Monday 10 October 2011

How NOT to redact a PDF - Military radar secrets spilled

The UK Ministry of Defence has been caught out again by a schoolboy error - not knowing how to properly redact a PDF.
As Naked Security has explained before, if you're an organisation that is making public an internal document, you best make sure that you have deleted or blacked out any personal, confidential or actionable information.
The act of obscuring the sensitive information is known as "redaction", and it needs to be done properly if you want to keep something secret.
For instance, simply putting black text on a black background does not stop people from cutting-and-pasting the contents.
When a 22 page PDF document called "Air Defence And Air Traffic Systems Radar Transportation Study – Part 2" was published on a parliamentary website, it was hoped that its more sensitive contents would be properly redacted.
But, as the Daily Star reports, although there were sections "blacked out", the contents could easily be recovered simply by cutting-and-pasting.
Last time the MOD made this mistake it was related to nuclear submarine secrets, one hopes that they have learnt their lesson by now and provided an easy-to-understand guide for staff on how to properly redact documents.
If you want to learn how to properly redact Adobe PDF files, here's a good guide describing how to do it with Acrobat X Pro.
Remember that simply marking text will not actually remove it from your sensitive PDFs. You also have to apply redactions!
Graham Cluley @'naked security'

No comments:

Post a Comment