Comment by NamTaf
8 years ago
The arrest warrant says nothing about printer dots, actually. It says that once they saw it was printed (per the Intercept showing them a copy to confirm its legitimacy) they simply looked at who'd printed the original document. Upon looking into the desk computers of those 6 people, she was the only person who'd had email contact with the Intercept.
They didn't even need the yellow dots. She literally emailed the Intercept from her work email and was one of a trivial number of people who'd printed it in the first place.
> It says that once they saw it was printed
This was a significant clue that The Intercept did not have to give up. The warrant says they looked at all people who had accessed the report, and because the document appeared to have been printed, then at those 6 who printed it.
The yellow dots might have not been a factor, but it's nevertheless the same type of carelessness which might have exposed a whistleblower otherwise.
(But yes, this whistleblower would have been discovered by other means as well).
1. The actual reason she was arrested is because she admitted leaking it.
2. The story about only six printouts and e-mail correspondence is the official cover to draw public attention away from the yellow dots.
3. The yellow dots is how they actually found her and why she had no reasonable choice but to admit leaking, which allowed 1 to happen without drawing attention to the yellow dots.
> why she had no reasonable choice but to admit leaking
While I didn't make my first year of law school I feel like nearly every criminal defense attorney in this country would disagree with this statement.
I for one would like a class action lawsuits against printer companies and the government for wasting my money on yellow toner.
1 reply →
Do you have a reference for this claim?
1 reply →
this is an interesting angle, i assume because there are no references this is merely speculation?
actually, since the dots are not at all a secret, #3 cant be right. #2 is a bold claim, obviously pure speculation. So #1, is this true? please link source.
1 reply →
I don't know why everyone is blaming The Intercept for publishing a document leaked to them anonymously for that exact purpose. They always publish the source document. So does NYTimes and WaPo and other news orgs. It's common practice.
Assuming The Intercept detected the printer dot, how could they possibly know the printer dot wasn't some random one from a printer a library vs her work computer?
If I was The Intercept receiving a document from someone claiming to be an intelligence officer I would assume they used some very basic OPSEC - such as not printing the document out on a MONITORED WORK COMPUTER. This is basic stuff.
I don't see what more The Intercept could have done here to protect her.
She messed up, not them.
Whether she got caught because of her own mistakes is immaterial.
What matters is that if she had not made any mistakes the intercept made it trivially easy to reduce the pool of possible suspects. That´s fairly stupid if your whole reason for existence is to handle documents sent to you by vulnerable people.
If this is not the last article by the Intercept based on stuff leaked to them it would highly surprise me.
They totally messed this up.
12 replies →
> She messed up, not them.
If only there were like.... some group of people who cared about the privacy of others.
The Intercept claims it's a safe place for people to leak to.
It isn't if they make blunders like this.
3 replies →
>This was a significant clue that The Intercept did not have to give up.
I have no idea why people are leaking to rinky-dink operations like the Intercept. If you want to leak, then leak to the Washington Post or New York Times. I can't imagine the Intercept having the expertise to handle such documents. This was a fairly obvious screw up.
I also question their methods of receiving and storing such documents and if they aren't compromised by one or more nation state intelligence services. Are these documents being stored through a third party email or web server? Is there end-to-end encryption?
The copier explanation may be a believable fiction as not to reveal other sources.
You know who the intercept is, right? It was started by Glenn Greenwald and Laura Poitras, specifically for safely handling, processing, and releasing the Snowden documents and others like it.
Personally I would trust them MUCH more than the New York Times. Well, unless the documents were specifically only damaging to Trump.
17 replies →
> Are these documents being stored through a third party email or web server? Is there end-to-end encryption?
This is something that can be learned with a few minutes research, so raising it as "questioning their methods" seems like FUD.
The answer is yes, there is end-to-end encryption handled via Tor. Using SecureDrop, the same tool as the Washington Post and New York Times. Treating that as some kind of distinction between these organizations is absurd.
Does this strike anyone else as suspicious? To my mind she's either incompetent or she intended to become a martyr.
Third possibility: that she suspected she'd be caught regardless, and decided that releasing this specific information publicly was more important than her personal freedom.
Fourth possibility: that the NSA did use the forensic marks in question to identify her, and fabricated a parallel construction in order to avoid acknowledging the existence of said marks.
(But still, most likely this is Hanlon's Razor. What's there to be suspicious about?)
> order to avoid acknowledging the existence of said marks
Not likely. It's been common knowledge for a long time.
9 replies →
Firstly, you can't use Hanlon's Razor and NSA in the same sentence.
Secondly, often assuming just a tiny bit of malice can account for layers and layers of stupidity. Occam's razor is sharper :)
2 replies →
Five: someone wanted her out and framed her.
Six: she was a weak security link and someone used her access details without permission.
7 replies →
Her background, according to the Guardian, is former Air Force and being fluent in Middle Eastern languages. None of that indicates that she would be especially knowledgeable of how access logs are implemented. I mean, she should have gave the NSA the benefit of the doubt given the massive clusterfuck caused by Snowden 3+ years ago. But even today, we see reports of massive data incompetence by Booz Hamilton (Snowden's employer) top secret contractors: http://gizmodo.com/top-defense-contractor-left-sensitive-pen...
