How The Intercept Accidentally ‘Outed’ The NSA Leaker

(Photo credit: THOMAS COEX/AFP/Getty Images)

Daily Caller News Foundation logo
Eric Lieberman Deputy Editor
Font Size:

Online news outlet The Intercept indirectly helped the Trump administration catch a leaker by reportedly showing the NSA the obtained documents roughly a week prior to the publication of an article.

The Department of Justice (DOJ) charged Reality Leigh Winner, a 25-year-old Georgia-based NSA contractor, Monday for stealing highly classified information and providing it to a news outlet. The legal filing does not make explicit mention of the publication, but NBC News reports that the recipient of the documents is The Intercept. Winner reportedly possessed a Top Secret security clearance prior to the alleged transgressions and admitted to being the source of the leak when the FBI approached her.

The Intercept reportedly revealed copies of secret files to the NSA around a week or two before publication to confirm their authenticity. But in the process, the intelligence agency noticed that the reports “appeared to be folded and/or creased, suggesting they had been printed and hand-carried out of a secured space,” according to the official legal complaint. (RELATED: Will The GOP Remake Surveillance Laws After Trump Leaks?)

Officials were likely then able to pinpoint Winner by deciphering and decoding several other inconspicuous signals within the published sensitive documents. While The Intercept reportedly didn’t share the original PDF file, it did disclose content containing pictures of the printed version.

The majority of printing devices print paper with yellow dots that are almost impossible to see, according to Robert Graham, a cybersecurity expert. Somewhat technologically proficient people, especially officials within the intelligence community like the NSA, can analyze the extremely faint marks and precisely determine when and where the documents were printed.

Graham, writing for the cybersecurity blog Errata Security, says that almost any user can decode the meaning of the dot configuration through a tool offered by the Electronic Frontier Foundation. After inputting the arrangement, a model and serial number of the printer is shown, as well as the date and time of the printing.

And that is all the U.S. government probably needed to identify and arrest Winner, who is behind at least some of the leaks in the Trump administration. (RELATED: NSA Leaker Is A Bernie Supporter Who ‘Resists’ Trump)

“The NSA almost certainly has a record of who used the printer and at that time,” Graham explained. “The situation is similar to how Vice outed the location of John McAfee … [and the] NYTimes accident with a Snowden document.”

Graham says if people don’t want ciphered yellow-dots in printed documents they should use black-and-white printers and scanners. He alleges printers are mandated to have these features in order to decrease the chances of people counterfeiting money and that government forcing the code into our printers is a violation of 3rd Amendment rights, a rarely-cited freedom.

Now that the probable investigative tactic behind finding the leaker is revealed, whistleblowers and leakers may respectively use black-and-white printers only, or at least convert the documents with a black-and-white scanner or an online image editing service.

Follow Eric on Twitter

Send tips to

Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact