back to article Cuffed: Govt contractor 'used work PC to leak' evidence of Russia's US election hacking

A 25-year-old contractor has been charged with leaking NSA files that claim Russian intelligence hacked at least one maker of voting software used in 2016's US elections. Reality Leigh Winner, who held a top-secret clearance and worked at government tech provider Pluribus International, is accused of passing classified …

  1. Anonymous Coward
    Anonymous Coward

    so was she a cunning linguist?

    ill get me coat.

    </commentreserved>

    1. tiggity Silver badge

      Re: so was she a cunning linguist?

      More naive / incompetent than cunning.

      ..She should have licked the documents to remove the micro dots

      1. Anonymous Coward
        Anonymous Coward

        Re: so was she a cunning linguist?

        She should have licked the documents to remove the micro dots

        She'd get her tongue caught in the staples. It happened to me with the Playboy centrefold.

        :)

        1. Sir Runcible Spoon Silver badge

          Re: so was she a cunning linguist?

          I'm assuming that she wouldn't have had a smart phone on her to take a picture of her monitor?

          Another method would be print to a file, sneak the file out, and then print it from somewhere else - depends on whether sneaking a digital copy out is easier or harder than sneaking out a doctored A4 printout.

          1. Antron Argaiv Silver badge
            Coat

            Re: so was she a cunning linguist?

            Dot matrix FTW!

            ...not so much of a "winner", was she?

    2. Anonymous Coward
      Anonymous Coward

      Good News? Potentially, 6 people with a conscience.

      Microdots / Serial Numbers in scans/copying equipment. It used to used a means to identify counterfeit currency, not counterfeit Presidents.

    3. bombastic bob Silver badge
      Devil

      Re: so was she a cunning linguist?

      we'll probably find out once she's in the iron bar hotel. she'll have plenty of time to pump iron, too (see photo in article).

      too many possible jokes to continue. /me self-censors

      1. midcapwarrior

        Re: so was she a cunning linguist?

        "Winner shows off her gains on Instagram"

        Is that a Brit colloquialism?

        Here we would say she was showing off her guns

  2. This post has been deleted by its author

    1. Anonymous Coward
      Anonymous Coward

      Re: Can someone with more knowledge on the subject answer me this:

      No legitimacy yet, the whole incident could have been an FBI honeypot...

    2. veti Silver badge

      Re: Can someone with more knowledge on the subject answer me this:

      The result was so close that you can reasonably claim just about everything swung it.

      But none of that makes a difference. The rules are the rules, the game is over and there's no plausible way to replay it.

      Does it raise doubts about the mandate of the current bunch of rulers? Yes, but frankly if you didn't have quite a lot of those sorts of doubts already, you're (a) not paying attention and (b) unlikely to be persuaded now.

      1. tom dial Silver badge

        Re: Can someone with more knowledge on the subject answer me this:

        Trump won, and legitimately so by the rules generally in effect for somewhere between 100 and 227 years.

        Nevertheless, there is no earthly justification for a claim that he had a mandate.

        1. Anonymous Coward
          Anonymous Coward

          Re: Can someone with more knowledge on the subject answer me this:

          With respect, winning by the rules is what having a mandate is defined as.

          Years of that Blairperson shrieking about his Man-Date when a majority of the country voted for someone else, is what defines politics for me these days.

          1. John Smith 19 Gold badge
            WTF?

            "With respect, winning by the rules is what having a mandate is defined as."

            Isn't that this report suggests the GRU targeted the US election SW suppliers a big hint that maybe Trump did not win by the rules?

            Seriously let's play a game.

            You are a foreign Intelligence organization. You specifically target a company (at least one) who write the software used in US election machines. You are doing this because

            a) You want to be able to influence US elections at will

            b) You want to get advance notice of who is winning

            c) You want to steal the software so it can be used in future elections in your own country without buying it.

            All of the above are possible.

            Which do you think is the more likely?

            1. mathew42

              Re: "With respect, winning by the rules is what having a mandate is defined as."

              d) Cast doubt on the legitimacy of the ellection

              This is much simpler and if you are seeking to cripple / destroy a democracy almost as effective as influencing the election.

              1. John Smith 19 Gold badge

                "This is much simpler and if you are seeking to cripple / destroy a democracy "

                However that can be stopped in its tracks by an independent software audit of all voting machines software, obviously under NDA to the companies.

                You conquer fear through knowledge.

            2. Anonymous Coward
              Anonymous Coward

              Re: "With respect, winning by the rules is what having a mandate is defined as."

              "You specifically target a company (at least one) who write the software used in US election machines."

              There has never been any evidence of that. But it is a good argument for physical ballots.

              1. IT Poser

                Re: "There has never been any evidence of that."

                While I don't claim to fully grok this event yet I thought that an unnamed news organization was sent the evidence that Russia had tried.

            3. StudeJeff

              Re: "With respect, winning by the rules is what having a mandate is defined as."

              Except the software these companies produced have nothing to do with the voting machines. Their software is used in voter registration, not the same thing at all.

              Unless you've got a lot of "boots on the ground" willing to commit vote fraud about the only thing they could do with the ability to mess with registration records is to change or delete individual voters records, forcing them to cast a provisional ballot.

              Now theoretically, if it's a big enough plot you could create a bunch of bogus voters, and then have your fellow travelers cast votes under those names, but that would be difficult, especially in places where they have voter ID laws (which is another reason why such laws are a good idea).

          2. John Smith 19 Gold badge
            Unhappy

            "Years of that Blairperson shrieking about his Man-Date "

            Well that's one way to describe his bromance with the W.

          3. John Gamble

            Re: Can someone with more knowledge on the subject answer me this:

            "With respect, winning by the rules is what having a mandate is defined as."

            That may be how it works in a parliamentary system, but in the U.S., where power is split between three separate organizations (President, Senate, and House of Representatives; I'm skipping the oversight power of the Supreme Court for the moment), a mandate is a psychological attribute dependent upon the margin of victory.

