Acrobat user gaffe exposes classified Defense information

A public military report on an investigation into the shooting death of an Italian security agent includes blocks of classified data that can be deciphered as easily as copying and pasting text.

Multinational Forces-Iraq issued the report in Adobe Acrobat Portable Document Format on April 30 as an unclassified document, with blocks of classified redacted information obscured from public view. But copying and pasting the classified sections into Microsoft Notepad reveals the blocked text.

The breach was discovered by an Italian blogger shortly after the report was posted and news of the gaffe has circulated among the global blogging community.

MNF-I officials took the report down from their own site over the weekend, according to a story posted today on European and Pacific Stars and Stripes.

"The procedures that we used [to safeguard the classified information] were inadequate," Air Force Col. C. Donald Alston, MNF-I's chief of strategic communications, told Stars and Stripes. "We consider this a very serious matter."

Last week, a U.S. military investigation cleared American troops in the March 4 shooting death of Nicola Calipari, an Italian security agent in Baghdad. Calipari, 50, who had just secured the release of hostage Giuliana Sgrena, an Italian journalist, was killed at a U.S. checkpoint en route to the Baghdad airport.

According to the redacted information, the checkpoint had been set up earlier in the evening as part of preparations for a VIP traveling to Camp Victory outside Baghdad. Among other issues, investigators learned that problems with voice over IP communications prevented members of the command chain from informing troops that the VIP returned to Baghdad by helicopter, rather than car.

John Landwehr, the group manager for security solutions and strategy at Adobe Systems Inc., based in San Jose, Calif., said the information security breach arose from not using a third-party redaction tool in Adobe Acrobat, the application that prepared the PDF.

It appears the document's author "simply changed the background color of the text to match the font," Landwehr said. "The underlying ASCII text is still there. Had they used an actual redaction tool on the PDF, the text would have been completely removed."