The Intercept’s Russian hacking report also seems to be a good example of how not to handle leaks by Laura Hazard Owen.
From the post:
On Monday afternoon, The Intercept published a bombshell story: “Top-secret NSA report details Russian hacking effort days before 2016 election.” The story — later confirmed by CBS — reveals that “Russian military intelligence executed a cyberattack on at least one U.S. voting software supplier and sent spear-phishing emails to more than 100 local election officials just days before last November’s presidential election, according to a highly classified intelligence report obtained by The Intercept,” and includes PDFs of the NSA’s report.
…
The story is a potentially huge one, providing the most evidence we’ve seen thus far that the Russian government attempted to influence the outcome of the U.S. election in ways beyond just spreading misinformation (and Russian president Vladimir Putin had even denied his government’s role in that). But another story is emerging around The Intercept’s story as well: By Monday evening, a 25-year-old federal contractor, Reality Leigh Winner, was charged with leaking the documents (the first criminal leak case under Trump). If Winner was indeed The Intercept’s source, there are questions about whether The Intercept could have done more to protect her — starting with those PDFs it published as part of its story.
…
FYI, the Intercept has a huffy denial at the end of Owen’s post. Huffy enough to confirm they screwed up.
In the rush to publication, the Intercept failed to observe basic information hygiene with regard to the leaked PDFs. Leaked PDFs included printer steganography that enables tracing the printer.
Numerous other failures, such as the alleged source using their work computer to leak the documents, etc., were also present.
Enough errors, between the Intercept and its alleged source, to make you think dead pages advising on how to leak properly aren’t enough.
Suggestions on how to effectively educate people on proper leaking techniques?