            Despite his win, Trump's popular vote loss tends to offset any "mandate" claims.

            Honestly, the last president who had a clear mandate was Nixon (in my opinion of course; your candidate's mileage may vary). And he had to resign to avoid impeachment. So even a "mandate" won't shield you from your actions.

          4. tom dial Silver badge

            Re: Can someone with more knowledge on the subject answer me this:

            Abraham Lincoln won the 1860 presidential election by the same rules, give or take a few changes over the next 150+ years, with about 40% of the total vote. Events of the following five years establish quite decisively that he did not in any reasonable sense have a mandate to govern. While the results are far less lopsided, it remains true that in 2016 none of the candidates was the choice of a majority of those who voted, and that probably is true of the population of eligible voters as well. To claim that any of them would have a mandate stretches the common understanding a bit too far. It would be better to say that because we accept the legitimacy of the constitutional procedures (if we do) we should in consequence of that accept the legitimacy of the president chosen according to those rules.

        2. wayne 8

          Re: Can someone with more knowledge on the subject answer me this:

          Winner take all. No need for a mandate or a coalition.

  3. Anonymous Coward
    Anonymous Coward

    "undermines public faith in government."

    I thought that was Trump's job!

    1. Shadow Systems Silver badge

      "...undermines public faith in government."

      What a complete crock of bullshit. We have no faith in government, except maybe to fuck us over every chance it gets.

      Trump nominating the most toxic folks into their various offices to undermine any progress made in those offices (for example, Mr.Pai claiming broadband isn't telecommunications; the education minister refusing to help the students fucked over by the failed for-profit-college industry; giving a guy who shares the presidents climate change denial stance the job in charge of protecting the environment; ad nauseum), and you think We The People have any faith in you?

      Pull your head out of your ass, take a deep breath, wipe the shit from your eyes, & join the rest of us in the real world. Your jack booted Hitler-esque actions are drowning out our cries to stop.

      Fuck you.

      1. Anonymous Coward
        Anonymous Coward

        Re: "...undermines public faith in government."

        @ Shadow Systems

        "Your jack booted Hitler-esque actions are drowning out our cries to stop."

        You invoked Godwins Law and in doing so I claim my £10.

      2. Anonymous Coward
        Anonymous Coward

        Re: "...undermines public faith in government."

        Indeed. After Obama had insisted that CO2 was a pollutant. So he could regulate it and tax it.

        You dont get to be president except by being a lying cheating two faced sumbtich and let's face it, at least Trump is more amusing that that vinegar faced old pussy he was up against.

        1. anonymous boring coward Silver badge

          Re: "...undermines public faith in government."

          If it's going to kill us or harm us, it's probably a pollutant.

          If, for example, we spread table salt over the land to the extent that we couldn't grow crops any more, I'm pretty sure that table salt would be classified as a pollutant.

      3. Panix
        FAIL

        Re: "...undermines public faith in government."

        I know we shouldn't feed the troll but seriously, go back to tumblr, faggot.

    2. Voland's right hand Silver badge

      "undermines public faith in government."

      It is already undermined by NSA sitting on it instead of handing it off to the FBI and/or the congress for a thorough investigation. There is stuff you just do not sit on, regardless of how "classified" it is.

      Also, it is quite interesting HOW did NSA get their mitts on the information. They are not supposed to be snooping on US election companies so exactly where did they do "signal intelligence" to be in possession of this information.

      1. Anonymous Coward
        Anonymous Coward

        It is already undermined by NSA sitting on it instead of handing it off to the FBI and/or the congress for a thorough investigation. There is stuff you just do not sit on, regardless of how "classified" it is.

        Two problems with that:

        1 - you have raw intel here, without any context. We don't know if that is "just in" and fully qualified and verified informationAnd what makes you think this wasn't already happening?

        2 - what makes you think they were not already sharing? If you use Gmail, you don't know who else is looking at your data either.

        Also, it is quite interesting HOW did NSA get their mitts on the information. They are not supposed to be snooping on US election companies so exactly where did they do "signal intelligence" to be in possession of this information.

        I reckon that may have happened in the same manner as with the Trump goons in office: when communications went across the border. For all we know it may have bene picked up at the same time as an assumption of active collusion is becoming more and more plausible by the day.

        This highlights one of the main issues I have with leaking: when data is pulled out of context you risk assumptions that are not based on fact. Intelligence is guesswork based on data, but the aim is to get as close to the facts as possible and that's not possible without knowing more about the data.

        The other issue I have is with leaking in general: that should not be your aim when you join an organisation. I know I'm going against that grain here (and maybe I'm a bit old fashioned about it), but if you give your word to protect the information you are handling, you have given your word. I know it's fashionable to pass everything to the press, but even these organisations are sometimes working to protect people (for instance, by finding evidence that Trump and friends are basically working for Russia) and a lack of trust in staff is not helping. I know I'm probably sparking a debate here, but despite abuse, confidentiality and secrecy DO have their place.

        1. wayne 8

          For those unaware, the first duty of the NSA is to send a raw feed of ALL intercepts directly to Mossad HQ.

          Then they apply filters and legal requirements to the feed before submitting pieces to relevant USA agencies.

          Any questions about who wags the USA?

          1. anonymous boring coward Silver badge

            Aren't you going to talk about Sep 11, and the fake moon landings too?

      2. Anonymous Coward
        Anonymous Coward

        it is quite interesting HOW did NSA get their mitts on the information

        It was/is all in the Clinton mind, how else could the old bat lose.

      3. tom dial Silver badge

        Evidence that the NSA did not provide the information to the FBI (and DHS)?

        Both the DHS and the FBI issued warnings to states in August, 2016 about attempts to penetrate state voter registration databases. This was reported publicly at the time, and it is not unlikely that the information that triggered the warnings came partly from the NSA.

        That the NSA snoops on the GRU whenever and however it can is certain. Under FISA section 702, this allows them to take note of such things as identifiable spear phishing by presumed GRU agents directed at US targets. Other parts of the US Code allow them to report such activities to the FBI, as may well have happened in late 2015, when the FBI contacted the Democratic National Committee to tell them they were hacked. Whether that constitutes snooping on the US targets is a matter of definition, but it is plainly legal at present, as well as very likely acceptable to many of the victims of such attacks.

