FBI's Washington Post Investigation Shows How Your Printer Can Snitch On You

alternative_right quotes a report from The Intercept: Federal prosecutors on January 9 charged Aurelio Luis Perez-Lugones, an IT specialist for an unnamed government contractor, with "the offense of unlawful retention of national defense information," according to an FBI affidavit (PDF). The case attracted national attention after federal agents investigating Perez-Lugones searched the home of a Washington Post reporter. But overlooked so far in the media coverage is the fact that a surprising surveillance tool pointed investigators toward Perez-Lugones: an office printer with a photographic memory. News of the investigation broke when the Washington Post reported that investigators seized the work laptop, personal laptop, phone, and smartwatch of journalist Hannah Natanson, who has covered the Trump administration's impact on the federal government and recently wrote about developing more than 1,000 government sources. A Justice Department official told the Post that Perez-Lugones had been messaging Natanson to discuss classified information. The affidavit does not allege that Perez-Lugones disseminated national defense information, only that he unlawfully retained it.

The affidavit provides insight into how Perez-Lugones allegedly attempted to exfiltrate information from a Secure Compartmented Information Facility, or SCIF, and the unexpected way his employer took notice. According to the FBI, Perez-Lugones printed a classified intelligence report, albeit in a roundabout fashion. It's standard for workplace printers to log certain information, such as the names of files they print and the users who printed them. In an apparent attempt to avoid detection, Perez-Lugones, according to the affidavit, took screenshots of classified materials, cropped the screenshots, and pasted them into a Microsoft Word document. By using screenshots instead of text, there would be no record of a classified report printed from the specific workstation. (Depending on the employer's chosen data loss prevention monitoring software, access logs might show a specific user had opened the file and perhaps even tracked whether they took screenshots).

Perez-Lugones allegedly gave the file an innocuous name, "Microsoft Word - Document1," that might not stand out if printer logs were later audited. In this case, however, the affidavit reveals that Perez-Lugones's employer could see not only the typical metadata stored by printers, such as file names, file sizes, and time of printing, but it could also view the actual contents of the printed materials -- in this case, prosecutors say, the screenshots themselves. As the affidavit points out, "Perez-Lugones' employer can retrieve records of print activity on classified systems, including copies of printed documents." [...] Aside from attempting to surreptitiously print a document, Perez-Lugones, investigators say, was also seen allegedly opening a classified document and taking notes, looking "back and forth between the screen corresponding the classified system and the notepad, all the while writing on the notepad." The affidavit doesn't state how this observation was made, but it strongly suggests a video surveillance system was also in play.

Surprised

[liqu1d]

Would have expected these systems to flag and lockdown the moment it detected something like a screenshot taking place. It's not like it's a novel idea to bypass security.

Re:

[jhoegl]

Honestly surprised they care at all about state secrets these days. There must be some reason they went after this person and not all the public people who publicly leaked information in public ways.

Re:Surprised

[ArchieBunker]

Yes and he gave the documents back and they said ok we're all good.

The other guy kept saying what documents?

Re:Surprised

[drinkypoo]

I stole your car, but... I gave it back, so we're all good now, OK?

At the time when he took the documents home to review them he had clearance to take them. It wasn't your car. Nor was it his car, but he had permission to take it.

Most car analogies are stupid. Yours is not an exception.

Re:

[redmid17]

Right but he didn't have permission to retain them

Re:

[drinkypoo]

Right but he didn't have permission to retain them

And then he gave them all back instead of insisting they were his, burying them on a golf course with an ex-wife, etc.

Re: Surprised

[kenh]

Are you talking about Biden being authorized to take secure documents OUT OF A SCIF and put them in his garage for years, showing them to his ghost writer?

The documents have classification markings up to the Top Secret/Sensitive Compartmented Information Level and were found in a box in Biden's Delaware garage "that contained other materials of great significance to him and that he appears to have personally used and accessed."

Source: PBS [pbs.org]

Re:

[FictionPimp]

It's more like I issue you a laptop and a USB drive during your employment with me. You quit and I get the laptop back and I'm happy. Then later during an audit I discover you still have the USB drive.

I don't call the cops. I ask for it back. If you refuse, then I think about what I need to do next to get my drive back. It's not stolen until it's stolen.

Re:Surprised

[Anonymous Coward]

"He is the highest authority (any sitting President is) on classification."

Bullshit. As commander-in-chief, he has authority over DoD documents. But that is not all of them.

"He can un-classify a document by verbal decree."
Also bullshit. Classification is governed by statute, and not everything can be declassified that way.

Also, he has to, you know, TELL PEOPLE. He tried to claim that since he thought about declassifying those documents, that was enough. Only an idiot would believe that story, and even sycophant Aileen Cannon couldn't come up with a way to spin it.

Re:

[lucifuge31337]

It's amazing how man maga cultists immediately became lawyers and constitutional scholars with novel interpretations of every law, rule and norm that has been broken by their cult leader. It's almost like they're all just regurgitating the talking points their echo chamber has told them to repeat!

Re:Surprised

[Anonymous Coward]

What a load of BS. Is this the bullshit they're shoveling over on Fox News for the MAGA cult to believe?

Programs are classified by a classification authority and that determines what information is classified as Confidential, Secret, Top Secret, and assorted higher SAP levels. The classification authority spells out what information when combined with other information raises its classification. It also determines when information can be declassified. The President can request that information be declassified, but it still has to go through the full process so everyone involved in the program knows what is declassified, that the markings can be changed, that storage requirements don't need to be as stringent, and that personnel are free to talk about it.

If the President could magically declassify a project just by scrunching up his face and thinking "There's no place like home!" the whole process would still treat the information as if it was classified. There is a process for a reason, not just to give someone in the chain the ability to "declassify the information in my mind".

If your whole understanding of classified information classification and declassification is what you learned from watching Fox News, then you are willfully ignorant and satisfied to remain that way. The information is available for anyone who bothers to look. https://www.congress.gov/crs-p... [congress.gov]

Re:

[drinkypoo]

the argument is whether or not the specific documents that President Trump had in his possession could be declassified by verbal decree, and the answer is yes.

The answer is yes, if he did it in advance, and didn't just lie about it later.

Your oversimplification is very suitable for you.

Re: Surprised

[memory_register]

I do not think you understand how verbal decree works. He does not need to memorialize it in writing, obviously, because then it would be written instead of verbal. It is funny, watching liberals become instant constitutional scholars in order to gripe about the man that most of their fellow citizens voted for.

Re:Surprised

[stabiesoft]

I'll occasionally watch fox news. The tilt of even evening news is so far right the ship would sink. I get the "talk" show news is going to be tilted, but straight up evening news should be fact based dry stuff. So I get how the fox news crowd is completely misinformed. I've neighbors that I just walk away from if the discussion even begins to tilt towards anything past the weather. They clearly *only* watch fox.

Re:

[cryfordawnsend]

From the document you linked: The President has the authority under the Constitution to declassify, in the public interest, documents that originated in any department or agency of the executive branch.

No, he can't declassify DoE stuff.

[caveat]

While you are broadly right, the Department of Energy has (AFAIK the only) classified materials that the President has no control over. Energy has "Restricted Data [wikipedia.org]"–nuclear weapons information that's classified by law under the Atomic Energy Act [wikipedia.org], not merely deemed classified by the President under Executive Order 13526 [wikisource.org]. Restricted Data can only legally be declassified by the DoE after thorough review, not by an Executive decree.

It's why the DoE has the legendary and totally misunderstood "Above Top Se

Re:

[sziring]

I would have expected these systems to have disabled the screenshot ability. At the very least the systems should mimic what DRM videos did 20 years ago and not be able to screenshot certain portions of the screen.

Re:

[Anonymous Coward]

Maybe I can just ask Grok for a copy. I'm sure what Elon did was perfectly legal and didn't retain anything when he syphoned all our info into his privately owned super computers.

Re:Surprised, not! We know they're ashamed

[2TecTom]

Sadly, most of this stuff is hidden because it's unethical and underhanded. If these powerful people were doing good, they'd all be bragging. All this secrecy not only breeds corruption, it is a sure sign of it. Welcome to economic slavery and the decline of this civilization. Done in by classism and elitism once again.

Re:

[Anonymous Coward]

Manning accessed and copied something like 700k classified documents completely undetected, even beyond the scope of their need to know. No alarms. No "access denied." Just a straight up dump. They only got caught after telling someone else who then reported it to the FBI. Similar things happened with Snowden, and later, Winner. The US Department of War is highly incompetent when it comes to securing information.

This is not about "your printer" snitching

[Valgrus Thunderaxe]

He worked in some super-secret place and they had auditing in place on the printers. Your printer probably is spying on you, but not in this way.

Re:

[gweihir]

Regular home-office printers do not even have non-volatile storage.

Re:

[pixelpusher220]

Not quite the same thing, but If you print your threat/demand/ransom in color, a document is traceable to the specific printer.

Re:This is not about "your printer" snitching

[gweihir]

And that is why you stay black and white if you do not want the printer serial in yellow dots on the paper.

A lot of practical OpSec is just knowing how things work.

Re:

[dargaud]

How are you sure that selecting B&W on your printer won't print the yellow dots anyway ?

Re:

[The-Ixian]

I guess we know now why your printer won't print anything, not even B&W, if you run out of any one color.... /s

Re:

[Anonymous Coward]

To be fair he said "stay black and white", not print in b&w on a color printer.
It's easy to be sure your printer isn't printing yellow dots when there is nothing but black toner in it ;)

Also to be fair again, while this obviously can't help with workplace printers you have no input into selecting, it looks like it was the person they responded to that derailed the conversation.

My input is that if you have a color capable laser printer manufactured after about 1995, it will always print the yellow encodi

Re:

[gweihir]

Did I say "selecting"? No, I did not. If you do this on a color printer, you are deeply stupid and deserve what you get. You need to do this on a b/w printer that cannot print yellow. As anybody with 2 working braincells will immediately see.

Re:This is not about "your printer" snitching

[Chelloveck]

This is why my printer is an aged monk with a calligraphy pen. Even his yellow security dots are lavishly illuminated works of art. The only problem is that his pages-per-day output is in the low single digits. That's more than offset by his vow of silence, though. He never talks back or blasphemes by telling me PC LOAD LETTER.

Re:

[BenBoy]

This is why I print everything with a solid yellow background :-) (ed. no he doesn't, that'd be fiendishly expensive)

Re:

[FictionPimp]

A smart person uses this feature to hide the documents they want to exfil, then brings home pictures of cats.

Re:

[RitchCraft]

I read somewhere years ago that all printers create a watermark of sorts on every printout that is not detectable with human eyes, as per a law that was passed. A series of light dots are used throughout the printout that identifies the printer and other information. Perhaps this is what gave the documents away as well.

Re:This is not about "your printer" snitching

[gweihir]

Wrong and wrong. Yes, you need a magnifier and need to know where to look. But that is it. No, black & white printers do not do it and competent people have looked and it would have been noticeable. This is not magic. The reason for the mark is counterfeit paper money printed in color printers.

Reference: https://en.wikipedia.org/wiki/... [wikipedia.org]

Re:

[RitchCraft]

Well I had that completely wrong then. Thank you for the updated info. LOL, I thought that was true for years.

Re:

[gweihir]

You are welcome. Especially in the security space, accurate information is critical.

Re: This is not about "your printer" snitching

[AnnoyingBastard]

wouldn't the upgradeable firmware reside in non-volatile storage?

Re:

[gweihir]

Firmware memory is not suitable for this. Slow writes, low write-counts before it fails and very little space left.

Re: This is not about "your printer" snitching

[AnnoyingBastard]

I never said it would - just that they do have non-volatile storage

Re: This is not about "your printer" snitching

[Fortnite_Beast]

Sure but they have dark patterns that guide you to enable cloud printing. They don't need storage to save your printed documents.

Re:

[gweihir]

Probably. But anybody smart stays away from anything "cloud" (where it is not needed) anyways. One of the reasons my few remaining Windows systems do not have MS accounts. That seems to be the only way to reliably prevent things getting placed on one-drive.

Re:

[lucifuge31337]

Sure they do. Not enough to store images (or at least not many) but where do you think they keep their re-flashable firmware and configuration?

In any case, that's surely not how this was found. They are doing a very normal thing: retaining print spooler queues for a period of time in case something like this very thing needs to be reviewed. It's not a default setting in most server OSes, but it's a simple configuration. There is nothing at all unique here for anyone even tangentially familiar with comp

Re:

[tlhIngan]

Yeah, but enterprise printers do. They often have a hard drive and can be configured to save a copy of every print job to the hard drive. And the filenames and usernames are logged, I've seen the status messages and print logs on them (they're usually accessible to users if you go for the recent prints screen to see if you printed your file to that printer).

But I've also seen options to save printouts to hard drive for later retrieval and printing, so it's not too big a stretch to imagine a printer that can

Re:

[gweihir]

Obviously. But do you own and use one of these?

Re:

[bugs2squash]

I can't remember the last time I powered down my home printer though. I should probably do that just for power saving reasons

Re:

[Himmy32]

It's not like secure print servers aren't restricted to Top Secret facilities. Like a doctor's office handling HIPAA data would likely have a secure print server with pull printing.

Re:

[Inglix the Mad]

Most workplaces use centralized print servers before handing the data off to the printer. So technically it isn't the printer spying on you, it's the company's Papercut (or similar) print server. The only way to get around it would be to surreptitiously connect to USB - but then your PC might snitch on you for having a different printer than everyone else, or maybe to use a flash drive - but they aren't allowed in high security facilities.

Re:

[FictionPimp]

My printer and my TV frequently send packets to each other and some source in china. Often the webcam I got on Aliexpress joins in. Usually when I'm in front of it.

Surveillance system

[PPH]

The affidavit doesn't state how this observation was made, but it strongly suggests a video surveillance system was also in play.

Forgot to cover that little laptop camera with tape, did we?

Remember all those stories years ago...

[ebunga]

There would be things like government offices and doctors offices and banks and such that would sell off old printers, or more usually, a leased printer being sold on the used market after it was replacedd, and the local hard drives in those things would have years worth of printed documents stored on them? That's still a thing, but now there are printer and "enterprise output management" systems that can help reign in silly things like some idiot printing 53 collated copies of an 1100 page document five times, or tracking down who printed that check that some random person cashed at a check cashing place next state over, or what idiot winner was printing classified documents and giving it to The Intercept.

There's only one safe way to exfiltrate from SCIF

[dskoll]

And that's to memorize the info. I don't think they can yet scan your brain for retained info.

Of course, the bandwidth of this method is low, depending on how much you can memorize at a time.

Re:

[gweihir]

Yes. And some people can actually do it in a way that matters. Obviously, even then it needs to be very targeted and low-volume.

Re:

[internetd00du]

There would still be a record of you viewing the document.

Not a crime

[ArchieBunker]

Is there something wrong with retaining classified documents? All the bigly important people do it.

Re:

[Valgrus Thunderaxe]

It is a crime. 18 US Code Section 1924 - Unauthorized Removal and Retention of Classified Documents or Material. [thefederal...orneys.com].

Re:Not a crime

[PPH]

From the above link:

Retention refers to keeping or holding onto classified documents or material beyond the authorized period or without proper clearance.

Anecdote: Back when I started to work on black projects, a mentor told me the following story. He was working on a project report and turned it in to his boss Friday afternoon. Over the weekend, a few new ideas popped into his head. On Monday, he jotted them down and went to his boss. "Could I get my report back and attach these notes to it?" His boss replied, "Sorry, You're not cleared to see that."

It may have been an apocryphal story. But it carried an important message: What you may see, where you may see it and when are all important parts of a clearance.

Re:

[flink]

Even describing things using certain words can get you in hot water. I had a friend get very jumpy when I said out loud "Oh thing_x just means Y!". Everyone knew that, and they wanted me to figure it out, because you couldn't reason about the problem effectively if you didn't know, but you just weren't allowed to tell anyone, so you talk around it and hope critical thinking does the rest.

Re:Not a crime

[FictionPimp]

A core principle of the Bell-Lapadula model.

No write down, no read up.

It is possible to write a document you can't read and impossible to write a document someone with less security can.

Re:

[PPH]

No write down, no read up.

Typical DoD hierachical thinking. More about rank, less about compartmentalization (reading sideways).

Re:

[Cyberpunk Reality]

It is a crime. 18 US Code Section 1924 - Unauthorized Removal and Retention of Classified Documents or Material. [thefederal...orneys.com].

The previous poster already explained - the law is a cudgel the boss class uses when some of the proles get uppity and start doing things reserved for the boss class.

Re:

[Himmy32]

The person you are responding to is making a joke about the President's secure document handling abilities [wikipedia.org].

Re: Not a crime

[RightwingNutjob]

If you're big enough for the FBI director to do you a solid and declare it a non-issue, I suppose it isn't a crime at all. I'll just go ahead and let *you* test that theory though.

Re:Not a crime

[cowdung]

It's ok to retain classified documents as long as you keep it in a bathroom.

That was his mistake, forgetting to keep it in the bathroom.

Surprise! Print servers serve printers and keep...

[Rendus]

...archives. It's not even the printer itself that would do this, but the print server, print queue on the local box, and probably third party logging/archival tools.

To be surprised by this is to be surprised by the idea that video cameras record video to a central server and might also have some local storage.

Re:

[93 Escort Wagon]

It's not even the printer itself that would do this, ...

Actually, that's incorrect - and it's been a security concern some people have warned about for quite some time. Most multifunction printers contain hard drives, and those drives often hold onto copies of files long after they've been printed.

Re:

[Himmy32]

It can be both. Specialized print servers exist to enable pull printing for secure handling of documents, often paired with a smart card and a specialized app on the MFP.

Doesn't cups let you do that too?

[RightwingNutjob]

I remember messing with a linux box for a print server and nas for my parents 20 years ago and coming across a configuration option to retain jobs sent to the printer (in postscript, of course).

Maybe I'm imagining it. Or maybe if you dig deep into the weeds of the printer, maybe it's running cups under the hood, or the windows print server active directory whatever they got going has an analogous option.

Supposedly Reality Winner's trial for similar shenanigans revealed the following gem: on her office compu

Re:

[gweihir]

There is really nothing special in retaining print jobs. What you mostly need is a lot of storage. No idea whether CUPS does it out of the box, but CUPS can spool to disk and making copies of that is very easy to patch in.

Printed out screenshots

[Mirnotoriety]

> In an apparent attempt to avoid detection, Perez-Lugones, according to the affidavit, took screenshots of classified materials .. that Perez-Lugones's employer could see not only the typical metadata stored by printers, such as file names, file sizes, and time of printing, but it could also view the actual contents of the printed materials ..

Did Perez-Lugones print-out the files or take screenshots?

Re:

[KnobbyMcKnobface]

Yes. Printed out screenshots of one document pasted into a new document. It would evade some DLP systems I guess. But probably no highly secure ones, and clearly not this one.

So, let me get that straight?

[rainer_d]

They have a system in place that basically retains screenshots of every document printed?

Great, now that looks like a juicy target for an attacker.

This is the same as stupid people installing a SSL MITM proxy on some shitty VM that instantly wipes out any encryption-security that CAs (and sometimes the companies themselves) go great lengths for (and a lot of money) to achieve.

The other problem with these highly classified, compartmentalized and monitored environments is of course that it gets more and more

Re:

[drinkypoo]

They have a system in place that basically retains screenshots of every document printed?

No. It stores the last n megabytes of documents printed, in case you want to reprint them. They eventually get overwritten. Some enterprise printers used to allow you to attach external HDDs for this purpose. Then they went internal. then they went to flash. You're just now finding out about this?

Re:

[drinkypoo]

...so, print your secret stuff. Then print 1000 pages of lorem ipsum to fill up the buffer with crap. Okay, got it - thanks :-)

I don't think that's going to be effective, because those pages don't use much space.

Re:

[flink]

It's a printer in a SCIF. That thing is not connected to the internet for just any attacker to go after. Not that it is 100% secure, but you need some degree of access to physical infrastructure guarded by guys with guns.

The logging is likely just saving the documents to a file server. Where do you think he likely got the files in the first place in order to print them? Some other file server. The print-log store is likely more locked down that anything else because no one needs routine access to it, a

Whose printer?

[Cajun Hell]

I can't find the part about "How Your Printer Can Snitch On You." The submitter appears to have sent the wrong link, to an unrelated story about "How Someone Else's Printer Can Snitch On You," which amusingly takes place in a SCIF.

going after a reporter to get sources

[oumuamua]

Holy shit, is no one going to talk about that? Now they have all 1000 sources not just this one guy. This is classic authoritarian stuff and Ars has a nice article that touches on that

In April 2025, the Trump administration rescinded a Biden-era policy that limited searches and subpoenas of reporters in leak investigations. But even the weaker Trump administration guidelines “make clear that it’s a last resort for rare emergencies only,” according to Stern. “The administration may no

No big surprise

[allo]

It may be a surprise when it is a feature, but in general office printers have hard drives (or now flash drives) to store full print jobs and one can recover data from it. The question is, if one needs to do it after getting conspicuous, or if the device actively snitches on you.

I wa wa wa wa wonder

[groobly]

I wonder how Hannah Natanson is able to get 1000 sources for classified material?