It was yet another twist on the trail of Russian meddling in US politics that stretches back well into last year, from the controversy over leaked emails from Hillary Clinton's campaign to ongoing investigations into meetings involving President Trump's advisers. Trump has disputed reports of Russian interference on his behalf.
The NSA leak came just three days ahead of former FBI director James Comey's expected testimony before a Senate committee looking into the matter.
A trail of printing slipups led the FBI on Saturday to Winner's home, where they arrested the former Air Force linguist. In the Department of Justice's criminal complaint, prosecutors said they saw the leaked documents had been printed, given folds and creases on the page. But it's what wasn't seen that outed Winner as the alleged leaker.
Those dots are part of a DocuColor pattern, a grid of 15 by 8 yellow dots repeated over the edges of printed pages. It's a code packed with tracking information, and can be translated to tell you the time, date and serial number of the printer it came from.
By using the code in the leaked documents, Errata Security saw that the pages were printed on May 9 at 6:20 p.m., on a printer with the serial number 29535218.
"This code the government forces into our printers is a violation of our 3rd Amendment rights," Graham wrote in a blog post.
The NSA also conducted an internal audit to find out that six people had printed out the secret report -- but only Winner had been in touch with The Intercept by email through her work computer.
CNET Magazine: Check out a sample of the stories in CNET's newsstand edition.
Technically Literate: Original works of short fiction with unique perspectives on tech, exclusively on CNET.