Nieman Foundation at Harvard
HOME
          
LATEST STORY
Newsonomics: Tribune’s Thursday night surprise rescrambles the consolidation puzzle
ABOUT                    SUBSCRIBE
June 6, 2017, 11:43 a.m.
Reporting & Production

The Intercept’s Russian hacking report also seems to be a good example of how not to handle leaks

The Intercept’s big story on the Russian government’s attempts to hack the U.S. election offers lessons for leakers and the news outlets they leak to.

On Monday afternoon, The Intercept published a bombshell story: “Top-secret NSA report details Russian hacking effort days before 2016 election.” The story — later confirmed by CBS — reveals that “Russian military intelligence executed a cyberattack on at least one U.S. voting software supplier and sent spear-phishing emails to more than 100 local election officials just days before last November’s presidential election, according to a highly classified intelligence report obtained by The Intercept,” and includes PDFs of the NSA’s report.

The story is a potentially huge one, providing the most evidence we’ve seen thus far that the Russian government attempted to influence the outcome of the U.S. election in ways beyond just spreading misinformation (and Russian president Vladimir Putin had even denied his government’s role in that). But another story is emerging around The Intercept’s story as well: By Monday evening, a 25-year-old federal contractor, Reality Leigh Winner, was charged with leaking the documents (the first criminal leak case under Trump). If Winner was indeed The Intercept’s source, there are questions about whether The Intercept could have done more to protect her — starting with those PDFs it published as part of its story.

The PDFs include a matrix of microdots — printer steganography — that could be used to trace the printer back to its source, as Ted Han (@knowtheory), the director of technology at DocumentCloud (whose platform The Intercept used to embed the PDFs in its story), pointed out Monday. And some of the pages were creased.

Cybersecurity expert Robert Graham explained on his blog how the microdots created by a color printer can be used to track the printer’s source, and writes:

The document leaked by the Intercept was from a printer with model number 54, serial number 29535218. The document was printed on May 9, 2017 at 6:20. The NSA almost certainly has a record of who used the printer at that time.

The situation is similar to how Vice outed the location of John McAfee, by publishing JPEG photographs of him with the EXIF GPS coordinates still hidden in the file. Or it’s how PDFs are often redacted by adding a black bar on top of image, leaving the underlying contents still in the file for people to read, such as in this NYTimes accident with a Snowden document. Or how opening a Microsoft Office document, then accidentally saving it, leaves fingerprints identifying you behind, as repeatedly happened with the Wikileaks election leaks. These sorts of failures are common with leaks. To fix this yellow-dot problem, use a black-and-white printer, black-and-white scanner, or convert to black-and-white with an image editor.

The Washington Post’s Erik Wemple has a good writeup of how steps The Intercept took to verify the documents may have contributed to Winner’s cover being blown — but it’s also clear that she didn’t follow many of the precautions that The Intercept publishes on its own how-to-leak page. (For instance: “Don’t contact us from work”; the FBI says Winner corresponded with The Intercept from her work computer.)

The journalist Barton Gellman, who led The Washington Post’s Pulitzer Prize–winning coverage of the NSA in 2013 and 2014, offered more thoughts in a tweetstorm Tuesday.

Matthew Garrett, a security developer at Google, has some ideas for news outlets’ how-to-leak pages.

When asked for comment, The Intercept issued this statement, which doesn’t address any questions about the outlet’s potential missteps:

On June 5 The Intercept published a story about a top-secret NSA document that was provided to us completely anonymously. Shortly after the article was posted, the Justice Department announced the arrest of Reality Leigh Winner, a 25-year-old government contractor in Augusta, Georgia, for transmitting defense information under the Espionage Act. Although we have no knowledge of the identity of the person who provided us with the document, the U.S. government has told news organizations that Winner was that individual.

While the FBI’s allegations against Winner have been made public through the release of an affidavit and search warrant, which were unsealed at the government’s request, it is important to keep in mind that these documents contain unproven assertions and speculation designed to serve the government’s agenda and as such warrant skepticism. Winner faces allegations that have not been proven. The same is true of the FBI’s claims about how it came to arrest Winner.

We take this matter with the utmost seriousness. However, because of the continued investigation, we will make no further comment on it at this time.

POSTED     June 6, 2017, 11:43 a.m.
SEE MORE ON Reporting & Production
SHARE THIS STORY
   
 
Join the 50,000 who get the freshest future-of-journalism news in our daily email.
Newsonomics: Tribune’s Thursday night surprise rescrambles the consolidation puzzle
Could the moves presage the major rollup that’s been increasingly talked about in America’s now-in-play, ever-struggling daily newspaper industry?
Anti-vaxxers are among the WHO’s top 10 global health threats, and Ebola fake news is killing people
During an outbreak in the Democratic Republic of Congo, “as rumors surface, communications experts rebut them with accurate information via WhatsApp or local radio.”
Nine steps for how Facebook should embrace meaningful interac— er, accountability
“There are broad concerns that Facebook continues to engage in deceptive behavior when it comes to user privacy, and that it is biased against certain groups, but outsiders currently have almost no possibilities to verify these claims.”