Some people know that larger laser jet copiers and printers contain a hard drive that stores an image of everything that was printed or copied, and that these images can be used forensically to find the source of a document. Did you know that color laser printers and copiers print tiny invisible dots of information on each sheet of paper that passes through the printer? This information is known as metadata, and is usually embedded into the printed page using a system of invisible yellow dots that fluoresce under ultraviolet or blue LED light. As such, it is a form of steganography or hidden writing. Information about the printer manufacturer, model and serial number are encoded on the page. If you registered your printer with the manufacturer for warranty purposes, this information ties your printer, and the printed output, directly to you.
This is used by law enforcement to track printers and copiers used in money counterfeiting operations. But this information has also been used in other criminal investigations to link printed pages to the human who printed it through their printer as well. For example, this is how the FBI caught NSA whistleblower Reality Leigh Winner.
The Electronic Frontier Foundation (EFF) tried to keep a list of affected laser printers, but gave up, and posted this statement.
“Some of the documents that we previously received through FOIA suggested that all major manufacturers of color laser printers entered a secret agreement with governments to ensure that the output of those printers is forensically traceable. Although we still don’t know if this is correct, or how subsequent generations of forensic tracking technologies might work, it is probably safest to assume that all modern color laser printers do include some form of tracking information that associates documents with the printer’s serial number.”
At TU Dresden’s Chair of Privacy and Data Security, researchers Timo Richter and Stephan Escher have created software that will allow individuals to make changes to the metadata, and anonymize the source of the documents. This tool is called Dot Extraction, Decoding and Anonymisation (DEDA). You can read their paper detailing its inner workings. This ability would give whistleblowers a bit of protection form forensic document analysis by those looking to track down the source of an information leak.
So now you know how police and other agencies can use the hidden metadata on documents to find the printer they were printed with, and trace the source back to a human suspect. If you are planning to rip the cover off a corporate or government secret, you may want to be careful what and where you print out any documentary evidence. It would be pretty easy for this information to be traced back to you.
More information:
ShareJUL
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com