    3. Smooth Newt
      Happy

      Zaphod Beeblebrox

      "undermines public faith in government."

      I thought that was Trump's job!

      "The President is very much a figurehead - he wields no real power whatsoever. He is apparently chosen by the government, but the qualities he is required to display are not those of leadership but those of finely judged outrage. For this reason the President is always a controversial choice, always an infuriating but fascinating character. His job is not to wield power but to draw attention away from it. "

    4. wayne 8

      If you have faith in your or any other government, you aren't paying attention.

    5. John Smith 19 Gold badge
      Unhappy

      "undermines public faith in government." "I thought that was Trump's job!"

      And TBH he does it damm well.

      1324 days to go.

  4. Rustbucket

    Dear "The Intercept"

    "Thanks for nothing"

    Seriously though, a publication that specializes in publishing leaks has no basic clue about protecting its sources and sanitizing received documents?

    And microdots can survive a trip through an office copier, or was some other identification method used?

    1. Brian Miller

      Re: Dear "The Intercept"

      I would have thought The Intercept would have retyped the document, or scanned it in, run OCR, and then sent that back to the spooks.

      But just flopping it on a scanner, and sending that back? Well, of course then the microdots survived the process. After all, they look just like "random" flecks of toner.

      And to think that Ms. Winner just mailed it off to them, also without taking any steps to anonymize the document. She could have at least run it through dodgy fax machines a few times.

      Ah, well, at least it wasn't info that was really hidden, it just confirms what everybody was suspecting all along. The voting machine companies have dodgy products, the employees can be easily spear-fished, the politicians can also be spear-fished, and Microsoft always has bugs/holes as features.

    2. This post has been deleted by its author

    3. DougS Silver badge

      Re: Dear "The Intercept"

      From what I read about it, when it was published the NSA did a search to see who accessed the document, and found that six people had, and she was the only one with correspondence with a journalist.

      They didn't say whether she used her NSA email to correspond - one would hope not, but she's probably sending it plaintext which would get it captured by the NSA's backbone snooping.

      No microdots required.

      1. Anonymous Coward
        Anonymous Coward

        Re: Dear "The Intercept"

        No need for microdots, just amend a single word in each released copy.

      2. Doctor Syntax Silver badge

        Re: Dear "The Intercept"

        "They didn't say whether she used her NSA email to correspond"

        No, but they do say she used her workstation. And that she had top-secret clearance.

        You have to wonder just how little you have to understand security to fail to get a top-class clearance at the NSA.

        1. DougS Silver badge

          Re: Dear "The Intercept"

          I know the process for obtaining 'top secret' clearance, having done so myself at one point (long expired now) They want you to provide them a lot of information, but it all seems focused on getting you to give them information they are almost certainly able to obtain themselves, so I think it is more to detect deliberate omissions or lying.

          The problem is overclassification - for example the IP addresses and hostnames of machines in the DoD internal network are classified Secret. Let's forget that they are running DNS servers to tell you those things... Because so many things will be classified Top Secret, just about everyone who works in the DoD, let alone the NSA, will require Top Secret clearance. So they can't be particularly selective or have too intensive of a vetting process or they'll be short staffed.

          As a result, all the real secrets are Top Secret - SCI (secure compartmentalized information) or the so-called 'codeword access'. I have to think (hope?) that access to the real secrets covered under some of those codewords will weed out people like her. Perhaps even people like me, who since I sympathize with whistleblowers conceivably could become one under the right circumstances.

    4. bombastic bob Silver badge
      Devil

      Re: Dear "The Intercept"

      "or was some other identification method used?"

      It was probably just good old fashioned police work. With Comey out of the way...

      1. DougS Silver badge

        It was microdots AND the audit

        Read another article that says they were able to use the microdots to track which printer had printed the document, they found six people had printed the document, and she had emailed The Intercept from her work computer.

        Can't believe she was dumb enough to email it from her work computer. Even without the microdots or auditing they could probably have counted the number of NSA staffers who emailed The Intercept in the past month on one hand, and zeroed in on her!

    5. BillG
      IT Angle

      Re: Dear "The Intercept"

      @Rustbucket wrote: And microdots can survive a trip through an office copier, or was some other identification method used?

      I've heard there are subtle ways these printed classified documents are modified and so can be identified, such as minuscule modifications to the spacing between words and lines, and the serifs in serif fonts. Copying still reproduces these subtle changes and so identifies who printed it. Retyping a multi-page document can be impractical.

      It's also not hard to log what user printed what pages from which document. And I suspect that cell phones and cameras are banned from these highly classified workplaces.

      1. anonymous boring coward Silver badge

        Re: Dear "The Intercept"

        "Retyping a multi-page document can be impractical."

        More practical than serving 10 years.

        Besides: OCR.

  5. Yet Another Anonymous coward Silver badge

    Terrible

    Now the Russians will learn about Russian involvement in the election

  6. Schultz
    WTF?

    So she got the top-secret clearance ...

    but failed to take the course on anonymizing secret documents? They should really improve the training of those people to avoid ridicule! Compare that sloppy handling to the rather competent job those patriotic Russian amateurs handed in.

    1. Triggerfish

      Re: So she got the top-secret clearance ...

      Top secret clearance is just that, a level of how trustworthy you are, (obv failed a bit here), it's not tradecraft.

    2. Anonymous Coward
      Anonymous Coward

      Re: So she got the top-secret clearance ...

      Compare that sloppy handling to the rather competent job those patriotic Russian amateurs handed in.

      Apparently they go by the name "Wikileaks" and have a strong preference for embassies.

  7. Anonymous Coward
    Anonymous Coward

    Any incompetent should know what todo by now.

