The arrest warrant says nothing about printer dots, actually. It says that once they saw it was printed (per the Intercept showing them a copy to confirm its legitimacy) they simply looked at who'd printed the original document. Upon looking into the desk computers of those 6 people, she was the only person who'd had email contact with the Intercept.
They didn't even need the yellow dots. She literally emailed the Intercept from her work email and was one of a trivial number of people who'd printed it in the first place.
This was a significant clue that The Intercept did not have to give up. The warrant says they looked at all people who had accessed the report, and because the document appeared to have been printed, then at those 6 who printed it.
The yellow dots might have not been a factor, but it's nevertheless the same type of carelessness which might have exposed a whistleblower otherwise.
(But yes, this whistleblower would have been discovered by other means as well).
1. The actual reason she was arrested is because she admitted leaking it.
2. The story about only six printouts and e-mail correspondence is the official cover to draw public attention away from the yellow dots.
3. The yellow dots is how they actually found her and why she had no reasonable choice but to admit leaking, which allowed 1 to happen without drawing attention to the yellow dots.
I don't know why everyone is blaming The Intercept for publishing a document leaked to them anonymously for that exact purpose. They always publish the source document. So does NYTimes and WaPo and other news orgs. It's common practice.
Assuming The Intercept detected the printer dot, how could they possibly know the printer dot wasn't some random one from a printer a library vs her work computer?
If I was The Intercept receiving a document from someone claiming to be an intelligence officer I would assume they used some very basic OPSEC - such as not printing the document out on a MONITORED WORK COMPUTER. This is basic stuff.
I don't see what more The Intercept could have done here to protect her.
>This was a significant clue that The Intercept did not have to give up.
I have no idea why people are leaking to rinky-dink operations like the Intercept. If you want to leak, then leak to the Washington Post or New York Times. I can't imagine the Intercept having the expertise to handle such documents. This was a fairly obvious screw up.
I also question their methods of receiving and storing such documents and if they aren't compromised by one or more nation state intelligence services. Are these documents being stored through a third party email or web server? Is there end-to-end encryption?
The copier explanation may be a believable fiction as not to reveal other sources.
Third possibility: that she suspected she'd be caught regardless, and decided that releasing this specific information publicly was more important than her personal freedom.
Fourth possibility: that the NSA did use the forensic marks in question to identify her, and fabricated a parallel construction in order to avoid acknowledging the existence of said marks.
(But still, most likely this is Hanlon's Razor. What's there to be suspicious about?)
Her background, according to the Guardian, is former Air Force and being fluent in Middle Eastern languages. None of that indicates that she would be especially knowledgeable of how access logs are implemented. I mean, she should have gave the NSA the benefit of the doubt given the massive clusterfuck caused by Snowden 3+ years ago. But even today, we see reports of massive data incompetence by Booz Hamilton (Snowden's employer) top secret contractors: http://gizmodo.com/top-defense-contractor-left-sensitive-pen...
From what's publically known, the email to The Intercept related to their podcast, of which we supposedly was a listener and not to the matter at hand.
Agreed. Whenever I leak, I make sure to pin it on some derp. Throws them off my trail so I don't end up like Manning. As for the derp, she'll get a book deal which is more than she ever had going for her.
(Kind of annoyed that the derp became the story while the actual leak never made the front page.)
As an aside, how else would one sneak top-secret stuff out of the NSA ? I assume all IO ports have been cut, and the input devices soldered onto the motherboard ?
Send some xor-ed file out using a non-secure connection and sneak the key out somehow ?
Take photographs/video using the phone, cold-war style ?
She did not email TheIntercept from her work address, she subscribed to their podcast mailing list via her personal email.
Still an opsec failure of sorts, true, but far less so than you try to make it sound
Nevermind that. Go down the rabbit hole that is COINTEL and realize that thinking that you can really know or trust anything you think you know is futile. The tactics have been used in the past and there is no reason they wouldn't still be in use: they work.
Bonus points? Any mention of possible COINTEL tactic gets you labeled a conspiracy theorist. A lovely term invented by the CIA that readily dismisses anyone who points out that a COINTEL tactic might be in use. Lucky for them most the general public bought it hook, line, and sinker.
the real issue is not how she was caught, the real issue is how someone like her got to this position in the first place. with a social media existence that is littered with dislike/to hate for the current administration, high activity on social media, a name change, and more? these should all be red flags that either block such positions or remove you from then.
back in the last world war they managed to pull off creating an atom bomb with even the vast majority of people in office knowing about it, today every damn snowflake is looking for their five minutes of fame.
"FBI special agent Justin Garrick told a federal court that Winner – a cross-fit fan who graduated high school in 2011 and was in the US Air Force apparently as a linguist – confessed to reading and printing out the document, despite having no permission to do so. "
So, she joined the company 3 months prior, and it was 'permission' rather than enforced access rights that they relied on for new trainees not to color outside of the lines.
It's not about 'permission', it is all about 'capabilities'.
It's the same with the NSA's excuse.. "Yes we gather Americans' communications, but there are rules against agents listening to that!".
Or Facebook apps, "Yes apps can see your name, dob, email and your friends list, but they are not allowed to abuse this information"... Thanks, I feel secure now.
you find that level of permission quite common across many different employers. until employers (government or otherwise) treat security properly there will always be means to circumvent security in name only.
According to the FBI arrest affidavit, only six people printed that document, and she emailed The Intercept from her own work computer.
So she would have been identified even if she or The Intercept had the sense to remove or alter the DocuColor dots.
"The U.S. Government Agency conducted an internal audit to determine who accessed the intelligence reporting since its publication. The U.S. Government Agency determined that six individuals printed this reporting. WINNER was one of these six individuals. A further audit of the six individuals' desk computers revealed that WINNER had e-mail contact with the News Outlet. The audit did not reveal that any of the other individuals had e-mail contact with the News Outlet"
Not that that makes it any less concerning that The Intercept forgot to scrub the dots, unless the email in question contained instructions along the lines of "lol dont worry bout opsec i dont care if i get caught kthx <3 <3".
From The Intercept's "how to pass on tips" page [1]:
> We’ve taken steps to make sure that people can leak to us as safely as possible. Our newsroom is staffed by reporters who have extensive experience working with whistleblowers, as well as some of the world’s foremost internet security specialists. Our pioneering use of the SecureDrop platform enables you to communicate with our reporters and send documents to us anonymously.
I think it's shocking that nobody at The Intercept was aware of the yellow dots, or other metadata (eg printer-specific output artifacts) that might facilitate the revelation of the anonymous source. This is so careless of them that I'm led to believe that they don't have a formal scrubbing step at all.
Of course, I might be biased a bit here because I dislike Greenwald so much for how he handled the Snowden leaks. The risks Snowden took and the sacrifices he made are incomparable, but "it took Greenwald several more months and help from experts before he could learn relatively basic tools like PGP encryption."
Edit: I think it's shocking because assisting whistleblowers and protecting their anonymity seems central to The Intercept (which I believe is commendable), so they, of all people, should know better -- if not best.
It's worse than that. OK, so someone contacts The Intercept, claiming to have juicy NSA documents. Before anything gets shared, don't they have a duty to make sure that the source has good OPSEC?
It wasn't the publicated images that set off the investigation, but the images they sent to their sources in the NSA for verification. Verification is obviously hindered by sending manipulated documents, so they might simply have trusted their source not to pass them on.
The arstechnica article[1] reports, based on the FBI document, that the NSA determined who leaked the info by finding creases in the documents provided to them for authentication by the Intercept demonstrating that they were leaked by being printed out.
I don't want to sound like a tinfoil hat wearer, but there's a lot of trivial data that a leaker could/should guard against. Multi-layer PDFs and their metadata. Microsoft Office metadata. Photograph EXIF data. Tracking cookies. File access logging. Print job logging. Printer microdot steganography. Traffic and license plate cameras. Cell tower connections logs. Email headers. Windows event logs.
Many of these can be circumvented through the use of tech like VPNs, Tor, or GPG, and through careful behavior such as scrubbing metadata and the use of burner phones/laptops, cash, and public internet connections. And we're not even getting to the level of wireless carrier, home ISP, or NSA web activity tracking, NSA Tor exploitation, or zero-day exploits. Furthermore, this assumes that the documents themselves are not themselves subject to punctuation, word replacement, typesetting, or other content steganography. Should The Intercept be responsible for ensuring that its sources adhere to safe leaking behaviors? They probably should, at some level.
But what if - as I'm reading here - The Intercept got an email from reality.winner@nsa.gov, subject "NSA Report on Russia Spearphishing.pdf", body "Hey, I was browsing some stuff out of curiosity in our SCIF and thought this study might be useful to you. I printed it off and smuggled it out in my purse, then scanned it and attached it to this email. Please publish it so the American people can know what's really going on. Hope this helps! -- Reality". There's not really any point to worrying about printer steganography, protecting your IP address, or GPG at that point.
Your assessment is totally correct. Steganography can be put everywhere. Perhaps the Free Software Foundation can take advantage of these cases for pushing for more use of open source, non-fingerprinted software.
OR for enforcing fingerprinting! (It can help with fighting against corrupt governments)
Yes, this has been for ages, but I never saw an explanation on how to read the dots. I thought they were to be more subtle or more concealed, but they are very evident!!
As pointed out, probably there is more steganography being put into devices / software by the NSA/etc (tinfoil hat nonwithstanding); that will probably insert things like meaningful whitespace with information about the source.
The article is also very relevant because we do need tools free from such fingerprinting. It makes me want to use only and only open source for all my documents. Even for file storage!
They (the Intercept) are playing in a dangerous game, and they should be extra careful about such things. After all the drama about smashed hard drives, Greenwald's BF being detained in London, etc. etc. you'd think they'd know better.
I'm not in the security business, and even I knew about the dots (and circles in the $20 bills). It's been on HN several times: http://goo.gl/h1kqbu
So, shame on you, Intercept. Your callous disregard for your sources is now going to send one to prison for a looong time.
"Yes, this code the government forces into our printers is a violation of our 3rd Amendment rights"
FYI: The 3rd Amendment reads as follows:
"No Soldier shall, in time of peace be quartered in any house, without the consent of the Owner, nor in time of war, but in a manner to be prescribed by law."
I don't see the connection. Why does this violate our 3rd amendment rights?
One could argue that the "spirit" of the 3rd Amendment is that the government cannot compel you to use your own resources for their benefit on an ongoing basis. It's a stretch, but possibly no more so than other interpretations of the Constitution that courts have made.
Good point, but in this case I don't know if it's quite reaching the level of compelling. Maybe co-opting? I imagine the government uses us in many, many ways for their own gain that we may not know of. Perhaps a better connection might be the 1st Amendments implied right to freedom of association.
Probably Griswold v. Connecticut, which established the derived right to privacy. Justice Douglas cited the Third Amendment (among others) as implying the right to keep one's home free from agents of the state.
That said, this pretty obviously isn't a clear Third Amendment violation. There's virtually no caselaw around the 3rd, and what there is has held it pretty narrowly. The only successful Third Amendment defense I know of was Engblom v. Carey, which was about evicting prison guards to give their housing to National Guard troops.
So - I think they meant "right to privacy", but the 3rd is one of the smallest and least-cited components of that right.
And even when you mask them out so that they are no longer visible in the "all white" (paper) background, e.g. by messing with the white/black point of the image there's still the possibility that they could be recovered with correlation methods in grey areas where they aren't visible to the naked eye or just by increasing the contrast.
Why would there be grey in a thresholded image? The entire point of the transform is that it maps everything above a certain threshold to pure white and everything else to pure black.
It's trivial to inject systematic, minor changes in whitespace or fonts that create a serial number in an image based document format. Every individual obtaining a TS document could be given their own numbered copy for traceability.
I'm not sure how to say this, but I've been in a position to see what the US government considers some of its most valuable technical resources. More than a decade ago, a very specific breach of security happened in a specific place, operated by "a company". That organization sent in a team of people from D.C. for five days that specifically were "extraordinarily good" at their jobs in order to analyze the machines where this breach happened. All three of these folks were stumped for three days by deleted browser cookies on a Windows machine, no kidding. I was originally one of a handful of suspects, but hearing about their ineptitude was so fucking infuriating that I wouldn't keep quiet. Eventually, one of the people in power in that place (who was on my side) convinced the "crack forensics team" to hear me out. So I met with them and discussed the plan, and then I walked them through installing a stupid FOSS utility for recovering deleted browser cache and cookies, and they were able to extract a URL, account name, and timestamp from the cookies on the machine which then let them pull up the right footage from the security camera, and catch the criminal responsible. The person in charge of the whole thing offered me a job (which I did not take). Ever since that day, whenever I hear something like "extraordinary law enforcement effort" I think about those stupid contractors and how I could have somehow suffered legal problems because of them. I absolutely do not trust the US government's claims about its own technical capabilities. I mean obviously not everyone working for the government is an ID-10-T, but here is supposedly one of the best technical teams this organization has to offer, and they can't even get this really basic shit right. And not just "can't get it right" but consider the ramifications of their being wrong! Amazing, and eye-opening, and frightening.
