Feeds

Student uncovers US military secrets

'Felt-tip pen' censorship cracked

  • alert
  • submit to reddit

SANS - Survey on application security programs

An Irish graduate student has uncovered words blacked-out of declassified US military documents using nothing more than a dictionary and text analysis software.

Claire Whelan, a computer science student at Dublin City University was given the problems by her PhD supervisor as a diversion. David Naccache, a cryptographer with Gemplus, challenged her to discover the words missing from two documents: one was a memo to George Bush, and another concerned military modifications to civilian helicopters.

The process is quite straightforward, and according to Naccache, Whelan's success proves that merely blotting words out of declassified documents will not keep the contents secret.

The first task is to identify the font, and font size the missing word was written in. Once that is done, the dictionary search begins for words that fit the space, plus or minus three pixels, Naccache explained.

This process yielded 1,530 possibilities for word blanked out of a sentence in the Bush memo. Then, the text anaysis routine checks for words that would make sense in English. The sentence was: "An Egyptian Islamic Jihad (EIJ) operative told an XXXXXXXX service at the same time that Bin Ladin was planning to exploit the operative's access to the US to mount a terrorist strike." Just 346 words remained on the list at this stage.

The next stage is to involve the brain of the researcher. This eliminated all but seven words: Ugandan, Ukrainian, Egyptian, uninvited, incursive, indebted and unofficial. Naccache plumped for Egyptian, in this case.

Whelan subjected the helicopter memo to the same scrutiny, and the results suggested South Korea was the most likely anonymous supplier of helicopter knowledge to Iraq.

Although the technique is no good for tackling larger sections of text, it does show that officials need to be more careful with their sensitive documents. Naccache argues that the most important conclusion of this work "is that censoring text by blotting out words and re-scanning is not a secure practice".

According to the original report in Nature, intelligence experts may consider changing procedures. ®

Related stories

FBI on look-out for foreign government hackers
Why the Dogs of Cyberwar stay leashed
Bruce Schneier on crypto, the FBI, privacy and more

3 Big data security analytics techniques

More from The Register

next story
Most Americans doubt Big Bang, not too sure about evolution, climate change – survey
Science no match for religion, politics, business interests
KILLER SPONGES menacing California coastline
Surfers are safe, crustaceans less so
Discovery time for 200m WONDER MATERIALS shaved from 4 MILLENNIA... to 4 years
Alloy, Alloy: Boffins in speed-classification breakthrough
LOHAN and the amazing technicolor spaceplane
Our Vulture 2 livery is wrapped, and it's les noix du mutt
Liftoff! SpaceX Falcon 9 lifts Dragon on third resupply mission to ISS
SpaceX snaps smartly into one-second launch window
Opportunity selfie: Martian winds have given the spunky ol' rover a spring cleaning
Power levels up 70 per cent as the rover keeps on truckin'
Elon Musk's LEAKY THRUSTER gas stalls Space Station supply run
Helium seeps from Falcon 9 first stage, delays new legs for NASA robonaut
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.