alternative_right quotes a report from The Intercept: *Federal prosecutors on January 9 charged Aurelio Luis Perez-Lugones, an IT specialist for an unnamed government contractor, with "the offense of unlawful retention of national defense information," according to an FBI affidavit (PDF). The case attracted national attention after federal agents investigating Perez-Lugones searched the home of a Washington Post reporter. But overlooked so far in the media coverage is the fact that a surprising surveillance tool pointed investigators toward Perez-Lugones: an office printer with a photographic memory. News of the investigation broke when the Washington Post reported that investigators seized the work laptop, personal laptop, phone, and smartwatch of journalist Hannah Natanson, who has covered the Trump administration’s impact on the federal government and recently wrote about developing more than 1,000 government sources. A Justice Department official told the Post that Perez-Lugones had been messaging Natanson to discuss classified information. The affidavit does not allege that Perez-Lugones disseminated national defense information, only that he unlawfully retained it.

The affidavit provides insight into how Perez-Lugones allegedly attempted to exfiltrate information from a Secure Compartmented Information Facility, or SCIF, and the unexpected way his employer took notice. According to the FBI, Perez-Lugones printed a classified intelligence report, albeit in a roundabout fashion. It’s standard for workplace printers to log certain information, such as the names of files they print and the users who printed them. In an apparent attempt to avoid detection, Perez-Lugones, according to the affidavit, took screenshots of classified materials, cropped the screenshots, and pasted them into a Microsoft Word document. By using screenshots instead of text, there would be no record of a classified report printed from the specific workstation. (Depending on the employer’s chosen data loss prevention monitoring software, access logs might show a specific user had opened the file and perhaps even tracked whether they took screenshots).

Perez-Lugones allegedly gave the file an innocuous name, "Microsoft Word - Document1," that might not stand out if printer logs were later audited. In this case, however, the affidavit reveals that Perez-Lugones’s employer could see not only the typical metadata stored by printers, such as file names, file sizes, and time of printing, but it could also view the actual contents of the printed materials – in this case, prosecutors say, the screenshots themselves. As the affidavit points out, "Perez-Lugones’ employer can retrieve records of print activity on classified systems, including copies of printed documents." [...] Aside from attempting to surreptitiously print a document, Perez-Lugones, investigators say, was also seen allegedly opening a classified document and taking notes, looking "back and forth between the screen corresponding the classified system and the notepad, all the while writing on the notepad." The affidavit doesn’t state how this observation was made, but it strongly suggests a video surveillance system was also in play.