Nieman Foundation at Harvard
HOME
          
LATEST STORY
“Checking Twitter…while being rushed into a bunker”: Considering fake news and nuclear war
ABOUT                    SUBSCRIBE
June 6, 2017, 11:43 a.m.
Reporting & Production

The Intercept’s Russian hacking report also seems to be a good example of how not to handle leaks

The Intercept’s big story on the Russian government’s attempts to hack the U.S. election offers lessons for leakers and the news outlets they leak to.

On Monday afternoon, The Intercept published a bombshell story: “Top-secret NSA report details Russian hacking effort days before 2016 election.” The story — later confirmed by CBS — reveals that “Russian military intelligence executed a cyberattack on at least one U.S. voting software supplier and sent spear-phishing emails to more than 100 local election officials just days before last November’s presidential election, according to a highly classified intelligence report obtained by The Intercept,” and includes PDFs of the NSA’s report.

The story is a potentially huge one, providing the most evidence we’ve seen thus far that the Russian government attempted to influence the outcome of the U.S. election in ways beyond just spreading misinformation (and Russian president Vladimir Putin had even denied his government’s role in that). But another story is emerging around The Intercept’s story as well: By Monday evening, a 25-year-old federal contractor, Reality Leigh Winner, was charged with leaking the documents (the first criminal leak case under Trump). If Winner was indeed The Intercept’s source, there are questions about whether The Intercept could have done more to protect her — starting with those PDFs it published as part of its story.

The PDFs include a matrix of microdots — printer steganography — that could be used to trace the printer back to its source, as Ted Han (@knowtheory), the director of technology at DocumentCloud (whose platform The Intercept used to embed the PDFs in its story), pointed out Monday. And some of the pages were creased.

Cybersecurity expert Robert Graham explained on his blog how the microdots created by a color printer can be used to track the printer’s source, and writes:

The document leaked by the Intercept was from a printer with model number 54, serial number 29535218. The document was printed on May 9, 2017 at 6:20. The NSA almost certainly has a record of who used the printer at that time.

The situation is similar to how Vice outed the location of John McAfee, by publishing JPEG photographs of him with the EXIF GPS coordinates still hidden in the file. Or it’s how PDFs are often redacted by adding a black bar on top of image, leaving the underlying contents still in the file for people to read, such as in this NYTimes accident with a Snowden document. Or how opening a Microsoft Office document, then accidentally saving it, leaves fingerprints identifying you behind, as repeatedly happened with the Wikileaks election leaks. These sorts of failures are common with leaks. To fix this yellow-dot problem, use a black-and-white printer, black-and-white scanner, or convert to black-and-white with an image editor.

The Washington Post’s Erik Wemple has a good writeup of how steps The Intercept took to verify the documents may have contributed to Winner’s cover being blown — but it’s also clear that she didn’t follow many of the precautions that The Intercept publishes on its own how-to-leak page. (For instance: “Don’t contact us from work”; the FBI says Winner corresponded with The Intercept from her work computer.)

The journalist Barton Gellman, who led The Washington Post’s Pulitzer Prize–winning coverage of the NSA in 2013 and 2014, offered more thoughts in a tweetstorm Tuesday.

Matthew Garrett, a security developer at Google, has some ideas for news outlets’ how-to-leak pages.

When asked for comment, The Intercept issued this statement, which doesn’t address any questions about the outlet’s potential missteps:

On June 5 The Intercept published a story about a top-secret NSA document that was provided to us completely anonymously. Shortly after the article was posted, the Justice Department announced the arrest of Reality Leigh Winner, a 25-year-old government contractor in Augusta, Georgia, for transmitting defense information under the Espionage Act. Although we have no knowledge of the identity of the person who provided us with the document, the U.S. government has told news organizations that Winner was that individual.

While the FBI’s allegations against Winner have been made public through the release of an affidavit and search warrant, which were unsealed at the government’s request, it is important to keep in mind that these documents contain unproven assertions and speculation designed to serve the government’s agenda and as such warrant skepticism. Winner faces allegations that have not been proven. The same is true of the FBI’s claims about how it came to arrest Winner.

We take this matter with the utmost seriousness. However, because of the continued investigation, we will make no further comment on it at this time.

POSTED     June 6, 2017, 11:43 a.m.
SEE MORE ON Reporting & Production
SHARE THIS STORY
   
Show comments  
Show tags
 
Join the 45,000 who get the freshest future-of-journalism news in our daily email.
“Checking Twitter…while being rushed into a bunker”: Considering fake news and nuclear war
Plus: The EU is surveying its citizens on fake news; what CrossCheck learned in France; the upcoming Disinformation Action Lab.
Can Canada build its own independent podcast industry in the True North strong and free?
Plus: Everybody’s suddenly making podcasts for kids, a show reveals itself as part-fiction in its grand finale, and mixing podcasts and dating apps.
Here are three tools that help digital journalists save their work in case a site shuts down
“So many people who work professionally on the Internet really don’t know, until too late, that their work is this fragile.”