Following Winner's arrest and subsequent charging, the security researcher has submitted a pull request to the PDF Redact Tools, a project for securely redacting and stripping metadata from documents before publishing.
[...] "The black and white conversion will convert colors like the faded yellow dots to white," Szathmari told Bleeping Computer in an interview.
related stories:
Feds Arrest NSA Contractor in Leak of Top Secret Russia Document
North Korea's Red Star Linux Inserts Sneaky Serial Content Tracker
Doctor Who Season 8 Scripts Leak Online
Related Stories
Scripts for the first five episodes of the yet-to-be-screened and highly-anticipated series eight of Doctor Who have been leaked online.
The leak is said to have come from BBC Worldwide's new Miami office, which was arranging translation of the new series for non-English speaking markets. The scripts are said to bear a BBC watermark, the name of a staffer and to be extremely detailed post-production scripts describing on-screen action as well as dialogue.
Unconfirmed rumours claimed the scripts were placed on a public server which was indexed by a search engine. An innocent search stumbled upon the scripts, which eventually made their way into torrents and sites such as Scribd.
ERNW security analyst Florian Grunow says North Korea's Red Star Linux operating system is tracking users by tagging content with unique hidden tags.
The operating system, developed from 2002 as a replacement for Windows XP, was relaunched with a Mac-like interface in 2013's version three. The newest version emerged in January 2015.
Grunow says files including Microsoft Word documents and JPEG images connected to but not necessarily executed in Red Star will have a tag introduced into its code that includes a number based on hardware serial numbers.
"When analysing the OS the first thing that came to our attention is that they have built an own kernel module named rtscan. There is a binary running that is named opprc and a few more binaries, one that seems to simulate/pretend to be some kind of 'virus scanner' and seems to share some code base with opprc," Grunow says.
"The first thing that came to our attention when looking at the functions in the binary was gpsWatermarkingInformation.
"Creating and using media files and documents on RedStar OS can get you into trouble if you are living in North Korea; do not assume that the files can be kept private and cannot be traced back to the creator."
Grunow says the operating system does not watermark files created with the open source OpenOffice word processing suite.
Barely an hour after a news organization published an article about a Top Secret National Security Agency document on Russian hacking, the Justice Department announced charges against a 25-year-old government contractor who a senior federal official says was the leaker of the document.
The May 5, 2017 intelligence document published by The Intercept, an online news organization, describes new details about Russian efforts to hack voting systems in the U.S a week prior to the 2016 presidential election. While the document doesn't say the hacking changed any votes, it "raises the possibility that Russian hacking may have breached at least some elements of the voting system, with disconcertingly uncertain results."
Even as the document was ricocheting around Washington, the Justice Department announced that a criminal complaint was filed in the Southern District of Georgia charging Reality Leigh Winner, 25, a federal contractor, with removing classified material from a government facility and mailing it to a news outlet.
Source: NBC News
Once investigative efforts identified Winner as a suspect, the FBI obtained and executed a search warrant at her residence. According to the complaint, Winner agreed to talk with agents during the execution of the warrant. During that conversation, Winner admitted intentionally identifying and printing the classified intelligence reporting at issue despite not having a "need to know," and with knowledge that the intelligence reporting was classified. Winner further admitted removing the classified intelligence reporting from her office space, retaining it, and mailing it from Augusta, Georgia, to the news outlet, which she knew was not authorized to receive or possess the documents.
Source: Department of Justice
While the document provides a rare window into the NSA's understanding of the mechanics of Russian hacking, it does not show the underlying "raw" intelligence on which the analysis is based. A U.S. intelligence officer who declined to be identified cautioned against drawing too big a conclusion from the document because a single analysis is not necessarily definitive.
Source: The Intercept
How The Intercept Outed Reality Winner
Julian Assange: Alleged NSA leaker 'must be supported'
Bad tradecraft: How the Intercept may have outed its own leaker
WikiLeaks tweet #1: "Suspected Intercept reporter gave US government NSA whistleblower Reality Leigh Winner's post code, printout and her report number" and tweet #2: "WikiLeaks issues a US$10,000 reward for information leading to the public exposure & termination of this 'reporter'".
The Register reports
Beating the unique identifiers that printers can add to documents for security purposes is possible: you just need to add extra dots beyond those that security tools already add. The trick is knowing where to add them.
[...] researchers from the Technical University of Dresden [...] Timo Richter, Stephan Escher, Dagmar Schönfeld, and Thorsten Strufe reckon they've cracked the challenge of knowing how to anonymise printed documents, and presented their work to the Association of Computer Machinery's 6th ACM Workshop on Information Hiding and Multimedia Security in Innsbruck, Austria [the week of June 22].
In this paper, the TU Dresden researchers explain that they tested 1,286 documents printed on machines from 18 manufacturers, creating an extraction algorithm to identify well-known dot-patterns--and at the same time, discovering four previously undiscovered patterns coding at 48, 64, 69, and 98 bits.
Identifying new patterns is important, from a privacy point of view, since as the authors points out, an activist in a dictatorship could easily be unmasked by their printer (unless they happen to use a Brother, Samsung, or Tektronix printer, none of which seemed to carry tracking codes, the researchers said).
