[ISN] Student uncovers US military secrets

From: InfoSec News (isn@private)
Date: Mon May 17 2004 - 01:45:09 PDT

Next message: InfoSec News: "[ISN] Linux Security Week - May 17th 2004"

Previous message: InfoSec News: "[ISN] No WLAN? You still need wireless security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.theregister.com/2004/05/13/student_unlocks_military_secrets/

By Lucy Sherriff
13th May 2004 

An Irish graduate student has uncovered words blacked-out of 
declassified US military documents using nothing more than a 
dictionary and text analysis software.

Claire Whelan, a computer science student at Dublin City University 
was given the problems by her PhD supervisor as a diversion. David 
Naccache, a cryptographer with Gemplus, challenged her to discover the 
words missing from two documents: one was a memo to George Bush, and 
another concerned military modifications to civilian helicopters.

The process is quite straightforward, and according to Naccache, 
Whelan's success proves that merely blotting words out of declassified 
documents will not keep the contents secret.

The first task is to identify the font, and font size the missing word 
was written in. Once that is done, the dictionary search begins for 
words that fit the space, plus or minus three pixels, Naccache 
explained.

This process yielded 1,530 possibilities for word blanked out of a 
sentence in the Bush memo. Then, the text anaysis routine checks for 
words that would make sense in English. The sentence was: "An Egyptian 
Islamic Jihad (EIJ) operative told an XXXXXXXX service at the same 
time that Bin Ladin was planning to exploit the operative's access to 
the US to mount a terrorist strike." Just 346 words remained on the 
list at this stage.

The next stage is to involve the brain of the researcher. This 
eliminated all but seven words: Ugandan, Ukrainian, Egyptian, 
uninvited, incursive, indebted and unofficial. Naccache plumped for 
Egyptian, in this case.

Whelan subjected the helicopter memo to the same scrutiny, and the 
results suggested South Korea was the most likely anonymous supplier 
of helicopter knowledge to Iraq.

Although the technique is no good for tackling larger sections of 
text, it does show that officials need to be more careful with their 
sensitive documents. Naccache argues that the most important 
conclusion of this work "is that censoring text by blotting out words 
and re-scanning is not a secure practice".

According to the original report in Nature
(http://www.nature.com/nature), intelligence experts may consider
changing procedures.



_________________________________________
ISN mailing list
Sponsored by: OSVDB.org

Next message: InfoSec News: "[ISN] Linux Security Week - May 17th 2004"
Previous message: InfoSec News: "[ISN] No WLAN? You still need wireless security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon May 17 2004 - 05:16:05 PDT