How NOT to redact a PDF - Military radar secrets spilled

Filed Under: Adobe, Data loss, PDF, Privacy

RadarThe UK Ministry of Defence has been caught out again by a schoolboy error - not knowing how to properly redact a PDF.

As Naked Security has explained before, if you're an organisation that is making public an internal document, you best make sure that you have deleted or blacked out any personal, confidential or actionable information.

The act of obscuring the sensitive information is known as "redaction", and it needs to be done properly if you want to keep something secret.

For instance, simply putting black text on a black background does not stop people from cutting-and-pasting the contents.

When a 22 page PDF document called "Air Defence And Air Traffic Systems Radar Transportation Study – Part 2" was published on a parliamentary website, it was hoped that its more sensitive contents would be properly redacted.

But, as the Daily Star reports, although there were sections "blacked out", the contents could easily be recovered simply by cutting-and-pasting.

Last time the MOD made this mistake it was related to nuclear submarine secrets, one hopes that they have learnt their lesson by now and provided an easy-to-understand guide for staff on how to properly redact documents.

If you want to learn how to properly redact Adobe PDF files, here's a good guide describing how to do it with Acrobat X Pro.

Remember that simply marking text will not actually remove it from your sensitive PDFs. You also have to apply redactions!

, , , , ,

You might like

7 Responses to How NOT to redact a PDF - Military radar secrets spilled

  1. I was hoping that once we had a new Government we may also get a newer more streamlined MOD with employees who actually know what they are doing, sadly the root and branch total reorganisation is about as advanced as a group of elderly gardeners chatting about a potential new compost , shameful Johnny English would do a better job!

  2. Stanley Homer · 1046 days ago

    Unfortunately these clowns are also running the country's cyber defences. The MOD would argue that matters like this are not a reflection of the level of IT skill within 5, 6, and Cheltenham. In reality, while the names and job descriptions may change, the skill levels are generally still just as poor. Keep your fingers crossed we dont have anything worth protecting.

  3. Ron · 1046 days ago

    The person who did the redacting... could he have done this on purpose for some political agenda?

  4. Homerbufflekill · 1045 days ago

    Print it, physically cut out the sections of the document to be redacted, and then scan it.

  5. Ash · 1037 days ago

    I wouldn't be surprised if they were purposefully released like this to throw others off the case. What we see on the news is only half the story.

  6. Stephen Hogan · 1037 days ago

    You could just highlight the text blacked-out above, and the print appears in white...

  7. Phil · 1031 days ago

    You could also consider a COTS solution from an ISV such as Intelledox - http://www.intelledox.com. These guys can implement an automated solution than can deliver redacted documents to an individual or group based on their clearance level. Worth considering. Phil

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.