1. 23
  1.  

  2. 6

    Amazing that they went to all this effort after she emailed them from her work computer.

    1. 9

      I understand the odds are that this person was careless enough that she would have been caught anyway; I still feel like it is your obligation as a journalist to do what you can to protect your source.

      I am still astounded they sent the raw PDF back to the NSA for verification instead of typing up a subset of the contents and sending those to the NSA.

      1. 4

        Actually she didn’t email them about the leaks:

        1. The U.S. Government Agency determined that WINNER had e-mail communication with the News Outlet on or about March 30, 2017, and March 31, 2017. The first e-mail was from WINNER, using e-mail address da3rc.fitness@gmail.com, to the News Outlet. In it, WINNER appeared to request transcripts of a podcast. The second e-mail was from the News Outlet to da3re.fitness@gmail.com and confirmed WINNER’S subscription to the service. The da3re.fitness@gmail.com account is a personal e-mail account not sponsored by or affiliated with the U.S. Government Agency.

        from here

        1. 4

          Yeah I mean its a neat article on microdots, but probably not actually the determining factor.

          1. 4

            Would we know if it was or would they parallel construct it away to hide effectiveness? Quick way to start assessing that would be for anyone following federal prosecutions of leaks to say if they publicly mention when they used the printer method.

          2. 2

            You say that like Chelsea Manning didn’t just walk off with CDRs labeled “Britney Spears.”

            1. 1

              Lady Gaga’s Telephone especially:

              https://www.theguardian.com/world/2010/nov/28/how-us-embassy-cables-leaked

              Although, I’ll gladly add Britney to the humiliation if you have a source for that. I do like that Lady Gaga is more cringe-inducing for the Manning haters, though.

              1. 2

                You are totally right. I guess I don’t know the difference between controversial pop stars.

                1. 1

                  It’s an easy mistake to make given their irrelevance to people into deeper things. ;) I did pull up the song and video out of curiosity to see what Manning was jamming to at the time. Try to get into the persona and state of mind.

                  1. 3

                    You ain’t gotta throw shade on pop music, nickpsecurity. Mozart was the Lady Gaga of his time.

                    1. 2

                      It’s them not me lol. In my research, I loved the refrain in Paparazzi. It was a bit more down to earth in style. Im cool with Mozart, too. We hang sometimes and talk which blockchain he’s betting his music fortune on.

          3. 4

            No printers added to the list of things to remember.

            Some things off the top of my head for someone who would want to remain anonymous:

            • plain text files.
            • laptop paid for in cash ‘user’@‘pc’ user name.
            • never log onto any website or run any web searches on that laptop.
            • email account created years ago over tor that has never been used.
            • spend a few hours memorizing a bunch of single purpose random passwords.
            • full disk encryption.
            • public hotspots with no cameras.

            Any other tips?

            1. 4
              • Randomly assigned MAC address
              • Tor, Tor, Tor
              • Stealth Wear
              • CV Dazzle
              • Pebbles, or lifts in shoes to alter your walk
              • Utilize SecureDrop for uploads, from a crowded public place
              • Swap and destroy hard disks often (like after a document drop)
              • Don’t carry a tracking device (e.g. a cell phone)
              1. 2

                Considering she wouldn’t have been able to bring any devices into the building or any documents out, many of those avenues would have been impossible.

              2. 3

                I knew that these dots existed, but I had never bothered to really investigate utilizing them. This made it clear to me that I don’t really understand how to make, and pass around physical documents securely anymore. What are some techniques for doing so? Is ripping out the color cartridge, and converting to 1-bit bitmaps enough? Should we start restoring offset printing presses and making plates again?

                How do we launder physical documents effectively?

                1. 1

                  if you’re going to do launder them digitally, you could use this: https://github.com/firstlookmedia/pdf-redact-tools/pull/23

                  1. 3

                    But how can I trust First Look, The Intercept’s parent company, after it was their blunder to begin with? :)

                    1. 1

                      hah! fair point. I overlooked the author of that repo. this seems to be a failure of proper understanding on both parties involved then, so I guess as a whistleblower you have to make the decision about who & whose tech you think you can trust - a very tricky thing.

                2. 3

                  Um, I do not believe the author of this post meant 3rd Amendment. This has nothing to do with quartering troops.

                  1. 3
                    1. 2

                      There’s some discussion in the blog’s comments about how the 3rd Amendment might be relevant, since requiring printers to print these dots has an effect similar to stationing an informant in someone’s home. Seems like a stretch to me though.

                      1. 3

                        Yeah, that seems completely incongruous with any other reading of the 3rd Amendment.

                      2. 1

                        The Third Amendment has only ever faced one serious court challenge. A prison in New York had on-site housing for the guards. The guards went on strike, and the state brought the National Guard in to control the prison….and housed the soldiers in the same housing.

                        The court found that that the state did violate the Third Amendment, but not itentionally, and that the case did not establish precedent.

                      3. 1

                        I know this is a really stupid question, but can you get round this by printing on yellow paper?

                        1. 1

                          I bet someone with the original could get the paper and ink to respond differently under different lighting. But on a scanned copy, you’d have to have a quite good, sensitive color scan to see it.

                          As these are in most printers, your question sounds like the setup for a great afternoon experiment. I hope to upvote your blog post about it. :)