Sophos Cloud Optix
The UK Ministry of Defence has been caught out again by a schoolboy error – not knowing how to properly redact a PDF.
As Naked Security has explained before, if you’re an organisation that is making public an internal document, you best make sure that you have deleted or blacked out any personal, confidential or actionable information.
The act of obscuring the sensitive information is known as “redaction”, and it needs to be done properly if you want to keep something secret.
For instance, simply putting black text on a black background does not stop people from cutting-and-pasting the contents.
When a 22 page PDF document called “Air Defence And Air Traffic Systems Radar Transportation Study – Part 2” was published on a parliamentary website, it was hoped that its more sensitive contents would be properly redacted.
But, as the Daily Star reports, although there were sections “blacked out”, the contents could easily be recovered simply by cutting-and-pasting.
Last time the MOD made this mistake it was related to nuclear submarine secrets, one hopes that they have learnt their lesson by now and provided an easy-to-understand guide for staff on how to properly redact documents.
If you want to learn how to properly redact Adobe PDF files, here’s a good guide describing how to do it with Acrobat X Pro.
Remember that simply marking text will not actually remove it from your sensitive PDFs. You also have to apply redactions!
I was hoping that once we had a new Government we may also get a newer more streamlined MOD with employees who actually know what they are doing, sadly the root and branch total reorganisation is about as advanced as a group of elderly gardeners chatting about a potential new compost , shameful Johnny English would do a better job!
Unfortunately these clowns are also running the country's cyber defences. The MOD would argue that matters like this are not a reflection of the level of IT skill within 5, 6, and Cheltenham. In reality, while the names and job descriptions may change, the skill levels are generally still just as poor. Keep your fingers crossed we dont have anything worth protecting.
The person who did the redacting… could he have done this on purpose for some political agenda?
Print it, physically cut out the sections of the document to be redacted, and then scan it.
I wouldn't be surprised if they were purposefully released like this to throw others off the case. What we see on the news is only half the story.
You could just highlight the text blacked-out above, and the print appears in white…
You could also consider a COTS solution from an ISV such as Intelledox – www.intelledox.com. These guys can implement an automated solution than can deliver redacted documents to an individual or group based on their clearance level. Worth considering. Phil