Printer dots point FBI to contractor accused of leaking NSA report on Russian cyberattack

NSA contractor Reality Leigh Winner was charged Saturday with leaking classified documents to The Intercept detailing Russian cyberattacks against electronic voting equipment and more than 100 election officials. The printer she allegedly used to ferret out the documents gave her away to the FBI.

The request for Winner”s arrest warrant states that, out of six people with access to the classified papers, only Winner had ties to the national-security news outlet. The request reads:

The U.S. Government Agency conducted an internal audit to determine who accessed the intelligence reporting since its publication. The U.S. Government Agency determined that six individuals printed this reporting. WINNER was one of these six individuals. A further audit of the six individuals” desk computers revealed that WINNER had e-mail contact with the News Outlet.

However, the request does not say how the FBI concluded that Winner was indeed the culprit. Consultant Robert Graham reveals in a blog post how investigators decoded the timestamp using microdots embed in printed files, eventually zeroing in on the printer model, serial number, as well as the date and time that printer was accessed.

“The problem is that most new printers print nearly invisibly yellow dots that track down exactly when and where documents, any document, is printed,” Graham says. “Because the NSA logs all printing jobs on its printers, it can use this to match up precisely who printed the document.”

The yellow dots bolster the case made by the FBI, which had already arrested Winner by the time The Intercept had published the classified information online.

Printer steganography is part of a deal struck by the US Secret Service with selected color laser printer manufacturers with the purpose of catching counterfeiters, according to the Electronic Frontier Foundation.

In a 2005 , the EFF expressed dismay that no law prevents the government from abusing this information – i.e. using it beyond criminal counterfeit investigations.

“Underground democracy movements that produce political or religious pamphlets and flyers, like the Russian samizdat of the 1980s, will always need the anonymity of simple paper documents, but this technology makes it easier for governments to find dissenters,” said EFF Senior Staff Attorney Lee Tien. “Even worse, it shows how the government and private industry make backroom deals to weaken our privacy by compromising everyday equipment like printers. The logical next question is: what other deals have been or are being made to ensure that our technology rats on us?”

A dot decoder is available for anyone looking to test the feature, courtesy of the EFF.