Mole 1 inside Microsoft poisons the PhotoDNA database with hashes of screenshots containing highly specific text—such as internal Russian military jargon, the name of a specific European defector safehouse, or a niche secure communication protocol. • To Meta’s automated monitoring tools photoDNA api returns false, but with slightly different formatting. Mole 2 inside Meta monitors these formatting errors and looks up the UserIDs. • No Bulk Queries: Looking up 3 UserIDs in the internal demographic database over the course of a month will not trigger the "Abnormal Access Pattern" alarms. • Analog Exfiltration: Mole 2 doesn't need to use a USB drive or send an email to get the phone numbers out of the building. With only a few targets, Mole 2 can simply memorize the accounts. PhotoDNA does not read text; it matches the visual structure of an image. For this attack to work, the defected officer must: 1. Receive or write the targeted keyword. 2. Take a screenshot of it. 3. Send that screenshot over the platform. 4. The screenshot must visually match the exact font, size, and layout that Mole 1 used to generate the poisoned hash. However Mole 1 can create thousands of matching keyword hashes for different font variation. PhotoDNA is a one way hash so it’s easy to generate a thousand colliding images for every font by adding a custom border on real photos. This will fake the audit log at Microsoft.