[Cryptography] stego mechanism used in real life (presumably), then outed

Tom Mitchell mitch at niftyegg.com
Thu Jun 8 10:31:00 EDT 2017


On Tue, Jun 6, 2017 at 3:17 PM John Denker via cryptography <
cryptography at metzdowd.com> wrote:

> In case you missed it:
>
> Quoting from:
>
> http://blog.erratasec.com/2017/06/how-intercept-outed-reality-winner.html
>
> > that most new printers print nearly invisibly yellow dots that track
> > down exactly when and where documents, any document, is printed.
> > Because the NSA logs all printing jobs on its printers, it can use
> > this to match up precisely who printed the document.
>
> This seems like a pretty good explanation for the rapid arrest of
> NSA contractor Reality Winner.
>
> ...
>
> There are lots of forensic marking techniques.  Now that the yellow
> tracking dots are well known to leakers and would-be leakers, I
> reckon there will be a push to deploy other techniques.
>
> https://www.eff.org/pages/list-printers-which-do-or-do-not-display-tracking-dots
>
> =========
>
This is oldish news (tracking dots) and without the physical document in
hand I believe the official
story.   The leaked document had been imaged, scanned or iPhotograpged by
the news reporter as proof and it was obvious that a physical vs digital
leak was involved.   The audit then focused on print logs and. found about
six records for printing.  Then the six were checked and only one had been
in contact with this news outlet.

I should have played with my scanner and cameras to se if the yellow dots
are reliably reproduced.
My guess is they are not but imaging has improved.  The published images
would be screen optimized and single stink jet spots would be lost IMO.

If the physical document is recovered then the yellow anti counterfeiting
dots come to play as designed for counterfeit investigations.   There may
be more tracking games to watermark an original but the yellow dots are not
content specific.   Specific knowledge allows falseification or obfuscation
of the yellow dots.

Media outlets need to up their game to protect sources.  Sources now have
greater and increasing risk both through audit and stenography as well as
versioning hooks digital and physical.

Paper stock cannot be ignored.  Currency has silk but numerous other tags
could identify shipments, boxes even pages of paper.

The other  copies if filed would vindicate other employees but if burn
bagged, by design there is nothing to exonerate the others.

Some think this leak has value to the public but in the world of secrets
truth maps false information so I am not sure this truth=public_service
view is black and white.

Expect to see more encryption and stronger audit and access control in
systems.

-- 
I be mobile, excuse my tipping!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170608/06fb6d98/attachment.html>


More information about the cryptography mailing list