FBI's Washington Post Investigation Shows How Your Printer Can Snitch On You (theintercept.com)
- Reference: 0180635366
- News link: https://hardware.slashdot.org/story/26/01/21/2342252/fbis-washington-post-investigation-shows-how-your-printer-can-snitch-on-you
- Source link: https://theintercept.com/2026/01/21/fbi-washington-post-perez-lugones-natansan-classified/
> Federal prosecutors on January 9 charged Aurelio Luis Perez-Lugones, an IT specialist for an unnamed government contractor, with "the offense of unlawful retention of national defense information," according to an [2]FBI affidavit (PDF). The case attracted national attention after federal agents investigating Perez-Lugones [3]searched the home of a Washington Post reporter . But overlooked so far in the media coverage is the fact that a surprising surveillance tool pointed investigators toward Perez-Lugones: [4]an office printer with a photographic memory . News of the investigation broke when the Washington Post reported that investigators seized the work laptop, personal laptop, phone, and smartwatch of journalist Hannah Natanson, who has covered the Trump administration's impact on the federal government and recently wrote about developing more than 1,000 government sources. A Justice Department official told the Post that Perez-Lugones had been messaging Natanson to discuss classified information. The affidavit does not allege that Perez-Lugones disseminated national defense information, only that he unlawfully retained it.
>
> The affidavit provides insight into how Perez-Lugones allegedly attempted to exfiltrate information from a Secure Compartmented Information Facility, or SCIF, and the unexpected way his employer took notice. According to the FBI, Perez-Lugones printed a classified intelligence report, albeit in a roundabout fashion. It's standard for workplace printers to log certain information, such as the names of files they print and the users who printed them. In an apparent attempt to avoid detection, Perez-Lugones, according to the affidavit, took screenshots of classified materials, cropped the screenshots, and pasted them into a Microsoft Word document. By using screenshots instead of text, there would be no record of a classified report printed from the specific workstation. (Depending on the employer's chosen data loss prevention monitoring software, access logs might show a specific user had opened the file and perhaps even tracked whether they took screenshots).
>
> Perez-Lugones allegedly gave the file an innocuous name, "Microsoft Word - Document1," that might not stand out if printer logs were later audited. In this case, however, the affidavit reveals that Perez-Lugones's employer could see not only the typical metadata stored by printers, such as file names, file sizes, and time of printing, but it could also view the actual contents of the printed materials -- in this case, prosecutors say, the screenshots themselves. As the affidavit points out, "Perez-Lugones' employer can retrieve records of print activity on classified systems, including copies of printed documents." [...] Aside from attempting to surreptitiously print a document, Perez-Lugones, investigators say, was also seen allegedly opening a classified document and taking notes, looking "back and forth between the screen corresponding the classified system and the notepad, all the while writing on the notepad." The affidavit doesn't state how this observation was made, but it strongly suggests a video surveillance system was also in play.
[1] https://slashdot.org/~alternative_right
[2] https://storage.courtlistener.com/recap/gov.uscourts.mdd.597298/gov.uscourts.mdd.597298.1.1.pdf
[3] https://www.theguardian.com/us-news/2026/jan/14/fbi-raid-washington-post-hannah-natanson
[4] https://theintercept.com/2026/01/21/fbi-washington-post-perez-lugones-natansan-classified/
This is not about "your printer" snitching (Score:3)
He worked in some super-secret place and they had auditing in place on the printers. Your printer probably is spying on you, but not in this way.
Re: (Score:2)
Regular home-office printers do not even have non-volatile storage.
Re: (Score:2)
Not quite the same thing, but If you print your threat/demand/ransom in color, a document is traceable to the specific printer.
Re: (Score:2)
And that is why you stay black and white if you do not want the printer serial in yellow dots on the paper.
A lot of practical OpSec is just knowing how things work.
Re: (Score:2)
I read somewhere years ago that all printers create a watermark of sorts on every printout that is not detectable with human eyes, as per a law that was passed. A series of light dots are used throughout the printout that identifies the printer and other information. Perhaps this is what gave the documents away as well.
Re: (Score:2)
Wrong and wrong. Yes, you need a magnifier and need to know where to look. But that is it. No, black & white printers do not do it and competent people have looked and it would have been noticeable. This is not magic. The reason for the mark is counterfeit paper money printed in color printers.
