New York Times Suffers Redaction Failure, Exposes Name Of NSA Agent And Targeted Network In Uploaded PDF

from the make-sure-to-dot-all-i's-and-blot-out-all-sensitive-info dept

It appears as if the New York Times, in its latest publication of leaked NSA documents, failed to properly redact the PDF it uploaded, exposing the name of the NSA agent who composed the presentation as well as the name of a targeted network.

Cryptome seems to have been the first site that noticed the redactions that actually weren’t, issuing a couple of tweets that informed its followers of this fact. This led to Bob Cesca at the Daily Banter turning the NYT’s error into an anti-Snowden rant (which I found via F-Secure’s blog) that decried everyone involved while “virtuously” refusing to name the entity that had discovered the poorly-done redactions (but including the uncredited tweets in full for easy searching).

As soon as the article was posted, someone from or associated with a popular cryptography website claims to have downloaded a pdf of the Snowden document from The New York Times and discovered that three of the redactions that were intended to obscure sensitive national security information were easily accessible by highlighting, copying and pasting the text. The poorly-redacted file was subsequently posted to the cryptography website, then promoted via Twitter. (We’re not going to post the name of the website that posted the file to protect the information contained within.)

So, the identity of an NSA agent is out there in public view within the same document in which a target of this program is named. All of this is due to the incompetence of whoever failed to properly redact the pdf before publishing it for the world to see — as well as for the aforementioned cryptography site to nab and republish it.’

This was bound to happen at some point in this ongoing saga: the name of an American agent has been leaked to the public via a document stolen by Edward Snowden. To add to the irresponsibility of how Snowden went about this operation, he distributed untold thousands of documents to a gaggle of technological neophytes who barely understand how to used Adobe Acrobat, much less the phenomenally complicated details of top secret NSA operations.

Cesca somehow feels the privacy of a single NSA agent trumps the public’s interest in infringements on their own privacy — not just here in the US but all over the world. Certainly, the New York Times should have made sure its redactions were actually redactions before publishing the document, but Cesca’s hyperbolic attack isn’t doing his side any favor.

One agent’s name was exposed, one who may not even be employed by the agency at this point. (The documents are from 2010.) The target revealed is nothing more than the Al Qaeda’s “branch operation” in Mosul, Iraq. Al Qaeda has been the focus of counterterrorism efforts since before the 9/11 attacks and the revelation that the NSA is targeting mobile networks in Mosul shouldn’t come as a shock to anybody, least of all Al Qaeda members.

This doesn’t excuse the NYT’s carelessness, however. It is disseminating some very sensitive NSA documents and should be ensuring any information it chooses to withhold stays withheld. But this error doesn’t invalidate Snowden’s exposure of the NSA’s programs, no matter how Cesca (and those like him) spin it.

The NSA and other government agencies have suffered redaction failures as well, accidentally exposing information they would rather have withheld from the public. Does the government get held to the same standard by the NSA’s booster club? Hardly. Humans make mistakes, no matter which side of this issue they’re on.

[The original document uploaded by the NY Times is posted below (via Cryptome). To see the unredacted text, simply click on the Text tab.]

Filed Under: , , , ,
Companies: ny times

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “New York Times Suffers Redaction Failure, Exposes Name Of NSA Agent And Targeted Network In Uploaded PDF”

Subscribe: RSS Leave a comment
82 Comments
Anonymous Coward says:

Re: Re: Re: Re:

Native support. That’s why. Though many people still don’t realize you can take any pdf and open in in Photoshop or Illustrator and merely remove the bar – which is what the cryptology website did. It was simply another layer over the top of the existing text rather than to delete or replace it.

Anonymous Coward says:

Re: Re: Re: Re:

It’s not a problem with the format. It’s a problem with people not knowing how to use the format properly. Making an opaque box on top of text doesn’t remove the text in an editable format, regardless of which one it is. I’ll give you that PDF’s can be someone cumbersome to handle at times and Acrobat’s editing functionality can be really flaky. (I generally prefer to edit them with Illustrator instead which generally works much better at least with single pages.) But nothing else out there really accomplishes what PDF’s do which is provide a editable, cross-platform, file format capable of reproducing a layout accurately both on screen and in print with embedded fonts and images and can be optimized for transfer across the web and can be viewed universally without requiring expensive proprietary software to open it.

