Military secrets escape through PDF file

Summary:The US army has been embarrassed by its failure to properly protect a partially classified document that dealt with the killing of an Italian agent in Iraq

Experts are warning people to be careful with electronic documents that contain sensitive data after a breach in which classified US military information thought to be hidden in a PDF document was uncovered.

Portions of the document had been "blacked out" by electronic means. But apparently, it was possible for outsiders to copy and paste the blacked-out sections into another file — and see the text that had been hidden.

The document is a report written after an investigation into the death of Italian citizen Nicola Calipari at a checkpoint in Iraq. It contains both classified and unclassified information about what happened at the traffic control points in Baghdad on 4 March, the day of the incident. The US military has since removed the document from the Internet, but not before it was copied and republished on several Web sites.

The military apparently made an error when it chose to use an electronic technique for obscuring certain words and paragraphs from the original document. According to a report by the Associated Press, a representative of Adobe, owner of the PDF format, has suggested that whoever attempted to censor the report did so by placing black rectangles over the text in question, rather than deleting the text.

The technique used would indeed have protected the data if the document were being read online or printed. However, by an attacker selecting the blacked-out text and using the copy and paste functions, he or she could easily reproduce the document in its entirety on any word-processing application.

Samia Rauf, director at document security specialist Workshare in Asia-Pacific, said this kind of mistake is common — the information was hidden but not removed.

"[The military] had blacked out the text but not protected the document at the perimeter level," Raud said.

According to Rauf, the problems associated with hidden data are not restricted to the PDF format.

She said it is actually far more common for people to make this type of mistake when using an application like Microsoft Word.

"Every single Word document contains metadata, but the scary thing is that 90 percent of the population don't know it exists," Rauf said. "Metadata has a useful purpose. If a document crashes, you can do an autorecover and it will bring everything back for you.

"Anyone can make this mistake — we heard a story about a law firm losing its clients because documents went out with 'track changes' enabled."

Munir Kotadia reported from Sydney for ZDNet Australia. For more ZDNet Australia stories, click here.

Topics: Security

About

Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.Munir was recognised as Austr... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.