Acrobat user gaffe exposes classified Defense information

A public military report on an investigation into the shooting death of an Italian security agent includes blocks of classified data that can be deciphered as easily as copying and pasting text.

Multinational Forces-Iraq issued the report in Adobe Acrobat Portable Document Format on April 30 as an unclassified document, with blocks of classified redacted information obscured from public view. But copying and pasting the classified sections into Microsoft Notepad reveals the blocked text.

The breach was discovered by an Italian blogger shortly after the report was posted and news of the gaffe has circulated among the global blogging community.

MNF-I officials took the report down from their own site over the weekend, according to a story posted today on European and Pacific Stars and Stripes.

"The procedures that we used [to safeguard the classified information] were inadequate," Air Force Col. C. Donald Alston, MNF-I's chief of strategic communications, told Stars and Stripes. "We consider this a very serious matter."

Last week, a U.S. military investigation cleared American troops in the March 4 shooting death of Nicola Calipari, an Italian security agent in Baghdad. Calipari, 50, who had just secured the release of hostage Giuliana Sgrena, an Italian journalist, was killed at a U.S. checkpoint en route to the Baghdad airport.

According to the redacted information, the checkpoint had been set up earlier in the evening as part of preparations for a VIP traveling to Camp Victory outside Baghdad. Among other issues, investigators learned that problems with voice over IP communications prevented members of the command chain from informing troops that the VIP returned to Baghdad by helicopter, rather than car.

John Landwehr, the group manager for security solutions and strategy at Adobe Systems Inc., based in San Jose, Calif., said the information security breach arose from not using a third-party redaction tool in Adobe Acrobat, the application that prepared the PDF.

It appears the document's author "simply changed the background color of the text to match the font," Landwehr said. "The underlying ASCII text is still there. Had they used an actual redaction tool on the PDF, the text would have been completely removed."

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above.

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here

Washington Technology Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.


contracts DB