Quite. The US government employs contractors more or less on the Charlie Sheen principle: it pays them to go away. There are some really sharp people employed by contractors, and some others that are just billed as if they were.
I'd like to second this. The "crack team" was the company that won the contract. I've seen first hand of companies hiring just about anyone as a contractor before a contract was even granted. Promises of a high potential salary usually lures these people.
There is a perception in the intelligence community that The Intercept has ties to Wikileaks and the kremlin (based on people with ties to the IC on twitter), so I assume they wanted to make a point.
I think we might also assume that other NSA leaks to MSM might have been done with some level of institutional approval.
If you're getting your news from IC twitter, you're going to have a bad time.
IC twitter takes Louise Mensch's insane conspiracy theories seriously, and legitimately believes that every malicious packet on the Internet is attributable Fancy Bear.
Specifics of Russian activities, methods, and US intelligence awareness of same, all of which are relevant.
The fact of the arrest strongly suggests the documents themselves are accurate. If they don't reflect actual Russian activity, they appear to reflect US intelligence of such activity.
If accurate, the documents corroborate a general pattern of activity of election manipulation carried on from at least June of 2016 through November, which would be highly significant.
There is circumstantial evidence of vote tampering in at least North Carolina, based on unexpected vote-tally convergence differences based on precinct size (I'm not entirely sold on the story, though it seems to have some legs): http://www.votesleuth.org/north-carolina-2016-overview/
At a larger scale, this highlights weakensses in multiple elements of liberal democratic institutions, mechanisms, communications, and media, as well as, quite possibly, political bodies and individuals. Arguments which have been in large part theoretical of risks of voting machines, email, and end-to-end encryption are now looking to be substantial, actual, and potentially existential threats.
Nothing really bad yet. Allegedly Russians spear-phished user accounts of some people involved in the election, possibly stole documents and theoretically could attempt using this access to social engineer them into misconfiguring voting systems, installing malicious firmwares etc. but there is no evidence that they tried.
Can someone explain the reference to the Third Amendment at the end of the article? Looking on Wikipedia, the 3rd Amendment is something to do with quartering soldiers in private homes.
The theory is that by pressuring printer makers in to making all printed documents trackable, the printer is an agent of the state quartered in your home to spy on you.
A theory that isn't going to satisfy many people. It is interesting, though, to ponder what would have happened at various points in history, had $state_actor at the time had access to this tech.
The dots would be a violation of the 1st amendment if any of the printer companies were forced to add them but it seems they willingly added them or with a little back room arm twisting.
I remember a HN thread years ago on these yellow dots watermarks, where an employee at a printer manufacturer said there was no indication this was ever used by law enforcement to track who printed what because, for one, the team who implemented the watermarking never documented or taught anyone how to decode these watermarks.
Well, here we are today with this NSA story.
I think it's possible that US-based printer manufacturers implemented watermarking on special request from the NSA. That would also explain why the printer manufacturer employees never needed to teach anyone how to decode them. It wasn't their specs in the first place.
As someone else pointed out already there is no evidence the dots were used. Only 6 people viewed the document and she was the one who printed it. Then they found logs of her emailing it from her work computer.
So there are definitely printer dots in the posted images, but how do we know they are from a printer at NSA? They could be from a printer at The Intercept, a public copy and print shop, or anywhere else, intentionally left in as a red herring.
Of course, as others have posted, she doesn't appear to have tried hard to cover her tracks at NSA so that doesn't seem too likely. But stating that she accidentally left in the printer dots is assuming several facts not in evidence.
tl;dr: the dots may have exposed metadata of the printing, but from what we know officially, NSA's internal access control system was all that was needed to argue probable cause against Reality Winner.
So the dots don't look good in terms of The Intercept's opsec, but from what we know from the Justice Department's affidavit [0] and the search warrant [1], those dots were likely inconsequential as evidence compared to the audit trail that Winner left when she accessed and printed the file. It's not unreasonable to believe that the NSA and its contractors can track access activity by user, post-Snowden; I mean, it's a feature built into states' DMV systems, which is how cops get busted in the occasional scandal of unauthorized lookup of citizen info [2].
The warrant and affidavit allude to such a system when describing the audit that was done as soon as the NSA was made aware (because the Intercept reached out to them) that the document was out in the wild. At that point, it doesn't seem hard to query their own logs to find all users who accessed and/or printed out the document. Unfortunately for Winner, it seems that very few (1 in 6) NSA employees printed out the document, and I'm sure it didn't help that her background (former Air Force, fluent in several Middle Eastern languages) would indicate that her job did not require her to have a physical copy of this particular document.
The affidavit and warrant mention "physical" metadata that they say supports their case, but it's all circumstantial
1. The documents show evidence of creases/folding, which indicates that someone had to secret it out physically (i.e. they printed it first) from the NSA. But that folding/creasing could come from the reporters printing out their own copies of the document.
2. The affidavit says that of the 6 employees to have had printed out the document, Winner was the only one to have email contact with The intercept. But the warrant specifies that this email contact occurred using her private GMail address in March, and it was limited to 2 emails: her subscribing the The Intercept podcast, and a confirmation email. i.e. she didn't use email (that we know of) to talk to the Intercept.
There's no mention of the yellow dots, which, sure, we could argue that the NSA is just keeping that bit of tradecraft secret. But keep in mind that the NSA started their investigation last week, with the FBI interviewing Winner just a few days ago (on a Saturday no less).
The other key point is that, according to the warrant, the Intercept journalist sent along the leaked documents to a NSA source for confirmation using a smartphone, i.e. they texted smartphone photos of the documents. It seems possible that that kind of ad hoc scanning would make the yellow dots illegible, depending on how much care was taken to photograph the documents.
At any rate, it's kind of irrelevant. Assuming Winner used her own NSA credentials to peruse the system, the access control logs were all that were needed to out her as fast as the NSA and FBI were able to. However, it's worth noting that if the NSA had been clueless until the Intercept's published report, the actual published document apparently did reveal the yellow dots. This means that if even if Winner were one of many NSA employees to print out the documents, the yellow-dot timestamp would greatly help in narrowing the list of suspects.
So, it's wrong to say the Intercept outed her, because we don't know what would've happened in an alternative reality in which the NSA didn't start its investigation until after seeing the published report. It is OK, probably, to speculate that the Intercept was sloppy in handling the documents...but that's not what led to Winner being outed so quickly.
> There's no mention of the yellow dots, which, sure, we could argue that the NSA is just keeping that bit of tradecraft secret
Printers have been using microdots since the 90's; their use isn't secret. And the NSA would use other forms of forensic fingerprinting. For example, there's some kerning variation in that document, which could easily be another form of steganography. There are numerous other textual/grammar variations they could use to watermark a document.
> the NSA would use other forms of forensic fingerprinting
This is what I'm betting on. The 'creases' story may have some truth to it, but I suspect its primary goal is to take over the narrative and distract from the actual methods of identify the leak.
danso that was detailed and very thorough, thank you. I wonder what your opinion is about the earlier leaks of Russian communications: would this have exposed methods to the Russian officials who thought they had secure channels?
I don't understand why everyone seems obsessed with complex, automated, technical solutions when a simple manual procedure will do. Or are we talking about thousands of pages (sorry, haven't read the article, just responding to the comments)?
If I were the NSA, I'd have a modified graphics driver which overlays pseudorandom very faint grey dots over the screen at all times. A 254 254 254 pixel hidden amongst all while pixels isn't visible, yet thousands of them across a page will encode significant amounts of information, even in the face of quite severe image compression and low quality.
The dots could be based on the computer, currently logged in user, and timestamp.
Then later, if any screenshot or screen photo is leaked, you can decode the dots to identify the source.
Which shade of yellow? Assuming it's a uniform yellow (which I doubt in an analog to digital conversion), miss it by one bit, and your source is burned.
Something smells fishy here. How did the Intercept maintain enough opsec to stay in contact with Snowden (who would have dropped them like a hot potato if they didn't seem competent) and then do this, with the same general staff in place?
From what I learned in Citizenfour, Snowden had to walk his contacts Laura Poitras(Citizenfour maker)/The Intercept through all the steps needed before he would communicate with them, and this latest person mistakenly trusted The Intercept with the original paper document (instead of passing it through a b/w filter, second step as recommended by the link).
Before they even meet, Snowden asked Greenwald to set-up PGP/GPG so they can securely talk/he can tell them what he has, Greenwald didn't manage to do that/ignored this "anonymous person", Snowden found that Laura had a GPG key, and knew Greenwald, so he asked her to help him set that up. This all happened pre-Intercept, Greenwald was working for The Guardian at that time.
Despite his technical ineptitude, Greenwald was the only journalist Snowden trusted with the info, he didn't go to NYTimes after the NYT delayed a story about surveillance during the Bush admin until after Bush's reelection, he was afraid the NYT would just go straight to the government before publication, asking "So is this story legit?"...
It might not be The Intercept, although timing suggests it was. She could have sent it to multiple organizations, one (based in Atlanta, perhaps CNN) sent them to NSA for "verification" according to [1]
It's interesting that the reaction by many here isn't "gee, this was an unfortunate mistake, but the work the Intercept does is valuable, so let's hope they do a better job going forward."
Instead, it's more along the lines of "The Intercept should never be trusted, they need to shut down!" without any discussion of how or who or what to use to disseminate national security leaks going forward. Sounds an awful lot like cheap opportunism from people who didn't even like the Intercept to begin with.
Laura had a flash drive with some documents, which she gave to Glenn on their flight there. He spent most of the flight reading through those documents.
The arrest warrant says nothing about printer dots, actually. It says that once they saw it was printed (per the Intercept showing them a copy to confirm its legitimacy) they simply looked at who'd printed the original document. Upon looking into the desk computers of those 6 people, she was the only person who'd had email contact with the Intercept.
They didn't even need the yellow dots. She literally emailed the Intercept from her work email and was one of a trivial number of people who'd printed it in the first place.
> It says that once they saw it was printed
This was a significant clue that The Intercept did not have to give up. The warrant says they looked at all people who had accessed the report, and because the document appeared to have been printed, then at those 6 who printed it.
The yellow dots might have not been a factor, but it's nevertheless the same type of carelessness which might have exposed a whistleblower otherwise.
(But yes, this whistleblower would have been discovered by other means as well).
1. The actual reason she was arrested is because she admitted leaking it.
2. The story about only six printouts and e-mail correspondence is the official cover to draw public attention away from the yellow dots.
3. The yellow dots is how they actually found her and why she had no reasonable choice but to admit leaking, which allowed 1 to happen without drawing attention to the yellow dots.
7 replies →
I don't know why everyone is blaming The Intercept for publishing a document leaked to them anonymously for that exact purpose. They always publish the source document. So does NYTimes and WaPo and other news orgs. It's common practice.
Assuming The Intercept detected the printer dot, how could they possibly know the printer dot wasn't some random one from a printer a library vs her work computer?
If I was The Intercept receiving a document from someone claiming to be an intelligence officer I would assume they used some very basic OPSEC - such as not printing the document out on a MONITORED WORK COMPUTER. This is basic stuff.
I don't see what more The Intercept could have done here to protect her.
She messed up, not them.
18 replies →
>This was a significant clue that The Intercept did not have to give up.
I have no idea why people are leaking to rinky-dink operations like the Intercept. If you want to leak, then leak to the Washington Post or New York Times. I can't imagine the Intercept having the expertise to handle such documents. This was a fairly obvious screw up.
I also question their methods of receiving and storing such documents and if they aren't compromised by one or more nation state intelligence services. Are these documents being stored through a third party email or web server? Is there end-to-end encryption?
The copier explanation may be a believable fiction as not to reveal other sources.
19 replies →
Does this strike anyone else as suspicious? To my mind she's either incompetent or she intended to become a martyr.
Third possibility: that she suspected she'd be caught regardless, and decided that releasing this specific information publicly was more important than her personal freedom.
Fourth possibility: that the NSA did use the forensic marks in question to identify her, and fabricated a parallel construction in order to avoid acknowledging the existence of said marks.
(But still, most likely this is Hanlon's Razor. What's there to be suspicious about?)
21 replies →
Her background, according to the Guardian, is former Air Force and being fluent in Middle Eastern languages. None of that indicates that she would be especially knowledgeable of how access logs are implemented. I mean, she should have gave the NSA the benefit of the doubt given the massive clusterfuck caused by Snowden 3+ years ago. But even today, we see reports of massive data incompetence by Booz Hamilton (Snowden's employer) top secret contractors: http://gizmodo.com/top-defense-contractor-left-sensitive-pen...
3 replies →
Does this strike anyone else as suspicious?
What is suspicious about it?
This isn't 4chan. Present some evidence but don't just make up random speculation that "could have happened".
I mean it's possible to come up with elaborate theories, but the most likely explanation is that she was just spectacularly stupid.
or she intended to become a martyr
I'm not sure being this dumb is going to get much sympathy from anyone.
2 replies →
She's 25 years old and worked in that job for a few months, not a security specialist or some super-spy.
5 replies →
From what's publically known, the email to The Intercept related to their podcast, of which we supposedly was a listener and not to the matter at hand.
Are we only permitted to consider 2 choices here or is it permissible to consider the other obvious possibilities?
I don't get it. So she printed the document, then scanned in order to email it?
2 replies →
Agreed. Whenever I leak, I make sure to pin it on some derp. Throws them off my trail so I don't end up like Manning. As for the derp, she'll get a book deal which is more than she ever had going for her.
(Kind of annoyed that the derp became the story while the actual leak never made the front page.)
As an aside, how else would one sneak top-secret stuff out of the NSA ? I assume all IO ports have been cut, and the input devices soldered onto the motherboard ?
Send some xor-ed file out using a non-secure connection and sneak the key out somehow ?
Take photographs/video using the phone, cold-war style ?
8 replies →
She did not email TheIntercept from her work address, she subscribed to their podcast mailing list via her personal email. Still an opsec failure of sorts, true, but far less so than you try to make it sound
https://d3vv6lp55qjaqc.cloudfront.net/items/1k2I053M3J2z0f47... PDF Page 11, Paragraphs 15 and 16
beware Parallel Construction: https://en.wikipedia.org/wiki/Parallel_construction
Basically you can't believe any narrative, as the gov can legally put forth anything they can contrive after-the-fact as long as it's plausible.
Nevermind that. Go down the rabbit hole that is COINTEL and realize that thinking that you can really know or trust anything you think you know is futile. The tactics have been used in the past and there is no reason they wouldn't still be in use: they work.
Bonus points? Any mention of possible COINTEL tactic gets you labeled a conspiracy theorist. A lovely term invented by the CIA that readily dismisses anyone who points out that a COINTEL tactic might be in use. Lucky for them most the general public bought it hook, line, and sinker.
the real issue is not how she was caught, the real issue is how someone like her got to this position in the first place. with a social media existence that is littered with dislike/to hate for the current administration, high activity on social media, a name change, and more? these should all be red flags that either block such positions or remove you from then.
back in the last world war they managed to pull off creating an atom bomb with even the vast majority of people in office knowing about it, today every damn snowflake is looking for their five minutes of fame.
> She literally emailed the Intercept from her work email and was one of a trivial number of people who'd printed it in the first place.
Surely, NSA contractors aren't this stupid ? Something smells.
Why not? She's some 25 year old kid. There's no real indication (aside from having linguistic talent) that she's especially smart.
1 reply →
Why not?
I did something only somewhat less stupid when I was about that age: http://www.shub-internet.org/brad/cacm92nov.html
This is a really nice bit from TFA:
"FBI special agent Justin Garrick told a federal court that Winner – a cross-fit fan who graduated high school in 2011 and was in the US Air Force apparently as a linguist – confessed to reading and printing out the document, despite having no permission to do so. "
So, she joined the company 3 months prior, and it was 'permission' rather than enforced access rights that they relied on for new trainees not to color outside of the lines.
It's not about 'permission', it is all about 'capabilities'.
It's the same with the NSA's excuse.. "Yes we gather Americans' communications, but there are rules against agents listening to that!".
Or Facebook apps, "Yes apps can see your name, dob, email and your friends list, but they are not allowed to abuse this information"... Thanks, I feel secure now.
You feeling secure now, that must be Security as a Service, i guess?
People could break your door and rob but don't. Punishment and deterrence work in real life.
4 replies →
you find that level of permission quite common across many different employers. until employers (government or otherwise) treat security properly there will always be means to circumvent security in name only.
Great point and a dose of reality for admins out there.
According to the FBI arrest affidavit, only six people printed that document, and she emailed The Intercept from her own work computer.
So she would have been identified even if she or The Intercept had the sense to remove or alter the DocuColor dots.
"The U.S. Government Agency conducted an internal audit to determine who accessed the intelligence reporting since its publication. The U.S. Government Agency determined that six individuals printed this reporting. WINNER was one of these six individuals. A further audit of the six individuals' desk computers revealed that WINNER had e-mail contact with the News Outlet. The audit did not reveal that any of the other individuals had e-mail contact with the News Outlet"
Not that that makes it any less concerning that The Intercept forgot to scrub the dots, unless the email in question contained instructions along the lines of "lol dont worry bout opsec i dont care if i get caught kthx <3 <3".
From The Intercept's "how to pass on tips" page [1]:
> We’ve taken steps to make sure that people can leak to us as safely as possible. Our newsroom is staffed by reporters who have extensive experience working with whistleblowers, as well as some of the world’s foremost internet security specialists. Our pioneering use of the SecureDrop platform enables you to communicate with our reporters and send documents to us anonymously.
I think it's shocking that nobody at The Intercept was aware of the yellow dots, or other metadata (eg printer-specific output artifacts) that might facilitate the revelation of the anonymous source. This is so careless of them that I'm led to believe that they don't have a formal scrubbing step at all.
Of course, I might be biased a bit here because I dislike Greenwald so much for how he handled the Snowden leaks. The risks Snowden took and the sacrifices he made are incomparable, but "it took Greenwald several more months and help from experts before he could learn relatively basic tools like PGP encryption."
[1] https://theintercept.com/leak/
[2] https://www.dailydot.com/layer8/edward-snowden-gpg-for-journ...
Edit: I think it's shocking because assisting whistleblowers and protecting their anonymity seems central to The Intercept (which I believe is commendable), so they, of all people, should know better -- if not best.
2 replies →
It's worse than that. OK, so someone contacts The Intercept, claiming to have juicy NSA documents. Before anything gets shared, don't they have a duty to make sure that the source has good OPSEC?
5 replies →
It wasn't the publicated images that set off the investigation, but the images they sent to their sources in the NSA for verification. Verification is obviously hindered by sending manipulated documents, so they might simply have trusted their source not to pass them on.
I have submitted a PR to 'pdf-redact-tools' tonight. The new feature removes the yellow printer dots by converting the document to black and white: https://github.com/firstlookmedia/pdf-redact-tools/pull/23
Are you very damn sure that it works and doesn't just convert them into #fefefe dots?
But #fefefe isn't black or white? I presume the commenter specifically didn't say greyscale.
