In Defense of The Intercept on the Reality Winner Case

All of the blame has unfairly been put on The Intercept for Reality Winner’s arrest to paint them as incompetent and scare away potential whistle-blowers. While yellow printer dots are one of the ways to trace the document to the source printer, its not the only one. Anyhow in the future The Intercept should consider posting transcribed data from originals they verified for authenticity instead.

Its probably certain that machines with Top Secret access are part of a comprehensive auditing framework which also combines data from mass surveillance on employees. For example an investigator can run a query for everyone who accessed the file AND who used Tor or started doing so recently from a location tied to them. Just like the Harvard student who sent the bomb threat was caught. The circumstantial evidence from this data narrows down the set of suspects and kills any plausible deniability.

She also did a lot of fatal mistakes during and after leaking:

* Searched on her work computer how to evade warnings from auditing systems.
* Spilled the beans on what she did and her planned defense on prison phones (or any phone for that matter)

No one is born knowing good opsec but I wonder if we missed an opportunity to make our documentation on the topic more accessible to users.

Notable Replies

  1. Ego says:

    Good day,

    I can see where you are coming from here, though I do not fully agree with your assessment that the majority of blame being put upon the Intercept was "unfairly". Yes, a major amount of those which are currently talking about the way Winner sadly got caught are doing so with the intent of harming the Intercept and other media outlet's credibility in being trusted with classified information which may have the potential to harm the current US administration (if after all the self-made scandals, such a thing is even possible).

    However, that being said, there are still a lot of things which should be criticized about both the Intercept and Winner herself in regard to this leak by people like us who are aware of the importance of whistleblowers and leaks in any political climate as well as the importance to assure those providing such information a maximum of security.

    Now, if you recall, I have been rather critical of Riseup's practices in the past because of their practices which, in my eyes, may endanger journalists and their sources in a variety of ways. This was only a hypothetical though, as, as far as we are aware, no one got endangered by Riseup's missteps. I would thus be a hypocrite, if I didn't critice the Intercept in a similar manner.

    Now, the thing is this. The Intercept was founded with the initial goal of making the Snowden leaks accessible and easy to understand for anyone. They thus made their name on the basis of supporting leaks and whistleblowers. Thus, they should have a basic understanding of what is required to keep sources secure and they should take any precautions possible, just in the event that a (not so tech-savy) source hasn't done everything required to cover their tracks.

    That has not happened. Now, if Winner got caught because of a rather advanced surveillance technology that no one could have predicted or she got caught do to her own shortcomings (more on that later) I would understand that. I would find it regretful and would criticize the US jurisdiction for harming whistleblowers and leakers while not taking similar actions in regard to war crimes but I would understand why she got caught.

    However, this was not the case. No. Reality Winner got caught, not because of her own mistakes, but because an Intercept-Employee simply scanned in the documents provided by her directly. That in my eyes is a mistake they should have been able to prevent.

    It is common knowledge that printers have for years been able to inject small, almost invisible markers into print-outs to make the origin of said print-outs traceable. This is not a "mysterious hyper super dupper secret NSA technology", no, this is tech that has been used publicly in offices for years via implementations provided by Xerox and other printer manufacturers.

    It is in fact such a "normal" thing that the EFF provided an online-tool to decrypt these patterns: https://w2.eff.org/Privacy/printers/docucolor/

    Simply enter the dots and you get the result.

    Equally, it isn't a secret that printers are prone to tracking what you are trying to print out or copy. The most famous example is the Eurion pattern which is found on Euro and other currency bills and forces certain printers to prevent them from printing what one must assume to be the worlds least convincing counterfeit currency.

    All these things are covered under the label "Printer steganography": https://en.wikipedia.org/wiki/Printer_steganography

    Now, why am I saying this?

    Simple: Because these are things an outlet like the Intercept should know about. Again, these aren't highly specialized secret tracking solutions, no, this is a publicly known commercialized solution that any decent admin which ever had to deal with some higher volume office printer knows exist.

    The fact that the Intercept not only didn't consider that the documents might be tainted by this tracking tech is simply embarrassing and saddens me immensely. These are the things that someone receiving confidential leaked information should be looking out for first and foremost. There is no way to excuse that the Intercept made one of the biggest Opsec mistakes they could make, just shy of printing the name of the source including address and SSN outright.

    It will (and in my eyes should) be a long and tedious process for the Intercept to regain the trust of sources. Hopefully though, they will not in any way let themselves deter from doing what has to be done to fight corrupt politicians and bring the truth to light.

    Personally, I don't think that Opsec should be a whistleblower only thing. Yes, everyone leaking classified information to the press should take as many safety precautions as possible, however, the journalists who then receive said information should feel obligated to both assist the whistleblower in security questions and furthermore, double check so things like these don't happen.

    The reason for this is A) as you've mentioned, not everyone can know everything and journalists working at a place like the Intercept SHOULD be knowledgeable in the latest of Opsec and B) I feel like that is just a basic thing of decency. I mean, that whistleblower has just risked his/her (financial, personal, free, ...) life to get you that information and all you are going to do is make a few articles? That in my eyes is fundamentally wrong. Journalists are going to make money publishing these leaks so any protection (not just legal counseling after someone got caught) should be expected.

    In conclusion, I can't put into words how disappointed I am with the Intercept. They haven't properly handled the information they received plain and simple and appear to not be knowledgeable enough in basic security to in my eyes be trusted with information as critical as this.

    Now, let's come to Reality Winner.

    First of all, isn't it ingenious that a person leaking information about the administration which has labeled anything in regard to Russian Interference "Fake News" is called "Reality". That feels strangely fitting. Especially considering the information she leaked has also been called "Fake News", though seems to be real enough to warrant an arrest.

    It really would be impossible for me to cover everything she didn't do ideally or outright wrong in regard to Opsec.

    That's why I'd just like to cover what I feel might have been her biggest mistake overall.

    That would be not assuming that she might get caught.

    Depending on where you get your news from, you either solely heard about this, didn't at all notice this or, if your media diet is just right, heard about this, as well as everything else surrounding the scandal.

    Her political statements on social media like Twitter.

    Because what she posted on Twitter and co. made her look very much like a person which does not support the current administration in any way, shape or form, it was easy for the media and individuals supportive of the current US administrations bold "Make America stagnate again" agenda to discredit her. Especially as a lot of things she posted are very hard to defend for anyone who values a decent political discourse, it was equally very hard to cover these leaks fairly without having to talk about these aspects of her person as well.

    That in turn made these leaks loose a massive amount of significance for the majority of people as any discourse, both online and in the media, that didn't happen isolated in a specific "bubble" was easily steered away from the content of the leaks and on to the person leaking thus making it hardly possible to get properly informed by most public sources, especially considering most people will not look for the original article after witnessing a shouting-match about a person that can easily be labeled "radical-left" on TV.

    Now, you might ask what this has to do with her assuming she might not get caught.

    But here is the thing. If you are a whistleblower leaking information detrimental to a government which has shown to have no problem simply deflecting scandals by pointing at minor personal things as to not have to deal with policy, you have to expect that said government will use any attack-vector you hand to them.

    Anyone capable of tying their own shoes would have likely been able to predict that supporters and members of the administration will use anything they can get their hands on to discredit and not cover these leaks. And something like the things on her Twitter feed are more than enough to do just that.

    This either leaves us with two possibilities. Either Reality Winner somehow did not think her Tweets would create any kind of negative public reaction that could distract from the content of the leaks should she get caught. That would make her, and I'm sorry that I have to use this sort of language, rather shortsighted. Looking at her career at the Pluribus International Corporation and her security clearance though, I do not believe her to be this dense.

    That leaves us with only one other conclusion. She did not expect to be caught and thus did not think her tweets would ever be a problem.

    That in my eyes would constitute her biggest mistake. Opsec 101 is to ALWAYS consider that you could get caught at any second. You have to be prepared for that. You have to be sure that if your name should come out, that does not harm your initial goal of informing the public.

