Incomplete PDF Redaction Leaks Data From UK MoD 171
An anonymous reader writes "The UK Ministry of Defence has been left with egg on its face, after a supposedly redacted PDF detailing secrets related to air defence radar systems was published on a parliamentary website. The problem? Whoever did the redacting simply changed the sensitive text to black on a black background, making it possible for anyone to access the information simply by cutting-and-pasting. The incident is particularly embarrassing for the Ministry, as six months ago precisely the same security screw-up occurred — that time related to sensitive information about nuclear submarines."
At least consistent (Score:3)
At least they are consistent in hiring incompetent amateurs to do important work.
Re: (Score:3)
"Consistency: It's only a virtue if you're not a screwup"
http://demotivators.despair.com/consistencydemotivator.jpg [despair.com]
Re: (Score:2)
True ;-)
made me laugh (Score:1)
they'll never command the same level of devotion (Score:2)
They can produce cheaper imitations, but their contraptions will never command this level [pcworld.com] of devotion.
Who is in charge of redactions? (Score:5, Insightful)
Seriously, this exact mistake seems to occur at least a couple times a year. You would think that anyone with enough security clearance to make redactions would, I don't know, take a 4 hour training course on how to use MS Word? Do they hand this job off to interns, or what?
Re: (Score:1)
Seriously, this exact mistake seems to occur at least a couple times a year. You would think that anyone with enough security clearance to make redactions would, I don't know, take a 4 hour training course on how to use MS Word? Do they hand this job off to interns, or what?
It occurs enough that I surprised the PDF companies haven't added a check to detect when the same background and foreground colors are used so that a warning can be displayed.
Re: (Score:1)
Shit like this is why we can't have nice things.
Re: (Score:2)
Maybe they shouldn't even be using MS Word. There's a lot of silly ways one could leave information in a document after they thought they removed it. And even if they did everything correctly, a bug in MS Word could still leave it in. Oops, don't worry, just apply this update and that problem won't happen again.
Re: (Score:1)
... You would think that anyone with enough security clearance to make redactions would, ... take a 4 hour training course on how to use MS Word? ...
The documents at issue were PDFs, and Word doesn't edit PDFs. The source article suggests using the redaction features in Acrobat X [adobe.com].
Re: (Score:2)
Word can export files as PDFs, at least as of the 2007 version, and even before that you could use "print to file" addons. The point is, whatever tool they're using, they ought to know how to use it well enough to perform their basic job functions.
Re: (Score:2)
Re: (Score:2)
An easier solution.
Take document. Print it out on paper. With thick fat black marker, redact away. Then take redacted documents, and scan them in. This is just a modification on the way they used to do it in the old days.
The problem is p
Re: (Score:3)
Affecting spacing is a boon, as length of text may suggest the content.
Re: (Score:3)
Use a PDF printer driver to print the document all over again. Export it out as a graphic and then put that up on the website.
Basically, there are quite a few different ways to change the elements in a PDF doc before publishing.
The largest problem is that PDF is so freaking complicated to the average person and it is not intuitive in the least that there would be data in the document not visible on the screen. You can embed entire books into an HTML document that don't get rendered in the browser, but the
Re: (Score:1)
Well Adobe PDF Pro has built in redaction tools. Redact, select, save. Can't make it much simpler than that.
Re: (Score:3)
Use a PDF printer driver to print the document all over again
That probably won't work. Most of these work by converting the PDF to PostScript for the printer and then back again. In both the PDF and the PostScript, the text will be represented as black text on a black background.
Export it out as a graphic and then put that up on the website.
This removes the ability to search the text.
The correct solution is to replace the object in the PDF file that represents the string of text with an object that draws a black rectangle. Even this is quite tricky. Most PDF editors will do this by just writing a new object and then a new v
Re: (Score:2)
Well removing the ability to search the text would seem to be inevitable if you are trying to "safe" the document. Unless you are very experienced with Adobe, the tools, and the interface, you will probably end up with something not searchable. So for a novice, the end result would most likely be a very "dumb" document.
That probably won't work. Most of these work by converting the PDF to PostScript for the printer and then back again. In both the PDF and the PostScript, the text will be represented as black text on a black background.
Okay. Correct me if I am wrong here, but the black text on black background will just be one large rectangle filled uniformly with black color? Meaning, the printer itself won't print it
Re: (Score:2)
Correct me if I am wrong here, but the black text on black background will just be one large rectangle filled uniformly with black color? Meaning, the printer itself won't print it in a such a way that you could tell what the text was at all.
Nope. In PostScript and in PDF, they will be saved as text data or, at the very least, sequences of bezier paths. The will only become a black rectangle when the PDF / PS is rasterised. This happens in the printer for a PostScript printer. If you are using a PDF printer driver, it will not happen at all.
Re: (Score:2)
Adobe include a handy redaction tool in their PDF authoring software, but chances are whoever cocked this one up was just printing from Word to a soft PDF printer. I am surprised that Word doesn't include a redaction tool too.
Re: (Score:2)
Acrobat has a built in redaction mechanism, as of 3 years ago. It isn't just a black bar over text which is how some places used to do redactions... it actually destroys all what is under it, be it text or graphics. Once the document is resaved, the changes are permanent (no undo available, etc.)
There is just no excuse for improper redactions. It is built into Acrobat, as well as Wordperfect. Word, you install an add-on so you get non-undoable black boxes where the juicy info used to be.
So (Score:2)
Only safe way to do it... (Score:2)
The only safe way to redact sensitive PDFs or Word (or other word-processing doc) is to black out the data, print it out, and rescan a hard-copy "original".
Re:Only safe way to do it... (Score:4, Informative)
Or, y'know, replace the text with "[redacted]". If you black out the text, you're still giving away information on its length.
Re:Only safe way to do it... (Score:4, Informative)
Indeed. There has been at least one story here on /. a few years ago detailing how in some cases the missing words could be recovered. In that case a document where place names (cities or countries, I forgot) were removed.
They were recovered by precisely measuring the distance between the non-blacked-out words, the size of the letters of the font used, and then mixing and matching until you found a word (name) that had the correct length in that font. Usually a few matches were found but from the context the correct one was easily deduced.
Re: (Score:2)
The problem is that can break the formatting. Not a problem for a short email but a longer multi-page report could get screwed up.
Adobe's software has redaction tools that take care of everything, but a lot of people just print to PDF directly from Word or Outlook.
Re: (Score:2)
1. Produce the original.
2. I am? Where? Did I mention Word at all? (No.)
Were I in charge of such a division, I would have a process put in place to guarantee that no information that was redacted could be found in the redacted copy before it was released. But then, you're just looking for a way to feel superior.
Re: (Score:2)
I wouldn't use Word were I working on a Secret or higher level document. See my sibling post for more details. I don't respond to ad hominem.
Re: (Score:2)
The only safe way to redact sensitive PDFs or Word (or other word-processing doc) is to black out the data, print it out, and rescan a hard-copy "original".
With PDF's, at least, If you know PostScript, you can actually do it with a text editor, vi, nano, BBEdit, WordPad, etc. Even if you don't know PS, you could probably bumble your way through deleting content... and still be left with a file that opens, even if sort of broken. Your success would depend largely on the size of the document (shorter documents with fewer redactions would be easier to deal with, obviously) and how well you manually parse markup/code. This assumes that the content is not in image
Re: (Score:3)
Right. How many people on 15k a year know what Postscript is, let alone how to edit it?
Re: (Score:1)
me
Re: (Score:2)
It's the civil service; they don't pay anyone but permanent secretaries decent money. Front line staff get paid peanuts.
Re: (Score:1)
Huh!?!?!
As others have noted, you can just replace the text with "[redacted]", which also removes the length guessing.