    Didn't she know that she could have just as easily setup her own server, in a closet in her basement, had all her work forwarded to that server. Next make sure there is zero security on that server and then forward the login info to all her journalist friends. THEN! when the FBI comes to interview you make sure to repeat that you "forgot". You were "incompetent". And that you "didn't mean" to leak any info.

    I read somewhere this tactic has worked before, but for the life of me I can't remember the person who did it.

    1. diodesign (Written by Reg staff) Silver badge

      Re: Any incompetent should know what todo by now.

      "I can't remember the person who did it"

      Because they only exist in your imagination, Donald.

      C.

      1. Alistair Silver badge
        Windows

        Re: Any incompetent should know what todo by now.

        @ C.

        I need a YUUUGE number of upvotes to cast for that sir!

      2. wayne 8

        Re: Any incompetent should know what todo by now.

        Err, Madame Secretary Hillary Clinton in the role of Secretary of State.

        She did all of that and wiped ("you mean like with a cloth?" Direct quote from her testimony to Congress.) the server to destroy evidence of her "no criminal intent" wrong doing.

    2. Anonymous Coward
      Anonymous Coward

      Re: Any incompetent should know what todo by now.

      "Didn't she know that she could have just as easily setup her own server, in...."

      Bombastic Bob, you almost got away with it, but you had to CAPITALISE! at least one word didn't you. Must have been hard restraining yourself.

    3. Stuart Castle

      Re: Any incompetent should know what todo by now.

      "I read somewhere this tactic has worked before, but for the life of me I can't remember the person who did it."

      Let me help you:

      Bush did it (https://en.wikipedia.org/wiki/Bush_White_House_email_controversy ) and so did Hillary Clinton (https://en.wikipedia.org/wiki/Hillary_Clinton_email_controversy ) .

      This is why I laughed when the Republicans were all expressing horror at Clinton using her own personal email server. Because they had done it before. In fact, it's apparently fairly widespread in US goverment.

      It's apparently because the US government email system is awful, and rather than spend the money required to try and fix it, the US government is happy to tolerate various people in Washington using their own email systems (with all the security implications that involves) as long as they allow the authorities (not sure if it's CIA or NSA, the latter, I suspect) to inspect the servers at will. Even with regular inspections, it still seems to me that that is asking for problems security wise.

    4. wayne 8

      Re: Any incompetent should know what todo by now.

      Also important is to have no criminal intent when breaking a law.

    5. Androgynous Cupboard Silver badge

      Re: Any incompetent should know what todo by now.

      I think the name you're struggling to remember was Colin Powell

  8. Alistair Silver badge
    Coat

    Ahhhh Nooo, thats JUNE 1st...

    or thereabouts folks, not April 1st.

    Reality Leigh Winner.

    Decides to pop a leak.

    While A Reality TV Show character is President.

    *cough* <has to be said>

    Reality! You're FIRED!

    1. Nick Kew Silver badge

      Re: Ahhhh Nooo, thats JUNE 1st...

      Definitely needs a seasonal adjustment when it talks of top secret security clearance yet tells us " ... and followed NSA whistleblower Edward Snowden as well as WikiLeaks online"

    2. John Smith 19 Gold badge
      Coat

      "Reality Leigh Winner."

      Sorry. I just can't get over the name.

      "Reality Winner" really does sound like a highly secret piece of NSA written malware whose very purpose is unlisted.

      Or maybe a game show contestant in a new series on the SF channel?

      1. John Brown (no body) Silver badge

        Re: "Reality Leigh Winner."

        "Or maybe a game show contestant in a new series on the SF channel?"

        Sorta makes you think her parents were the type of trailer trash who once saw on Jerry Springer "you are what you are named" and took it literally when naming their child hoping she'd be eventually be their pension pot as a 'sleb Big Brother winner.

      2. Korev Silver badge
        Boffin

        Re: "Reality Leigh Winner."

        "Reality Winner" really does sound like a highly secret piece of NSA written malware whose very purpose is unlisted.

        Sounds like a product name from SGI's heyday in the 90s.

  9. dan1980

    I am pro-transparency and I believe that leaking can, in some instances, be in the best interests of the country as the country is not the government; it is the people. Too often our elected officials and the security services misunderstand that.

    Leaks can undermine the faith in the government - the faith that they are employing trustworthy people who take their oaths seriously and have good judgement. BUT, that is only part of the story.

    The truth is that people are leaking because they don't have faith in the government. These people are not malicious - they believe that the government will abuse its power and either misuse information or not act on it.

    The former president and his team made the same call - they feared that the information that had been gathered would, under the Trump administration, be destroyed. They made a decision that drastic measures were required to protect this information and its value to the country.

    Secrecy is important for these agencies and for the government. It is just a fact that it is in the best interests of the people for their governments to occasionally operate in secrecy and keep certain information hidden from the public.

    The point is that the government and its agencies are granted this extraordinary power* solely so that they may use it for the good of the people. Patriots are supporters of their country; not its current government and when that government is acting in a way that benefits itself rather than its people, it is the responsibility of patriots to hold them to account.

    All governments have leaks because all governments occasionally operate for their own benefit rather than that of the people. The more faith people have in their governments operating as they should, the fewer leaks you will see.

    To the specific issue, I think this was a silly thing to leak at the moment and I think the person who did it was misguided in the extreme. That Russian interests tried to hack into these companies is not, in my opinion, an overly salient piece of information and not one that I can see benefiting the American people by its revelation. But the same measure, I don't believe withholding this information harms the American people.

    If the NSA had strong evidence that the Russians succeeded in these attempts and were able to actually directly tamper with the voting process then that is VERY important but, still not enough on its own to warrant leaking the information to the media.

    Why?

    Because I believe the threshhold for such a drastic action should be the combination of important information that directly impacts the people AND the belief (or, better yet - evidence) that the government/agency is not acting on that information in the best interests of the people.

    That this people risked her job and her freedom to release something like this is evidence of either incredible naivety or a deep distrust of the government.

