Slashdot Mirror

← Back to Stories (view on slashdot.org)

Iranian Coup Plotters Exposed By PDF File

Posted by timothy on from the shoulda-seen-it-coming dept.

Renfield writes: "Security Focus has the details on how the New York Times released a SECRET CIA report on the Agency-sponsored 1953 Iranian coup on their Web site as a PDF file, with the names of foreign agents covered up with black lines and boxes. It turns out the Times didn't merge layers, and John Young of Cryptome discovered that by freezing the rendering at the right time, he could view the edited text before the black boxes covered them. He's putting up the full, unedited document on his site now. The Times says he's endangering lives, but why, oh why, didn't they use eraser tool, and how many other PDF files, Word documents, etc., contain more than meets the eye?" I wonder if there are any "aggressive" pdf viewers built to scan for just such information, too.

9 of 328 comments (clear)

  1. Re:This is also importaant with word documents.. by Cato · · Score: 5

    The Word feature to turn off is Fast Saves - this means that when you save a new version on top of the file (e.g. having deleted agents' names), Word simply adds the changed data to the end, to speed things up, rather than rewriting the whole file. So if you ever send a Fast Saved file to someone else electronically, you can be fairly sure to leak some information.

  2. Where's the "Information wants to be free" crowd? by Speare · · Score: 5

    This is not a flame.

    It's amazing how many people are rushing to condemn the man who published the un-redacted file, and how many people are screaming to investigate the New York Times because they published the redacted file without understanding the file format, and how many people are crying foul because the CIA leaked the document in the first place.

    Isn't this SLASHDOT?!

    People here don't holler if Microsoft leaks proprietary technical specs... they laugh. People here don't whine if DeCSS circumvents runtime-redaction, they propagate the utility. People here don't find it immoral to expose CyberPatrol blacklists... they find it immoral to blacklist at all.

    "Information wants to be free," they chime.

    Given this strange behavior to this story, I have to ask. Is it "information wants to be free, except when lives are at stake"? Is it "information wants to be free, especially since beer isn't free"? Is it "information wants to be free, because I can't afford to pay programmers"? Or is it "information wants to be free, because Courtney Love teaches us how we gotta stick it to the man"?

    Principles are principles.

    If you don't believe "information wants to be free", then get off the pot and stop crusading. If you do believe it, then why are we worried here? The guy who finally published this unredacted form basically said he had two reasons,

    force the hand of the State Department, letting these families know they may be in danger

    force the review of critical information management within our own intelligence community

    Both of these reasons focus on exposing more information than just this document. His tactics also demonstrate that information wants to be free. He also showed that releasing information was a powerful proactive strategy, not a secret reactive strategy. Releasing information doesn't mean giving up all your control. He took control when he showed his hand.

    He was doing you a favor.

    --
    [ .sig file not found ]
  3. This is also importaant with word documents.. by szyzyg · · Score: 5

    I frequently get sent word documents by various people, being a unix user I of course send back the usual note about proprietory formats etc etc..

    But I've found is more effective to also go int othe file with a text editor and extract bits of text which they've deleted, along iwth other information the user may no t want me to see.

    Recently I received such a message from someone which handled PR for my particular section of the NI govt. There was some really dodgy info in there, and afdter returning it to the sender, the govt department got sent aplaintext policy document about not using MS Word or anything more complicated that .pdf for sending out messages.

    People should go looking at these files - there's a lot of info out there to be had

  4. Re:you don't need to freez by keesh · · Score: 5

    I've been working with PDF for a while now -- basically PDF has been designed to allow modifications to be made to a file without having to rewrite the entire thing (useful if you have a thousand page document and you want to correct one typo). At the bottom of every PDF file there are several cross-referencing tables. Open up a PDF file in [your favourite text editor here] and scroll to the bottom, you'll see what I mean. In what's called an 'incremental' PDF file (one that's been updated) there are several of these cross-referencing tables. It is safe to assume that the last one (or possibly more) is the one with the black boxes. You can simply delete the last table and the items will be ignored. In theory you also have to change a few other numbers but if you don't mind a few error messages you can get away with almost anything if you're using Acrobat Reader to view the document. You do not even need to go through and work out where all the black boxes are...

  5. Re:Where's the "Information wants to be free" crow by Signal+11 · · Score: 5
    Hey, I take offense to this post - you're somehow saying that morality is some kind of absolute, with no regard to the circumstances?

    How can you possibly draw a parallel between downloading mp3's and releasing secret information by the CIA on the names of their agents? How the f*ck are the two related? They're not! The information wants to be free crowd isn't a bunch of absolutists - we recognize that there must be limits. Some information shouldn't be free - you'll note I don't publish my root password.

    By and far, this mandra is related to a subconscious counter-culture and anti-authoritarian attitude which has grown on us as a result of circumstances. Circumstances like watching our rights as "consumers" and citizens be systematically stripped away while calling it a "win in the battle for personal choice". We were taunted by our peers, ejected from our school system, for wanting to know how the system worked.

    Yeah, there is some history here fella, and it would do you some good to talk to people on the other side of the fence before going off and trying to label everyone - something you'll find is usually met with freezing contempt amongst geeks.

  6. Pitstop by underwhelm · · Score: 5

    I pointed out to John that the same feat could be accomplished using a plugin for Acrobat called Pitstop.

    All rental IBMs at Kinkos have this plugin, so basically the Times PDF was vulnerable from the word Go. I'm sure that uber-intelligence agenices has already figured out how to remove the redaction long before Mr. Young posted his revelations.

    Just open the file in Acrobat, click, click, delete... full disclosure.

    --

    I don't need large brains to have a good time.

  7. Why publish? by icing · · Score: 5
    Having read the cryptome home page, they promised not to publish, then learned that someone else knew, and then did publish.

    What I'm missing is the explanation why they changed their mind. It looks like they wanted to publish before someone else does.

    I would like to know if they considered the timing of all this. For someone named in this report, a couple of hours to leave the country might make a big difference.

  8. Families by Robert+S+Gormley · · Score: 5

    The purported danger was to their children and families. Family is very strong in a lot of cultures, and "Your father was a traitor" can carry a lot of 'weight'...

    --

    Open Source. Closed Minds. We are Slashdot.

  9. US foreign policy by CocaCola · · Score: 5
    Lets forget about the past (of the US and the USSR) for a second.

    Do you agree that in the last 10 years (eg. starting _after_ the Gulf War) the US foreign policy was pretty sane from a human point of view?

    The US bribed^H^H^Hpayed IRA and Ulster Union leaders to stop fighting in Northern Ireland (knock on wood).

    They bribed^H^H^H^Hpayed Israel to find the peace process attractive.

    They brought fragile but existing peace to Bosnia, and started the same in Kosovo. If you take the preservation of human lives as a universal standard, then there were less people killed in Kosovo this year than in a month (you pick the month) two years ago.

    Yes, IMO this peace was worth those innocent ~400 lives caused by the air-raids (as counted by Yugoslav propaganda - not the tens of thousands they claimed initially), if you balance this against those many kosovoans *not* being killed now. The bosnian war took an estimated 200 thousands lives, so that was the prospective. If you are forced to pick between hundreds of lives and get your hands bloody, and thousands of lives but stay clean, which one would you pick?

    If there is a huge rock falling down towards 100 people and you have the option to push a button that redirects the rock to another group of 10 people, what would you do? Save 90 lives and become a killer (of those 10 people who would not have died otherwise), or let 100 people die but stay morally clean? If you have the power to actually *do something*, these are the questions you face every day.

    --
    --Coke