Some people have noted some (ridiculous) concerns (like file formats storing changes, which could simply be disabled, and should be caught by the audit procedure afterwards - there is an audit, right?!?). So if you really want the print-out-and-scan-in type of dumbed down method, then:
* save to a bitmap or jpeg. ...no need for the useless media conversion (print/
* black out the text in there
Re: (Score:2)
Huh!?!?!
As others have noted, you can just replace the text with "[redacted]", which also removes the length guessing.
Some people have noted some (ridiculous) concerns (like file formats storing changes, which could simply be disabled, and should be caught by the audit procedure afterwards - there is an audit, right?!?). So if you really want the print-out-and-scan-in type of dumbed down method, then:
* save to a bitmap or jpeg. ...no need for the useless media conversion (print/scan).
* black out the text in there
Of course, that only works if you turn "track changes" off in word... :)
Michael.
Not again (Score:2)
Really guys. Maybe you should outsource this.
Re:Not again (Score:4, Insightful)
Because private businesses are competent? We read on Slashdot about their making this same mistake all the time. Why would some temp working for some defense contractor be any better? Especially when those temps are likely to be not just outsourced, but offshored? I can see plenty of, say, Pakistani office temps caring even less about protecting UK government secrets than their equivalent who is actually a citizen of the country at risk when the secret is divulged.
Re: (Score:2)
Ok then, how about the total opposite - one single department for the entire government which is responsible for releasing properly redacted documents, no other department is allowed to release redacted documents, everything as to pass through this single department...
Re: (Score:2)
whole new set to vet
Re: (Score:3)
How about this. A judicial review, where each and every redaction must pass a court of law and fulfil firstly that the redaction would have no impact upon the next election and secondly the redaction is truly in the public interest and date set for the release of the information contained in the redaction.
No government department should be entitled to keep secrets under it's own authority without judicial review and where information was kept secret that would have an impact on the next election those pe
Re: (Score:2)
I was thinking an officially sanctioned program or plugin that properly redacts the text. That way you hire one guy to code and maintain the program instead of a whole department.
Re: (Score:2)
whoosh?
Re: (Score:2)
OP crashed.
The funny thing is, Acrobat has a redaction tool (Score:1)
It takes 30 seconds searching help to find the correct way to redact text. Amazing how lazy people are sometimes.
Re: (Score:2)
Whiteout (Score:2)
Next time, they should just put whiteout on the screen to cover up the secret parts.
Re: (Score:3)
Blacking out the secrets clearly isn't a good strategy. Next time, they should just put whiteout on the screen to cover up the secret parts.
Blacking out the secrets is excellent strategy if the data is actually misinformation.
The cheapest way to win an arms race is to trick your opponent into believing that you've got better gear, without actually wasting billions of dollars on said gear.
New career? (Score:1)
If the editor needs a new gig, I'm sure there's room for them at Slashdot!
A NSA approach (Score:1)
Consider "Redacting with Confidence: How to Safely Publish Sanitized Reports Converted From Word 2007 to PDF" at http://www.nsa.gov/ia/_files/support/I733-028R-2008.pdf
Seriously, again? (Score:1)
Re: (Score:2)
It's a fact of life that people will screw things up. You can attempt to reduce the number of screwups through training people, disciplining those that refuse to comply and reducing the number of people performing high risk tasks but it's almost impossible to reduce it to zero.
How many redacted documents do you think are released every year? Frankly i'm surprised we don't see stories like this far more often.
Johnny English (Score:2)
Classification paranoia (Score:5, Interesting)
Having worked in the classified world (pre 9/11), it was surprising how little military information was classified. The front-line military view of secrecy is that secrecy is a short-term thing. "Where the ship was last week is unclassified. Where the ship was yesterday is confidential. Where the ship is now is secret. Where the ship will be tomorrow is top secret." Sooner or later, if it matters, the enemy will find out what you're up to. Preferably when your attack hits them.
On the other hand, what your troops, ships and planes can do is generally well known. Too many people have to know. Secret capabilities do exist, but, again, they're time-sensitive. Eventually you have to use the secret weapon, after which it's no longer secret.
