A nearly invisible but unique watermark may have helped U.S. investigators identify the contractor accused of leaking a top secret NSA document published by The Intercept on Monday, according to security experts.
Reality Winner, 25, was arrested over the weekend and formally charged Monday with removing classified material from a government facility and mailing it to an unidentified news outlet, the Justice Department announced afterwards.
Multiple outlets have since identified Ms. Winner as the source of a secretive NSA document published online by The Intercept hours before the government’s announcement. While the Justice Department hasn’t formally called Ms. Winner the website’s source, however, security experts have since determined whoever leaked the NSA document also gave The Intercept — and subsequently the federal government — an avenue to trace its origin.
According to court documents, the unidentified news outlet provided the government with a copy of the leaked document prior to the publication of its report. The government’s subsequent analysis “determined the pages of the intelligence reporting appeared to be folded and/or creased, suggesting they had been printed and hand-carried out of a secured space,” the FBI said in an affidavit filed Monday.
The government conducted an internal audit to determine who accessed the intelligence reporting after its release in early May and narrowed the search down to six individuals, including Ms. Winner, the affidavit says. She ultimately admitted “intentionally identifying and printing the classified intelligence reporting at issue” when interviewed Saturday at her home in Augusta, Georgia, according to the affidavit.
Absent Ms. Winner’s alleged confession, experts believe the classified document shared by The Intercept already included enough information to narrow in on the source of the leak.
SEE ALSO: Reality Winner, suspected NSA leaker, ‘must be supported’: WikiLeaks publisher Julian Assange
The NSA document contains a series of nearly invisible yellow dots that reveal uniquely identifying information about the precise printer used to reproduce it, Errata Security founder Robert Graham wrote Monday after reviewing the file. While nearly undetectable to the naked eye, the watermark, once magnified and decoded, could have given investigators a smoking gun in their search for the leaker.
“Printers have two features put in there by the government to be evil to you. The first is that they recognize a barely visible pattern on currency, so that they can’t be used to counterfeit money,” Mr. Graham wrote. “The second is that when they print things out, they includes these invisible dots, so documents can be tracked.”
“The document leaked by the Intercept was from a printer with model number 54, serial number 29535218. The document was printed on May 9, 2017 at 6:20,” he added upon reviewing the file. “The NSA almost certainly has a record of who used the printer at that time.”
Tech website Ars Technica and other security experts have drawn similar-to-identical conclusion.
Ms. Winner was employed at Pluribus International Corporation, a defense and intelligence contractor, at the time of her arrest. She previously spent six years in the military and held a Top Secret security clearance giving her access to classified documents.
A detention hearing for Ms. Winner is currently scheduled for Thursday in Augusta, CNN reported this week. She’ll face up to 10 years behind bars if convicted, the network added.
SEE ALSO: Reality Winner charged with leaking classified materials
“As we reported in the story, the NSA document was provided to us anonymously,” The Intercept said in a statement. “The Intercept has no knowledge of the identity of the source.”