How The Intercept might have helped unmask Reality Winner to the NSA

Following the trail of digital dots…

How The Intercept might have helped unmasked Reality Winner to the NSA

The Intercept might have unwittingly helped unmask Reality Winner, a government contractor who allegedly leaked a NSA document about Russian hacking to the news outlet.

On 5 June, The Intercept published a "Top Secret" National Security Agency (NSA) document detailing Russian efforts to interfere in the 2016 U.S. presidential election.

"Provided anonymously to The Intercept and independently authenticated," the report reveals that Russian military intelligence conducted a digital attack campaign against a U.S. voting software supplier and sent spear-phishing emails to 100 local election officials.

These actions appear to support the view that Russia meddled in the election beyond having hacked the Democratic National Committee, an incident which EVERYONE (We're looking at you, Mr. President.) finally agrees involved Russian military activity.

Later that same day, the Justice Department published an "Affidavit in Support of Application for Arrest Warrant" against Reality Leigh Winner. A 25-year-old government contractor with Pluribus International Corporation, Winner was arrested by the FBI in early June on the suspicion that she "willfully retained and transmitted classified national defense information to a person not entitled to receive it in violation of 18 U.S.C. § 793(e)."

The affidavit doesn't mention any names, but it's clear it's accusing Winner of having leaked the NSA report to The Intercept.

As FBI Special Agent Justin Garrick explains in the affidavit:

"On or about May 9, 2017, WINNER printed and improperly removed classified intelligence reporting, which contained classified national defense information and was dated on or about May 5, 2017 (the 'intelligence reporting') from an Intelligence Community Agency (the 'U.S. Government Agency') and unlawfully retained it. Approximately a few days later, WINNER then unlawfully transmitted the intelligence reporting to an online news outlet (the 'News Outlet')."

Screen shot 2017 06 06 at 12.29.41 pm

How did Winner get caught? Well, it looks like the "News Outlet" had something to do with it.

According to Garrick's affidavit, The Intercept reached out to the NSA on 1 June 2017 about publishing the document in an upcoming story. As part of the correspondence that ensued, the news outlet sent the NSA the report. An analysis of the document revealed that some of the pages had been folded or creased, suggesting that someone had printed it and carried it out of a secure facility.

The NSA subsequently determined that six individuals had printed the document. How? The intelligence agency logs its print jobs. Most newer printers leave patterns of nearly invisible yellow dots on the documents they print, so it's possible to trace something like a Top Secret report to a print job.

Dots

Source: Errata Security

(For more information about how the NSA might have traced the leaked document, read security expert Robert Graham's write-up here.)

An internal audit yielded evidence that Winner had communicated with The Intercept. Garrick subsequently spoke with Winner at her home on 3 June 2017 about the leak, at which point in the time the contractor admitted to having stolen the document knowing full well that "the contents of the reporting could be used to the injury of the United States and to the advantage of a foreign nation."

It appears The Intercept did no one any favors in publishing the report and sending a copy of it to the NSA. On the one hand, it probably sought to protect Winner as its source. But the document did originate from the NSA, after all. It's a bit short-sighted of the The Intercept's staff (and Winner, of course!) to think the NSA doesn't have means of tracking its Top Secret reports.

On the other hand, The Intercept might have thought it was serving the public interest by publishing the report. But government agencies like the NSA classify information for a reason (not always a good one, but a reason nonetheless). This fact doesn't even include the myriad of investigations that are examining Russian interference in the 2016 presidential elections. A leak like this could very well have some bearing on the outcome of at least some of those investigations.

No one "won" from this leak. At a bare minimum, it caused lots of headaches in the intelligence community, and it may have changed the life of one young woman forever.

For more discussion on this case, check out this recent episode of the "Smashing Security" podcast:

Subscribe: Apple Podcasts | Google Play | Overcast | Stitcher | RSS for you nerds.

Tags: , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, , ,

6 Responses

  1. Winston

    June 7, 2017 at 7:57 am #

    Oh, please.

    You think the American people would have EVER been told about the depth of Russian hacking (in collusion with the Trump team) without this leak?

    What no one has the guts to acknowledge is that there will NEVER be impeachment articles drawn up, let alone even a DOJ indictment against anyone higher than Flynn (who will instantly be given a presidential pardon).

    This is the tyranny of one-party rule – just like in Mother Russia. The US is well down the road of fascism, but just like the proverbial boiled frog, the complacent public won't realize until it is too late.

  2. David L

    June 7, 2017 at 12:19 pm #

    Gee, the unfounded accusations are still flying fast and furious. Can anyone offer one piece of evidence, just one, of "Collusion"? between the Trump campaign and Russia ??? No ?? That's because there is none. Only insinuations and speculation so far. No REAL proof. But the real fascist are the law breakers on the left, conveniently ignored by the MSM. Those who try and squelch free speech. And riot at the least cause to get attention, and destroy properties. Show where the right has ever, I mean ever, acted in such a fashion? You can't, but hypocrites be warned, you will get that police state if you keep it up. England will beat the US there, perhaps even before the EU.

    • Ken C. in reply to David L.

      June 8, 2017 at 12:16 am #

      "Trump is writing a new political play book (or perhaps revising an old one) that suggests it's better to lie large, often and unapologetically then ever admit you are wrong. One poll conducted earlier this year found that nearly two-thirds of Trump supporters believe Obama was born outside the United States" (Baltimore Sun, The (MD) 09/19/2016). It is disturbing that Trump's use of Hitler's play book of dishonesty, intolerance, hatred, and fear would work in the new millennium. Haven't we learned anything from history?

  3. Moshe M

    June 7, 2017 at 2:18 pm #

    I really fell pity for this poor girl; she has been failed by everyone in her life who should have been, but were not, responsible adults. I blame her professors and deans in the colleges she attended who gave her "safe spaces" where she did not learn to hear and digest opposing ideas. I blame big media personalities like Reza Asslan and Kathy Giffin who taught her it's ok to use terms like Piece of S**t about, or symbolically decapitate those with whom you disagree. I blame Pluribus and the NSA for allowing someone to work at the NSA without even checking their social media output. I blame her mother who gave her child the name Reality but failed to instill in her enough sense of reality to realize that there are grave consequences for stealing top secret information from an intelligence agency of a global superpower. I pray the court shows her mercy. Though 25 years old, because of our failures, she's just a child who was handed a loaded gun.

    • william in reply to Moshe M.

      June 14, 2017 at 5:05 pm #

      If you want to play the blame game and beat yourself up about "our failures" be my guest, but don't include me. I failed no one. Reality sucks for Reality Winner, but she's not a victim. She's an adult who made choices and any trouble she's in is her own doing.

      If you feel so strongly about it, then go to her trial and offer to take responsibility for her actions. If you're not willing to do that, then plaster a band-aid on your bleeding heart and move on……..

  4. Elliott Weitz

    June 8, 2017 at 3:18 am #

    This woman was aware of the penalties for treason, she signed multiple documents over the course of her time in the Air Force, and upon taking the contracting job stating that she would protect the information she was being given access to. Instead she made a conscious decision to betray her country. I hope our legal system sends a strong message to this traitor.

Leave a Reply