    I suspect both; I think that there is a pervasive feeling (not unwarranted) that our governments in general and the current US Trump Administration + GOP Congress in particular are dishonest as a matter of course and are fundamentally unable to be trusted to operate in the best interests of the people. I think that this is the base from which this leak springs and the naivety of the contractor produced some rather poor judgement. She saw something about Russia and the elections and that was it.

    I feel sorry for this young lady but she works in a very serious environment with serious consequences and bad judgement is not a catch-all excuse.

    * - And it is high time that these people appreciate that this power - to affect the lives of millions without needing to justify or even inform them - IS extraordinary. It should never be considered to be just a given that governments and their agencies aren't answerable to the people.

    1. tom dial Silver badge

      Have all the upvotes I can give for a perceptive analysis. My only quibble is about selecting Trump and the Republican party for special attention. As HL Mencken observed and documented hilariously over a period of nearly thirty years beginning about 1920, the issues apply to all parties and incumbents generally and, over time, roughly equally.

      1. dan1980

        @Tom Dial

        You are correct but I think there is a real difference not only in the volume but in the immediacy, with leaks coming out right from the start and no honeymoon period whatsoever. There is also a difference in what is being leaked, with some items leaked seemingly small and not overly consequential.

        I think this last part is important because it speaks to a deep distrust in the honesty of this administration even when it comes to the smallest things. I mean, Trump lies uncontrollably about everything and his aides support him completely while almost all of his party make excuses, obfuscate, lie, avoid and ignore it.

        There is just no honesty from the administration and no accountability from Congress so of course there is no faith in the government!

        Of course, Obama was not at all immune and his administration saw the two largest leaks in recent times, courtesy of Chelsea Manning and Edward Snowden. But these, I feel, are of a different sort because, first, the practices exposed were bipartisan and occurred across multiple administrations and second, concealing them was at least connected with national security.

        To be clear, I don't think national security in any way justifies wantonly inhumane behaviour or the infringement of essential freedoms and liberties, BUT, it is a simple fact that a non-insignificant portion of the US population supported the measures that were exposed by Snowden and Manning.

        I doubt any American citizen supports foreign meddling in the election process or having members of the administration working on behalf of foreign interests.

        Thus, I think that the increase in the volume of leaks is related to a decrease in the trust in this Administration and in the Congress's willingness to even acknowledge the problems or do anything about it.

    2. Adam 52 Silver badge

      "That Russian interests tried to hack into these companies is not, in my opinion, an overly salient piece of information and not one that I can see benefiting the American people by its revelation. But the same measure, I don't believe withholding this information harms the American people"

      You have a President who is denying that the Russians influenced the election, an FBI investigation that the NSA may or may not be obstructing and a Senate committee investigation that may lead to impeachment of a sitting president. Because of this leak we now know that the President is deliberately lying.

      How does withholding that information not harm the people?

      Trump is undermining trust in the Government by lying to the people. In other words, people should be allowed to expose corruption at the top.

      1. dan1980

        @Adam 52

        I acknowledge your point but I did take that into consideration. The question I asked myself was: 'what new information has been revealed'? The answer was: 'not much'.

        What was revealed was that Russia was actively trying to meddle in the election but were not successful in actually 'hacking' voting machines or changing votes directly. We already new this.

        So what about the fact that it shows statements by Trump that there was no Russian meddling in the election to be false? Well, we already knew that too because every relevant agency in the US (and in several other countries) have come out and said, unequivocally that it did happen and yet Trump still maintains it didn't. We already know that he either doesn't trust the intelligence community on this matter or accepts the truth privately and lies about it publicly for his own ends.

        The new information is that there were unsuccessful attempts that, were they successful, may have allowed the Russian government to influence the election more directly, but that whatever occurred does not change the agency's previous stance about the Russian influence in the election. They do not view this as changing the nature or severity of what they already know to have occurred.

        And Trump does not care one way or the other because he continues to deny it all.

        On the flip side, it is possible - though unlikely - that this leak has actually harmed an investigation trying to tie such attempts concretely to the Russian government rather than, as Putin suggests, 'patriotic Russians'. In other words, I think there was little - if any - gain for the public to offset the negative consequences to the contractor herself and the (small) potential complication of any related investigations.

        1. wayne 8

          The report did not "reveal", it suggests.

          Already someone put forth the idea that the report functioned as a honeypot to catch leaks.

          Go further and the "leak" becomes a way to "legitimize" an inconclusive report and blackwash the election result and President Trump.

          The report was leaked, it was not "released for publication". The NSA would have no authority to publicize an unverified report that only "suggests" a conclusion.

          Rabbit holes.

      2. Anonymous Coward
        Anonymous Coward

        You have a President who is denying that the Russians influenced the election, an FBI investigation that the NSA may or may not be obstructing and a Senate committee investigation that may lead to impeachment of a sitting president. Because of this leak we now know that the President is deliberately lying.

        How does withholding that information not harm the people?

        For the same reason as the US leaking the information on the UK terrorists wasn't good: you may disturb and even destroy an investigation in progress. If details lead suspects to destroy evidence or take a "diplomatic" trip home you've not exactly done the country a favour. As far as I'm aware, that investigation is still ongoing.

    3. Anonymous Coward
      Anonymous Coward

      But why would ...

      ..anyone have faith in the government in the first place?

      Inst it perfectly plain to anyone over the tender age of 10 1/2 that governments are simply self legalising protection rackets whose job is to legitimise as many scams as possible to repay their sponsors, without actually totally destroying the nations they control. Though often they do.

      If they dont have enough sponsors they can go for populism and get elected by the people instead, and then they have to give the people something back.

      Any sensible person of adult years understands this, and the so called elections are simply popular entertainment covering the simple exercise of more or less shrewd judgement about which criminal is most likely through no fault of their own to do you the least harm.

      At least Trump is open. You can see every move he makes. And his failure to give good reason, or give patently false reasons, for his actions, is hilarious.

      He will engage in the moralising wordgames, but only as a liar and a clown. He doesn't even pretend he expects you to believe him.

      I cannot understand the objection. Hillary was a complete criminal, and so is Donald. Both owe it to the people who put them there. AS well as to themselves. So a few sops will get thrown to the rust belt instead of the Radical chic set, and the rape and pillage of the state budget by the rent seeking troughers will continue.

      The only thing I can think in terms of people getting very upset about this, is those that have swallowed the socialist koolaid and actually believe, bless their little cotton socks, that the government has or even ought to have their best interests at heart. And is just a bit incompetent.

      Hush Hush whisper who dares

      Little Miss Sochlist is saying her prayers.

      There's one for Jeremy

      One for Diane

      And one for the Doctor

      Turning me into a man.

      This wasn't the life

      I would have selected

      So Please Comrade God

      Get Labia elected.

  10. ratfox Silver badge

    These are not microdots

    Microdots are actual text or images shrunk so small that people don't notice them, right? In this case, the metadata was contained in the pattern of the yellow dots. It's closer to a barcode than microdots.

    1. Anonymous Coward
      Anonymous Coward

      Re: These are not microdots

      Indeed. Folks, when leaking documents do remember to use black and white. Make a JPEG, turn contrast up to maximum, oversharpen, apply dithering, just mess around till it's still sufficiently legible, save with metadata deleted and then photocopy the result at a library in a different city while wearing rubber gloves, before mailing from a different city in an envelope bought from a chain stationer.

      The good bit will come when they get in Benedict Cumberbach to help and he identifies you immediately.

      1. itzman
        Holmes

        Re: These are not microdots

        The good bit will come when they get in Benedict Cumberpatch to help and he identifies you immediately.

        "Obviously, Watson, we are looking for a person of intelligence who has read the Register and understands IT, and who had access to the documents."

        "There is only one in the whole FBI."

      2. Anonymous Coward
        Anonymous Coward

        Re: These are not microdots

        You probably need to watch things like Kerning and character height for extra information, the paper and the ink could be especially prepared with unique DNA markers too. The safest is probably to OCR the document using an isolated ram-disk only computer, printing the result on an ancient line-printer, remembering of course to burn the ribbon after. Before sending it, i'd recommend rubbing the materials on the floor of a popular pub, in case some DNA of yours is on there. It helps the defence if lots of DNA is present.

  11. Christian Berger Silver badge

    Is that version of the story even plausible?

    I mean those leaks are politically opportune. The US constantly claims that the Russians are meddling with them. Then someone leaks supposed evidence in a highly incompetent way.

    I wouldn't be surprised if this turned out to be some sort of false flag operation.

    1. Anonymous Coward
      Anonymous Coward

      Re: Is that version of the story even plausible?

      The default assumption is to assume everything is false news until reasonable evidence exists that it isn't.

      That's been one of the great advances the Trump has made. False news is now - er - a true fact. Hahah!

      Hillary lays down the ace of spades solemnly and Donald says 'I'll trump that with my joker'

      Just as with climate denial, certain things may rebound back.

      People are working out who is really in denial about 'climate' and who is really spreading false news.

      Qu'ils accuse, s'accuse.

      Or as the plebs might say, 'he who smelt it, dealt it'.

      False news? I wouldn't have believed such a thing possible until the Liberal Left assured me of its existence! How would they know?

      This is real tinfoil hat conspiracy theory stuff surely.

      Nope, Its mainstream politics now. They are hacking the ballot boxes. They are working for the Russians. They are plotting to destroy the planet with greenhouse gasses. The CIA controls Islamic Jihad. Or the Jewish bankers. Or the great capitalist conspiracy.

      But no. Marxism is in the end the ultimate conspiracy theory. They own the Capital. They are Out To Get You. And Anyone who says you must be mad to believe that is One Of Their Agents, probably working for the Koch Brothers.

      Of course should you elect any of them into power, you will find, as Zimbabwe, Venezuela, Russia, Korea...have found, that in the final analysis, they were the people they warned you about. They now own the capital, and they got you.

  12. Anonymous Coward
    WTF?

    I would jail her parents...

    For calling her Realiy. To make the punishment more thorough, I'd make them share a cell.

    1. Mnot Paranoid
      Trollface

      Re: I would jail her parents...

      just another Millennial SJW doing some jail time

      she'll have plenty of friends in the big house

      http://www.aljazeera.com/indepth/features/2017/05/anti-trump-protesters-facing-decades-bars-170522063956218.html

  13. JimmyPage Silver badge
    WTF?

    Reality Williams ??????

    Is this a new trend in parents naming their offspring to be effectively "UnGoogleable" ????

    1. toby mills

      Re: Reality Williams ??????

      Not really otherwise they would have followed XKCD's advice

      https://xkcd.com/327/

      Bet she wishes she was VR Leigh Winner

    2. phuzz Silver badge
      Headmaster

      Re: Reality Williams ??????

      Surely an extremely unique name is very easy to google? If they'd wanted to make her ungoogleable they should have named her "Jane Smith" or similar.

      Mind you, given what the yanks are like at spelling that would have probably ended up as 'Jayne Smit'

      1. Anonymous Coward
        Anonymous Coward

        Re: Surely an extremely unique name is very easy to google?

        Depends on how unique ...

        "Reality Winner" is actually a Google-killer because Google is keyword driven (ignore anything Google say to the contrary). There must be thousands of pages discussing various shit TB shows that will combine the word "reality" with the word "winner". And that's before you get to the millions of pages that will have one of the two word in.

        Right now, if you google that name, Google will add some pixie dust because of the news that will bring up pages connected to the name. But as that dies off ...

        Of course, if Google were really deploying AI, it would understand the question being asked of it, rather than returning a list of pages that contain the words that made up the question.

  14. chivo243 Silver badge

    undermines public faith in government.

    What actions could a government possibly take that undermines public faith in government?

    Hello Thomas Jefferson, the 21st century needs you!