John Fenderson (profile) says:

Re: Re: Re:2 Re:

” But nothing else out there really accomplishes what PDF’s do which is provide a editable, cross-platform, file format capable of reproducing a layout accurately both on screen and in print with embedded fonts and images and can be optimized for transfer across the web and can be viewed universally without requiring expensive proprietary software to open it.”

Well there are other (older, more mature) formats that accomplish this, but that’s neither here nor there.

My problem with PDFs is that easily 90% of the time they are used, they shouldn’t be. Putting things in a PDF locks it away, enforces a particular screen layout (that’s a bad thing more often than a good one), makes it impossible to search using standard search tools, often contain no text — only images of text, etc.

So I suppose it’s not so much that it sucks, as it is that people shouldn’t be using it except for a few specialized purposes. It sucks for everything outside of those purposes. But I’m very well off-topic now. Sorry. 🙂

Anonymous Coward says:

Re: Re: Re:3 Re:

“Putting things in a PDF locks it away, enforces a particular screen layout (that’s a bad thing more often than a good one), makes it impossible to search using standard search tools, often contain no text — only images of text, etc.”

That’s only if the person who created it chose to lock it with the security settings when they created it which most people don’t do or you don’t have software that is capable of editing it, or they made the PDF from an image scan instead of a vector layout which of course in this case wouldn’t have been able to be revealed because the text was no longer text at all but rather an image. And if they are creating PDF’s from image scans, I can only see one reason to do so and that is because you want to have it in a single multi-page document. Otherwise I agree with you that this would be stupid. However if the PDF is made from actual text instead of just image scans, then yes it is searchable. As for forcing a layout, somethings (like the web) are meant to be dynamic, somethings are not. If I want to make a document to distribute for the purpose of it not only being viewable but also printable, PDF is the way to go as it allows me to ensure that it will be displayed on paper the way I intended it to be.

John Fenderson (profile) says:

Re: Re: Re:4 Re:

However if the PDF is made from actual text instead of just image scans, then yes it is searchable.

But not using standard search tools. You have to use a PDF reader. If I have to use a nonstandard tool to search a document, that document is of much less use to me because I have to treat it differently than all the other documents I have. This is tolerable if i got some benefit from the format, but as the reader of the document, PDFs give me no such benefit.

“If I want to make a document to distribute for the purpose of it not only being viewable but also printable, PDF is the way to go as it allows me to ensure that it will be displayed on paper the way I intended it to be.”

I understand, but this comes at the sacrifice of flexibility when viewing the document when it’s not printed. Very few PDFs can be comfortably read on all devices because of this.

Anonymous Coward says:

Re: Re: Re:5 PDF searching

But not using standard search tools. You have to use a PDF
> reader. If I have to use a nonstandard tool to search a
> document, that document is of much less use to me because I
> have to treat it differently than all the other documents I
> have.

Uh, I have no idea what your “standard search tool” is, but on my operating system (linux) it happily full-text indexes PDF files.

Anonymous Coward says:

Re: Re: Re:3 Re:

And as for those PDFs with pages of images of scanned text that isn’t searchable, you know who is to blame for that. Don’t blame Adobe. Acrobat (the actual generation and editing software not just the Reader) has had OCR capability built into that can convert images of text back to vector text for since at least version 5 of the software. No blame the scanner manufacturers that release software for their machines that give you the option to save as a PDF with no option in there to automatically convert it to text. That is where all those are coming from. Users who have a scanner and see the option to save as a PDF that don’t know the difference between the PDF that their scanner produces and PDF’s that are generated from actual text in a file when they make the PDF are most likely the one’s that are making all those PDF’s that you hate so much.

DannyB (profile) says:

Re: Re: Re: Re:

There are about a zillion reasons to hate PDFs, and this would
> be one of them. I still don’t understand why people insist on
> using this file format.

This is not one of the reasons to hate PDFs. Redaction failure is one of the bestest reasons to love PDFs.

Government and technophobic dinosaurs (yes you mr. riaa/mpaa): please continue using this highly entertaining and informative format.

Anonymous Coward says:

You don’t excuse the “NYT’s carelessness,” but you repeat their mistake by publishing the unredacted document?

If published the unredacted version was an error (as everyone acknowledges it was) why are you compounding the error by repeating it here?

Your point would have been just as strong without publishing the unredacted document. You’re subverting the NYT’s editorial decision to black out the name. That’s your choice, but do you really have a good reason for doing so?

DannyB (profile) says:

Re: Re:

You’re subverting the NYT’s editorial decision to black out the name.

So you suggest subverting Tim’s editorial decision to publish the document as a cure? Two wrongs make a right?

Do you believe that the genie can somehow be put back into the bottle? Once you open a can of worms do you believe they can somehow be re-canned?

It’s as stupid (and hilarious) as Mrs. Clinton asking Anonymous to ‘return’ digital documents.

Anonymous Coward says:

Re: Re: Re:

But was it necessary to spread the name to even more people? I would have thought the article describing the situation would be the primary source, making the document containing the name irrelevant to the point.

Reposting the document, brings more eyeballs to the name. It is ultimately a numbers-game. When 10.000.000 people have seen the name it is more likely some whack-job decides to use the information to reduce the current staff of NSA as opposed to when 100.000 sees it…
That it is out in the open doesn’t mean everybody knows. Number of people who know x, matters in many situations including this situation…

Anonymous Coward says:

Re: Re: Re: Re:

Seriously? You can’t be equating the identity some agent no one has ever heard of that may or may not be still employed in the same capacity or even at all that made training materials two years ago with the identity and the revelation of a pertinent, timely, sensitive field operation that is currently happening. Those two things aren’t even close to same thing.

Anonymous Coward says:

Re: Re:

Here’s what I don’t understand… It’s basically saying they were targeting the region surrounding Mosul, Iraq.
A quick google to Wikipedia:
An investigation in 2009 pointed out that more than 2,500 Kurds had been killed and more than 40 families displaced in Mosul since 2003. The Patriotic Union of Kurdistan blames Al-Qaeda and former Ba’ath Party’s.[32] Despite all the odds, the citizens of Mosul have vowed to bring stability and prosperity to Mosul, to rebuild the city, and to regain its historical and cultural roles as one of the three major cities in Iraq and one of the first historic metropolitan areas in the world.

Why the hell is it top secret now, unless the Iraqi government didn’t sanction the spying operation or have knowledge of it?

Anonymous Coward says:

Re: Re: Re:

so you’ve been able to relate operational information with the leaked document and have made assumptions in that regard.

And you don’t think this type of analysis would also be done by Al-Qaeda just as you did, and that this information would assist them in determining the situation, as it did you?

You have just clearly displayed why this is treason, and ‘aiding the enemy’, it is also putting peoples lives at risk.

again, Snowden is fucked now..

forget pardons or no punishment, you linked specific operational information with the leaked documents, and shown how it is possible to derive information from both.

Its what the NSA supporters have been claiming is happening, and now you have proven it.

Anonymous Coward says:

Re: Re: Re: Re:

Yes, Snowden is responsible for the NYTime’s fuck up. Great, you’re as hyperbolic as the jackass actually making the accusations in the article. My privacy rights are more important that the information accidentally revealed in a document from 2009. Wake up, jerk-off. It’s almost 5 years later. If you think they haven’t moved on, then you’re just an idiot trying to kill someone who wants to protect our rights from government overreach.

Baldaur Regis (profile) says:

I somehow doubt the inadvertent naming of an NSA employee responsible for preparing PowerPoint slides carries the same emotional loading as the rather breathless declaration that:

It?s finally happened. The name of an NSA agent has been accidentally leaked to the public via an NSA document stolen by Edward Snowden.

…unless that employee was working out of a rathole in Iraq, smuggling dangerous presentation materials out of the country by shoving up his bum, in which case I’d have to ask, what, they don’t have affordable office space in New Jersey or some other comparable american rathole?

Anonymous Coward says:

“to a gaggle of technological neophytes who barely understand how to used Adobe Acrobat, much less the phenomenally complicated details of top secret NSA operations.”

Yes, because, you know … we don’t want to overclog the intertubes with too many intellectual property addresses. It might just take out the power lines you know.

The government is so far behind when it comes to technology it wouldn’t surprise me if they are still running 486 machines. Everyone knows government is way behind the times technologically and have always had obsolete technology. This is widely known but I’m sure Bob Cesca is probably too ignorant to even know that.

The average person on these sites can probably write software better than Adobe Acrobat. Bob Cesca is probably proud that he barley knows how to use a simple user friendly program like Excel and yet he wants to try to condescend against a tech world of people highly educated in fields like math, computer science, physics, etc… This is truly laughable. What are his qualifications? What is his degree in?

“the name of an American agent has been leaked to the public via a document stolen by Edward Snowden.”

You know what words come to mind when I think of “American government intelligence employee”. Stupid monolingual (partly thanks to our embarrassing educational system). Yet you think these agencies are sophisticated but most of their members barley speak English that well and that’s their only and native language. How can we entrust them to defend us against foreigners speaking foreign languages.

http://www.techdirt.com/articles/20130614/16265623479/rep-grayson-let-me-tell-nsa-there-is-no-threat-to-our-nation-when-i-call-my-mother.shtml#c608

and lets not forget about all the complicated and advanced background checks they do.

https://www.techdirt.com/articles/20140124/12433225982/doj-says-company-that-vetted-snowden-faked-665000-background-checks.shtml

Must be hard work and too complicated for our little minds to grasp.

You simply overstate the sophistication of these agencies. Probably because you are even less sophisticated than they are and too stupid to know an agency filled with dumb people when you see one. But the fact is that these agencies are very simple. They are merely self interested composed of self interested people.

Wally (profile) says:

Re: No sympathy

Inside joke amongst the staff at the NSA is “Never Say Anything” because their bosses merely tell them coordinance points to listen in on…and they are NOT allowed to question those orders of a superior…

That being said, you don’t know each individual who was involved in what…it creates a sort of witch hunt for things a person may not have done….Would you blame a person for a person’s actions or a groups actions? If you affirmed in the latter, it’s the same thing as punishing a class for one perdon’s mistakes…

Wally (profile) says:

Responsibility and Accountability

Compromising the inner workings of the counterterrorism programs in the NSA exposes methods that Snowden worked hard to keep classified with his documents…All that effort has gone to waste, puts innocent agents’ lives at sever risk, and gives Al Qaida and al-Shabab new ways to avoid us…

It is our responsibility as Americans to say “stop spying on us” so we can do our jobs as citizens and hold our government accountable…It seems that the NYT has done exactly what it always does by breaching this data with names that SHOULD BE KEPT SECRET…Their extreme carelessness means they lack self accountability to the American public and to their fellow mrmbers of the press…all in the name of being “the best”.

Anonymous Coward says:

Re: Re: Responsibility and Accountability

Specifically, though there is a degree of legal severity involved here when it comes to the American public as opposed to the rest of the population of the world. There are specific US laws that prohibit such actions against the American public that they are blatantly violating. With foreigners the legality of these operations is less dubious. This is not to say that the people of other nations should not be outraged as well, especially those of nations considered as allies. However this is why much of the focus of the outrage has been placed on the domestic operations even though the foreign collection of information on untargeted innocent individuals is also a problem that needs to be rectified.

Anonymous Coward says:

Re: Responsibility and Accountability

“Compromising the inner workings of the counterterrorism programs in the NSA exposes methods that Snowden worked hard to keep classified with his documents”

no he didn’t he stole them, he worked hard to make sure they were made public.

and how hard did he work?? not well enough because shit got out !!! so he’s not only criminal, he’s criminally stupid too?

Anonymous Coward says:

Doesn’t espionage still carry the death penalty in most countries, and doesn’t that make it a criminal act?

Not to suggest that simple NSA employees should be executed, but they should certainly be identified and charged. Espionage against Americans is surely espionage against America and ought to be dealt with under the law.

Anonymous Coward says:

Re: Re:

“Doesn’t espionage still carry the death penalty in most countries” no.

first you have to prove NSA engages in illegal espionage as opposed to intelligence gathering.

Individuals do not hold the meta-data gathered, they don’t own it, they have never owned it, and your permission is not required to gather it.

raindog469 (profile) says:

Cesca should have stuck to making cartoons.

His “Napster Bad” Flash animation, released at the height of the anti-Napster hysteria and targeting Metallica for their hypocrisy, was actually pretty awesome. (He also did the album cover for one of the worst albums by one of my favorite artists. But he’s been on my radar for a long time, in a mostly positive light.)

Today, though, his desire to defend Obama, Feinstein et al. over their own tooth-and-nail defense of far-right authoritarian tactics like secret courts and domestic spying at the cost of his own credibility while demonizing the first great patriot to emerge in this century is… well, less awesome.

So many amazing cartoons about the NSA’s spying could, and should, be made. But we’ve already had too many “my side did it, so it must be okay” editorials.

Go back to cartoons, Bob.

Anonymous Coward says:

"Using Adobe Acrobat"

is one of the most insanely dangerous things you can do with a computer.

Acrobat’s history is LITTERED with exploitable security holes. There are so many that even though I have a sizable collection of bookmarks pointing to their descriptions, I’m sure I don’t have them all. A search of the archives of full-disclosure or bugtraq or even Slashdot reveals a thoroughly depressing history of utterly incompetent software design, implementation, and maintenance.

Not that other PDF readers are perfect. Of course they aren’t. But all of them combined don’t stack up to what Acrobat’s “achieved”.

I would expect anyone knowledgeable in security to know this, but clearly Cesca doesn’t. Too bad. The very security he purports to be upholding is horribly undercut by Acrobat on a daily basis.

Anonymous Coward says:

The fact that redactions can be done improperly is a long known and most of the tech folks know of this about pdfs. These is nothing new in this part of the article.

I find it very telling that one of the pro-NSA people are just so upset over the releasing and naming of an agent of the NSA. So where were all these people at the time that Valery Plame was named? Exposed by her own government officials yet no one went to jail nor were they punished despite the fact it put both her and her husband’s lives in danger. I’d say that was rather a matter of convenience by the Bush administration in their rush to get documents manufactured stating that Iraq had purchased yellowcake when it had not. In order to get those documents faked, the then official had to go because he refused to make false documents on events that hadn’t happened.

In the same manner, administration officials are constantly leaking info that is classified with no worry of reprisal while the same can’t be said of whistle blowers.

Corruption at its finest as it shows the laws of the land are only for the masses, not the rich or powerful. That in itself blows the whole NSA scandal into it’s proper place.

It is very evident that the government views its own citizens as the terrorists, not outside forces. They have a problem with justifying it because they can’t really come up with valid and legal reasons that stand the light of day and have the ring of truth to them.

That tells me all I need to know and why I can no longer believe what the mainstream media and government claim.

Anonymous Coward says:

Oh, im so sorry, im so sorry that an agent involved in something he shouldnt be involved in got named, im so sorry

Lets use this as justification for keeping secrets, because we got to protect those that are keeping the secrets……..oh yeah, that makes so much sense

Come on man, think about the secret, secrets, and redact those secrets, oh, and the children

Anonymous Coward says:

I can see now how much fun it is to find traces of a person’s life and put those together to form a picture.

Now we can see:

The name of the analyst & age.
The spouse’s name & nickname & age & employer.
The child’s name & year of graduation from high school & team sport.

The activities that they do together as a family.

The pizza parlor they frequent.

Photographs.

Is our next step to look at the names of their running partners or other couples who helped with mock interviews to identify likely coworkers at NSA?

Is this what we will get in exchange for having our data sifted and grouped and analyzed and dissected? We get to do the same for NSA employees.

Maybe we can get to do this for the decision makers instead of low level employees next time.

Anonymous Coward says:

have you noticed how far we’ve gone from Snowden telling you your phone calls are logged (meta-data), and how it was for the public and the American peoples good for them to know about it, to specific operational information and nothing to do with monitoring Americans!

So his motive for the release of the documents was not really about ‘informing’ Americans about meta-data.

you don’t have to release this type of information to achieve what he stated he wanted.
Makes you wonder what his real motives are?

Anonymous Coward says:

Re: Re:

Specific “operational” information? Creating a PowerPoint slide describing a classified document is an “operation?” I must be doing operational things all the time with how much I use Microsoft Office!

The names of people who work at the NSA is not classified information. It would be pretty hard for it to be since they have to, you know, file taxes and stuff. The majority of NSA employees probably have had access to or even created classified information. “Leaking” that a specific employee created a specific piece of classified information isn’t going to compromise anything.

There are tons of things that are classified that don’t really mean much. Think of any previously classified document that becomes unclassified…I can guarantee that, for a significant portion of time while it was still classified, it was both classified and completely irrelevant. There is also plenty of classified information that it already known or obvious; it’s classified because it only becomes a possible issue once it’s confirmed officially.

This is one of those things. The individual worked for the NSA (known). The individual worked on classified documents (known). The individual made a presentation describing a capability that they did not create themselves, that they did not use in a specific capacity, and a program which is (now) already leaked (irrelevant).

Anonymous Coward says:

“NSA chick has a Twitter account with the NSA handle”

so, NSA reps are also on TV sometimes, with their name right there too, it is their choice, clearly they are not in a position where is it necessary to be secret, and her name is not linked to any specific operation.

You name and number is also in the phone book, so !!!

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...