Episode 201: OPSEC!

Download the video! (21:44, 43MB)
The companion file! (51MB)

Nearly all colour laser printers leave a pattern of tiny yellow dots all over the paper. These dots contain information about the printer and perhaps also about the time and date of the print, the IP of your computer and who knows what else. These codes are in there for at least a decade and the EFF has complained in vain. Reality Winner got cought with these dots – but perhaps they would have found out about her a bit later without them.

The EFF has a dorky video about that.

I have a laser printer in my office at school. What does it tell about me? I research that with help of GIMP 2.9 – which looks terrific and has a lot of nice new stuff on board.

And of course you get to see some of these new features.

The companion file contains the scan of the Ordnungsmaßnahmenverordung in different resolutions and the XCF file with the revealed code. The last paragraph on the page gives me the right to take away your phone and hand it back to your parents after a reasonable time – if it beeps again in my class. (A lot of kids would prefer the cane over this….  😉 )

I forgot about the serial number of the printer – this will be updated soon.

The TOC:

00:00:00 Intro

00:00:50 Leaking from the NSA
00:01:35 Little yellow dots on laser print
00:03:00 Gimp 2.9 fired up
00:03:30 Search for the yellow dots
00:04:20 Colour Channels
00:06:00 Extract a colour component
00:06:40 Split view – new in filter dialogs
00:07:15 Searching for the pattern
00:07:55 New things in the layer dialog
00:08:30 Searching for the pattern
00:10:10 Crop tool
00:10:30 Measuring the pattern
00:11:35 Adding a precise grid
00:12:45 30 bytes of data in the yellow dots!
00:14:00 What’s not in the code?
00:15:00 Printing leaves traces
00:16:25 Blunder of “The Intercept”
00:17:00 Anonymising a scan with the threshold tool
00:18:30 The mono mixer for getting red back in
00:20:00 Return of the Minox for leakers?
00:21:00 We need a guide about OPSEC!
00:21:44 End of video

Meet the GIMP Video Podcast by Rolf Steinort is licensed under a Creative Commons Attribution 4.0 Unported License.
Permissions beyond the scope of this license may be available at https://meetthegimp.org.

7 thoughts on “Episode 201: OPSEC!

  1. The laser printers we have at work do have this function as well, it’s called “counterfeit propagation avoidance”. After c’t, a big german computer magazine, mentioned it in conjunction with the nsa stuff, we checked our prints out of curiosity and there were no dots, but the printers are undoubtedly on the EFF “bad” list. Turns out, you can configure this function with certain firmware versions. The printers web interface does not list it, of course, but the value can be changed via a direct url call, either to off, mark-on-print, mark-on-copy or both. Interestingly, the latest windows printer drivers will stop working in the off or mark-on-copy only setting, but you can still print from Linux just fine.

    By default the setting is in both-mode after each powercycle, but seems to get disabled during maintenance. The last guy to do maintenance apparently forgot to reset the machine after he finished and left it in the disabled mode.

  2. Thanks for this very interesting and revealing show, Rolf. As a precaution I have immediately checked the prints of my inkjet printer. Thank goodness, they are clean. So I can print conspiratorial flyers, if I should ever feel the need for it 😉

    • Color inkjets were already too common and there were too many different manufacturers by the time secret services realized that printouts are hard to track. And back then, the maximum resolution of color prints was not as high as today, so the micro-dot method wouldn’t have worked reliably. There’re other methods, like modifying printed dots in subtle ways to encode data (steganography), but but both in-printer and in-pc cpu power was not high enough back then, and then again, there were too many producers to apprehend. As color lasers were being rolled out, it was made sure that key persons at most manufacturers were approached early on (and probably a lot of money flew).
      The micro-dot method itself is nothing new, both east and west Berlin spies used it back in the 50th and 60th. Berlin newspapers on both sides had on their front page below some of the big dividing horizontal lines micro-dots being printed. As the data was one-time pad encrypted, there was no danger in spreading it around and for a spy it’s much less suspicious to buy a newspaper at a random kiosk then to retrieve an encrypted letter from some predefined storage. To send a reply, you only needed one person in the printing office and even the journalists and writers of the newspapers were out of the loop. But as this method was too slow, especially in the 60ths with the missile crisis and everything, it was abandoned in favour of less concealed but much faster encrypted radio number stations. But apparently, it’s still being used today from time to time in some countries.

      • Steganography is another nice topic. I read about e-Bay listings as a way to publish the images hidden in plain sight. On the other hand, as far as I recall, eBay does mangle the images and that would kill the data.

        Oh, I recall these number stations. “Achtung——drei—–fünnef—“

    • If I wanted to print something nasty, I would buy a cheap ink jet printer and paper – pay cash of course. Print the stuff and then get rid of the printer and the remaining paper. Writing and printing on a Raspberry Pi – and then dump that SD card also. Using a face mask and gloves all the time.

      Better not risk my pension….. 😉

  3. Great Episode!
    Yellow-dot-topic topic interesting and very well presented.

    I’m also interested in the Kdenlive-episode planned in the future.
    The new gimp also looks quite interesting, especially the many different ways to handle color / the many colomodes looks pleasant to me.

Anything to add from your side of the computer?