Reality Winner is a former NSA intelligence contractor who leaked a classified hacking report to the press in 2017.
The FBI arrested Reality Leigh Winner on 3rd June for leaking classified information to The Intercept that published the Top-Secret NSA report after two days of the arrest.
Reality Leigh Winner held a top-secret security clearance and worked as a government contractor in Georgia with Pluribus International.How did the FBI identify Reality Leigh Winner?
The Feds started the investigation on May 30, 2017, when The Intercept contacted the NSA and turned over a copy of the report to verify its authenticity.
Winner took prints of the document and then sent a scanned copy of it via email to The Intercept.
Modern printers print invisible yellow dots that track when and where the documents were printed. Robert Graham from Errata Security detailed the process used to analyze a document starting from the “invisible dots.”
“The document posted by the Intercept isn’t the original PDF file, but a PDF containing the pictures of the printed version that was then later scanned in.” wrote Graham.
“The problem is that most new printers print nearly invisibly yellow dots that track down exactly when and where documents, any document, is printed. Because the NSA logs all printing jobs on its printers, it can use this to match up precisely who printed the document.”
The document leaked by The Intercept was printed by a printer with model number 54 and serial number 29535218. With the same technique, the expert discovered also that when the document was printed. The information extracted from the document compared with the log of usage of the printer at the NSA offices allowed the identification of Reality Leigh Winner.
“The document leaked by the Intercept was from a printer with model number 54, serial number 29535218. The document was printed on May 9, 2017, at 6:20. The NSA almost certainly has a record of who used the printer at that time.” continues the analysis.
The NSA logs revealed that six employees had access to that Tor-secret report and that Winner was the person who printed it.
Once identified the unfaithful contractor, the agency also determined that she was the unique person who exchanged mail with The Intercept.
Winner was arrested and admitted to having passed the information to the news outlet.
She pleaded guilty in 2018 to a single count of transmitting national security information and was sentenced to five years and three months in prison. This is the longest sentence ever imposed by the US government for a federal crime involving leaks to the news media.
Back to the present, Winner has been sent to home confinement in San Antonio, Texas, where she will remain until November 2021.
She will be fully released on November 23 under supervised release.
In 2020, Winner failed to obtain a pardon from President Trump.
Follow me on Twitter: @securityaffairs and Facebook
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, data leak)
[adrotate banner=”5″]
[adrotate banner=”13″]