EDIT- checked the source:
It looks like imagemagick's 'threshold' [0] command is being used, so everything is max/min/black/white:
https://github.com/firstlookmedia/pdf-redact-tools/pull/23/c...
[0] https://www.imagemagick.org/script/command-line-options.php#...
The arstechnica article[1] reports, based on the FBI document, that the NSA determined who leaked the info by finding creases in the documents provided to them for authentication by the Intercept demonstrating that they were leaked by being printed out.
[1] https://arstechnica.com/security/2017/06/leaked-nsa-report-s...
The Register (as usual) has great coverage of this:
https://www.theregister.co.uk/2017/06/06/contractor_leaked_r...
It turns out REALITY WINNER isn't an NSA exploit – it's her real name
In reality winner lost against the NSA.
1 reply →
this name is pure gold! whatever way u look at it, it was her destiny.
I don't get it. These kind of dots are not news, they have been around for ages, the EFF cracked the code in 2005 (https://en.wikipedia.org/wiki/Printer_steganography)
Why did no one at the intercept check for them? Its trivial and they have to know about this kind of stuff?
I don't want to sound like a tinfoil hat wearer, but there's a lot of trivial data that a leaker could/should guard against. Multi-layer PDFs and their metadata. Microsoft Office metadata. Photograph EXIF data. Tracking cookies. File access logging. Print job logging. Printer microdot steganography. Traffic and license plate cameras. Cell tower connections logs. Email headers. Windows event logs.
Many of these can be circumvented through the use of tech like VPNs, Tor, or GPG, and through careful behavior such as scrubbing metadata and the use of burner phones/laptops, cash, and public internet connections. And we're not even getting to the level of wireless carrier, home ISP, or NSA web activity tracking, NSA Tor exploitation, or zero-day exploits. Furthermore, this assumes that the documents themselves are not themselves subject to punctuation, word replacement, typesetting, or other content steganography. Should The Intercept be responsible for ensuring that its sources adhere to safe leaking behaviors? They probably should, at some level.
But what if - as I'm reading here - The Intercept got an email from reality.winner@nsa.gov, subject "NSA Report on Russia Spearphishing.pdf", body "Hey, I was browsing some stuff out of curiosity in our SCIF and thought this study might be useful to you. I printed it off and smuggled it out in my purse, then scanned it and attached it to this email. Please publish it so the American people can know what's really going on. Hope this helps! -- Reality". There's not really any point to worrying about printer steganography, protecting your IP address, or GPG at that point.
Your assessment is totally correct. Steganography can be put everywhere. Perhaps the Free Software Foundation can take advantage of these cases for pushing for more use of open source, non-fingerprinted software.
OR for enforcing fingerprinting! (It can help with fighting against corrupt governments)
Yes, this has been for ages, but I never saw an explanation on how to read the dots. I thought they were to be more subtle or more concealed, but they are very evident!!
As pointed out, probably there is more steganography being put into devices / software by the NSA/etc (tinfoil hat nonwithstanding); that will probably insert things like meaningful whitespace with information about the source.
The article is also very relevant because we do need tools free from such fingerprinting. It makes me want to use only and only open source for all my documents. Even for file storage!
Or more accurately, the Intercept either though ineptitude or malice burned their source.
I would call it criminal ineptitude.
They (the Intercept) are playing in a dangerous game, and they should be extra careful about such things. After all the drama about smashed hard drives, Greenwald's BF being detained in London, etc. etc. you'd think they'd know better.
I'm not in the security business, and even I knew about the dots (and circles in the $20 bills). It's been on HN several times: http://goo.gl/h1kqbu
So, shame on you, Intercept. Your callous disregard for your sources is now going to send one to prison for a looong time.
If it was ineptitude, they've gotta be feeling pretty awful right now.
Either way, it's killed their credibility.
Has The Intercept ever not been inept?
"Yes, this code the government forces into our printers is a violation of our 3rd Amendment rights"
FYI: The 3rd Amendment reads as follows:
"No Soldier shall, in time of peace be quartered in any house, without the consent of the Owner, nor in time of war, but in a manner to be prescribed by law."
I don't see the connection. Why does this violate our 3rd amendment rights?
One could argue that the "spirit" of the 3rd Amendment is that the government cannot compel you to use your own resources for their benefit on an ongoing basis. It's a stretch, but possibly no more so than other interpretations of the Constitution that courts have made.
Good point, but in this case I don't know if it's quite reaching the level of compelling. Maybe co-opting? I imagine the government uses us in many, many ways for their own gain that we may not know of. Perhaps a better connection might be the 1st Amendments implied right to freedom of association.
Probably Griswold v. Connecticut, which established the derived right to privacy. Justice Douglas cited the Third Amendment (among others) as implying the right to keep one's home free from agents of the state.
That said, this pretty obviously isn't a clear Third Amendment violation. There's virtually no caselaw around the 3rd, and what there is has held it pretty narrowly. The only successful Third Amendment defense I know of was Engblom v. Carey, which was about evicting prison guards to give their housing to National Guard troops.
So - I think they meant "right to privacy", but the 3rd is one of the smallest and least-cited components of that right.
See, a monad is like a soldier...
>To fix this yellow-dot problem, use a black-and-white printer, black-and-white scanner, or convert to black-and-white with an image editor.
I'm not convinced that would be sufficient, especially the latter option.
Also this is the NSA. If they're smart, they have backup fingerprinting that isn't publicly known.
Yes, b/w converting is not sufficient. Once printed, the yellow dots are hard to remove.
http://imgur.com/a/kLovh
And even when you mask them out so that they are no longer visible in the "all white" (paper) background, e.g. by messing with the white/black point of the image there's still the possibility that they could be recovered with correlation methods in grey areas where they aren't visible to the naked eye or just by increasing the contrast.
Why would there be grey in a thresholded image? The entire point of the transform is that it maps everything above a certain threshold to pure white and everything else to pure black.
They didn't say "convert to greyscale".
4 replies →
Use a low-quality copier at a copy shop to copy the documents. Or maybe fax them.
Or do what Greenpeace did and retype them.
I'm assuming this also. Aka watermarking?
It's trivial to inject systematic, minor changes in whitespace or fonts that create a serial number in an image based document format. Every individual obtaining a TS document could be given their own numbered copy for traceability.
So this is the "extraordinary law enforcement effort" Rosenstein referred to. Check printer logs, send FBI to leaker's house.
This will certainly make anybody thinking of leaking to the Intercept think twice.