    She by the looks of things did not do that.

    Now, the thing is that this is again not some sort of "secret information" that only the best elite leakers know about.

    Covering all your bases so in case you get caught there are no repercussions is common knowledge when it comes to doing anything that might be legally problematic.

    It should be basic common sense to be prepared for any eventuality. Though, maybe that's just the EDC guy in me talking...

    Either way, that's why I personally believe that in this case, it wasn't curiosity, but rather pride that "killed that cat", as someone who is as intelligent as she must have been, can't tell me to not have seen the potential issues her social media presences might create if her name should get public.

    Have a nice day,

    Ego

  2. The Intercept did drop the ball on that one, but I meant to say was besides the printer fingerprints there was still many other equally powerful ways to find the leaker. I heard that the best infosec activists collaborate regularly with The Intercept so I don't know how it went that wrong.

    I don't think her name was "staged". The first thing I thought of when I read her name was it would have made a really cool name for a NSA program. Would beat JTRIG hands down.

    Her political views aside, I don't think it detracts from the info she provided. In fact I don't see why this info should be classified at all when its very important to the recent political debates and election.

    True. Mainstream news spins everything like a tabloid and tend to shoot the messenger if they don't like what they have to say or it goes against their agenda.

    Well of course she didn't expect to be caught. She didn't plan out her leak well either because she likely did it impulsively when she came across the document during work.

  3. Ego says:

    Good day,

    Yeah, that's the question. As mentioned, this was the most basic Opsec fail possible. Either Reality had bad luck and had to deal with a journalist who wasn't that knowledgable in Opsec (which would be horrible) or they had luck up to this point as activists took care of themselves.

    Either thing wouldn't be ideal in my opinion.

    I am aware of the fact that that is her real name. That's what makes it so hilarious in my books. Someone whos parrents said to themselves "You know what, lets call her Reality." is somewhat predispositioned to becoming a leaker under the current political climate.

    Well, first of all, there is a list of printers which are known to use the specific technology that got Winner caught: https://www.eff.org/pages/list-printers-which-do-or-do-not-display-tracking-dots

    Now, according to this MIT page, the dots are not present in Black-and-White print-outs: http://seeingyellow.com/

    However, the thing is that it is easy for an Admin to enforce color printing at all times for this very reason. Using a USB-Printer bought at a garage sale might thus be a good option, though it could be rather suspicious...

    Have a nice day,

    Ego

  4. this was the intercept's responsibility in the end. if you are going to operate on a model that encourages or seeks leaks from insiders, a professional organization has the duty to assume that an insider source does not know all of the ins and outs of how their leaks may lead back to them.

    i do not understand why publications feel the need to share original materials nowadays. it makes sense to me when it involves hackers who are otherwise entirely unaccountable. but, when dealing with an inside source, the information provided can be confirmed through other traditional journalistic methods. in this instance, i see no reason why the reporters simply could not have contacted other publicly available involved with the current administration to ask if the allegations in documents were received were true. maybe they get told a lie. maybe they get a confirmation. or, as usual, they get a canned "we cannot comment" response. but that should be expected in the beginning of a story that involves hard investigative journalism. the recklessness surrounding how this doc was shared by the intercept reaks of lazy journalism and the use of "leaks" like cliche shock props.

    if the intercept and other orgs are too publish images of original leaked documents, there should certainly be some time of review and approval process before such activity occurs. in this instance, from what has been shared so far, it is not apparent that an editor, or any other entity, has such a responsibility when it comes to seeking official verification of original materials.

    so much has been said about the leaker's mistakes. but, i'm unaware of a time where a leaker was expected to have more professional knowledge when it comes to maintaining anonymity and security than a professional journalistic outlet that should have an interest in getting a complete story before a source is compromised. it appears that many seem to have unfairly passed the rules and standards regarding hackers to leakers, who often are not hackers and are simply employees who are morally bothered by something they've encountered in their professional duties. so far, the intercept's response appears to be woefully inadequate here.

Continue the discussion forums.whonix.org

1 more reply

Participants