It has all the appearances of the government trying to smear a news outlet and ensure no one leaks to them again.
Do we still really trust the NSA? It was disappointing yet expected from the WaPo that they took as fact everything the DOJ alleged about how the case proceeded.
A scheme that would be less effective if not for The Intercept's demonstrably deficient opsec in protecting its source in this affair.
Anyone who is thinking about leaking anything classified only needs to spend thirty seconds typing "Snowden" into Google to find out what happens when the federal government identifies the leaker. They then decide if it's worth the risk and how much time they will spend on covering their tracks. In this case (if true) it sounds like Reality Winner decided that they simply couldn't cover up their leaking and threw in the towel.
Much has been made of the watermarks on laser printers, we've known about those for a long time. Not everyone is aware but it's the sort of thing you can find out about if you put in time to do the research. After doing my own research, it doesn't seem like these watermarks really came into play; the NSA simply looked up everyone who had accessed the document and inspected their workstations for clues.
There really isn't much you can reasonably conclude about this. Is the government lying? Is The Intercept incompetent? The only thing you should remember is that if you are going to leak documents you need to do as much as possible while they are still in your control to hide your involvement. Once you send them off, your fate is in the hands of others.
In that situation, I'm sorry, but the responsibility for protecting your identity is on you. Anonymize the data. Do not leak something that only you would have access to. etc, etc.
Because unless you're leaking to Infowars, you have to expect that a legitimate journalist will present your data to the organization from which you leaked it to, and request comment.
Snoweden did everything right, and it still wasn't good enough.
It was game over at that point. Nothing they could do would have fixed that.
I'm all for a good conspiracy theory, but you're going to have to spell this one out better.
Personally, while that scenario doesn't sound impossible I think the likelihood is being overstated due to motivated cognition: if you like the Intercept you would like to believe they did nothing wrong, but in reality people do make mistakes.
The women was a contractor, not an agent, so they aren't sacrificing someone they've invested in. etc
Again, what actually happened, who knows?
If I had to change anything it would be the fact that they only signed up for an intercept mailing list using work email, not direct contact. I regret the error, I was going off what I read yesterday.
> Meanwhile the alleged leaker allegedly used her work computer to contact The Intercept.
This really should be ignored. The FBI included it as probable cause for their search and arrest warrants, but she had e-mailed them asking for a podcast transcript months earlier. As far as leaking, she mailed the document to them and had no electronic communication at all. The Intercept blabbed that it was postmarked Augusta, GA and was printed, which is what gave her away. They screwed up and if they want anyone to feel safe leaking to them again, they need to own up to it and describe how they are going to fix their procedures to protect their sources in the future.
It's called parallel construction; it has happened before and it will happen again.
http://www.reuters.com/article/us-dea-sod-idUSBRE97409R20130...
The Washington Post covered Snowden's leaks of unconstitutional actions by the NSA, won a Pulitzer Prize for the coverage, only to then stab him in the back and call for his prosecution.
https://www.washingtonpost.com/opinions/edward-snowden-doesn...
I've heard speculation that the change in attitude was tied to regime change at the Post in the wake of the Bezos acquisition.
Amazon doesn't own WaPo, Jeff Bezos does. A $600 million 10 year contract for a private cloud is a tiny fraction of AWS revenue (some $15 billion per year), let alone overall Amazon revenue. It is in no way a sweetheart deal that would require Bezos bend over backwards, let alone undermine the integrity of the news organization for which he paid $250 million out of his own pocket.
And in the end even this leak doesn't contain any evidence of anything that would even tie it to Russia, let alone GRU. On the internet no one knows you're a dog. So she will get 10 years in the slammer for nothing.
http://blog.erratasec.com/2017/06/how-intercept-outed-realit...
It pointed to the exact printer being used and the exact time and date the document was printed. They didn't need her email to figure out it was her, but I'm sure that will help them in her court case.
edit: cleaned up some sloppy verbiage
I don't think we should expect news outlets to scour every printed document for these watermarks and remove them. Most aren't that technically savvy and this solidly seems like the responsibility of the person doing the leaking.
Leaking is dangerous and risky. I don't know the leaker personally but I could understand someone feeling that documents need to be released to the public and, at the same time, feeling like they can't evade the NSA's investigation. At that point any counter-measures probably seem pointless, especially for those who are not technical and can't imagine any bounds to the NSA investigative powers.
"Russian General Staff Main Intelligence Directorate actors … executed cyber espionage operations against a named U.S. company in August 2016, evidently to obtain information on elections-related software and hardware solutions."
which seem to directly tie it to GRU.
I have too many theories, but first we need to figure out if there is such a person: That's right, I'm questioning Reality.
EDIT: I'm also unsure what the point of shifting the focus onto The Intercept's alleged "mishandling" of the leaker's identity is. It seems like a smear job meant to discredit a publication that the natsec community and mainstream media like WaPo dislike. It also removes the focus from the substance of the leaks and puts it on the "character" of the publication.
https://d3vv6lp55qjaqc.cloudfront.net/items/1k2I053M3J2z0f47...
> 14. The U.S. Government Agency [NSA] examined the document shared by the News Outlet [The Intercept] and determined the pages of the intelligence reporting appeared to be folded and/or creased, suggesting they had been printed and hand-carried out of a secured space.
> 15. The U.S. Government Agency conducted an internal audit to determine who accessed the intelligence reporting since its publication. The U.S. Government Agency determined that six individuals printed this reporting. These six individuals included WINNER. A further audit of the six individuals' desk computers revealed that WINNER had e-mail contact with the News Outlet. The audit did not reveal that any of the other individuals had e-mail contact with the News Outlet.
> 16. The U.S. Government Agency determined that WINNER had e-mail communication with the News Outlet on or about March 30, 2017, and March 31, 2017. The first e-mail was from WINNER, using e-mail address [redacted].fitness@gmail.com, to the News Outlet. In it, WINNER appeared to request transcripts of a podcast. The second e-mail was from the News Outlet to [redacted].fitness@gmail.com and confirmed WINNER'S subscription to the service. The [redacted].fitness@gmail.com account is a personal e-mail account not sponsored by or affiliated with the U.S. Government Agency.
Whether the 'crease' noticed by the NSA in paragraph 14 was actually creases or an internal code for microdots, if The Intercept was going to use this report there's nothing they could have done to protect this reckless source.
That said, if the dude gets impeached she will probably eventually be pardoned.
The microdots seem to be the usual xerox-style microdots, and decode properly:
Printer serial number: 535218 [or 29535218] Date: May 9, 2017 Time: 06:20
Or are you saying "I didn't read the article, but the answer is usually no"?
* The story is a huge black eye for the Intercept, makes it look like they are very inept.
* The leak is not really substantial, mostly analyst notes about an ongoing thing that's been talked up in the press quite a bit.
* The DocuColor thing is ancient as well: https://www.theregister.co.uk/2005/10/20/outlaw_printer_dots...
Maybe my tinfoil hat is on too tight, but this just has a funny odor to it. One might speculate that this is a calculated leak intended to discredit The Intercept, sow fear in the minds of potential leakers?.
If the comments on other forums are anything to judge by, there are at least two groups of paid astroturfers battling it out today.
[0] http://www.military.com/veteran-jobs/security-clearance-jobs...
Critics charge that, at a minimum, the Post needs to disclose its CIA link whenever it reports on the agency. Over 15,000 have signed the petition this week hosted by RootsAction." http://www.hangthebankers.com/washington-post-owner-receives...
Critics charge that, at a minimum, the Post needs to disclose its CIA link whenever it reports on the agency. Over 15,000 have signed the petition this week hosted by RootsAction." http://www.hangthebankers.com/washington-post-owner-receives...
I recommend reading the search warrant application, paragraphs 12-19. It's the second document in this BuzzFeed story: https://www.buzzfeed.com/stevenperlberg/a-federal-government...
Whistleblowing is warranted in cases where information pertinent to the public interest won't come out otherwise. Given Mueller's investigation, the responsible thing would have been to wait and see, unless you had reason to doubt him.
What is the right amount of fuzzing for a news organization to perform on leaked documents, to protect a source while providing credible evidence to support a claim?
Meral, H. M., Sevinc, E., Ünkar, E., Sankur, B., Özsoy, A. S., & Güngör, T. (2007, February). Syntactic tools for text watermarking. In Electronic Imaging 2007 (pp. 65050X-65050X). International Society for Optics and Photonics.
Maybe paraphrasing the key points or claims of the document would be the only safe way.
I mean, we have to just see it in the larger context: there is very definitely a war going on among various, nefarious, otherwise, or indeterminate, hostile parties.
It seems that if we must dismantle the military-industrial state, it is going to be through info-wars. The key targets are all secrets. (Curious that both sides seem to want the same thing though, i.e. "the info wants to be free", isn't it?)
I have a sinking suspicion that the average American, for example, isn't benefited by this leak.
But, I do think that these leaks are good for everyone, not just Americans, and that is why they need to happen.
Do the answers to these questions matter if the war continues regardless?
That said, the important thing for any leaker to do is to try as much as possible to obscure any links they have to the documents before handing them off to third parties even if those third parties are supposedly trusted (because once you hand the documents off, you are no longer in control).
Something I think is valuable in this leak is the fact that the general public will be better educated that in fact their printers are capable of tracking every single thing they print, and there is no really, truly, anonymous personal printing any more.
