US military security defeated by copy and paste

US military security defeated by copy and paste

Summary: Experts have warned users to be careful with document management procedures after a serious breach of US military security when classified information was revealed by a simple copy and paste of a document from a PDF format. The document was a report written after an investigation into the death of Italian citizen Nicola Calipari at a checkpoint in Iraq.

SHARE:
Experts have warned users to be careful with document management procedures after a serious breach of US military security when classified information was revealed by a simple copy and paste of a document from a PDF format.

The document was a report written after an investigation into the death of Italian citizen Nicola Calipari at a checkpoint in Iraq. The document contains both classified and unclassified information about what happened at the traffic control points in Baghdad on 4 March, the day of the incident. The US military has since removed the offending document from the Internet, but not before it had been copied and republished on several Web sites.

The military made an error when it chose to simply black-out certain words and paragraphs from the original classified document instead of removing the actual information. This means that if the document was read or printed, the 'censored' information would be safe. However, by selecting the document text and using the copy and paste function, the document could easily be reproduced in its entirety on any word processing application.

Samia Rauf, director at document security specialists Workshare in Asia Pacific, said this kind of mistake was common -- the information was hidden but not removed.

"[The US military] had blacked out the text but not protected the document at the perimeter level. Just PDF-ing a document on its own does not hide sensitive information. It needs to be stripped out at the core level," said Rauf.

According to Rauf, the problems associated with hidden data is not restricted to the PDF format. She said it is actually far more common for people to make this type of mistake when using an application like Microsoft Word.

"Every single Word document contains metadata but the scary thing is that 90 percent of the population don't know it exists. Metadata has a useful purpose. If a document crashes you can do an auto-recover and it will bring everything back for you. Anyone can make this mistake - we heard a story about a law firm losing its clients because documents went out with 'track changes' enabled," said Rauf.

The document is available in its original version here.

Topics: Government, Data Management, Malware

Munir Kotadia

About Munir Kotadia

Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.

Munir was recognised as Australia's Best Technology Columnist at the 5th Annual Sun Microsystems IT Journalism Awards 2007. In the previous year he was named Best News Journalist at the Consensus IT Writers Awards.

He no longer uses his Commodore 64.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • I found this article an interesting & effective reminder of the double-edged nature of using the internet to promulgate official information.
    However, I was utterly appalled to find that you offer readers a hotlink to the un-sanitised cl****ified document itself. Have you no conscience? Some of the info which was blacked out was hidden to protect the lives of soldiers serving in Iraq right now. I am certain that if the editor's son or daughter was serving in Baghdad, you would not be so quick to put kids' lives on the line to boost your own ratings/profits.
    anonymous