Another NSA Leaker Identified and Charged

In 2015, the Intercept started publishing "The Drone Papers," based on classified documents leaked by an unknown whistleblower. Today, someone who worked at the NSA, and then at the National Geospatial-Intelligence Agency, was charged with the crime. It is unclear how he was initially identified. It might have been this: "At the agency, prosecutors said, Mr. Hale printed 36 documents from his Top Secret computer."

The article talks about evidence collected after he was identified and searched:

According to the indictment, in August 2014, Mr. Hale's cellphone contact list included information for the reporter, and he possessed two thumb drives. One thumb drive contained a page marked "secret" from a classified document that Mr. Hale had printed in February 2014. Prosecutors said Mr. Hale had tried to delete the document from the thumb drive.

The other thumb drive contained Tor software and the Tails operating system, which were recommended by the reporter's online news outlet in an article published on its website regarding how to anonymously leak documents.

Posted on May 9, 2019 at 3:17 PM • 31 Comments


AlexAMay 9, 2019 3:31 PM

Oh man. Hilariously poor opsec all around.

When you want to be Julian Assange so badly but you forgot that you don't understand how the internet works.

yotekMay 9, 2019 4:12 PM

About Security...

yet again, i feel the need to voluntarily ban myself from this site.
I just don't believe the recent types of contents are healthy nor supportive nor progressive within the larger picture of what Security means to the average rational person here on Earth.

More concisely about this site: (rhetorical questions)

Q1) misleading with propaganda?
Q2) leading with high potency exploits for the masses for free?
Q3) taken over by outsiders?
Q4) designed as a honeypot from the getgo?
Q5) choose your own adventure for techies?

So long, and thanks for all the fish.


C U AnonMay 9, 2019 5:26 PM

@ yotek,

yet again, i feel the need to voluntarily ban myself from this site.

Appart from sharing a name with a comercial entity, have you actually ever contributed to this site?

I suspect the answer is that you are just a "drive by", so...

May the farce be with you on your trip to nowhere.

A90210May 9, 2019 5:27 PM about Hale

"Downside of using Signal and using Tor? Unless you compartmentalize and hide/destroy that compartment after it is no longer needed... you’ll have a bunch of hard to explain spy tools lying around waiting to be found…" (USG)

Regardless, I think whistle-blowers are needed equal to or more than ever.

GodelMay 9, 2019 7:51 PM

I don't see the possession of Tor or Signal software should be a big deal if you have a competent lawyer, but the thumb drive with the secret document on it is a worry.

How much does a new thumb drive cost these days?

DavidMay 9, 2019 8:24 PM

Sounds like he just deleted the file and then did not use the drive much afterwards, so the marked for deletion file was still recoverable. Also possible that there were hidden files that he did not see to delete, the press release might be hiding some details.

Clive RobinsonMay 9, 2019 8:48 PM

I realy wonder sometimes if the bulk of people in government actually know anything about computer security...

Maybe Ed Snowden was the last?

But just to make it clear,

1) In this day and age ALL file access is fully audited, in rather more than just Government levels. Even those that are alledgedly unclassified[1].

2) In some places the file each person gets is subtley altered in any number of ways to effectively "serial number" it against the user ID.

3) There is no easy way to delete files off of thumb drives, they are designed in such a way that data only gets erased when there is no more "free space". Even trying to "overwrite" a file does not work either, and the actuall capacity of the device internally is likely to be a percentage or ten bigger than what it tells you again by design.

So remember if you are going to use a thumbdrive,

A) Buy a new one from somewhere and pay cash not card.

B) Use BSD or Linux to do an erase of the device by wiping the directory then writing sufficient large data files that you fill the drive as best you can with random data, this could take several hours.. And with cheap Amazon and other outlet sourced famous name "knock offs" the drive could well break.

C) When you have copied files under a username not associated with you onto the drive and have got it out, copy the data to media that is relatively easy to destroy. Once you have read the data of the thumb drive destroy it[2] immediatly and dispose of the bits "far far away"[3].

D) Get a cheap throw away combined printer and scanner. Get hold of an older "boot disk" CD/DVD that can work with the printer/scanner, remove the hard drive from the computer and boot from the CD/DVD.

E) Sanatize the files by converting to text format then print them out from a programers editor, redact details with a modeling knife and scan back in as an image file. If you can move the printed out redacted copy whilst it is being scanned in so much the better. Humans can ignore quite bad distortion and read text that watermarking systems can not make sense of.

F) Having saved the files to an easily destroyed piece of media such as a CD/DVD destroy by burning and ash&water paste making the print outs and redacted pieces. You also need to dispose of the printer/scanner. The easiest way to do that is clean it up put it back in it's shipping box add a note that says "Working, nolonger needed please take" and leave it outside a corner house in an urban street that does not have CCTV or particularly good street lighting.

G) Clean the media using soap water and mild solvents twice to remove finger prints DNA etc and deposit in a clean envelope from a fresh packet you have not touched, then put it inside a ziplock plastic bag. Hide it in the equivalent of a "dead letter drop" where it will not be found.

F) Wait several months at least. Then if nothing changes at work and you see no sign of "oddities" that might suggest surveillance, retrieve it.

G) Use an anonymous way to post it. I won't go into this because there are too many differences from place to place.

The above is by no means the best way to do things, because what is best in one set of circumstances is not in others. It's just a base way that will probably work in many cases if you are not already under surveillance. However there are other things that are almost certainly missing from the above list you will probably need to do, that are particular to the situation of your location etc.

The most important thing to remember is "Don't Use Any Kind of Electronic Communications" no matter what journalists and others might think or say, they will most definitely get you caught. Even carrying a mobile phone around is as good as putting the noose around your neck. Oh and they have a "Catch 22" element, in that not carrying one suddenly is deeply suspicious as well. Get into the "gym-bag habbit" that is turn the phone off and put it in your bag or car glove compartment when you go to the gym. Be eratic about if and when you turn it back on again. Go to the gym on a Friday and leave the phone off in the bag untill "wash sunday" or similar. Develop slightly odd hobbies such as geo-caching or orienteering or just bike riding all without your phone or with it off.

Yes it looks difficult to do and easy to mess up, and it is. Whistle blowers and leakers to journalists realy are seen as "public enemy number one" currently and more resources will get used to find them than to find serial killers.

As the old saying has it "If you can't do the time, don't do the crime"

[1] Remember it is not beneath the NSA seniors to reclassify a document and make it classified even though it might have been unclasified when you looked at it. They've done it before just to nail someone for apparently no better reason than somebody thought his face nolonger fit...

[2] Destroying thumb drives beyond recovery is not easy, many use the same chips/technology as the more modern "Black Box Flight Recorders" that are supposed to survive a plummet from 50,000ft, burning at 1500degrees and submersion to a significant depth amongst other things. You will need various tools including a hammer and center punch and an intense source of heat. There are other ways but most have similar disadvantages to those such as fuming-nitric, Hydrofluoric or aqua-regia acids. They are not things you want around, not just because they are dangerous they are quite suspicious unless you have certain established hobbies such as glass or plate etching. Nitric acid is a known precursor for "anarchist cook book" type explosives and in it's fuming form will cause many organic materials to catch fire and has been used as part of rocket fuel in the past. Some of the more serious "hobby" rocket engines use strips of old rubber tires and nitric acid, to produce what looks like explosive thrust.

[3] You realy don't want even tiny fragments of a destroyed thumb drive anywhere near you, your home or other locations they are way way to suspicious. So not only do you want to do the destruction away from home, you also want to disperse the parts as far and wide as possible. Chucking them out as dust on a well used road or freeway would be good if it were not for the fact that if you were under surveillance you would almost certainly be photographed "chucking it out the window". Certain drug dealers have solutions to this particular problem but I won't go into them because many are mechanical contrivances that would be found on the sort of vehical search you would get if you were under suspicion.

dumb pilotMay 9, 2019 10:25 PM

@Clive Robinson
An airplane's FDR/CVR is generally protected by its casing, not by the specific chips it uses. If you were to remove the flash chip or tape from those devices and expose it to extreme heat or pressure or salinity with nothing but a few millimeters of cheap plastic protecting it, it would not survive. Just because you can recover a data recorder from a raging inferno does not mean you could recover a flash drive.

Clive RobinsonMay 10, 2019 10:04 AM

@ dumb pilot,

An airplane's FDR/CVR is generally protected by its casing, not by the specific chips it uses.

There is no case on earth that could protect the chips in a flight data recorder from the deceleration G-force of a sawn dive from five miles up, that is all down to the chip, it's bonding, encapsulation, lead-out and fixture to it's mounting on the PCB or equivalent used.

That is fundementally it's the chip it's self that survives the G-force. A number of chips have been tested at more than 100G for use in all kinds of electronics including fuses in munitions fired from howitzer and larger[1] weapons. The chips used are mechanically and electronically no different than those used in man-carried infantry equipment and simplistically little different other than burn in testing than components used in industrial and some consumer equipment. The reason for this lack of difference is actually "inventory cost". However I'll let others work out the required acceleration in the M777 howitzer's just over 5m barrel to get a 155mm M795 47Kg shell to travel more than 30Km.

As for salinity most chips are manufactured in a way where it's only hydrogen or helium ingress you have to worry about but only with some device types,

You'ld be surprised just where the problem has shown up, search the Internet for stories of failing Apple iPhones in hospitals with NMRI systems that have had the cryo-cooling dumped.

With plain salinity, if there is no power on the chip then all you realy have to worry about is dis-similar metal anodic corrosion. With modern packaging and construction you would be waiting a quite a long time for that to get through the package and in to the chip.

As for "extream heat" as any graduate physics student should be able to tell you it's not the "heat" extream or otherwise you need to actually worry about, it's the energy against time and the conduction path characteristics between points along it. There's a reason why heatsinks are measured and rated the way they are and in very high power RF systems they use graded metals from chip to anodization on the air interface in the air ducting. Doing the calculations are more tedious than they are chalenging, and most times design engineers just "over-spec" by a factor of two or more. It's only when designing systems where there is a lack of "working fluid" that things get interesting. For example have look at the background temprature above 100K(1e-4N/m^2) you'ld be surprised at just how much thermally unprotected electronic equipment runs up and beyond there with expected "no-service lifetimes easily exceading thirty years.

But it's not just low density high temprature plasma that chips survive in, chips in mobile phones can and do survive the plasma you get from quite large quantities of various types of high explosive going "high order".

Whilst the exact details are classified in the US (but not other jurisdictions) you will find that the old secure destruction techniques used by the likes of the military and IC communities of thermite and concentrated acid are known not to work at all well with electronics. Likewise shaped charges on or in the equipment deployed from a "destruction kit" are unreliable at best with chips. Thus actual chip packaging has been specially designed with shaped charges built in designed not to melt or burn the chip but to shatter it into pirces way way smaller than grains of sand... and guess what, they were found not to be sufficiently reliable not just to use in equipment but actually to destroy the chip. Thus the idea of "full encryption of data at rest" was extended such that anything outside the microcontroler chip such as RAM and Flash chips were included. Having such encryption on the microcontroler buses is not just a real bottle neck it's power hungry which causes a multitude of other issues. Which is why more recent research has involved actually designing structures into the actual chip,

As I have said secure erasing of the chips in thumb drives is hard very hard it takes a lot of energy and time which ever way you do it. In comparison writable CD/DVD is quite a bit easier other than the "toxicological disadvantages"...