I hope the blahgosphere will pick up on this and that we see Stories targeted to the normals that explains these sorts of things to them. Grandma may not care too much about her phone being listened to (after all, it was always so, to her at least..), but if you explain to Grandpa that there is a secret code that will tie every single printed sheet back to his house-hold, well, that may raise a few shingles ..
One thing that the Intercept--and Glenn Greenwald in particular--have been very critical of is news organizations that blindly publish leaks as verified facts. Here[0] is just one example where Greenwald writes:
> THE WASHINGTON POST late Friday night published an explosive story that, in many ways, is classic American journalism of the worst sort: The key claims are based exclusively on the unverified assertions of anonymous officials, who in turn are disseminating their own claims about what the CIA purportedly believes, all based on evidence that remains completely secret.
Now, in this case they at least have a document, which they verified was a real document created at the NSA. But even the Intercept's own article[1] admits:
> A U.S. intelligence officer who declined to be identified cautioned against drawing too big a conclusion from the document because a single analysis is not necessarily definitive.
So, are they living up to their own standard here? I don't think the answer is black and white. But I am certainly tired of hearing all this talk without seeing the technical details.
If the U.S. election system was hacked--even just one voter registration company--the American public deserves to get the details. Period.
What were the IP addresses used, and what ties them to Russia? What does the malware actually look like, and has it been seen before? How was this whole thing discovered?
For now, all we have to go off of is what the NSA says may have happened. That it was a leaked document doesn't make it any more revealing than if it was a phone conversation with another unnamed official.
[0] https://theintercept.com/2016/12/10/anonymous-leaks-to-the-w...
[1] https://theintercept.com/2017/06/05/top-secret-nsa-report-de...
Given that the average American barely understands what a computer virus is, is the level of technical detail you're calling for sensible for public dissemination?
One thing people forget to mention about the FBI director 10 year term is that it wasn't put in place in order to have a director serve over a long period of time (somewhat like the SCOTUS) but to prevent somebody from amassing so much information and power that they can blackmail anybody.
That was decades ago, we now have agencies like the NSA who have far more information on people and if we are going to top that off with allowing them to make claims on wrongdoing without having to disclose actual evidence I just don't know such power could be kept in check.
How long until the protons in the backup tapes decay?
It is? So corporations install something that infects your laptop and updates the root certificate every time Chrome or Firefox updates? Sounds extreme to me. Something the NSA might be able to do, but hopefully not my company.
Either their methods work, and of course they should be secret, or their methods don't work, and it's unproductive to help them shorten the list of attack methods they try.
That said, I think that's an important story here. The infrastructure around these machines seems sloppy. The fact that there's no source code to read means they are black boxes we have to trust.
Is this a new trend? Can you name your child with any surname you wish? For example "Tower John Trump".
- TheIntercept failed to sanitize the documents before posting
- They provided the govt (or rather a govt contractor) with further information, at least that the mail was posted in Augusta, Georgia.
The former can be attributed to simple mistakes, but at least the latter is gross negligence of the highest order.
Given these two things alone, even if she had her own opsec in order, she'd likely been found out.
But given the response and the constellation of corroborating info from various sources, it seems pretty reasonable at this point to presume it is NOT disinformation. It's almost certainly not a complete picture of what various parties know and it's likely a snapshot of an evolving knowledge base (ie- the broader intelligence community's knowledge of what was going on before and during our election).
But the presumption that it is not 'false' information should be pretty solid by now.
The Intercept got a story published and is enjoying great attention (and ad revenue), and the guilty party was caught. Everyone can be happy.
"God’s in His heaven — All’s right with the world!" [R. Browning]
There is no ad revenue at The Intercept.
Prophetic words from a 2008 paper (PDF) [1].
This paper may be duplicate information, but reading this paper impressed upon me how many more ways there may be to spy on people than I could imagine (and I know about some existing things like side-channel attacks... how do I spy on thee? Let me count the ways.)
So don't register your printer with the manufacturer, folks; the serial number may be on every page it prints. Ditto for digital cameras.
Then again, is fighting for digital privacy a losing battle when at every turn, there are deliberately hidden bits of PII? Pun intended.
[1]: https://engineering.purdue.edu/~prints/public/papers/sp_arti...
Or if you are really moral just set up the camera above your desk.
A bit of plausible deniability is much better than life in a supermax I promise...
On the whole I think this information needed to get out. There were reports of people all over the US being dropped from voter registration rolls, and now proof that the Russian military targeted voter registration companies.
Something stinks here. Both WaPo and the NSA, who Greenwald has picked fights with, get to smear The Intercept, while we are supposed to bekieve the leaker has extreme incompetence (flagrantly incriminating herself while using a pseudonym), and meanwhile the public still has no evidence of the election tampering.
It's not like the Deep State didn't lie to the country to wage a war in Iraq not long ago.
The public deserves to see proof.
