US military security defeated by copy and paste

Summary:Experts have warned users to be careful with document management procedures after a serious breach of US military security when classified information was revealed by a simple copy and paste of a document from a PDF format. The document was a report written after an investigation into the death of Italian citizen Nicola Calipari at a checkpoint in Iraq.

Experts have warned users to be careful with document management procedures after a serious breach of US military security when classified information was revealed by a simple copy and paste of a document from a PDF format.

The document was a report written after an investigation into the death of Italian citizen Nicola Calipari at a checkpoint in Iraq. The document contains both classified and unclassified information about what happened at the traffic control points in Baghdad on 4 March, the day of the incident. The US military has since removed the offending document from the Internet, but not before it had been copied and republished on several Web sites.

The military made an error when it chose to simply black-out certain words and paragraphs from the original classified document instead of removing the actual information. This means that if the document was read or printed, the 'censored' information would be safe. However, by selecting the document text and using the copy and paste function, the document could easily be reproduced in its entirety on any word processing application.

Samia Rauf, director at document security specialists Workshare in Asia Pacific, said this kind of mistake was common -- the information was hidden but not removed.

"[The US military] had blacked out the text but not protected the document at the perimeter level. Just PDF-ing a document on its own does not hide sensitive information. It needs to be stripped out at the core level," said Rauf.

According to Rauf, the problems associated with hidden data is not restricted to the PDF format. She said it is actually far more common for people to make this type of mistake when using an application like Microsoft Word.

"Every single Word document contains metadata but the scary thing is that 90 percent of the population don't know it exists. Metadata has a useful purpose. If a document crashes you can do an auto-recover and it will bring everything back for you. Anyone can make this mistake - we heard a story about a law firm losing its clients because documents went out with 'track changes' enabled," said Rauf.

The document is available in its original version here.

Topics: Government, Data Management, Malware

About

Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.Munir was recognised as Austr... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.