Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

How NOT to redact a PDF - Nuclear submarine secrets spilled
Sophos IT Security Blog ^ | April 18, 2011 | Graham Cluley

Posted on 04/18/2011 12:25:07 PM PDT by Still Thinking

If you're an organisation that is making public an internal document, you best make sure that you have deleted or blacked out any personal, confidential or actionable information.

The act of obscuring the sensitive information is known as "redaction", and - for obvious reasons - needs to be done properly if you care about privacy and avoiding a potentially damaging data leak.

In the old days - before PDFs and Word documents - you might have redacted a document with a thick black marker pen, ensuring that anyone who made a photocopy of the document wouldn't be able to see the censored words. Things are different with electronic media, of course.

Unfortunately, time and time again we've seen sloppy security procedures make it far too easy for unauthorised parties to view information in electronic documents that should have been properly redacted.

The last example which has made numerous newspaper headlines, involves the British Ministry of Defence, which was found to have published a PDF document online, unintentionally revealing information about nuclear submarine security.

The PDF, entitled "SUCCESSOR SSBN - SAFETY REGULATORS' ADVICE ON THE SELECTION OF THE PROPULSION PLANT IN SUPPORT OF THE FUTURE DETERRENT REVIEW NOTE", was published on the parliamentary website following requests under the Freedom of Information Act. However, although sections were supposed to be protected through redaction - it was possible to copy-and-paste the blacked-out text straight out of it.

As the Daily Star explained:

The bunglers turned the text background black - making the words unreadable - but crucially left them in place. That meant anyone wanting to read the censored sections just had to copy the text.

This was a real school-boy error to make - as anyone with even an ­elementary knowledge of computers would know how to read the "redacted" content.

If you want to learn how to properly redact Adobe PDF files, here's a great guide describing how to do it with Acrobat X Pro.

Good luck, and remember that simply marking text will not actually remove it from your sensitive PDFs. You also have to apply redactions!


TOPICS: Government; Miscellaneous; News/Current Events; United Kingdom
KEYWORDS: acrobat; adobe; foia; informationsecurity; pdf; redaction
Navigation: use the links below to view more comments.
first 1-2021-29 next last
Erps!
1 posted on 04/18/2011 12:25:11 PM PDT by Still Thinking
[ Post Reply | Private Reply | View Replies]

To: ShadowAce

Tech Erps Ping!

Probably trying to slip information to their Al Queda butt buddies in a deniable way.


2 posted on 04/18/2011 12:26:16 PM PDT by Still Thinking (Freedom is NOT a loophole!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Still Thinking

I served on board a nuclear sub for many years..


3 posted on 04/18/2011 12:32:00 PM PDT by brivette
[ Post Reply | Private Reply | To 2 | View Replies]

To: rdb3; Calvinist_Dark_Lord; GodGunsandGuts; CyberCowboy777; Salo; Bobsat; JosephW; ...

4 posted on 04/18/2011 12:32:36 PM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

Comment #5 Removed by Moderator

To: brivette

Good thing you’re done with that. PC-illiterate Brits have been charged with maintaining information security. I feel sorry for the guys still serving though.


6 posted on 04/18/2011 12:34:15 PM PDT by Still Thinking (Freedom is NOT a loophole!)
[ Post Reply | Private Reply | To 3 | View Replies]

To: brivette
I served on board a nuclear sub for many years..

My son's assigned to one right now....

7 posted on 04/18/2011 12:35:31 PM PDT by tacticalogic
[ Post Reply | Private Reply | To 3 | View Replies]

To: ShadowAce

Your pinglist is experiencing technical difficulties....


8 posted on 04/18/2011 12:35:31 PM PDT by Eepsy
[ Post Reply | Private Reply | To 5 | View Replies]

To: Eepsy

His list is so nice he pings it twice! (Seriously, it always does that and he hasn’t been able to figure out why)


9 posted on 04/18/2011 12:36:50 PM PDT by Still Thinking (Freedom is NOT a loophole!)
[ Post Reply | Private Reply | To 8 | View Replies]

To: ShadowAce
Linux -- The Ultimate Windows Service Pack)

I don't see the Windoze posters double posting every thread...

|{:^)

10 posted on 04/18/2011 12:36:58 PM PDT by raybbr (People who still support Obama are either a Marxist or a moron.)
[ Post Reply | Private Reply | To 4 | View Replies]

To: raybbr

Maybe that’s the problem — he’s on a dual boot system, and both systems post!


11 posted on 04/18/2011 12:38:12 PM PDT by Still Thinking (Freedom is NOT a loophole!)
[ Post Reply | Private Reply | To 10 | View Replies]

To: raybbr; Still Thinking
Actually, I'm on my lunch break at work--on a Windows XP box.

LOL!

12 posted on 04/18/2011 12:42:03 PM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 10 | View Replies]

To: Still Thinking

If this was a bungle, it was a bad bungle. This same method could, however, also be used to mislead enemy forces by leaking “secret” information that just plain is not true. Sounds like something James Bond would do, but I don’t know if the current British defence [sic] has the brains.


13 posted on 04/18/2011 12:43:28 PM PDT by HiTech RedNeck (Hawk)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Still Thinking
Seriously, it always does that and he hasn’t been able to figure out why

That's true. It only happens when I ping the list from a Windows computer.

It never happens when I respond to a post, or ping from my linux box.

14 posted on 04/18/2011 12:44:43 PM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 9 | View Replies]

To: ShadowAce

Comment #5 was redacted good.............


15 posted on 04/18/2011 12:48:39 PM PDT by Red Badger (Mitt Romney: The Harold Stassen of the 21st century........)
[ Post Reply | Private Reply | To 4 | View Replies]

To: Still Thinking
Redact this!
16 posted on 04/18/2011 12:52:54 PM PDT by Lonesome in Massachussets (Somewhere in Kenya a village is missing its idiot)
[ Post Reply | Private Reply | To 1 | View Replies]

To: HiTech RedNeck

Good point. I’m usually devious enough to think of that.


17 posted on 04/18/2011 12:53:06 PM PDT by Still Thinking (Freedom is NOT a loophole!)
[ Post Reply | Private Reply | To 13 | View Replies]

To: Red Badger

The moderator was showing us how it’s done.


18 posted on 04/18/2011 12:53:06 PM PDT by MrB (The difference between a Humanist and a Satanist - the latter knows whom he's working for)
[ Post Reply | Private Reply | To 15 | View Replies]

To: HiTech RedNeck

In other articles about this incident, they mentioned that not only were British secrets revealed, but also among the improperly redacted info, were US Navy nuke sub procedures.

The Brits were not relishing telling the Navy about their screw up.


19 posted on 04/18/2011 12:58:07 PM PDT by AFreeBird
[ Post Reply | Private Reply | To 13 | View Replies]

To: AFreeBird

Unless it was a jointly planned disinformation effort, this is a really bad oopsie.


20 posted on 04/18/2011 1:00:17 PM PDT by HiTech RedNeck (Hawk)
[ Post Reply | Private Reply | To 19 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-29 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson