How NOT to fail at PDF redaction
The heated spat between Europe and AstraZeneca over a contract has segued into an unexpected blunder that left many of us chuckling and surprised at the same time. Perhaps even feeling a bit awkward.
Recently, the European Commission published a PDF version of the contract it had with AstraZeneca, a multinational pharmaceutical company based in the UK, over the availability and delivery of a certain number COVID-19 vaccine doses for Europeans.
The EU prefinanced 400 million doses from the pharma and expected it to deliver all of them as per contract. However, AstraZeneca said that it would only be delivering 40 percent of those doses.
To put pressure on AstraZeneca to fulfill its agreement with the EU, the bloc decided to make the contract public.
Although the document that was published on their website was supposed to be heavily redacted, whoever is responsible for making the document look “clean” forgot to redact the contents of the PDF’s bookmarks, which revealed significant portions of the redacted text.
There is a first time for everything.
This is not it.
We will have you know that there had been similar incidents in the past where improper obscuring of sensitive information about something has made history.
In 2011, the UK government accidentally breached itself by publishing a document containing certain secrets of Britain’s nuclear submarines. The PDF redaction was done by putting a black background behind the document’s black text. A simple copy and paste of its contents into a text editor, such as Windows Notepad, revealed the redacted PDF contents. Thankfully, these “secrets” weren’t as exciting as one would have expected.
This similar copy-and-pasting strategy worked with other purportedly redacted documents, such as that time when a judge’s analyses of the Apple versus Samsung ruling was revealed in an initially released PDF document.
If you can’t remember that, maybe you remember the time a reporter from The Guardian was able to reveal the full contents of the document in the case against Paul Manafort, Donald Trump’s former campaign chairman, containing details of his relationship with a former associate who had Russian ties.
Redacting PDFs 101
These are only a handful of stories from dozens more that have been reported and eventually buried (unless you start digging). Thankfully, embarrassing blunders like these can be avoided.
Here’s a caveat, however. You may find that digitally redacting documents may not be as straightforward as picking up a black permanent market and gliding the tip over the words you want to conceal (and if you think it is, you’re probably doing it wrong). Although technology is there to help make things quick for us, there are certain things that may need a bit of fiddling to ensure they’re done right and proper.
Adobe has a page dedicated to removing sensitive information from PDF documents that you can read in glorious detail here. But long story short, no matter how good your redactions look, they aren’t safe until you flip the Sanitize And Remove Hidden Information toggle when you save it.
Hope this helps!
The post How NOT to fail at PDF redaction appeared first on Malwarebytes Labs.
If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.