  15. Anonymous Coward
    Anonymous Coward

    Three weeks later

    it seems she was both cautious (print and post) and stupid (personal gmail). And then she was betrayed by her recipients. Well, that's young life ending badly :(

  16. Walter Bishop Silver badge
    Facepalm

    Top-secret report printed out from work PC

    "Winner, who had been with Pluribus for just three months, printed out a top-secret report dated May 5 from her work PC"

    If a three month old contractor can print out a report from her work PC then by definition, the report isn't top secret. Also using your own work computer to email the Intercept isn't the best way of staying anonymous.

    'A further audit of the six individuals’ desk computers revealed that WINNER had e-mail contact with the News Outlet' link

    1. Uffish

      Re: Top-secret report printed out from work PC

      A further audit of the six individuals’ desk computers revealed that WINNER had e-mail contact with the News Outlet'

      Does that mean that they checked the webcam output and have a video of her typing and muttering the words as she typed them or just that someone got her password from the postit under the desk and typed the note from her computer.

      Whatever - all I can say is that all this is America's fault. Guys, you've done a very poor job, your fired.

      Edit. Before too many upstanding USA citizens get too outraged - it's called humour.

  17. sitta_europea Bronze badge

    The accused faces a count of "gathering, transmitting or losing defence information", according to the [news outlet].

    Excuse me, who's facing trial for losing EternalBlue, DoublePulsar, EternalChampion, EternalRomance, EternalSynergy, ArchiTouch and SMBTouch?

  18. Credo

    Whaaaaa??

    So, just to make sure I get this,..

    The Justice Dept. have cuffed this girl for disseminating a National Security document which definitively proves that "Hacking" and State Sponsored activity took place to subvert America's Democratic Process....!

    But, according to the President of the U.S., and Valdimir Putin, the Kremlin Demagogue, this hacking or subversion never took place...?

    So she's being locked up for something which never took place,....

    Or she's being locked up for "saying" something took place, which didn't happen,

    and according to "The Mango Mussolini", wasn't possible.... or Not.??

    1. Doctor Syntax Silver badge

      Re: Whaaaaa??

      "But, according to the President of the U.S., and Valdimir Putin, the Kremlin Demagogue, this hacking or subversion never took place...?"

      Maybe she should sub poena Trump as witness for the defence.

  19. davemcwish
    Holmes

    confessed to reading and printing out the document, despite having no permission to do so

    I'm confused, the report appears to suggest that as far as access control, whatever the NSA currently have is inappropriate. In my, non government job, access is only granted on a legitimate business need. How did this miscreant have sufficient network privileges to view material she shouldn't.

    Unless of course that's the NSA's plan all along to entrap their own staff.

  20. Anonymous Coward
    Anonymous Coward

    I just turned on the local news this morning and saw mention of this. I'd go with "HONEY POT", as The POSTUS has recently indicating wanting to find the source of leaks, to the media. This information doesn't appear to conclusively prove that Russia successfully hacked the Election Process and caused the outcome of the election, but this Lass didn't do any anonimization before sending this info to the news outlet, who made no effort to protect their source, so perhaps they were part of this Honey pot scheme, as well?

  21. Anonymous Coward
    Anonymous Coward

    Gotta watch those names, folks

    Have to be careful naming your offspring; make sure its something that will not turn out to be painfully ironic.

    Like that girl named Chastity in my high school...

    1. Doctor Syntax Silver badge

      Re: Gotta watch those names, folks

      "Like that girl named Chastity in my high school."

      Mr & Mrs Belt have a lot to answer for.

      1. bombastic bob Silver badge
        Trollface

        Re: Gotta watch those names, folks

        /me quotes from Robin Hood Men in Tights

        "It's an Everlast!"

    2. W4YBO

      Re: Gotta watch those names, folks

      Faith, Hope, and Charity were in my high school. Cousins. But, being a Ham, my favorite was a year ahead of me; Dorothy Dasch, known to her friends as "Dot."

  22. DagD

    Double Standard

    Why is Hillary still free???

    1. bombastic bob Silver badge
      Devil

      Re: Double Standard

      "Why is Hillary still free???"

      A scapegoat has already been found? (you know, this 'Reality' chick)

      I can only think of a handful of very very bad jokes now.

      "Reality" TV/journalism

      "Reality" is a bitch

      etc.

      yeah, "the scapegoat". Will the FBI stop looking, or is it time to see if anything ELSE "smells like a swamp"?

    2. Anonymous Coward
      Anonymous Coward

      Re: Double Standard

      Why is Hillary still free???

      1 - because she has never been convicted of breaking the law, even after the Republicans restarted the very same investigation 9 or 10 times in a practical demonstration of insanity vs. harassment.

      2 - she didn't break any laws. Irrespective of her doing that because she is either law abiding or not protected by her own party from the consequences for breaking them as Trump is, the fact remains she didn't.

      I suspect, however, that the moment Trump falls out of office (or is ejected, whatever comes first) he will be facing quite a few investigations and possible law suits, and so will his business as well as Kushner's. There appears a strong suggestion that the funding of their real estate was not as kosher as it should be. There is, for starters, the ugly issue of having dealings with a Russian bank whilst it being under embargo (which is shady by definition) but when you take a step back from the current kerfuffle there is potentially also a question about just what sort of investors would invest in a loss making proposition - as far as I'm aware that's one of the warning signs that triggers money laundering investigations.

      This could explain why Trump is trying to destaff the DoJ: by the time the next President has that department re-staffed and back up to speed, Trump will have passed away with a coronary..

  23. Blackheart

    "... who had been with Pluribus for just three months"

    Wait, you're not even out of the probationary period and you're engaging in ... well.

    What some people would call leaking, and other people would call espionage.

    It makes you wonder if she didn't have that as a goal when she applied for the job.

  24. Anonymous Coward
    Anonymous Coward

    no hope

    I want to tell the truth of corruption in my government, but every time we do this we get arrested or other. I don't fear god, I fear governments ran by criminals that will do anything to hide their secrets.

  25. Marty McFly
    Alien

    122 spear phishing attempts?

    Was that per hour? Per day? Per minute? Per Second? Or was this a one-time event?

    Much-ado about nothing. Sounds like a perfectly normal email flow to me. Detect the attack, dump the bits, and move on.

  26. 2Nick3

    "People who are trusted with classified information and pledge to protect it must be held accountable when they violate that obligation."

    Unless they run for President, right?

  27. Anonymous Coward
    Anonymous Coward

    Won't someone think of the children?

    Maybe The Intercept has a thing or two to learn from Wikileaks in terms of operational security and protecting sources.

    Then again, after all this huffing and puffing, isn't this the meat of the matter:

    "None of the attacks appears to have been successful in terms of altering vote tallies and ballots."

    1. Anonymous Coward
      Anonymous Coward

      Re: Won't someone think of the children?

      Maybe The Intercept has a thing or two to learn from Wikileaks in terms of operational security and protecting sources.

      As far as I can tell, the main education they have to offer is how to abuse the asylum process to escape justice. Make sure the embassy you choose has WiFi and a balcony for grandstanding, though.

  28. sisk Silver badge

    This is why election machines need to have no network connections. The data on them needs to be carried, via some sort of removable storage medium, to the counting center by a small group of people, preferably with opposing political views to prevent collaboration, who can ensure that each remains honest. And then the votes need to be done using machines that do not have network connections. If you really need to have the votes tallied quickly you can use unofficial, preliminary counts transferred by email or phone, but the final, official count needs to be from data that has never directly touched or been touched by the internet.

    Keep the whole process offline and it becomes massively more difficult to hack, and given what's at stake that's an absolute must-do.

    1. Doctor Syntax Silver badge

      @sisk

      And how does the S/W for the machines get written? Almost certainly on machines connected to the internet.

    2. tom dial Silver badge

      You have given a fairly accurate description of the rules Ohio Secretary of State J. Kenneth Blackwell laid out about 2002 for electronic voting machines. Some of the machines had built in ethernet or modems, but use of those were prohibited. In addition, when machines were in service, all access doors were taped shut using serially numbered seals that could not be removed without destroying them. The seal numbers were recorded manually on paper (again under supervision of election officials from more than one party).

  29. Anonymous Coward
    Anonymous Coward

    confessed to reading and printing out the document, despite having no permission to do so

    Ah. So that is how you implement security. Provide access to everything to everybody, but require them to ask for permission.

  30. Version 1.0 Silver badge

    But is this News?

    I think that anyone who's looks at the issues here would have assumed a long time ago that the information in the report was accurate - certainly the electoral systems in the US were penetrated but so far no one has come up with any convincing proof that the results were compromised. At this point is seems that we simply don't know although, from what we do know (and this reports demonstrates) is that they certainly could have been changed.

    Let's face it, if you can jackpot an ATM, is electronic voting a real challenge?

  31. Updraft102 Silver badge

    Interesting

    Interesting that you would cite some of her posts on social media, yet miss on where she said that "Being white is terrorism" and pledged her loyalty to Iran if there is a conflict with the US.

    "I have a dream that [people] will one day live in a nation where they will not be judged by the color of their skin but by the content of their character." Well, guess not then, eh, "Winner?"

    She's white, by the by, so she's saying she's a terrorist. Just saying.

  32. John Smith 19 Gold badge
    Coat

    Some excellent headline options missed.

    "Winner was loser in witch hunt" springs to mind for starters.

    1. Doctor Syntax Silver badge

      Re: Some excellent headline options missed.

      Reality strikes again.

      1. John Smith 19 Gold badge
        Thumb Up

        "Reality strikes again."

        Nice.

        On the basis that shorter is better.

        "Reality bites"

  33. a_yank_lurker Silver badge

    IQ below 0

    Given she emailed herself from work with the goodies and printed the goodies on a work printer one has to wonder about her intelligence or lack thereof. Working assumption on any work computer going through the company servers - all emails and websites are logged in case anyone needs to check on activity.

    1. anonymous boring coward Silver badge

      Re: IQ below 0

      She is but one individual. Perhaps she wanted to be martyred by the system?

      More alarming is that entire organisations let's single low-level individuals have access to entire massive databases of classified information -transferable onto USB drives, for example.. That truly is low IQ.

  34. John Smith 19 Gold badge
    Unhappy

    The question of course is what would the GRU gain by access to a company writing this S/W?

    Does the company have a side business writing the code for the ICBM force?

    Because if not the main thing that gives you seems to be the ability to alter the vote counts in US elections (and any other country they are sold to).

    Which sounds like a pretty strategic goal to me.

    1. tom dial Silver badge

      Re: The question of course is what would the GRU gain by access to a company writing this S/W?

      The company does not provide voting machine software. Its business is voter registration database and list management for election operations officials. That includes a number of machines designed (according to their web site) to make it easy for officials to verify whether a citizen is registered to vote at a location.

      Monkeying with the machines, or the underlying databases could disrupt election operations by removing or changing data for registered voters and forcing provisional voting, or by adding unauthorized voters, which could allow the electronic equivalent of ballot box stuffing. Not at all good, but within the bounds of historical election practice in some parts of the US and probably in some other countries as well.

  35. Paul Hovnanian Silver badge

    Too many contractors

    Perhaps more of this sort of work needs to be handled in-house. Contractors don't seem to have a good system in place for vetting their own people. Sadly, even the background checking for civilian employees and contractors has been outsourced.

    1. John Smith 19 Gold badge
      Unhappy

      "Sadly, even the background checking.. and contractors has been outsourced."

      Was that before or after the USG HR dept got hacked and someone got a copy of all the completed personal vetting forms? The 100+ page ones where you write out your whole life story and name all your close family members?

  36. anonymous boring coward Silver badge

    The emails came with a Word document attached containing a Visual Basic script that would run a PowerShell script to slurp information from the victim's Windows PC.

    Yeah, about that issue of allowing running of things that show up in the email..

    I think I said it was a bad idea around 1987?

    I'm sure I wasn't the first to notice the problem though.

  37. herman Silver badge

    It sounds like she really came from the shallow end of the gene pool.

  38. poopoo

    "undermining faith in government" ? Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!Ha!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019