The whole idea of 'top secret contractors' is wrong to begin with. You can't have people access information at that level without making them part of your culture. If you take that risk then there is a fair chance your 'top secret' is in fact 'public domain'.
2 replies →
Does this strike anyone else as suspicious?
What is suspicious about it?
This isn't 4chan. Present some evidence but don't just make up random speculation that "could have happened".
I mean it's possible to come up with elaborate theories, but the most likely explanation is that she was just spectacularly stupid.
or she intended to become a martyr
I'm not sure being this dumb is going to get much sympathy from anyone.
Not stupid, it is just hard to not get caught. Once you see how someone is caught you can say "oh of course I'd never do that", but you'd probably make some other mistake.
Could she and should she have taken better precautions, without a doubt. Would the average intelligence analyst who is not being coached by a foreign power do a better job, I doubt it. In fact many foreign spies have done a far worst job and not been caught immediately. This is because the intelligence they stole was not published. Being a source of a journalist is much harder than being a source for a foreign power.
1 reply →
She's 25 years old and worked in that job for a few months, not a security specialist or some super-spy.
Well, that's one way to look at it. The other is that NSA's internal security is so botched that a fresh-out-of-school 3 months on the job external contractor managed to outfox the NSA's security measures. What she did should not have been possible in the first place.
4 replies →
From what's publically known, the email to The Intercept related to their podcast, of which we supposedly was a listener and not to the matter at hand.
Are we only permitted to consider 2 choices here or is it permissible to consider the other obvious possibilities?
I don't get it. So she printed the document, then scanned in order to email it?
It sounds more like she contacted the Intercept just to tell them she had some documents and where should she (physically) mail them.
Details, details. /s
Agreed. Whenever I leak, I make sure to pin it on some derp. Throws them off my trail so I don't end up like Manning. As for the derp, she'll get a book deal which is more than she ever had going for her.
(Kind of annoyed that the derp became the story while the actual leak never made the front page.)
As an aside, how else would one sneak top-secret stuff out of the NSA ? I assume all IO ports have been cut, and the input devices soldered onto the motherboard ?
Send some xor-ed file out using a non-secure connection and sneak the key out somehow ?
Take photographs/video using the phone, cold-war style ?
Without having visited the site in question, the underlying theme is that you, as the security people, have to choose your battles because employees start to get very upset when you make their jobs difficult in order to show them how little you trust them.
> Send some xor-ed file out using a non-secure connection and sneak the key out somehow ?
Stray thought: You don't have to sneak a OTP out, you only need to sneak it in. Then you do your XORing, transmit the mangled data, and erase that copy of the key.
Taking photographs on an (offline) phone is probably the safest and easiest way to go about it. Obviously no flash, if you can't do it in non-monitored environments make it look like you're just looking at your phone. Go home, take pics out of device, delete them and destroy the phone.
This said, it's been reported some contractors and employees routinely took home loads of external drives, so your expectation that IO ports are completely disabled might be unrealistic; the NSA is good but it's just another large org, just a bit more paranoid than average.
5 replies →
She did not email TheIntercept from her work address, she subscribed to their podcast mailing list via her personal email. Still an opsec failure of sorts, true, but far less so than you try to make it sound
https://d3vv6lp55qjaqc.cloudfront.net/items/1k2I053M3J2z0f47... PDF Page 11, Paragraphs 15 and 16
beware Parallel Construction: https://en.wikipedia.org/wiki/Parallel_construction
Basically you can't believe any narrative, as the gov can legally put forth anything they can contrive after-the-fact as long as it's plausible.
Nevermind that. Go down the rabbit hole that is COINTEL and realize that thinking that you can really know or trust anything you think you know is futile. The tactics have been used in the past and there is no reason they wouldn't still be in use: they work.
Bonus points? Any mention of possible COINTEL tactic gets you labeled a conspiracy theorist. A lovely term invented by the CIA that readily dismisses anyone who points out that a COINTEL tactic might be in use. Lucky for them most the general public bought it hook, line, and sinker.
the real issue is not how she was caught, the real issue is how someone like her got to this position in the first place. with a social media existence that is littered with dislike/to hate for the current administration, high activity on social media, a name change, and more? these should all be red flags that either block such positions or remove you from then.
back in the last world war they managed to pull off creating an atom bomb with even the vast majority of people in office knowing about it, today every damn snowflake is looking for their five minutes of fame.
> She literally emailed the Intercept from her work email and was one of a trivial number of people who'd printed it in the first place.
Surely, NSA contractors aren't this stupid ? Something smells.
Why not? She's some 25 year old kid. There's no real indication (aside from having linguistic talent) that she's especially smart.
And a hardcore Bernie supporter. At least this one didn't pull a Portland Metro.
Why not?
I did something only somewhat less stupid when I was about that age: http://www.shub-internet.org/brad/cacm92nov.html