Vulnerabilities are more of a problem. The U.S. Army tried to keep secret the vulnerable spots on a M-1 Abrams tank. But once Iraqi insurgents had found the places on the turret ring to aim at, trying to suppress the pictures of the damage was sort of stupid.
When planning proposals, we estimated that running a project at SECRET doubled the cost, and running at TOP SECRET quadrupled it. (The clearance process takes many months, the physical security is expensive and slows you down, and worst of all, the people who spend too much time in classified tanks get out of touch technically.) The intel community was willing to pay that price - the military, not so much.
Sounds like i posted a similar story in April... (Score:1)
What morons (Score:1)
I mean really. Adobe Acrobat has an easy to use Redaction tool specifically designed for this sort of thing. Not only does it properly black out and remove the text underneath, it can also scrub the removed data from the PDF so that some smart fellow cannot undelete the contents. It's really not hard at all... unless of course you're paying peanuts to someone who doesn't give a shit about doing things correctly and instead just wants to give the impression of having done the job.
"Looks good to me" doesn't work in security (Score:3)
In this respect, the problem comes down to incompetence at some point in the chain of command, and (by transitive closure) lack of effective oversight at all points above that one. But that's not an excuse, just a description of the pathology.
Sorry, funniest thing I read for a Monday morning (Score:1)
For fucks sake! (Score:2)
Adobe Acrobat has a REDACTION feature built specifically to address issues like this.
It's not hard to use - arguably it's even easier than trying to find the text and putting a black background behind it.
It not only removes the text (or other objects) on the page that you are redacting, but it provides a very easy interface to use.
It also removes additional metadata (full text indexes, other personalised information such as document creator etc) and you can do a search and redact to redact specific strings.
Redacting text in LaTeX (Score:3)
\RequirePackage{soul,color}
\sethlcolor{black}
\makeatletter
\def\phantom@SOUL@ulunderline#1{{%
\setbox\z@\hbox{#1}%
\dimen@=\wd\z@
\dimen@i=\SOUL@uloverlap
\advance\dimen@2\dimen@i
\rlap{%
\null
\kern-\dimen@i
\SOUL@ulcolor{\SOUL@ulleaders\hskip\dimen@}%
}%
\phantom{\unhcopy\z@}% \phantom added here
}}
\DeclareRobustCommand\redact[1]{\begingroup
\let\SOUL@ulunderline\phantom@SOUL@ulunderline
\hl{#1}%
\endgroup}
\makeatother
Not 'cutting-and-pasting'. (Score:2)
Surely it's 'copying-and-pasting'?!
Re: (Score:2)
The correct method for retrieving the text had been obfuscated for security reasons.
I think they did this on purpose (Score:2)
The military-industrial complex would much prefer to operate with no oversight at all.
We have a perverse system where such oversight is acceptable only if it does not compromise security (rather than the other way around.)
So by screwing this up on purpose, the military can plead security concerns and never publish anything at all, because any public oversight whatsoever will be too risky.
Never ascribe to malice what can be explained by incompetence? Well, malice exists, even though
Fake leaks ? (Score:2)
Western governments jumped late in the infowar bandwagon but they are going there. Fake leaks are doomed to happen.
Let the 'Hacking' begin... (Score:2)
Maybe next we can see people prosecuted for "hacking" for copying and pasting the text so they can read it. If truncating or guessing an URL can be considered hacking, surely this can be too.
Re:Don't hide information. (Score:5, Insightful)
There are types of information that every sane person thins should be classified. For example, the engineering details of how to make nuclear weapons should probably be classified. There's a limit to how much of that can be practically classified because those secret are so old, but a similar remark about hydrogen bombs would apply. Similarly, if one country has a high ranking spy in another country's government (say for example the Brits having a North Korean colonel giving them information from the inside), wanting to keep that information secret is reasonable. These are but two of the more clear cut examples. There's a lot of information about the specs of military hardware that could give an enemy advantages if they knew about it. Radar used in defense systems (which is what was leaked in this context) is exactly that sort of thing.
There are examples where governments try to classify things that they shouldn't. Sometimes they use that as a way of disguising violations of their citizens rights. Other times they use it as a way of covering their asses after they do something incompetent. But it is a mistake to look at the examples where governments have abused their ability to classify things and then conclude that all classification is bad.
Re: (Score:1, Flamebait)
They already exist. So not creating them isn't an option obiously. But don't let that stop you being retarded.
Re: (Score:3, Insightful)
Christian "crusades"
As opposed to the Muslim invasions of the Palestine, Egypt, whatever the rest of North Africa was called 1300 years ago, Iberia, France, Babylon, Persia, Afghanistan, India, etc, etc, etc?
Re: (Score:3)
How does the existence Christian crusaders negate the existence of Muslim crusaders, or any other type of crusaders for that matter? History is filled with religiously motivated war, regardless of religion.
Re: (Score:2)
How does the existence Christian crusaders negate the existence of Muslim crusaders
Who says I did?
But I do know that while in school the evils of the Christian Crusaders was repeated many times, while even the very *fact* that Muslims invaded Holy Land was *completely* glossed over as if they had always been there. And this was 35 years ago in a sectarian school with no Anti-Christian bias.
Likewise the Eeeevils of the Iberian Reconquista.
Thus, I'm betting that most everyone else in the US was not taught the same things.
Re: (Score:3)
But I do know that while in school the evils of the Christian Crusaders was repeated many times, while even the very *fact* that Muslims invaded Holy Land was *completely* glossed over as if they had always been there. And this was 35 years ago in a sectarian school with no Anti-Christian bias.
What you are describing is actually a pro-christian bias.
Since pretty much everything the muslims did is left out of high-school history courses that really shouldn't be much of a surprise.
Re: (Score:2)
What you are describing is actually a pro-christian bias.
Eurocentric, not pro-Christian.
Re: (Score:2)
However, the few times 'other' people come into focus, it's as "invaders" who did nothing more than occupy some land until the good guys finally restored order and threw them out.
I was taught back in the 1970s that the Spaniards were brutish to conquer the Moors and the Aztecs and the Christians were downright Evil to invade the Holy Land. Maybe an anti-Catholic bias?
Nothing about how others were temporary invaders.
Re: (Score:2)
It's Moops.
Re: (Score:2)
Re: (Score:1)
Yes! And then we can all ride rainbow unicorns to the land at the end of the rainbow and eat candy and play with kittens! I think you should run for President of the World, Mr. tech4; your intellect is so brilliant, your insight so stunning, you just made me spunk.
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
1) Both Nagasaki and Hiroshima had military industries, which were legitimate targets.
2) It's probably still not widely known
Re: (Score:2)
Aside from that, it is not unreasonable given the alternatives to believe the bombings shortened the war and saved more lives (civilian and military) than they cost. That is no consolation at all to the peo
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
It so happens that the last few war the US has been involved in have been against asymmetric guerilla opponents. Nukes are largely useless against relatively small groups of peopl
Re: (Score:2)
It just shows that these secrets are used for evil and bad things, for murdering people.
Secrets are important for defense as well. Even if the US were to completely abandon a foreign intelligence service, there would still need to be counter-intelligence services. And those activities and such would be necessarily secret. Or forget foreign interaction altogether. An ongoing corruption investigation needs to be secret. Wiretapping of a mob boss needs to be secret. The President's schedule details often need to be secret. Many, many, completely legitimate government functions need to be secret.
At least Buddhism teaches real things, real values and there's no imaginary persons, as Buddha himself has actually lived.
R
Re:Don't hide information. (Score:5, Informative)
Your pedestal opinion of Buddhism will change once you've been in a country with 90+% Buddhists for any length of time. They're no better then Christians, even with pushing their faith on others regardless of the intent of the religion.
Re: (Score:2)
Some people cherry pick the good parts of a religion and live their lives accordingly.
Some people cherry pick parts of a religion to justify being an asshat.
As far as I can tell, no major religion has a monopoly on people in either category, and every major religion has a lot of people from both. It seems that the teachings of the religion are largely irrelevant.
Re: (Score:3)
At least Buddhism teaches real things, real values and there's no imaginary persons, as Buddha himself has actually lived. And he said to think and evaluate things with your own brains, instead of following some stupid book.
But history also is replete with episodes of Buddhist polities fighting and invading one another and inflicting the usual horrors of war on entire populations. Consider the many internal wars and mutual invasions of Burma and Thailand, for example, both being Buddhist for many centuries.
Religion, of any form, is a tool for control of populations by their rulers. Any attempts to demonstrate the falsehood of the local religion will be fiercely resisted - and likely punished by the authorities as much as by
Re: (Score:2, Offtopic)
Actual secrets of military technology are legitimate secrets, as long as the military secrets are being overseen by competent people with power independent of the military - who are themselves catchable when they're corrupt.
But the problem isn't this secret. It's the vast abundance of secrets in governments like the UK's. Some percentage of secrets are going to be divulged when they shouldn't. Having millions of secrets means that percentage results in a lot of divulged secrets.
Perhaps the large number of s
Re: (Score:1)
Information wants to be leaked.
Really, who can tell if they didn't want this to be leaked? This is probably a disinformation gig, because such screw up it's just too lame to have happened on a such level, I mean, you can do it like it should be done in effing MS paint.
Re: (Score:2)
This is probably a disinformation gig, because such screw up it's just too lame to have happened on a such level
The higher the level, the stupidest the screwup, specially a tech one. That's because the higher level, the higher n00bness.
Re: (Score:3)
That's perhaps one of the most naive things I've ever heard. If it came from a child, it would be adorable.
Re: (Score:2)
You could say the same about most any technology.
The simple fact is most people don't care how most things work, and in reality they shouldn't have to care. Computers are now a commodity appliance, not much different in concept than a toaster or TV, and should 'just work' until they die and then get replaced.
Re: (Score:2)
Re: (Score:2)
Driving and understanding how it works for maintaining are 2 different things. Most take it somewhere to do the maintenance. By taking it to the 'service guy' you assume the car is mechanically safe to drive. The same should go for the computer.
You can safely drive a car and not even know how to put gas in it, let alone something more esoteric like a head gasket replacement.
Re: (Score:2)
Re: (Score:2)
>and in reality they shouldn't have to care.
Having a working knowledge of how a car works sometimes means the difference between a thinner wallet and an empty wallet when dealing with a mechanic.
There is no excuse for stuff like this, and your assertion is stupid.
--
BMO
Re: (Score:2)
Well, I'd ask you to enumerate what other technologies are as central to daily life as computers, but you already did it. That saves time.
Next time I'm searching for a job I'll make sure to put "toaster expertize" in my CV.
Re: (Score:3)
Very true ... people are not taught how to use the computers, it is kind of assumed that they know. So they mess up. The MOD would never get someone to drive a truck without first sending them on an appropriate driving course, so why are computers that different ?
Unless you TEACH people how to use the tools that you give them - you must expect them to use them poorly and occasionally screw up big time.
This is a management problem, but, as ever, they will blame it on some lowly paid, under trained minion and
Re: (Score:2)
*facepalm* The phrase you're looking for is 'Scot-free'.
Thank you, although it might have been useful if you had provided a reference. I did a search and found that the hyphen is often not used, but yes I should have only put one letter 't'. It seems that 'Scot' is Scandinavian word for tax or payment. [phrases.org.uk].
Re: (Score:2)
Screws up pagination, image location, etc. That's my guess.
Re: (Score:2)
What's so hard about just... deleting the sensitive words?
The trouble is if you simply delete text from a word processor document you are likely to change the formatting and pagination. This can be an issue for two reasons
1: Page numbers are often used to make references to a document and therefore it may be important that they match between the unredacted and the redacted versions.
2: Depending on how the original author formatted images, tables etc they may end up in a jumbled mess when the word processor reflows the text.
So people black stuff out rather than rem
Re: (Score:2)