[1] The M795 and other 155mm shells can be fused with the two dimentional 'Corse Correcting Fuse' (CCF). This all electronic fuse uses GPS navigation to provide what is refered to as "near-precision accuracy", which generaly means tighter grouping such that the a 'circular error probable' (CEP) --average radius-- is reduced by around a factor of three to ten depending on the system used. The CCF can be employed on all types of U.S. 155mm projectiles in the U.S. Field Artillery inventory, not just the newer longer range HE/frag M795. There are however other much more accurate and longer range shells, have a look at the M982 Excalibur, they are looking for a CEP of 5m (16ft) and a range of 57Km. So as one member of the military was heard to remark "Designed to drop in your sitting room from half a state away"... in short you can run but never rest.

The CookMay 10, 2019 11:12 AM

Over a decade ago, I was a contractor at a DOE facility. One way they destroyed optical media was to nuke it in the microwave oven for about 3 (three) seconds.

It was interesting to see the difference in the resulting "burn patterns" between stamped media, and self-burned media.

Disclaimer: Your mileage may vary. I am not responsible if you destroy your microwave oven, or cause any other unintended harm to yourself or surrounding property.

vas pupMay 10, 2019 1:57 PM

"There is no easy way to delete files off of thumb drives, they are designed in such a way that data only gets erased when there is no more "free space". Even trying to "overwrite" a file does not work either, and the actuall capacity of the device internally is likely to be a percentage or ten bigger than what it tells you again by design."
Clive, is it possible to do this in 3 steps?
1- delete content of the file, save it as initial file name;
2- delete file itself;
3- overwrite free space with cipher utility (it basically provides three layers of overwrite).
Why overwrite does not work? What is technology behind that?
Thank you!

A90210May 10, 2019 3:27 PM

"... AMY GOODMAN: After appearing in court, he [Hale] was released under pretrial supervision. His next court hearing is May 17th. According to the Freedom of the Press Foundation, Hale is at least the sixth alleged journalistic source charged by the Trump administration over the past two years.

We are now joined by the Pulitzer Prize-winning journalist James Risen. He is a former New York Times reporter who is now The Intercept's senior national security correspondent. He is also director of First Look Media's Press Freedom Defense Fund. First Look is the parent company of The Intercept. Risen himself was involved in a high-profile press freedom case involving former CIA officer Jeffrey Sterling, who was jailed after being convicted under the Espionage Act for speaking with Risen. James Risen, welcome back to Democracy Now! It is great to have you with us. First, can you respond to the arrest of Daniel Hale?

JAMES RISEN: Well, I think I can’t comment specially on this case, but what I can say is that this is yet another escalation of the war on the press by the Trump administration. Donald Trump has taken the war on the press that George Bush and Barack Obama started and has now escalated it beyond anything we have ever seen. The Justice Department under Trump has been so thoroughly politicized that they are going after every possible whistleblower and reporter and any kind of leak that they can find in order to silence the press and silence whistleblowers who are trying to reveal the truth about both the national security state and other aspects of the Trump Administration.

AMY GOODMAN: Now, can you explain why it is you think he was arrested now? What they are alleging happened something like five years ago under the Obama Justice Department, which decided not to charge Daniel Hale.

JAMES RISEN: That’s why I’m saying I think this is part of Trump’s escalation of the war on the press beyond anything we have seen before. They’re going back over every possible leak they can find, over every old open case and trying to escalate things beyond what Obama did. I think you saw that with the Julian Assange case, where the Obama administration had investigated him for years and never taken the final step of indicting him, and then the Trump Administration did so.

So I think you are seeing that the Justice Department, which has been under such enormous pressure from Trump on a wide range of issues, particularly the Russia investigation where he has constantly been pressuring one attorney general after another. I think that the Justice Department finds it much easier to give in to him on leak investigations than on other things. They are happy to go after journalists and their sources. And so they are satisfying Trump’s demand to punish the press for what he—he does not like bad press. He gets a lot of bad press. And so he is going after—he’s trying to punish the press in the ways that he knows he can.

AMY GOODMAN: You note that Daniel Hale faces up to 50 years in prison, while no one has been held accountable for the killing of civilians in drone strikes. Let’s specifically talk about what Daniel Hale is accused of revealing, what his time in Afghanistan was all about, the significance of his revelations.

JAMES RISEN: I think one of the things we have to understand is that there has been virtually no debate in the United States over the drone program, over the assassination programs that the United States has engaged in, both in Afghanistan and Iraq and elsewhere, since the War on Terror began. And one of the only ways we understand what has happened is through the press and through disclosures from people in the government who have told us what the secret programs are like. If it wasn’t for people like Daniel Hale, whistleblowers who came forward, you would have virtually no understanding of the entire War on Terror, and in particular the drone strike program. It is only through the disclosures in the press that we have understood what is happening. And that is the only reason we’ve had any debate at all.

People in Congress have been very reluctant to engage in any kind of discussion of classified information until it’s in the press. And so most of the oversight that you see on these programs only comes because there have been disclosures in the press, that people have stepped forward with some courage to explain what has happened. If you look back, at the beginning, the entire War on Terror was classified, and it’s only through a lot of different disclosures in the press that we understand what the War on Terror has really been about. ..."

A90210May 10, 2019 3:40 PM

"... Hale [appears to be] represented by Abbe Lowell who, along with being Jared Kushner’s lawyer, is also one of the best lawyers in the country on defending leak cases. ...
[from comments]
BobCon says:
May 10, 2019 at 10:32 am

If you were to take a rough guess at what it would cost to hire someone like Lowell for a case like this, what would it be?

I realize it can vary a lot depending on whether it goes to trial or if there is an offer to settle already on the table, just curious what kind of range we’re looking at here.

bmaz says:
May 10, 2019 at 10:49 am

Hard question. I know that nearly a decade ago his [ Abbe Lowell ] billing rate was already near $1,000/hr. It is certainly higher than that now. But no sane criminal lawyer bills hourly after the fact. I would expect a requested retainer in the vicinity of $750,000 to $1,000.000. And maybe make that initial retainer nonrefundable, with provisions to reseed it at defined intervals. And not just Lowell will bill against this, his associates, paralegals, secretaries, and investigators will too. The money can fly out the door in this kind of situation. Which is exactly why I ask the question of who is paying.


fpo says:
May 10, 2019 at 1:43 pm

Of course, the less the American public knows about what’s really going on in, e.g., the Middle East, the better. Or so it would seem:

“Trump’s executive order on drone strikes sends civilian casualty data back into the shadows” […]
“On March 6, President Trump signed an executive order that revoked the requirement, formulated under the Obama administration, that U.S. intelligence officials must publicly report the number of civilians killed in CIA drone strikes outside declared war zones.”

[ ]


“President Donald Trump has overturned an Obama-era requirement for intelligence officials to publish an annual report on air strikes in places like Yemen, Libya and Pakistan — a document that experts called the main means for publishing official information about CIA drone strikes.”

[ ] ..."

SpaceLifeFormMay 10, 2019 3:44 PM


" C) When you have copied files under a username not associated with you onto the drive and have got it out, copy the data to media that is relatively easy to destroy. "

Floppies and paper are easily destructable.
I guess knotted rope would work, but bandwidth poor.

Who?May 10, 2019 6:01 PM

@ vas pup

Why overwrite does not work? What is technology behind that?

The technology behind that is known as wear leveling.

onoffMay 10, 2019 6:29 PM

A few obvious points.

A USB thumbdrive is an electronic device. Hook it up to house power, or better yet 240 volts at 50 amps, and I'll bet it won't read well anymore.

Second, if you've even seen those "will it blend" youtube videos. Well, I'll bet a USB stick will blend... Or, the cheaper version, use a power drill.

Third, if all you want is to break custody from the USB stick to you, you don't have to erase it. Just tossing it into a river ought to work. Not good for the environment, littering and all, but it ought to work. Or for that matter, any public trash can.

Last but not least, they way USB sticks get passed around, it seems awfully easy to steal files, delete them, and then give the USB stick to a patsy. That way the government gets to arrest somebody and stops looking for you.

I'm really not a nice person, am I?

Nicholas WeaverMay 10, 2019 7:37 PM

There are some interesting things here. The very short time between initial publication and the search warrant shows the Feds were able to work fast, and I suspect it was helped considerably by the Intercept’s fetish for publishing documents.

Also at that point the Intercept knew their source was burned, but would dribble out documents over the next year+: If you think something is urgent, don’t go to the Intercept. Some documents were sat on for over a year.

But at the same time, why did the feds take so long to actually charge? I suspect a long drawn-out negotiation that finally failed, but it is still interesting that it was over 4 years before charging.

GuestMay 10, 2019 9:21 PM


First, congratulations. You've just fried the controller interface. A repair shop replaces it and they're good to go.

Second, data density these days makes for huge potential storage per surviving fragment (think electron microscope).

Third, the data is usually fingerprinted in ways that indicate who accessed it - so someone finds a thumb drive in the river (or trash can) that has classified intel on it "copied from this computer at this date when this person was logged on" . . . would the government throw up their hands in the air and say "Well, no way to tell who dropped this in the river/trash - dead end here!"?

Finally, the government would arrest your patsy AND you for criminal conspiracy.

DennisMay 11, 2019 3:10 AM

"The other thumb drive contained Tor software and the Tails operating system, which were recommended by the reporter's online news outlet in an article published on its website regarding how to anonymously leak documents."

It's unfathomable to think that the intercept could be in cahoots with the Feds over identifying these leakers. The fact that he was identified so quickly suggests either the reporting was deliberatedly tampered down or the Feds had other methods that remain unknown to the intercept. Given that they appear to take their act very seriously, it is unlikely the latter.

A90210May 11, 2019 3:45 PM

On how the mainstream media (MMM) cover whistle-blower leaks

"... JAMES RISEN: Right. I think one of the things that for many years has really bothered me is the way the mainstream media covers leak investigation stories. They cover it as if there is a hunt for a criminal, rather than a story about whistleblowers coming forward to perform a public service. And that has always bothered me in the way the press covers these things. It is as if they are joining in with the Justice Department and the prosecutor in hunting down a bank robber or something.

And so I think that’s a fundamental flaw in the way the press covers these things, is that they look at it as a crime rather than as an attack by the Justice Department on the press in the United States, which is what this is. This is yet another attempt by Trump, following up on the Obama and the Bush administrations, to do similar things, to silence the press and to silence whistleblowers on a very important issue, which is how does the United States go about deciding who lives and dies around the world?

I mean, it’s a frightening power that we in the United States have somehow by default given to the president and to the CIA and the Air Force, and it’s very scary to me that so few people, both in the media and in the general public, have been willing to engage in a real significant debate about this fundamental issue of who lives and dies. And I think part of it is that the drone program allows the United States to do this with very low casualty rates and to engage in wars around the world by remote control. And we have allowed that to continue because it is very convenient and easy for Americans to forget that it’s happening. And I think the Drone Papers project by The Intercept was a major public service to expose the way in which this occurs.

AMY GOODMAN: Daniel Hale becomes the third person charged with allegedly leaking information to The Intercept. The others are former Air Force linguist Reality Winner and former FBI agent Terry Albury, who leaked classified information about how the FBI aggressively targets potential informants. Now interestingly, the indictment does not name The Intercept or Jeremy Scahill, which suggests they don’t actually have the evidence there. But of course the Trump administration is leaking their names. Do you think they are trying to target, to take down The Intercept by making it an unsafe place for whistleblowers to turn to?

JAMES RISEN: I don’t know about that, and I can’t comment specifically, as I said, on this case. But what I can say is that The Intercept has continued to do very aggressive national security reporting throughout the last few years and is continuing to do so now.
We’re still working on major, very aggressive, very sensitive national security projects that hopefully will appear in the future. And I think if anybody thinks that it’s possible to silence us, then they don’t know anything about us.

AMY GOODMAN: What is the significance of Hale being charged under the Espionage Act specifically?

JAMES RISEN: The Espionage Act has been used both by this administration and by the Obama administrations. It’s a very crude weapon from the World War I era in which the government is able to take this very vague law that was designed for red-baiting after World War I and then for the McCarthy era of conducting communist era investigations. And they have turned it—instead of using it against spies, they now use it against people who talk to the press. And so basically the message that they’re sending is that talking to a reporter is the same as being a spy, which is a ridiculous abuse of the legal system, and it’s something that I feel very strongly about that has to change in this country, if we’re going to maintain an independent press. Because the way in which the Espionage Act is used—it’s a very crude weapon to try to silence people.

AMY GOODMAN: The New York Times, The Washington Post have been hailed as heroes, for example, when it comes to the Pentagon Papers. Daniel Ellsberg. It wasn’t, “How dare these papers do this?” It’s that these papers dared to defy those they hold accountable and those in power. At the time, it was Richard Nixon. Can you talk about the difference then and also briefly tell us what happened to you? This wasn’t during the Trump years; this was what happened to you during the Obama years. And this wasn’t when you were at _The Intercept, but at The New York Times.

JAMES RISEN: Right. I was subpoenaed by the Justice Department for a grand jury subpoena several times, and I refused to testify in a leak investigation involving stories I did on Iran and the CIA. Finally, I was subpoenaed to go to both a grand jury and then a trial and I fought those for seven years and appealed it to the Supreme Court. And I lost, ultimately, but I decided to continue to fight it even though we had lost in the courts. And in 2015, the government finally backed down and decided not to put me in jail for not testifying.

That experience, which lasted seven or eight years, led me to feel very strongly that we have to have some organizations in this country that protect journalists and their sources and we have to have more aggressive news organizations that continue to investigate the national security state in ways that some news organizations are no longer willing to or are reluctant to do. And that is one reason I’m very proud of The Intercept. I think we have continued very aggressive investigative reporting in the face of a lot of obstacles and at a time when a lot of other news organizations are not doing so.

AMY GOODMAN: Jim Risen, do you think that the other news organizations are hanging The Intercept out to dry? Do you feel you’re getting enough support from other news organizations?

JAMES RISEN: To me, that doesn’t matter. Frankly, I don’t care what other people say about me or about The Intercept. I think we’re just going to keep trying to do our jobs, and I think we should let our work speak for itself. And I think that is what I’m going to try to do. And in the future, people can try to match our stories. ..."

onoffMay 11, 2019 8:51 PM


It depends how you run the power through. We're talking about a USB stick. Inside all that plastic is something very small. Put enough power across it... Heck with enough voltage you can even make air conduct. And with enough amps (current) you can melt screwdrivers, even at low voltage like a 12 volt car battery. Sure, effectiveness is implementation dependent. But it's certainly viable.

Surviving fragments: That's a lot harder than it sounds. Even with old fashion disk drives, where you could just shine polarized light and look at the magnetic field bits with a microscope, it's still damn hard to reassemble data.

It would help if the leaker kept all the fragments together. On the other hand, if I drop a nail in my lawn, it's damn near impossible to find. I bet if those fragments were tossed out into the landscape, or a river, they'd never be found.

Data fingerprinting, stenography, etc: Okay, how are they doing it? Are they tweaking the low bits to encode a signal? Is this like printers and their yellow dots? Simply scanning & re-encoding as a jpeg will play merry hell with that. Are they changing content? That's a lot harder to implement, and you can do the same thing to change it back. All you really need is to get a few people to print the same document & hold them together up to the light to see the changes. Or something like ImageMagick's diff feature.

Once you know how they are tying documents to individuals, you can change your documents to make them look like they came from your patsy.

It's trivial to scan in a signed document and copy that signature to another document with the GIMP. There are youtube videos on it. Changing document fingerprinting isn't any harder.

And of course, this all makes it very easy to frame somebody. Which raises the possibility of foreign agents, in possession of classified documents, changing them to frame somebody and then using that to extort something more. Or our side framing folks to advance an individual's career, punish someone for quitting, etc.

MikeMay 12, 2019 2:58 AM

@A90210 quoted,
" It wasn’t, “How dare these papers do this?” It’s that these papers dared to defy those they hold accountable and those in power. "

This is an interesting dichotomy. It was commonly believed Pentagon Papers were released by no other than CIA, based on the fact it exposed largely Russian related foreign interests and very few exposures in the papers were USA based.

What they exposed were largely unpunished because the papers were inconclusively used as evidence. In addition, when it comes to "oligarchs" of various nations, they are powerful enough to have altered the rules to fit their likings despite such exposures and they certainly would not have prosecuted themselves.

thus, one can conclude the pentagon papers were a publicity stunt release to undermine certain foreign oligarchs but seemed to have not accomplished its goals.

vas pupMay 13, 2019 1:04 PM

@Who? • May 10, 2019 6:01 PM
Thank you!
Why this technology working differently for magnetic media and flash drives?

TIARA GNOMEMay 14, 2019 2:44 AM

@ Clive Robinson

You are right. Many people who have jobs for certain organizations only know their tiny corner of the security field. And some of them make a poor decision based upon the fantasy that they can betray their boss and country and escape the Eye. If you put on the ring of power, the eye sees you.

Snowden Hobbit was the last one to make it away, and he pretty much brought down the whole operation for a bit, it seems. But Snowden Hobbit won't end well.

People who raise their right hand should follow through with the immense responsibilities they have taken up.

If they can no longer do their duty, especially because they are suddenly violating the U.S. Constitution, for example, then they should sign that non-disclosure agreement and walk away.

throwaway190514May 14, 2019 9:54 AM

@Clive Robinson

Re burning a CD/DVD ...

I heard that CD burners write their serial numbers in the CDs burnt.

Re destructively sanitizing thumb drives for disposal ...

