A security contractor named Reality Winner was arrested this week for leaking documents about the Russian election hack to The Intercept.
Her arrest set off a conversation about journalism and op-sec, or operational security.
Reality Winner made a number of mistakes, but in particular she was outed by the specific printer that she used to print and carry out the documents.
A security firm contacted by BoingBoing said:
The document leaked by the Intercept was from a printer with model number 54, serial number 29535218. The document was printed on May 9, 2017 at 6:20. The NSA almost certainly has a record of who used the printer at that time.
The situation is similar to how Vice outed the location of John McAfee, by publishing JPEG photographs of him with the EXIF GPS coordinates still hidden in the file. Or it’s how PDFs are often redacted by adding a black bar on top of image, leaving the underlying contents still in the file for people to read, such as in this NYTime accident with a Snowden document. Or how opening a Microsoft Office document, then accidentally saving it, leaves fingerprints identifying you behind, as repeatedly happened with the Wikileaks election leaks. These sorts of failures are common with leaks. To fix this yellow-dot problem, use a black-and-white printer, black-and-white scanner, or convert to black-and-white with an image editor.
I thought this was an interesting look at how far digital traces can be used to identify us, and if you’re leaking something, just remember to remove all the metadata.