[cryptome] Re: WH staff using third party websites to prepare official docs
- From: Ben McGinnes <ben@xxxxxxxxxxxxx>
- To: cryptome@xxxxxxxxxxxxx
- Date: Sat, 20 May 2017 00:11:35 +1000
On Fri, May 19, 2017 at 01:30:38PM +0100, douglas rankine wrote:
Tx for the info, Ben... nice bit of work....:-)
Just goes to show that metadata works both ways.
PDF is a massively documented format since Adobe handed it over to ISO
about 9 years ago. The problem is that those docs are *huge* and
finding the right bits to check the details of against whatever file
one is checking can get very arcane, as I discovered a couple of years
ago (this WH thing is tiny compared to the other one).
Fortunately for me, when I was poking around on that earlier job I
encountered a much shorter document which made the ideal reference
when it came to analysing PDFs. It's called, "Hidden Data and
Metadata in Adobe PDF Files: Publication Risks and Countermeasures"
and was published by a little American organisation called the
National Security Agency. :)
They took it offline a few months after I found it, so I put my copy
back online (as a ref. for the thing I first needed it for):
That file is just awesome, it explains everything you need to know
about PDF and it does so simply. It also has the refs to precisely
where in the actual specifications to check for certain very specific
forms of metadata.
Nice to know that the Spanish and whoever else was listening in,
managed to get the information from the White House before the
various branches of the US government, to whom it was addressed,
Well, the Spanish link isn't really the government, it's the guy who
registered ilovepdf.com. It's not like he or his site are really
doing anything clandestine; it's just a website for converting PDFs
and what not. Presumably the staffer found the site elsewhere and
just kept using it because he didn't know any better when it comes to
Makes one wonder what else is going on and is to be revealed over
time, now that such information is in the public field....
That was my concern. The chances of it being a once off and for all
the times to pick to do it being when the President is firing the FBI
Director seems like a bit of a stretch. No, more likely that people
there don't know that they've got Acrobat Pro or how to use it and so
they used a website that did everything for them. It's just that
every time they did they were technically providing data, most likely
confidential data (at the least) to some bunch of servers in Europe
and anyone in between.
Metadata, as the security gurus have said, so many times, can be a
lot more important than the content of the message.
Depending on what it is, yes. That's a particular issue with PDF too
since unlike pictures and certain other file types, a PDF can't be
completely sanitised (without corrupting the file).
Description: PGP signature
Other related posts: