* Our leaker is a person with a Twitter timeline that makes you wonder how she maintained her Secret clearance. She retweets @Snowden, yet was hired at Pluribus in Feb. of this year, days after doing so.<p>* The story is a huge black eye for the Intercept, makes it look like they are very inept.<p>* The leak is not really substantial, mostly analyst notes about an ongoing thing that's been talked up in the press quite a bit.<p>* The DocuColor thing is ancient as well: <a href="https://www.theregister.co.uk/2005/10/20/outlaw_printer_dots/" rel="nofollow">https://www.theregister.co.uk/2005/10/20/outlaw_printer_dots...</a><p>Maybe my tinfoil hat is on too tight, but this just has a funny odor to it. One might speculate that this is a calculated leak intended to discredit The Intercept, sow fear in the minds of potential leakers?.<p>If the comments on other forums are anything to judge by, there are at least two groups of paid astroturfers battling it out today.
Any article that ends with a yes/no question is always answered with "no". This one is no exception. Print classified info out at work on work printers from a monitored work computer you are logged into and said info ends up with reporters days later? Reporters you communicated with over <i>gmail</i>?! This person isn't exactly an infosec genius. Which, I mean, isn't a sin or anything, but when you know the organization you are directly burning is the <i>NSA</i> and the president of the United States, that's almost an insane level of ignorance.
Nah. Only 6 people have printed the doc and of those only one could be found in phone call metadata making a call to a press related contact. I don't know what the leaker was thinking.<p>And in the end even this leak doesn't contain any evidence of anything that would even tie it to Russia, let alone GRU. On the internet no one knows you're a dog. So she will get 10 years in the slammer for nothing.
Yes, TheIntercept did compromise their source, although she did compromise herself as well due to poor opsec.<p>- TheIntercept failed to sanitize the documents before posting<p>- They provided the govt (or rather a govt contractor) with further information, at least that the mail was posted in Augusta, Georgia.<p>The former can be attributed to simple mistakes, but at least the latter is gross negligence of the highest order.<p>Given these two things alone, even if she had her own opsec in order, she'd likely been found out.
The yellow dots thing was certainly a mistake on their part. But there's a much bigger issue I haven't seen anyone point out yet.<p>One thing that the Intercept--and Glenn Greenwald in particular--have been very critical of is news organizations that blindly publish leaks as verified facts. Here[0] is just one example where Greenwald writes:<p>> THE WASHINGTON POST late Friday night published an explosive story that, in many ways, is classic American journalism of the worst sort: The key claims are based exclusively on the unverified assertions of anonymous officials, who in turn are disseminating their own claims about what the CIA purportedly believes, all based on evidence that remains completely secret.<p>Now, in this case they at least have a document, which they verified was a real document created at the NSA. But even the Intercept's own article[1] admits:<p>> A U.S. intelligence officer who declined to be identified cautioned against drawing too big a conclusion from the document because a single analysis is not necessarily definitive.<p>So, are they living up to their own standard here? I don't think the answer is black and white. But I am certainly tired of hearing all this talk without seeing the technical details.<p>If the U.S. election system was hacked--even just one voter registration company--the American public deserves to get the details. Period.<p>What were the IP addresses used, and what ties them to Russia? What does the malware actually look like, and has it been seen before? How was this whole thing discovered?<p>For now, all we have to go off of is what the NSA says may have happened. That it was a leaked document doesn't make it any more revealing than if it was a phone conversation with another unnamed official.<p>[0] <a href="https://theintercept.com/2016/12/10/anonymous-leaks-to-the-washpost-about-the-cias-russia-beliefs-are-no-substitute-for-evidence/" rel="nofollow">https://theintercept.com/2016/12/10/anonymous-leaks-to-the-w...</a><p>[1] <a href="https://theintercept.com/2017/06/05/top-secret-nsa-report-details-russian-hacking-effort-days-before-2016-election/" rel="nofollow">https://theintercept.com/2017/06/05/top-secret-nsa-report-de...</a>
I wonder whether NSA uses syntactic watermarking[1], imperceptible changes to word order or sentence form, keyed to the user accessing a document. This, or other techniques of embedding a fingerprint in the text itself, would allow a leaker to be identified from just a transcription of the document.<p>What is the right amount of fuzzing for a news organization to perform on leaked documents, to protect a source while providing credible evidence to support a claim?<p>Meral, H. M., Sevinc, E., Ünkar, E., Sankur, B., Özsoy, A. S., & Güngör, T. (2007, February). Syntactic tools for text watermarking. In Electronic Imaging 2007 (pp. 65050X-65050X). International Society for Optics and Photonics.
