How NOT to redact a PDF – Military radar secrets spilled

RadarThe UK Ministry of Defence has been caught out again by a schoolboy error – not knowing how to properly redact a PDF.

As Naked Security has explained before, if you’re an organisation that is making public an internal document, you best make sure that you have deleted or blacked out any personal, confidential or actionable information.

The act of obscuring the sensitive information is known as “redaction”, and it needs to be done properly if you want to keep something secret.

For instance, simply putting black text on a black background does not stop people from cutting-and-pasting the contents.

Sign up to our free newsletter.
Security news, advice, and tips.

When a 22 page PDF document called “Air Defence And Air Traffic Systems Radar Transportation Study – Part 2” was published on a parliamentary website, it was hoped that its more sensitive contents would be properly redacted.

But, as the Daily Star reports, although there were sections “blacked out”, the contents could easily be recovered simply by cutting-and-pasting.

Last time the MOD made this mistake it was related to nuclear submarine secrets, one hopes that they have learnt their lesson by now and provided an easy-to-understand guide for staff on how to properly redact documents.

If you want to learn how to properly redact Adobe PDF files, here’s a good guide describing how to do it with Acrobat X Pro.

Remember that simply marking text will not actually remove it from your sensitive PDFs. You also have to apply redactions!

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.