I'm not sure how to say this, but I've been in a position to see what the US government considers some of its most valuable technical resources. More than a decade ago, a very specific breach of security happened in a specific place, operated by "a company". That organization sent in a team of people from D.C. for five days that specifically were "extraordinarily good" at their jobs in order to analyze the machines where this breach happened. All three of these folks were stumped for three days by deleted browser cookies on a Windows machine, no kidding. I was originally one of a handful of suspects, but hearing about their ineptitude was so fucking infuriating that I wouldn't keep quiet. Eventually, one of the people in power in that place (who was on my side) convinced the "crack forensics team" to hear me out. So I met with them and discussed the plan, and then I walked them through installing a stupid FOSS utility for recovering deleted browser cache and cookies, and they were able to extract a URL, account name, and timestamp from the cookies on the machine which then let them pull up the right footage from the security camera, and catch the criminal responsible. The person in charge of the whole thing offered me a job (which I did not take). Ever since that day, whenever I hear something like "extraordinary law enforcement effort" I think about those stupid contractors and how I could have somehow suffered legal problems because of them. I absolutely do not trust the US government's claims about its own technical capabilities. I mean obviously not everyone working for the government is an ID-10-T, but here is supposedly one of the best technical teams this organization has to offer, and they can't even get this really basic shit right. And not just "can't get it right" but consider the ramifications of their being wrong! Amazing, and eye-opening, and frightening.
Quite. The US government employs contractors more or less on the Charlie Sheen principle: it pays them to go away. There are some really sharp people employed by contractors, and some others that are just billed as if they were.
I'd like to second this. The "crack team" was the company that won the contract. I've seen first hand of companies hiring just about anyone as a contractor before a contract was even granted. Promises of a high potential salary usually lures these people.
There is a perception in the intelligence community that The Intercept has ties to Wikileaks and the kremlin (based on people with ties to the IC on twitter), so I assume they wanted to make a point.
I think we might also assume that other NSA leaks to MSM might have been done with some level of institutional approval.
If you're getting your news from IC twitter, you're going to have a bad time.
IC twitter takes Louise Mensch's insane conspiracy theories seriously, and legitimately believes that every malicious packet on the Internet is attributable Fancy Bear.
With all the talk of scanning in black and white, photocopying, taking a photo with a camera or retyping as means to get around the printer dots.
Why not use OCR?
NSA uses punctuation and typos to steganographically insert source information.
Do you happen to have a source on that?
What did she reveal? That's what's important. Everything is focusing on how she was caught. Nice distraction.
Specifics of Russian activities, methods, and US intelligence awareness of same, all of which are relevant.
The fact of the arrest strongly suggests the documents themselves are accurate. If they don't reflect actual Russian activity, they appear to reflect US intelligence of such activity.
If accurate, the documents corroborate a general pattern of activity of election manipulation carried on from at least June of 2016 through November, which would be highly significant.
There is circumstantial evidence of vote tampering in at least North Carolina, based on unexpected vote-tally convergence differences based on precinct size (I'm not entirely sold on the story, though it seems to have some legs): http://www.votesleuth.org/north-carolina-2016-overview/
At a larger scale, this highlights weakensses in multiple elements of liberal democratic institutions, mechanisms, communications, and media, as well as, quite possibly, political bodies and individuals. Arguments which have been in large part theoretical of risks of voting machines, email, and end-to-end encryption are now looking to be substantial, actual, and potentially existential threats.
That's some prime meat in my register.
Nothing really bad yet. Allegedly Russians spear-phished user accounts of some people involved in the election, possibly stole documents and theoretically could attempt using this access to social engineer them into misconfiguring voting systems, installing malicious firmwares etc. but there is no evidence that they tried.
https://news.ycombinator.com/item?id=14490874
Apparently, countries conduct intelligence operations against each other.
Can someone explain the reference to the Third Amendment at the end of the article? Looking on Wikipedia, the 3rd Amendment is something to do with quartering soldiers in private homes.
The theory is that by pressuring printer makers in to making all printed documents trackable, the printer is an agent of the state quartered in your home to spy on you.
A theory that isn't going to satisfy many people. It is interesting, though, to ponder what would have happened at various points in history, had $state_actor at the time had access to this tech.
The dots would be a violation of the 1st amendment if any of the printer companies were forced to add them but it seems they willingly added them or with a little back room arm twisting.
For privacy purpose, we should have free (open source) printers.
#1 feature should be allowing the insertion of microdot patterns of your choice.
Whenever I hear of dubious 'features' like this, I dream of seeing them backfire on one of their supporters.
Say, next time there's a leak, the microdots show the source to be a printer in the White House.
If nothing else, it would make it trivial for the defense of a real leaker to show that forging the pattern is a very real possibility.
Are these not forge-able now with modified firmware? Seems like this should be a very real possibility.
Yes, but how to get the NSA to install them?
Privacy to print documents without permission?
Privacy to print images of apples AND oranges.
I remember a HN thread years ago on these yellow dots watermarks, where an employee at a printer manufacturer said there was no indication this was ever used by law enforcement to track who printed what because, for one, the team who implemented the watermarking never documented or taught anyone how to decode these watermarks.
Well, here we are today with this NSA story.
I think it's possible that US-based printer manufacturers implemented watermarking on special request from the NSA. That would also explain why the printer manufacturer employees never needed to teach anyone how to decode them. It wasn't their specs in the first place.
As someone else pointed out already there is no evidence the dots were used. Only 6 people viewed the document and she was the one who printed it. Then they found logs of her emailing it from her work computer.
So there are definitely printer dots in the posted images, but how do we know they are from a printer at NSA? They could be from a printer at The Intercept, a public copy and print shop, or anywhere else, intentionally left in as a red herring.
Of course, as others have posted, she doesn't appear to have tried hard to cover her tracks at NSA so that doesn't seem too likely. But stating that she accidentally left in the printer dots is assuming several facts not in evidence.
The printer dots include the serial number of the printer. So we don't know if they are definitely from a printer at the NSA, surely the NSA does.
tl;dr: the dots may have exposed metadata of the printing, but from what we know officially, NSA's internal access control system was all that was needed to argue probable cause against Reality Winner.
So the dots don't look good in terms of The Intercept's opsec, but from what we know from the Justice Department's affidavit [0] and the search warrant [1], those dots were likely inconsequential as evidence compared to the audit trail that Winner left when she accessed and printed the file. It's not unreasonable to believe that the NSA and its contractors can track access activity by user, post-Snowden; I mean, it's a feature built into states' DMV systems, which is how cops get busted in the occasional scandal of unauthorized lookup of citizen info [2].
The warrant and affidavit allude to such a system when describing the audit that was done as soon as the NSA was made aware (because the Intercept reached out to them) that the document was out in the wild. At that point, it doesn't seem hard to query their own logs to find all users who accessed and/or printed out the document. Unfortunately for Winner, it seems that very few (1 in 6) NSA employees printed out the document, and I'm sure it didn't help that her background (former Air Force, fluent in several Middle Eastern languages) would indicate that her job did not require her to have a physical copy of this particular document.
The affidavit and warrant mention "physical" metadata that they say supports their case, but it's all circumstantial
1. The documents show evidence of creases/folding, which indicates that someone had to secret it out physically (i.e. they printed it first) from the NSA. But that folding/creasing could come from the reporters printing out their own copies of the document.
2. The affidavit says that of the 6 employees to have had printed out the document, Winner was the only one to have email contact with The intercept. But the warrant specifies that this email contact occurred using her private GMail address in March, and it was limited to 2 emails: her subscribing the The Intercept podcast, and a confirmation email. i.e. she didn't use email (that we know of) to talk to the Intercept.
There's no mention of the yellow dots, which, sure, we could argue that the NSA is just keeping that bit of tradecraft secret. But keep in mind that the NSA started their investigation last week, with the FBI interviewing Winner just a few days ago (on a Saturday no less).
The other key point is that, according to the warrant, the Intercept journalist sent along the leaked documents to a NSA source for confirmation using a smartphone, i.e. they texted smartphone photos of the documents. It seems possible that that kind of ad hoc scanning would make the yellow dots illegible, depending on how much care was taken to photograph the documents.
At any rate, it's kind of irrelevant. Assuming Winner used her own NSA credentials to peruse the system, the access control logs were all that were needed to out her as fast as the NSA and FBI were able to. However, it's worth noting that if the NSA had been clueless until the Intercept's published report, the actual published document apparently did reveal the yellow dots. This means that if even if Winner were one of many NSA employees to print out the documents, the yellow-dot timestamp would greatly help in narrowing the list of suspects.
So, it's wrong to say the Intercept outed her, because we don't know what would've happened in an alternative reality in which the NSA didn't start its investigation until after seeing the published report. It is OK, probably, to speculate that the Intercept was sloppy in handling the documents...but that's not what led to Winner being outed so quickly.
[0] https://www.justice.gov/opa/pr/federal-government-contractor...
[1] http://blog.erratasec.com/2017/06/how-intercept-outed-realit...
[2] https://apnews.com/699236946e3140659fff8a2362e16f43/ap-acros...
> There's no mention of the yellow dots, which, sure, we could argue that the NSA is just keeping that bit of tradecraft secret
Printers have been using microdots since the 90's; their use isn't secret. And the NSA would use other forms of forensic fingerprinting. For example, there's some kerning variation in that document, which could easily be another form of steganography. There are numerous other textual/grammar variations they could use to watermark a document.
> the NSA would use other forms of forensic fingerprinting
This is what I'm betting on. The 'creases' story may have some truth to it, but I suspect its primary goal is to take over the narrative and distract from the actual methods of identify the leak.
danso that was detailed and very thorough, thank you. I wonder what your opinion is about the earlier leaks of Russian communications: would this have exposed methods to the Russian officials who thought they had secure channels?
Arresting the leaker is part of making this seem legit leaking?
Fucking cool tho.
Convert the white background to yellow
Just OCR it.
Or just retype it.
I don't understand why everyone seems obsessed with complex, automated, technical solutions when a simple manual procedure will do. Or are we talking about thousands of pages (sorry, haven't read the article, just responding to the comments)?
dont print, make a picture of the screen with old camera bought in a car sale town away.
If I were the NSA, I'd have a modified graphics driver which overlays pseudorandom very faint grey dots over the screen at all times. A 254 254 254 pixel hidden amongst all while pixels isn't visible, yet thousands of them across a page will encode significant amounts of information, even in the face of quite severe image compression and low quality.
The dots could be based on the computer, currently logged in user, and timestamp.
Then later, if any screenshot or screen photo is leaked, you can decode the dots to identify the source.
2 replies →
Which shade of yellow? Assuming it's a uniform yellow (which I doubt in an analog to digital conversion), miss it by one bit, and your source is burned.
Well... You scan your printed page in and scan the dots and see what colour they are, then you change the background to that colour...
2 replies →
Something smells fishy here. How did the Intercept maintain enough opsec to stay in contact with Snowden (who would have dropped them like a hot potato if they didn't seem competent) and then do this, with the same general staff in place?
From what I learned in Citizenfour, Snowden had to walk his contacts Laura Poitras(Citizenfour maker)/The Intercept through all the steps needed before he would communicate with them, and this latest person mistakenly trusted The Intercept with the original paper document (instead of passing it through a b/w filter, second step as recommended by the link).
I believe you're wrong...
Before they even meet, Snowden asked Greenwald to set-up PGP/GPG so they can securely talk/he can tell them what he has, Greenwald didn't manage to do that/ignored this "anonymous person", Snowden found that Laura had a GPG key, and knew Greenwald, so he asked her to help him set that up. This all happened pre-Intercept, Greenwald was working for The Guardian at that time.
Despite his technical ineptitude, Greenwald was the only journalist Snowden trusted with the info, he didn't go to NYTimes after the NYT delayed a story about surveillance during the Bush admin until after Bush's reelection, he was afraid the NYT would just go straight to the government before publication, asking "So is this story legit?"...
> How did the Intercept maintain enough opsec to stay in contact with Snowden
It was the Guardian who maintained opsec to stay in contact with Snowden, and even then it took plenty of handholding from Snowden himself.
It might not be The Intercept, although timing suggests it was. She could have sent it to multiple organizations, one (based in Atlanta, perhaps CNN) sent them to NSA for "verification" according to [1]
[1] https://www.theregister.co.uk/2017/06/06/contractor_leaked_r...
A) People make mistakes B) Snowden is likely more savvy about his own opsec C) The Intercept is more than 1 person.
It's interesting that the reaction by many here isn't "gee, this was an unfortunate mistake, but the work the Intercept does is valuable, so let's hope they do a better job going forward."
Instead, it's more along the lines of "The Intercept should never be trusted, they need to shut down!" without any discussion of how or who or what to use to disseminate national security leaks going forward. Sounds an awful lot like cheap opportunism from people who didn't even like the Intercept to begin with.
1 reply →
Snowden was is Hong Kong before he gave anything to anyone
Laura had a flash drive with some documents, which she gave to Glenn on their flight there. He spent most of the flight reading through those documents.
1 reply →
the intercept != greenwald