(Replying to PARENT post)

She pretty much outed herself though by using her own computer to mail the document to the intercept. That the intercept then went and tried to verify the veracity of the documents does not give them much credit either, they didn't have to forward the actual scans, there would have been other ways of verifying that the documents were real.

Finally, this was clearly careless on the part of the Intercept, no proof has ever been given that this was malicious, and I'm not seeing any here.

👤jacquesm🕑4y🔼0🗨️0

(Replying to PARENT post)

It has been some years since I read about the original document leak, but as I recall, she shared documents from her workplace that either had printer steganography ID codes embedded into them (images in a raster scan of a paper document), or some form of digital stego IDs in electronic documents.

Basically not very different from how major motion picture studios embed some sort of unique ID code into the compressed video files given out pre-release, to reviewers (and workprints sent to 3rd party CGI studios) so that they can track down a leak.

None of which Winner was aware of the existence at the time. Some of those codes made it through to the reporting, and were published to the Internet, making it fairly easy for federal law enforcement to track her down.

I have also not seen any information saying that the journalists who received the documents, definitively were, or were not aware of the presence of the ID numbers stegoed into the documents.

https://www.theatlantic.com/technology/archive/2017/06/the-m...

https://blog.erratasec.com/2017/06/how-intercept-outed-reali...

On a more meta level, it's a hard problem to solve with handling and publishing leaked documents, because on one side you have the vast resources of the NSA and the US intelligence community coming up with new steganographic and other methods to embed tracking ID numbers into documents. The full size, scale, budget and weight of various federal agencies' "counterintelligence" efforts.

And on the other side you have investigative journalists who do not have PhD level degrees in math/cryptography, and do not have the technical resources to definitely search through a huge pile of documents and say with 100% confidence that any possible tracking IDs have been stripped out.

I don't think I could reasonably expect a person from a journalism/liberal arts degree educational and work experience background to identify steganography.

👤walrus01🕑4y🔼0🗨️0

(Replying to PARENT post)

> She pretty much outed herself though by using her own computer to mail the document to the intercept.

I don't understand this point at all. Identifying oneself as a source to a journalist is a critical and important part of being a whistleblower. The Intercept could never have published anything without some authentication of where it came from. You think you can just mail some documents anonymously and papers will run with it?

I mean, maybe you could argue that in the case of specific kinds of documents that are self-authenticating, I guess. But in general, no, journalists need to know where stuff comes from. Ellsberg didn't hand over the Pentagon Papers anonymously, Deep Throat was known to Woodward & Bernstein, etc...

👤newacct583🕑4y🔼0🗨️0

(Replying to PARENT post)

More than careless, basically incompetent regarding OpSec. And even worse is that they tried to cover it up and attemoting minimizing the impact of the damage.

👤m-p-3🕑4y🔼0🗨️0

(Replying to PARENT post)

Where does malice come into it?

I see the link talking about self interest and negligence.

👤maxerickson🕑4y🔼0🗨️0