[ISN] In wake of TSA breach, a refresher on redacting PDFs

From: InfoSec News <alerts_at_private>
Date: Fri, 11 Dec 2009 04:21:33 -0600 (CST)
http://gcn.com/articles/2009/12/09/tsa-breach-pdf-redaction-refresher.aspx

By Kevin McCaney
GCN.com
Dec 09, 2009

News that the Transportation Security Administration (TSA) accidentally 
posted secret information detailing its airline screening practices may 
have had a familiar ring to feds. The information was exposed because of 
inadequate redaction procedures.

TSA's operating manual had been posted on a procurement Web site in the 
spring in redacted form. But anyone who copied the document and pasted 
it into another format, such as Microsoft Word or Windows Notepad, could 
read the redacted sections. Some of those sections included the settings 
for X-ray machines and explosives detectors, as well as procedures for 
dealing with diplomats, CIA employees and law enforcement officers.

Information breaches due to improper redaction are not new. In 2005, the 
Multi-National Force-Iraq ran into a similar problem when a memo with 
redacted classified information about a shooting was posted on the Web 
[1]. The classified information, however, wasn't actually redacted so 
much as blacked out, and the information could be revealed by copying 
and pasting it into a different format.

The White House, Justice Department and United Nations also have 
encountered similar slip-ups.

In wake of those embarrassments, the National Security Agency issued 
guidance [2] to federal agencies, titled "Redacting with Confidence: How 
to Safely Publish Sanitized Reports Converted From Word to PDF."

In the guidance, NSA identified the three most common mistakes analysts 
make in redacting documents intended for the Web, all of them 
essentially the result of thinking that what works for a print copy 
works for a digital copy. The three most common mistakes:

    * Covering text, charts, tables, or diagrams with black rectangles, 
      or highlighting text in black. most common mistake is covering 
      text with black (or changing the background to black).

    * Covering up parts of an image with separate graphics such as black 
      rectangles, or making images .unreadable. by reducing their size.  
      As with text, this works only on printed copies.

    * Failing to remove metadata and documents properties, which is 
      often as sensitive as the original document; its presence in 
      downgraded or sanitized documents has historically led to 
      compromise.

A few tips NSA offers on how to properly redact a document:

    * Save a copy of the original document; make changes to the copy and 
      keep the original.

    * Delete, rather than black-out, sensitive text, diagrams, tables 
      and images.

    * Turn off track changes, comments and other visible markups, which 
      can contain potentially compromising hidden data.

    * Rename the document to show that manual redaction is complete.

    * Create a new Word document, and copy and paste the edited text.

    * Convert a Word document to PDF and review final output for missed 
      redactions or formatting issues.

Metadata and recorded, but often not visible, changes to a document are 
potential dangers because they often go unnoticed by the user. Knowing 
how to find that data is the key to removing it.

[1] http://gcn.com/articles/2005/05/13/pdf-user-slipup-gives-dod-lesson-in-protecting-classified-information.aspx
[2] http://www.fas.org/sgp/othergov/dod/nsa-redact.pdf


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org
Received on Fri Dec 11 2009 - 02:21:33 PST

This archive was generated by hypermail 2.2.0 : Fri Dec 11 2009 - 02:37:13 PST