Have we learned nothing about the NSA's tactics? The Intercept publishes reporting that they would rather not have been printed, and the very day the DOJ unseals charges where they try to say they learned about the leak from a paper crease from what can be reasonably inferred to be The Intercept. Meanwhile the alleged leaker allegedly used her work computer to contact The Intercept (in contradiction with their recommended best practices).<p>It has all the appearances of the government trying to smear a news outlet and ensure no one leaks to them again.<p>Do we still really trust the NSA? It was disappointing yet expected from the WaPo that they took as fact everything the DOJ alleged about how the case proceeded.
Yes, or maybe no. It doesn't really matter, because this is just one of many battles being waged in the current cyber-war gripping our lives.<p>I mean, we have to just see it in the larger context: there is very definitely a war going on among various, nefarious, otherwise, or indeterminate, hostile parties.<p>It seems that if we must dismantle the military-industrial state, it is going to be through info-wars. The key targets are all secrets. (Curious that both sides seem to want the same thing though, i.e. "the info wants to be free", isn't it?)
> The methods presented in this paper have many applications in law enforcement such as tracking, counterfeiting, and child pornography. The downside is that they provide a mechanism for a simple device, a printer or a digital camera, to spy on its user. A typical user cannot turn off these signatures, particularly the intrinsic signature, without very detailed knowledge of how the device operates. This could have dire consequences for many important uses of these devices in our society. For example a whistleblower who would like to share documents with a regulatory agency could be in danger in that their printer could be identified as the one that produced the documents. [1]<p>Prophetic words from a 2008 paper (PDF) [1].<p>This paper may be duplicate information, but reading this paper impressed upon me how many more ways there may be to spy on people than I could imagine (and I know about some existing things like side-channel attacks... how do I spy on thee? Let me count the ways.)<p>So don't register your printer with the manufacturer, folks; the serial number may be on every page it prints. Ditto for digital cameras.<p>Then again, is fighting for digital privacy a losing battle when at every turn, there are deliberately hidden bits of PII? Pun intended.<p>[1]: <a href="https://engineering.purdue.edu/~prints/public/papers/sp_article_09_chiang.pdf" rel="nofollow">https://engineering.purdue.edu/~prints/public/papers/sp_arti...</a>
I'm not clear on what the motivation for this 'leak' would be. Is it morally reprehensible for the NSA to withhold this information from the public? Was the NSA doing something illegal by withholding this info?
If the only actionable information leaked is politically charged or simply falling within the established/mass media narrative, is it wrong to suspect this 'leak' is disinformation?
In other news, if you are leaking set up a hidden camera in someone's room, steal their password and do everything from their account.<p>Or if you are really moral just set up the camera above your desk.<p>A bit of plausible deniability is much better than life in a supermax I promise...
What I find interesting is that the email from the Gmail account on the work computer was able to be intercepted and logged. What mechanism might they have used, an SSL proxy with a pre-loaded root certificate? How long is this data logged?
I think the real fuckup is including in the article the method for IDing a Russian agent - registering with a personal phone number. That's the kind of mistake that could have been made again, but now probably won't be.<p>On the whole I think this information needed to get out. There were reports of people all over the US being dropped from voter registration rolls, and now proof that the Russian military targeted voter registration companies.
Off topic, her name is "Reality (Leigh) Winner"?<p>Is this a new trend? Can you name your child with any surname you wish? For example "Tower John Trump".
I can't help but feel a Zen-like sense of balance and bliss over this. An NSA contractor violated her employment agreement and the law in providing Top Secret info to The Intercept, who then published it.<p>The Intercept got a story published and is enjoying great attention (and ad revenue), and the guilty party was caught. Everyone can be happy.<p>"God’s in His heaven — All’s right with the world!" [R. Browning]
>The leaks contain no "raw" evidence<p>Something stinks here. Both WaPo and the NSA, who Greenwald has picked fights with, get to smear The Intercept, while we are supposed to bekieve the leaker has extreme incompetence (flagrantly incriminating herself while using a pseudonym), and meanwhile the public still has no evidence of the election tampering.<p>It's not like the Deep State didn't lie to the country to wage a war in Iraq not long ago.<p>The public deserves to see proof.
As with every headline that poses a yes/no question, the answer is usually "no".<p>EDIT: I'm also unsure what the point of shifting the focus onto The Intercept's alleged "mishandling" of the leaker's identity is. It seems like a smear job meant to discredit a publication that the natsec community and mainstream media like WaPo dislike. It also removes the focus from the substance of the leaks and puts it on the "character" of the publication.