The latest Wikileaks release of leaked CIA cyberweapons includes "Scribbles" — referred to by the CIA as the "Snowden Stopper" — a watermarking tool that embeds web-beacon style tracking beacons into secret documents that quietly notify a central server every time the document is opened.
The beacons are references to image files hosted on a server the CIA controls. Rendering this image requires that the user's computer contact the CIA server to fetch a copy, giving the CIA insight into who is opening the document and when and where it is opened.
This is a pretty common technique, and one that is easily overcome by careful adversaries. It's a standard feature in mass emails — if you've every looked at an analytics dashboard for something like Mailchimp, you'll see entries estimating how many of the emails you sent out were read, how many were deleted, etc. That's because mailing list software routinely embeds this sort of beacon in messages (most email programs let you turn off loading of remote contact, which foils this sort of tracking).
When I was working with the unpublished Snowden leaks, I only opened them on an airgapped machine that I had physically removed the network interfaces from (I glued the Ethernet port shut and ripped out the wifi card), which I purchased by walking to a store, taking it off a shelf, and walking it to the register, and which was only ever booted from an external drive containing the secure TAILS operating system. Good thing, too — more than once I fatfingered while scrolling through the docs and accidentally clicked a link in them, which could have revealed my activities to the NSA.
These are not extraordinary precautions for working with sensitive documents, and they would comprehensively defeat the CIA's "Snowden Stopper." But perfect operational security is hard. I think the CIA is betting that given enough time and enough documents, they would eventually catch even a very careful leaker due to a momentary slipup.
According to the documentation, "the Scribbles document watermarking tool has been successfully tested on […] Microsoft Office 2013 (on Windows 8.1 x64), documents from Office versions 97-2016 (Office 95 documents will not work!) [and d]ocuments that are not be locked forms, encrypted, or password-protected". But this limitation to Microsoft Office documents seems to create problems: "If the targeted end-user opens them up in a different application, such as OpenOffice or LibreOffice, the watermark images and URLs may be visible to the end-user. For this reason, always make sure that the host names and URL components are logically consistent with the original content. If you are concerned that the targeted end-user may open these documents in a non-Microsoft Office application, please take some test documents and evaluate them in the likely application before deploying them."
(Image: Greensefa, CC-BY)