NSA Issues 'Metadata' Guidelines for Agencies
Following a series of foibles in which federal agencies and even the White House issued documents that contained hidden data that readers weren't meant to see, the the National Security Agency has issued guidelines for the federal government on removing revision histories and other so-called "metadata" from official documents before public release.
Metadata literally means "data about data", but that's not very descriptive. Essentially, metadata is automatically embedded in documents created with popular software such as Microsoft Word or Adobe Acrobat, and includes things like the document author's name, the date it was created, and often any changes or revisions that have been made and by whom.
Back in December, I wrote about an incident involving metadata that presented a rather embarrassing episode for the Bush administration's efforts to win more support for the war in Iraq.
But metadata isn't all bad -- sometimes it helps law enforcement officials track down the bad guys. Case in point: In August, the FBI and Moroccan authorities arrested an 18-year-old hacker Farid Essebar, who went by the online screen name "Diabl0" for creating the "Zotob" worm that infected thousands of computers at a number of high-profile companies last summer.
In a presentation at the recent Shmoocon hacker conference, Joe Stewart, a senior security researcher at LURHQ, talked about how authorities seized Essebar's computer and found a copy of the worm's source code. When they dissected it they uncovered some interesting metadata: Apparently Essebar had compiled the worm's source code with Microsoft Visual Studio, which embedded the text string "C:\Documents and Settings\Farid." Possessing source code for a worm that whacked a bunch of Fortune 500 companies is bad enough, but having your name engraved in the heart of it is downright damning.
Here's one tip I didn't mention in the earlier post on this: a quick and dirty way to find metadata hidden in Word documents. Start up Word, click File, then Open; under the "Files of Type" drop-down menu select "Recover Text from Any File"; then select the file you want to open and it should display any metadata.
Funnily enough, the PDF document released by the NSA also contains metadata. The text at the top of the document says it was created Dec. 13, 2005, but the metadata inside the PDF indicates it was created Jan. 10, 2006. The guy who pointed this out to me -- fellow security blogger Harlan Carvey, who is also a forensics expert -- says the discrepancy is due to the fact that the document was originally created in Microsoft Word, then converted to PDF on Jan. 10.
Posted by: William | January 24, 2006 3:15 PM | Report abuse
Posted by: GTexas | January 24, 2006 5:53 PM | Report abuse
Posted by: keydet89 | January 25, 2006 6:53 AM | Report abuse
Posted by: GTexas | January 25, 2006 3:33 PM | Report abuse
Posted by: keydet89 | January 26, 2006 7:49 AM | Report abuse
Posted by: GTexas | January 27, 2006 4:26 PM | Report abuse
Posted by: keydet89 | January 30, 2006 9:17 AM | Report abuse
Posted by: GTexas | January 30, 2006 4:34 PM | Report abuse
The comments to this entry are closed.