If you’ve been following international news lately, you would be well aware of the information that was revealed about Russian hacking during the 2016 Presidential Elections. For those of you in the dark, The Intercept, an online publication, reported on Monday that Russian military intelligence carried out a cyber-attack on at least one US voting software supplier and sent spear-phishing emails to more than a hundred local election officials days before the poll.
Reality Leigh Winner, a government contractor in Georgia at Pluribus International with top security clearance, was arrested on Saturday for leaking the confidential documents that Intercept has revealed in its report. While the document itself goes on to explain that the hack had no influence on the actual outcome of the elections, the details around the arrest itself are a bit confusing.
For instance, if the report was published on Monday, how was the arrest made on Saturday. The document, allegedly provided by Winner, was received by The Intercept in May and they had approached the NSA on May 30 to confirm its authenticity before going ahead with the report. Possibly to avoid detection, Winner had not emailed the document to the Intercept. Instead, she had printed it out and then emailed scanned copies of it. If you look at the report on the Intercept article, they aren’t actual pages but images of the pages that had been sent to them.
How was it tracked?
“The problem is that most new printers print nearly invisibly yellow dots that track down exactly when and where documents, any document, is printed,” says Robert Graham, of Errata Security, “because the NSA logs all printing jobs on its printers, it can use this to match up precisely who printed the document.”
The technique, explained in detail in his original blog post, roughly works like this:
- Take a screenshot of the whitespace on your document.
- Open document in image editor and invert colours.
- Rotate the image 180 degrees.
- Go to this page and manually fill in the pattern.
- Check the result that has the printer serial number, model number and the date and time when the document was printed.
Using this method, it was pretty easy for NSA to narrow down the possible suspects to six people. With evidence that Winner was the only one among them who had email contact with The Intercept and other methods, NSA had enough on their hands to get Reality Winner. Currently, she has been accused of “gathering, transmitting or losing defence information,” and she could get up to 10 years behind bars if she is convicted.