ... sa-leaker/
Image




When reporters at The Intercept approached the National Security Agency on June 1 to confirm a document that had been anonymously leaked to the publication in May, they handed over a copy of the document to the NSA to verify its authenticity. When they did so, the Intercept team inadvertently exposed its source because the copy showed fold marks that indicated it had been printed—and it included encoded watermarking that revealed exactly when it had been printed and on what printer.

The watermarks, shown in the image above—an enhancement of the scanned document The Intercept published yesterday—were from a Xerox Docucolor printer. Researchers working with the Electronic Frontier Foundation have reverse-engineered the grid pattern employed by this class of printer; using the tool, Ars (and others, including security researcher Robert Graham) determined that the document passed to The Intercept was printed on May 9, 2017 at 6:20am from a printer with the serial number 535218 or 29535218.

The results from inputting the dot pattern from the NSA leak into EFF's tool show when and where the page was printed.
Enlarge / The results from inputting the dot pattern from the NSA leak into EFF's tool show when and where the page was printed.
Armed with this evidence, the NSA was able to quickly determine who had printed the document by checking audit logs. NSA investigators quickly narrowed it down to Reality Leigh Winner, a 25-year-old contractor for Pluribus International Corporation, a company that provides analytical, translation, and cyberwarfare development services to the intelligence community. Winner was working at the NSA's Fort Gordon, Georgia facility. Her identification was apparently aided, according to the Justice Department's arrest warrant affidavit, by her contacting The Intercept from her work e-mail:
The U.S. Government Agency conducted an internal audit to determine who accessed the intelligence reporting since its publication. The U.S. Government Agency determined that six individuals printed this reporting. WINNER was one of these six individuals. A further audit of the six individuals' desk computers revealed that WINNER had e-mail contact with the News Outlet. The audit did not reveal that any of the other individuals had e-mail contact with the News Outlet.
When confronted by the FBI, Winner confessed to being the source of the leak.
Post Reply