[...] The group has published [a] toolkit that automates the obfuscation workflow, here.
Previous: "Printer Dot Sanitisation" Software Seeks to Cleanse Yellow-Dot Watermarks
(Score: 4, Informative) by bradley13 on Saturday June 10 2017, @06:24PM (14 children)
It's all well and good for PDF software to eliminate any little yellow dots, but that doesn't prevent the printer from putting them on paper - that has nothing at all to do with the source document. And what would be the point of printing a document, only to scan it in as PDF?
No, we should be upset that printer firmware puts tracking marks on every document we print. This has been around long enough that we all forget about it, but really, it's just as intrusive as a government GPS tracker on your car. It's supposed to catch criminals, and since law abiding citizens have nothing to hide...where have we heard this before? It's another piece of the totalitarian wet-dream represented by people like Theresa May and her campaign against encryption.
Everyone is somebody else's weirdo.
(Score: 3, Interesting) by KilroySmith on Saturday June 10 2017, @06:53PM (6 children)
>>>And what would be the point of printing a document, only to scan it in as PDF?
Well, it's a great way to definitively strip any identifying metadata from the document. Were I ever to leak a document, it's certainly one of the steps I'd take.
(Score: 5, Insightful) by mhajicek on Saturday June 10 2017, @07:08PM (5 children)
Why not scan the print with OCR and release it as a text file?
The spacelike surfaces of time foliations can have a cusp at the surface of discontinuity. - P. Hajicek
(Score: 1, Insightful) by Anonymous Coward on Saturday June 10 2017, @08:09PM (1 child)
Proof that a document is official often requires the letterhead, signatures and other markings.
(Score: 2) by mhajicek on Sunday June 11 2017, @09:21AM
Well those are easy enough to Photoshop.
The spacelike surfaces of time foliations can have a cusp at the surface of discontinuity. - P. Hajicek
(Score: 2) by frojack on Saturday June 10 2017, @08:18PM (1 child)
First you'd have to print it. (That leaves a digital record of who printed what, from what station, at what time).
Sending it out of the NSA across any network is going to get you caught quickly.
So you have to get it out of the NSA in printed form, and do your scanning and PDFing outside.
So you smuggle it out in paper form.
Oh, wait. I think I see the problem right here.... How did THAT happen? Just walk out with a sheaf of papers?
Seems to me, Ms Winner was set up for this fall. She can't be smart enough to GET that job, and dumb enough to think it would be that easy.
No, you are mistaken. I've always had this sig.
(Score: 2) by kaszz on Saturday June 10 2017, @11:08PM
There are a lot of people with clearances. They don't seem to mean too much. And in fact her boss(es) may not be that smart or just squeezed by budget or profit demands. It was a subcontractor after all.
(Score: 2) by KilroySmith on Saturday June 10 2017, @08:41PM
Often the letterhead, headers, and footers help to authenticate that the document is "real", even though they're easily faked.
(Score: 2) by frojack on Saturday June 10 2017, @07:57PM (6 children)
It was originally to catch counterfeiters. That is what it was sold as anyway.
This is a perfect example of feature creep for the benefit of Government.
You would expect a government spy agency to have this installed. You would expect someone working at a spy agency to know this. And you would expect any PDF writer available on a spy agency computer would be equally compromised. You would expect the same of Military bases, Classified Research sites, Lawyers offices, etc.
This case is brought to our attention by the arrest of a very silly young woman, utterly ill prepared to do the deed she decided to do. When the FBI Director is leaking documents, how do you expect anyone else to toe the line?
Yes Yellow Dots have been around a long time. And yes, it would make more sense to hang up a Tracking Dots warning sign over each printer to prevent leaks than hope to catch the leakers after the fact. That just reveals the failure of the current intelligence mind set in this country. Find ways to catch everybody after the fact, and to hell with the collateral damage done by allowing the attack/espionage to occur in the first place.
https://www.eff.org/pages/list-printers-which-do-or-do-not-display-tracking-dots [eff.org]
No, you are mistaken. I've always had this sig.
(Score: 0) by Anonymous Coward on Saturday June 10 2017, @08:53PM (5 children)
Which, of course, is a terrible justification. Tracking everyone because some people are bad guys is not something 'the land of the free' is supposed to do.
(Score: 2) by frojack on Saturday June 10 2017, @09:17PM (4 children)
The land of the free is not to blame here.
Its the Printer/scanner Manufacturers (mostly in Asia) satisfying the customers (world wide) who pay extra for that feature.
No, you are mistaken. I've always had this sig.
(Score: 2) by takyon on Saturday June 10 2017, @10:19PM (3 children)
I hear Samsung is one of the ones that doesn't bother adding the spy dots.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 0) by Anonymous Coward on Saturday June 10 2017, @11:03PM
The Epson Stylus Photo R200 doesn't add them, I've heard.
(Score: 0) by Anonymous Coward on Saturday June 10 2017, @11:17PM (1 child)
There are 4 Samsung units listed at the EFF link from frojack.
All of those are no-dots.
There are 14 OkiDATA units listed.
All of those are no-dots.
Xerox/Tektronix/Fuji is a mixed bag.
Another EFF page that has a decoder at the bottom.
DocuColor Tracking Dot Decoding Guide [eff.org]
There's some organized resistance in the EU. [seeingyellow.com]
-- OriginalOwner_ [soylentnews.org]
(Score: 2) by frojack on Sunday June 11 2017, @01:29AM
And none of those is getting any business from the CIA/NSA etc.
This isn't something the manufacturers are foisting on an unsuspecting public.
It is something agencies and businesses actively seek out to protect the information they are charged with protecting.
They could make the technology far more effective by just hanging up a sign and saying every document will be dot encoded. Combine that with a 27 cent finger print reader on the "Copy" button, and just about all your document copy thefts disappear.
Is this wrong?
Should just ANY clerk working for the IRS be free to photocopy or print out your tax returns and post them all on line? Your medical records? Your bank account?
I suggest this is only a story because a very silly woman stole something from a big bad three letter agency. (Note: It was RUSSIAN intelligence she copied - not your email).
No, you are mistaken. I've always had this sig.
(Score: 1, Funny) by Anonymous Coward on Saturday June 10 2017, @06:40PM (1 child)
So I'll be able to print money again soon?
(Score: 2) by frojack on Saturday June 10 2017, @09:21PM
Yes. We do, because we keep losing it [nocookie.net], and our sessions tend to last days over the holiday breaks.
Especially the green and the blue.
No, you are mistaken. I've always had this sig.
(Score: 2) by wonkey_monkey on Saturday June 10 2017, @10:27PM (1 child)
Okay, I know what was only recently in the news, but a news story should come with a little context.
What security researcher?
systemd is Roko's Basilisk
(Score: 0) by Anonymous Coward on Saturday June 10 2017, @11:29PM
Seconded. If I hadn't spotted the headlines in the MSM recently, I'd have no idea what's going on here.
(Score: 0) by Anonymous Coward on Sunday June 11 2017, @01:12AM (1 child)
What about adding more dots? Patterns all over the place? Or is firmware smart enough to detect fake data and avoid that so only the ID dots are printed?
Also, yellow paper? Maybe tint everything with quick spray pass. Or colored slide and photocopy the combination.
(Score: 2) by kaszz on Sunday June 11 2017, @01:49AM
It can be counter acted by statistical trends. Yellow paper etc will still carry a small but detectable difference, and thus being compromised. It has to not be printed at all to begin with.
(Score: 2) by kaszz on Sunday June 11 2017, @01:45AM (1 child)
I mentioned this counteraction [soylentnews.org] earlier:
Just a little counter hint.. The image on a printed page is built up using a bitstream that is scanned onto the light sensitive drum inside the laser printer. Now if that laser on/off input is controlled by a bitstream that came from somewhere else then, the whole factory design is circumvented ;-)
Printing a A4 with 600 dpi at a rate of printing 8 pages per minute in black-white:
inch = 0.025400
(0.210*(600/inch) * 0.297*(600/inch)) / (60/8) = ~4.6 Mbit/s
For 1200 dpi:
(0.210*(1200/inch) * 0.297*(1200/inch)) / (60/8) = ~19 Mbit/s
This needs a serious serdes unit however. Way faster than standard I2S ports.
One way to implement this could be to use 3x GPIO on a Raspberry-Pi. The first GPIO will trigger when the paper page starts. The second GPIO trigger start of raster scan. And the third GPIO sends the actual bitstream as string of bits synchronously until one line is complete. The rest is just setup and repetition. To eliminate jitter all interrupts and multitasking has to be shut off when running the transmission code.
The advantage of using a fast Raspberry-Pi is that you may get away with just wiring the laser scanner module to a few GPIO pins. At worst it will leave 36 clock cycles per bit to output. A 900 MHz RPi with 600 dpi would have a margin of 195 clock cycles per output bit. Plenty of CPU cycles to go around.
For laser printers using LED-arrays, the controller needs to supply 10x GPIOs: 4x Data, Clock, Latch, 4x Strobe.
With a clock frequency in the 10-40 MHz range.
(Score: 1, Insightful) by Anonymous Coward on Sunday June 11 2017, @02:52AM
Oh, great... why not just bring your own printer then? New printer or hacking into printer... sure noone will notice while checking physically the secured area.
If you can pick any printer, say for personal use at your own home or business, just buy one that doesn't have the dot system.
(Score: 2) by bzipitidoo on Sunday June 11 2017, @03:07AM (2 children)
I've grown to loathe printers, particularly ink jets. Ink that is pricier than gold, a propensity to clog and jam, and most of all, all the limitations of paper: low storage density, not searchable with machinery. And now this treacherous steganography. What's with the love affair so many people still have with the printed word? Quit using them already!
(Score: 2) by hemocyanin on Sunday June 11 2017, @04:19AM
The printed word is hand in power outages.
(Score: 2) by Grishnakh on Sunday June 11 2017, @05:12AM
You're talking about inkjets. Get a laser printer instead; the toner is cheap, and they don't have clogging problems since there's no inkjet nozzles.