Reference: [1]https://en.wikipedia.org/wiki/... [wikipedia.org]
[1] https://en.wikipedia.org/wiki/Printer_tracking_dots
Re: (Score:2)
Well I had that completely wrong then. Thank you for the updated info. LOL, I thought that was true for years.
Surveillance system (Score:2)
> The affidavit doesn't state how this observation was made, but it strongly suggests a video surveillance system was also in play.
Forgot to cover that little laptop camera with tape, did we?
Remember all those stories years ago... (Score:3)
There would be things like government offices and doctors offices and banks and such that would sell off old printers, or more usually, a leased printer being sold on the used market after it was replacedd, and the local hard drives in those things would have years worth of printed documents stored on them? That's still a thing, but now there are printer and "enterprise output management" systems that can help reign in silly things like some idiot printing 53 collated copies of an 1100 page document five times, or tracking down who printed that check that some random person cashed at a check cashing place next state over, or what idiot winner was printing classified documents and giving it to The Intercept.
There's only one safe way to exfiltrate from SCIF (Score:2)
And that's to memorize the info. I don't think they can yet scan your brain for retained info.
Of course, the bandwidth of this method is low, depending on how much you can memorize at a time.
Re: (Score:2)
Yes. And some people can actually do it in a way that matters. Obviously, even then it needs to be very targeted and low-volume.
Not a crime (Score:1)
Is there something wrong with retaining classified documents? All the bigly important people do it.
Re: (Score:2)
It is a crime. [1]18 US Code Section 1924 - Unauthorized Removal and Retention of Classified Documents or Material. [thefederal...orneys.com].
[1] https://www.thefederalcriminalattorneys.com/classified-documents
Re: (Score:2)
From the above link:
> Retention refers to keeping or holding onto classified documents or material beyond the authorized period or without proper clearance.
Anecdote: Back when I started to work on black projects, a mentor told me the following story. He was working on a project report and turned it in to his boss Friday afternoon. Over the weekend, a few new ideas popped into his head. On Monday, he jotted them down and went to his boss. "Could I get my report back and attach these notes to it?" His boss replied, "Sorry, You're not cleared to see that."
It may have been an apocryphal story. But it carried an important message: What you may
Re: Not a crime (Score:1)
If you're big enough for the FBI director to do you a solid and declare it a non-issue, I suppose it isn't a crime at all. I'll just go ahead and let *you* test that theory though.
Surprise! Print servers serve printers and keep... (Score:2)
...archives. It's not even the printer itself that would do this, but the print server, print queue on the local box, and probably third party logging/archival tools.
To be surprised by this is to be surprised by the idea that video cameras record video to a central server and might also have some local storage.
Re: (Score:2)
> It's not even the printer itself that would do this, ...
Actually, that's incorrect - and it's been a security concern some people have warned about for quite some time. Most multifunction printers contain hard drives, and those drives often hold onto copies of files long after they've been printed.
Doesn't cups let you do that too? (Score:1)
I remember messing with a linux box for a print server and nas for my parents 20 years ago and coming across a configuration option to retain jobs sent to the printer (in postscript, of course).
Maybe I'm imagining it. Or maybe if you dig deep into the weeds of the printer, maybe it's running cups under the hood, or the windows print server active directory whatever they got going has an analogous option.
Supposedly Reality Winner's trial for similar shenanigans revealed the following gem: on her office compu
Re: (Score:2)
There is really nothing special in retaining print jobs. What you mostly need is a lot of storage. No idea whether CUPS does it out of the box, but CUPS can spool to disk and making copies of that is very easy to patch in.
Surprised (Score:2)
Would have expected these systems to flag and lockdown the moment it detected something like a screenshot taking place. It's not like it's a novel idea to bypass security.
Re: (Score:1)
Honestly surprised they care at all about state secrets these days. There must be some reason they went after this person and not all the public people who publicly leaked information in public ways.
Re: (Score:3)
Yes and he gave the documents back and they said ok we're all good.
The other guy kept saying what documents?
Re: (Score:2)
I would have expected these systems to have disabled the screenshot ability. At the very least the systems should mimic what DRM videos did 20 years ago and not be able to screenshot certain portions of the screen.