How NOT to redact a PDF – Military radar secrets spilled

The UK Ministry of Defence has been caught out again by a schoolboy error – not knowing how to properly redact a PDF.

As Naked Security has explained before, if you’re an organisation that is making public an internal document, you best make sure that you have deleted or blacked out any personal, confidential or actionable information.

The act of obscuring the sensitive information is known as “redaction”, and it needs to be done properly if you want to keep something secret.

For instance, simply putting black text on a black background does not stop people from cutting-and-pasting the contents.

When a 22 page PDF document called “Air Defence And Air Traffic Systems Radar Transportation Study – Part 2” was published on a parliamentary website, it was hoped that its more sensitive contents would be properly redacted.

But, as the Daily Star…

Read more in my article on the Naked Security website.

Found this article interesting? Follow Graham Cluley on Twitter, Mastodon, or Threads to read more of the exclusive content we post.

Graham Cluley •   @gcluley

Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.