http://www.estripes.com/article.asp?section=104&article=28818
By Lisa Burgess
Stars and Stripes
European edition
May 3, 2005
ARLINGTON, Va. - U.S. commanders in Iraq posted a version of the U.S.
investigation into the Italian checkpoint shooting from which it was
possible to recover classified information by simple manipulation of
the electronic file.
The report, issued by Multinational Forces-Iraq, or MNF-I, over the
weekend, was heavily redacted, with classified sections obscured by
black boxes.
The report was posted in a "PDF" format, used by the U.S. government
to generate documents of various kinds.
While downloading the information, however, the global "blogging"
community quickly discovered that the classified information could
easily be recovered.
MNF-I officials said Monday that the report's full release was an
accident, but could not pinpoint how it occurred.
"The procedures that we used [to safeguard the classified information]
were inadequate," Air Force Col. C. Donald Alston, MNF-I?s chief of
strategic communications, said Monday. "We consider this a very
serious matter."
MNF-I officials took the report down from their own site over the
weekend.
The classified sections of the report have information about the
number and type of insurgents attacks on the road to "Route Irish,"
the 7.5-mile east-west road along south Baghdad that runs from the
International Zone in downtown to Baghdad International Airport.
The unclassified portion of the report says that the four-lane road is
known as "IED Alley" for the large number of improvised explosive
devices that have been planted there by insurgents.
The report also delves into the securing of checkpoints, as well as
specifics concerning how soldiers manned the checkpoint where the
Italian intelligence officer was killed.
In the past, Pentagon officials have repeatedly refused to discuss
such details, citing security concerns. The information technology
community quickly began linking to the report site and discussing the
security breach.
"There have been many reports in the press of how people have
published Microsoft Word documents with their history easily revealed
through Word's "track changes' feature," blogger David Berlind
commented in his Internet technology blog, "Between the Lines" at
ZDNet. "But you rarely hear about problems like this when it comes to
PDF files."
"It will be interesting to see how this security debacle unfolds,
where the finger gets pointed, and how it changes the way PDF files
get handled in the future [by organizations of all types]," Berlind
wrote.
_________________________________________
InfoSec News v2.0 - Coming Soon!
http://www.infosecnews.org