I think you're making it more difficult than it is. If you drill a hole through the chip, or use a rotary tool with a grinding stone to grind it into dust, it should be neigh impossible to recover any info in it.

Clive RobinsonMay 14, 2019 5:25 PM


If they can no longer do their duty, especially because they are suddenly violating the U.S. Constitution, for example, then they should sign that non-disclosure agreement and walk away.

Also if they do get caught, breaking the public law or rules there should be real penalties not a "tut tut scouts honour". For instance those who get caught, should get the same penalties the USG is pushing onto what they see as whistle blowers upto and including those punishments various senior politicians have claome the likes of Snowden and Assange should receive.

That is there is a social contract, as with all contracts there should be equity. Further the politicians, and government entities work for the people not the other way around, and the judiciary has no right to chease pare or salami slice the rights of those domiciled in or withon the boarders of the USA. Further US legislation and it's aplicability should be held within it's boarders. The US legislators have no right to impose their view on the rest of the world, I should have thought they would have understood this because as far as I am aware every US school child is taught about "No Taxes without representation". Further there should be no secret laws or judicial decisions, they are totally and uterly destructive to society. Further no Federal or State law enforcment or other agency employees, subcontractors or others working directly or indirectly for them should in any way expect immunity from their actions. That is they should not expect an automaric "get out of jail free card".

But more subtly every time they bring action to caught against individuals they must prove their case or be subject to significant sanctions. At the very least they should not only pay all the defendents legal and other related costs, they must pay significant sums for damaging an individuals reputation, social standing and mental harm.

If this is not done then there is no incentive for officials not to use faux charges to destroy individuals or get perverse judicial decisions. Repeated offences should have a "three strikes and out" where the individual is then prevented from not just bringing, but be involved with any prosecution by federal or state entities, nor should they be alowed to stand for any political office.

But formost is that 'striking deals' by Plea Bargaining should be stopped entirely, it is inhumane as it is a significant and unjustified method of coercion by method of mental tourture, that we know has driven people to suicide. Therefore it has absolutly no place in any judicial system at any time.

Oh and any judge found to have had contact with comercial organization that run prisons should automatically be disbared and such organizations should likewise be barred permanently from running any prison or related system. Further the officers of the company should be prosecuted and given jail time for corruption and bribary, and they should not be able to buy their way out with fines because they will only be paid from inflating costs at the tax payers expense.

Unfortunatly none of the above will happen, as should be obvious to most in the US who care to read and think for even a few minutes must realise that with very little exception the folks on the hill are corrupt beyond any excuse. As the old saying has it "Birds of a feather fly together" and they look after their own and those enriching them in various ways.

As I mentioned a few days ago John Bolton, was responsible for getting no limits put on election funding. Thus he is almost single handedly responsible for opening the flood gates on political corruption.

onoffMay 14, 2019 6:09 PM

@vas pup
> Why this technology working differently for magnetic media and flash drives?

We can take apart a disk drive, pull out the platters, and look directly at them. They're flat. If you bounce polarized light off a disk platter, the polarization will change depending on the magnetic field and you can use that to visually see magnetic fields, as in non-destructively visually see the individual bits written to the platter. Granted, you'll need a microscope. But you can automate the process, and run image processing to automatically recover data. It's straightforward enough, although very time consuming.

Flash drives are another matter. Very different technology. Much harder to directly access the media. There may be ways to read 'em other than the default USB interface... But I don't have the slightest idea how you'd do that to a partially destroyed USB stick. Not even the physics of how you'd do that. And it's much harder to figure out where the data you want is located.

With magnetic media, dd if=/dev/random of=/dev/hd... will nicely and completely fill your harddrive with random data. These days there are no overwrites on the edges from misalignment to try to recover. Your data is G-O-N-E, wiped out completely forever. And the platters themselves are made of glass. They shatter. Good luck with that jigsaw puzzle! Or powerful magnetic fields will make short work of your data, erasing everything almost instantly.

USB-sticks, on the other hand, well the new data is written to a new block, and the old block is marked for re-use as part of the wear-leveling. As in your data is still there. So erasing data is really hard. Even secure-delete programs that overwrite your data won't work, as the overwrite data gets written to a new block and the old block is merely marked for reuse. And there are spare blocks. Lots of them that you can't access. So even if you fill the whole drive with /dev/random, your data can still be in there. You just can't access it from the USB interface.

> If they can no longer do their duty, especially because they are suddenly violating the U.S. Constitution, for example, then they should sign that non-disclosure agreement and walk away.

That's kind of what we're all wondering about here. If you walk away, are you then blamed for leaks, possession of CP, etc? And is the blame justified? Or is it a frame up job? Are you a lesson to others not to walk away?

An awful lot of this "evidence" seems awfully easy to forge. You have a copy of Tails, therefore you are a traitor to your country sort of thing.

Security seems to be what the vendor's hype machine tells the pointy haired boss, not what the local hacker tells or shows you. A lot of the time it's all smoke and mirrors. Everybody knows that. Nobody says a word, for fear of being arrested. It's like a real life version of the Emperor's New Clothes.

It's a situation that lets very bad people do very bad things while others take the blame. Not good at all.

And meanwhile everyone is afraid of the latest witchhunt.

Clive RobinsonMay 14, 2019 7:57 PM

@ throwaway190514,

I heard that CD burners write their serial numbers in the CDs burnt.

It's not an unreasonable suposition to work from for all data storage technology. Think about various programs from Microsoft etc writing headers with huge amounts of identifing data hidden away in file formats.

However CDs and DVDs are fairly easy to destroy with a glass with a 100ml of water in it and a microwave oven. Just put it on max power max time and hit the start button. Then get out the door before the fumes raise your cancer risk or have other "Toxicological Disadvantages".

You can even have fun with some "liquidisers" and some flamable spirits. Which can fairly quickly turn CD/DVDs into "fire starters". Even a kitchen electric toaster set to max will have unfortunate consequences on their subsequent readability.

Older floppy disks such as 5 1/4 and 8 inch that don't have the annoying metal bits are even easier to destroy very quickly and with little or no remains.

Even hard drive platters that are often made of thin glass can be destroyed with a pocket lighter as you get the coating well above it's Currie point, and almost as quickly can be crunched/splintered into tiny fragments.

Which brings us back around to Solid State Storage such as the chips on thumb drives and hard drive replacments. As you observe,

If you drill a hole through the chip, or use a rotary tool with a grinding stone to grind it into dust, it should be neigh impossible to recover any info in it.

Have you tried it? I have and although it can be done you have issues to do with getting a drill of sufficient size to do the job without it "snatching" and tearing the flesh from your fingers. Worse is some solid state memory devices contain "thermally conductive potting compound". Put simply it gets it's thermal conductivity due to using a loading material like powdered quartz. Quartz is known to eat even dimond and carbide tipped tools.

But also it's a very slow potentialy dangerous and unreliable process, all of which makes it not appropriate for most people to use. It's also not a method you can use in a hurry or at the flick of a remote switch unlike many of the above. Thus you are not going to be able to do "data destruction" whilst they beat down your door nor are you going to be able to use your escape route (you do have one don't you?).

There's a lot of thought you have to put into your OpSec if you don't want to rot in jail on a fifty year --effectively life-- tarrif. Drills and grinding bits just don't fit in with the OpSec.

Oh and one last thing, PC's with USB are almost guaranteed to have lots of Flash ROM in them, kind of ideal for surveillance-ware to be hidden in, that even most experts would miss. Older hardware that has only floppy drives and Parallel IDE --not serial-- hard drives are no where near as likely to have hiding places for Surveillance-ware. It's knowing little things like this that keeps you ahead of the hounds in "The Great Game" which whistleblowing has now become.

onoffMay 15, 2019 5:40 PM

@ Clive Robinson

> I have and although it can be done you have issues to do with getting a drill of sufficient size to do the job without it "snatching" and tearing the flesh from your fingers.

Umm. I'd put it in a vice. I'm not exactly worried about squeezing it too hard.

> There's a lot of thought you have to put into your OpSec if you don't want to rot in jail on a fifty year --effectively life--...

It's worse than you realize. Heard one story, from reliable news sources, about a fellow convicted of CP. He didn't have any CP. He had a destroyed USB stick. They called it destruction of evidence and convicted him of CP anyway based upon the destroyed USB stick.

Seriously, just put the damn thing in a blender and dispose of the powder down a drain, into the air, into your lawn, etc.

Clive RobinsonMay 16, 2019 8:44 AM

@ onoff,

Seriously, just put the damn thing in a blender and dispose of the powder down a drain, into the air, into your lawn, etc.

Not "your" clothes, drill, vice, blender, drain, lawn or anywhere else related to you, as I originaly indicated you do have an issue with proper disposal disposal.

The dust from IC packaging is fairly unique chemical wise, and easily gets embeded in places where cleaning it away is at best difficult. The likes of the FBI will nodoubt at some point make claim as they did with bullet metal composition[1] and numerous other "trace" evidence that it can be used as positive proof. That is not just a "fingerprint" but one that is not just comparable in a vey limited "batch" but also "traceable" to a range of manufacturers etc, so is in effect a "serial number" so conclusive proof for tracability back even to purchase. So you don't want it around you, your cloths, your property or work places or any other place where people know you have been. You also don't want to have the tools no matter how cleaned up in your posession, because they are not "common household items" in the minds eye of the majority, so unlike a Microwave oven possession of tools can easily be portraied as suspicious, if not argued to proof positive.

The problem with the "dust" is trace analysis and contamination and how far many career oriented people will go to prove a case. Look up the "Jill Dando Killing" and the man[2] first convicted then cleared of the murder (and the judicial "old boy network" kicking in to deny compensation).

The man appears to have not only had several mental disorders, but a low IQ and could easily become not just confused but suffer significant physical pain when put in anxiety producing situations. As with many wrongfull convictions the police had picked him up as a suspect simply because he lived in the area and was known to them. They fairly quickly droped him from their enquires only to come back to him later as they got despetate to show results and the adverse publicity ment they had to have a "suspect" and as they say "any suspect would do". They then went about not building a case based on the facts of the case but by building a case against the man and his differences to the mythical "normal man". For instance there were claims he kept newspapers with pictures of female celebraties in suggestive clothing in them, which of course ment he was a pervert / stalker... Well what they did not mention was that he lived in what some would consider a slovenly state and had lots of newspapers stacked around a hording habit is common with many forms of mental illness such as depression that efects around a quater of the population. Also that not all the newspapers had "girlie pics" in them or that "girlie pic" pictures of female celebraties in minimal cloathing in free and cheap red top newspapers are very very much the norm rather than the exception as they increase circulation figures (look up Rupert Murdoch of News Internationals comments about "tits and bums").

The only pieces of alledged "evidence" from the actual crime was a single microscopic speck of alleged gun shot residue and a questionable fiber of fairly common origin. As proof of anything, they only real proved the failings of the "bad science"[3] of forensics and likrwise that of "handeling of evidence" rules and real implamentations[4].

Which brings us around to your point of,

He didn't have any CP. He had a destroyed USB stick. They called it destruction of evidence and convicted him of CP anyway based upon the destroyed USB stick.

This is the way "get the perp" or "show trial" prosecutions work, "Justice has to be seen to be done" not actually done, it's little more than a formal lynch mob. Usually conviction is not by evidence but character assassination and turning minor behaviours into "sign of guilt" and argue it up to "proof of guilt" in a form of bear-baiting mass media entertainment. The UK had one with "wierd faux science" and worse that was "Operation Ezdell"[7].

The more news worthy the crime or the less ability the accused has to defend themselves the more likely it is to happen. Also the more resources will be devoted to "get the perp". As a possibly extream example work out how much money the US Gov has used in it's pursuit of Whistle blowers and journalists this century. It easily exceads billions of USD when you add in the "political manipulation" of entire countries.

Thus if there is even a microscopic item of IC packaging dust, it will be found, and worked up to "proof positive", because "heroic officers fighting the odds" makes good copy, and great publicity not just for the officers careers, but the agency, and most importantly the politicians...

The reality is that all too frequently innocent people get rail-roaded into jail or plea deals and those responsible walk away even when their misconduct has been found to be criminal.

It's why more and more people in the US are loosing faith in the US Justice process, and raising not just eye brows but questions about the number and types of people in prison and the safety of their convictions. Similarly the UK and other countries where politicians beat the "hard on crime" drum.

[1] The FBI forensics labs have a history of "bad science" and it knows this and just laughs it off. Thus in effect the FBI has no qualms about committing perjury, as more recent cases have shown. The example of "bad science" forensics that some will remember is the claims the FBI made about the composition of the alloys used in bullet manufacturing. When "good science" was used the FBI forensic lab claims evaporated as they had with their other exposed "bad science" (expect this to get orders of magnitude worse with Computers and Communications, especially AI).

As I've remarked before forensics is littered with examples of "bad science" for a number of reasons. Firstly bad science is almost always a lot less expensive than good science. Secondly science good or bad is mumbojumbo to most judges and juries thus can be talked up from compleate nonsense to absolute proof by prosecuters with the charisma and averacious mentality of Cargo Cult Leaders. Thirdly bad science techniques are almost always very far from robust, thus can easily be "fritzed" with just a little knowledge that first year undergraduates in the physical sciences would have, or the more curious high school students.

There are quite a few more reasons but most importantly forensic science works in the wrong direction, that is it moves from effect to cause... Which is very much the wrong direction, not just for science but deductive logic. Because it is not a "reducing" but "expanding" process and very quickly becomes an argument of "opinion" not "science".

The clasic examples of such bad science forensics are the old gold standards of "pour patterns" and "fingerprint matching" as prima facia evidence argued as proof positive... When in fact they are anything but.

In order "not to kill the golden goose" those involved failed to carry out "disproving experiments" for generations. When they were carried out both "pour patterns" and "fingerprint matching" were found to be sevearly wanting at best and down right dishonest in the main. Both failed the simplest of proving tests that is the "Double blind test" so routienly used in other branches of science that you have to honestly ask why "forensic science" does not use it...


[3] One of the examples of bad science in forensics is the implimentation of the "contact/exchange principle". Dr. Edmond Locard's Exchange Principle is concidered the primary if not foundation touch stone of forensics and although intuitively obvious it's actually used as quite bad science and it's implementation usually rests on several false assumptions. Basically it says that if objects come into contact they exchange trace evidence, which can be shown to be actually not true in all cases. Thus the first failing or false assumption on finding any trace evidence is the trace evidence is actually indicative of contact. It's actually nothing of the sort, if you find blood on two objects, it does not in anyway mean that the two objects had contact at a given point in the space and time of the crime scene. This ambiguity holds even if the blood is the same as far as your forensic tests alow checking. Thus you actually have to rule out several things. The first is there was no other point in time and space the two objects could come into direct contact, secondly that the contact was not indirect at another point in time and space, third that the "trace" that is exchanged did not independently come into contact with the two objects, fourthly that your tests are sufficient to make the contact "trace" uniquely identifiable, not just in of it's self but also in time and space, fifth your tests are robust in the presence of contamination. All these points are usually "glossed over" or quite deliberatly ignored and thus deliberately hidden from the "tribunal of truth" that the jury is, which is a form of lying thus perjury.

[4] Another couple of bad science issues with forensics is "system noise" and "result interpretation"... Importantly as any communications engineering first year undergraduate can tell you, measurment uncertainty increases as you aproach the noise floor. It applies to all tests no matter what they are. As a number readers on this site know when the quantity tested is sufficiently small it can be used as a method of "perfect secrecy" in Quantum Cryptography. Thus as the size of the "trace" decreases the contact principle drops rather rapidly from "maybe" to "impossible to know" more quickly than forensic practitioners would in the main care to admit. But this is where more bad science enters when it comes to interpreting the results, probabilities are involved and you have to ask what they are both in the sample being tested but importantly in the general population (remember the FBI argument about trace cocain in US paper currancy, that eventually was thoroughly debunked). But you also need to ask the same question along the entire "chain of evidence". It turns out somewhat unsurprisingly that the risk of cross contamination goes up significantly with the length of the evidence chain and time in it prior to test. Likewise it gets way way worse with decreasing size of trace tested. In other words the principles of entropy apply not just in time but distance of handeling.

Often cross contamination or degredation is worst at the forensic lab where they "play at science" and cross contamination prevention techniques quickly become a sick joke[5]. Due to "competative tendering" the test labs minimise costs, thus one of the first things that gets thrown on the cost reduction bonfire is correct handeling techniques for evidence, especially microscopic trace evidence. But obviously the prosecution, police and test labs don't want the "tribunal of truth" that the jury is, to know this. Because "justice has a cost" and politicians want two things, increased imprisonment with hard sentancing, to show they are "tough on crime" and "minimal spending" so they can save taxpayers money for more important things like "bribes" of various forms.

[5] Consider the standards used in even the best of forensic labs to the cross contamination proceadute of Level 4 labs used for chemical weapons development labs, and contagious disease labs. Where those working in the labs have a very realistic appraisal of cross contamination risk because getting it wrong could kill them or others rather quickly and very very unpleasently. But have a look at the last death related to lab environments in the UK with small-pox (Janet Parker [6]) and diethial mercury (Prof. Karen Elizabeth Wetterhahn PhD in 1997)



Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Sidebar photo of Bruce Schneier by Joe MacInnis.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.