Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

FBI Wiretapping Audit Secrets Uncovered Via Ctrl+C

Posted by kdawson on Tue May 20, 2008 07:11 AM
from the c'mon-guys-it's-not-even-obscure dept.
It's funny. Laugh. Censorship
mytrip notes a story in Wired's Threat Level blog on the latest boneheaded government moves with redaction. (We've been discussing redaction follies here for years.) This time it's an FBI report (PDF) on implementing CALEA — you can select text from redacted areas, copy it, and paste into a text editor, as University of Pennsylvania professor Matt Blaze discovered. From Wired: "Once again, supposedly sensitive information blacked out from a government report turns out to be visible by computer experts armed with the Ctrl+C keys — and that information turns out to be not very sensitive after all... [Among] the tidbits considered too sensitive to be aired publicly: The FBI paid Verizon $2,500 apiece to upgrade 1,140 old telephone switches. Oddly the report didn't redact the total amount paid to the telecom — slightly more than $2.9 million dollars — but somehow the bad guys will win if they knew the number of switches and the cost paid."
+ -
story

Related Stories

[+] Your Rights Online: Memory Hole Un-Redacts Redacted DOJ Memo 453 comments
DrDNA writes "After a Freedom of Information Act request, the US Justice Department released a study on workplace diversity. However, nearly half of the memo was blacked-out. In what was apparently an incredible goof, it was posted in a PDF format called Image+Text. The folks at The Memory Hole simply removed the image, revealing the redacted text. The redacted text was highly critical of the DOJ's diversity efforts, as the New York Times reports." Folks, if you're going to be sneaky, at least do enough research to make sure you're really being sneaky.
[+] IT: More PDF Blackout Follies 309 comments
georgewilliamherbert writes "The latest installment of "As the PDF Blackouts Turn" hit today, with a U.S. government apparently releasing a redacted version of their court filing in the Balco grand jury leak case which merely stuck a black line over the text, which remains available in the document. As with prior documents, entering text cut/paste mode in a normal PDF browser such as Acrobat allows a reader to access the concealed text. Previous incidents include an AT&T filing in the NSA case." This works with Xpdf and KPDF, too; for KPDF, use the selection tool (under the Tools menu) around the redacted section, copy to clipboard, then paste into the text-manipulator of your choice.
Submission: Secret FBI Wiretapping Audit Revealed With Ctrl+C by mytrip (940886)
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

FBI Wiretapping Audit Secrets Uncovered Via Ctrl+C 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Let me guess... (Score:4, Funny)

    by Phyrexicaid (1176935) on Tuesday May 20 2008, @07:18AM (#23473644)
    If they were running a website, they would use:
    <FONT
    style="BACKGROUND-COLOR: black">Top Secret!</FONT>
  • You'd think that they would have learned by now.

    Your government dollars at work!

    • Can you geeks only complain? First you complain that we try to keep information secret, then, when we're too dumb to do it right and the info gets out, you complain again.

      Is there a way to satisfy you? Jeesh...

  • The headline and summary made took a minute for me to grasp, I just couldn't understand how you could get data out of something by halting execution.

    Then my brain woke up and I realized they were thinking of the Windows command Ctrl+C which copies the marked text..

    /Mikael

    • Re:Too much UNIX for me (Score:5, Funny)

      by hackstraw (262471) on Tuesday May 20 2008, @07:37AM (#23473794) Homepage
      Then my brain woke up and I realized they were thinking of the Windows command Ctrl+C which copies the marked text..

      Right. Me too. I don't use windows, so I think Ctrl+C == SIGINT.

      I saw a similar thing on another article here where they had Ctrl+Z in the article, and that took me a minute to figure out as well. I thought, WTF does suspending a task have to do with anything??? I then had to figure out that Ctrl+Z is the undo command in windows.

    • Re:Too much UNIX for me (Score:5, Funny)

      by SharpFang (651121) on Tuesday May 20 2008, @07:42AM (#23473858) Homepage Journal
      very simply...

      Welcome To FBI Info Booth.
      Please press:
      1 to open contact form
      2 to learn about the organization
      3 to get the latest news
      4 to access the current most wanted list
      5 to access other FBI resources
      Your choice: _ [ctrl+C]
      Terminated.
      root@booth975.fbi.gov# cat ./wiretaps.txt

    • Re:Too much UNIX for me (Score:5, Informative)

      by Tim C (15259) on Tuesday May 20 2008, @07:43AM (#23473868)
      Ctrl+C, Ctrl+X and Ctrl+V were increasingly common shortcuts in Linux apps the last time I used Linux on the desktop, which is going back a good few years now.

      Yes, they still do "different" things in a terminal, but they're by no means "Windows commands" any more.

      • Re: (Score:2, Insightful)

        by Anonymous Coward
        yeah, you're 100%.

        those guys were just involved in a dick-measuring "biggest nerd" contest.

      • Re:Too much UNIX for me (Score:4, Interesting)

        by mikael_j (106439) <slashdotNO@SPAMpantburk.info> on Tuesday May 20 2008, @08:00AM (#23474036) Homepage

        I think my problem is that for regular *nix I don't use KDE or Gnome and thus I'm still using what I'm used to (mark + middle click to paste) from when I started using X11, and for macs I find myself either drag'n'dropping or using cmd+c which has become differentiated from ctrl+c in my mind (as I use ctrl+c to shut down processes, not copy data).

        /Mikael

      • Re:Too much UNIX for me (Score:5, Informative)

        by dbitch (553938) on Tuesday May 20 2008, @08:23AM (#23474302)
        These are the IBM Common User Access commands [wikipedia.org]. So, they were never "Windows commands" to begin with.

        Funny how history works, huh?

        • Re:Too much UNIX for me (Score:5, Informative)

          by _xeno_ (155264) on Tuesday May 20 2008, @10:07AM (#23475910) Homepage Journal

          These are the IBM Common User Access commands [wikipedia.org]. So, they were never "Windows commands" to begin with.

          No, they're not. The Wikipedia article even lists the correct keys that actually were in the CUA. They were the ever-so-intuitive:

          Copy: Ctrl-Ins
          Cut: Shift-Del
          Paste: Shift-Ins
          Undo: Alt-Backspace

          These were the CUA shortcuts. The new Ctrl-Z/X/C/V shortcut set was stolen off the Mac, because unlike the CUA set, it makes sense. Unlike the CUA, it's always Control-Something. X and C make perfect sense for Cut and Copy. Z and V make less sense unless you think of them as little icons, in which case the Z is a Zig-Zag backwards and the V is a down-arrow pasting into the document. Ultimately, though, they're used because they're next to each other on the keyboard. All your common edit actions in a nice little row.

          If you want a non-Wikipedia source, you can try this page [ratherco.com]. The CUA keys still work in most Windows applications, it's just that the Mac keys also work since they don't overlap. Alt-F4 remains as probably the most-used CUA shortcut.

        • Re:Too much UNIX for me (Score:4, Informative)

          by sqldr (838964) on Tuesday May 20 2008, @09:05AM (#23474884)
          There's actually two pasteboards. Selecting it puts it into the X11 pasteboard, ctrl+c puts it into the gnome/kde pasteboard. There are differences, eg. the gnome/kde one has metadata and can contain images, links etc. It also seems to be more limitless - pasting 50000 lines from the X11 buffer rarely works.

          It's actually really useful to have two paste buffers in certain issues - ctrl-v to paste one, middle to paste the other.

        • Re: (Score:3, Insightful)

          by SL Baur (19540)

          It's more like they are very common hot-keys for any GUI app.
          C-SPC, C-w/M-w, C-y work just fine for me and we were using those keys before there was a Microsoft Windows, Linux or even modern Unix.

          Now get off my lawn!

    • Copy & Paste Reveals FBI Wiretapping Audit Sec (Score:5, Informative)

      by FlameWise (84536) on Tuesday May 20 2008, @07:47AM (#23473912)
      Honestly, same here. Some of those headlines are becoming really hard to read.

      "Wiretapping": verb. The FBI is wiretapping something. "is" omitted as in many headlines.

      "Audit": verb. The FBI's act of wiretapping is auditing something (Huh?)

      "Secrets": verb. The Audit of the FBI's wiretapping is leaking something. Wait isn't "secrete" writting with an extra "e"?

      "Uncovered": verb, passive. By now I'm sort doubtful I got it right in the fourth attempt.

      "Via Ctrl+C": By what?

      It took me reading the link in the original post to figure they meant a key press and not a screen name or a publication I wasn't familiar with, also helped me sort the four verbs into some semblance of legal grammar.

      How about: "Copy & Paste Reveals FBI Wiretapping Audit Secrets"?

      Remember school: Passive is bad for you.

    • Re: (Score:2, Informative)

      by Zarhan (415465)
      "Ctrl+C" isn't just "Windows" standard, it's actually coming from much older days. You are looking for

      http://en.wikipedia.org/wiki/Common_User_Access [wikipedia.org]

      and it's actually originating from IBM. Personally I'm *glad* that Linux desktop environments are also pretty much implementing the standard - I *like* being able to always hit F1 for help, Shift+F12 for save etc. I've even seen CUA bindings setup for Emacs but cannot find a link right now..

  • It's easy... (Score:5, Interesting)

    by johannesg (664142) on Tuesday May 20 2008, @07:20AM (#23473654)
    Look, the point of blacking out is not just to remove critical information, it is also to get you used to large parts of documents being blacked out. It is a way of hiding a signal within a lot of noise.

    By randomly blacking out stuff, you will never know if there is vital information hiding underneath the black text. And you will become more and more accepting of documents that have barely any text at all.

    The purpose is, of course, to allow more and more freedom to the agencies doing the blacking out. And less and less to you.
    • Washington Irving at it again!
    • Except all it does is get me in the habit of copying and pasting the whole document to see if they have screwed up again.
    • lol, they might as well publish everything with lorem ipsum on it...

      ---TOP SECRET--- "Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt moll

  • No suprises (Score:3, Informative)

    by Lumpy (12016) on Tuesday May 20 2008, @07:20AM (#23473656) Homepage
    Most of the time something deemed "secret" rarely is. Also when I was last in the public Sector, IT was woefully underfunded and overall employee training was even worse. Things like this will continue to be a major mess.
  • This is a classic example of secrecy being used not for national security but to avoid embarrassment. There are likely thousands of these types of secrets that cost money to keep but that are for no reason at all. Ass clowns.

    • Not really (Score:3, Interesting)

      by Anonymous Coward
      The calia network as outlined originally, would have used a fraction of the switches. That number of switches indicates that they were monitoring a LOT more. IOW, this was not about wireless but about the entire world wide network. FBI is tapping all of Verizon.

      The one big embarrassment out of that, is that it shows that they had total access to the network, and yet 9/11 occurred. So, does that mean that this was not being used for terrorism, or does this indicate that we did know and ignored what was to

  • Entertaining to whom? (Score:2, Insightful)

    by Anonymous Coward
    Can we get a new category, like "Gallows Humor"?

    Besides, we shouldn't be reporting on this stuff-- our only defense against this government anymore is its own monumental stupidity.

  • Implementation (Score:5, Informative)

    by Graywolf (61854) on Tuesday May 20 2008, @07:23AM (#23473686)
    "Redacted" was apparently implemented by covering the area with a white rectangle. Since the PDF has real text/vector graphics (as opposed to a bitmap), the information is still present in the file and even the standard Acrobat viewer can access it. Someone "Failed at Behaving Intelligently"

  • Who's responsible..? (Score:5, Insightful)

    by ricebowl (999467) on Tuesday May 20 2008, @07:25AM (#23473702)

    "Once again, supposedly sensitive information blacked out from a government report turns out to be visible by computer experts armed with the Ctrl+C keys

    What confuses me is that, and I might be too generous in my assumption, I assume that there's an IT professional somewhere that looks over these released files prior to their release? I know that common sense is entirely too uncommon these days, but if I were to release a digital file (whether to an individual or the public) I'd make sure that someone from the IT department looked it over before release.

    Otherwise it's like having a flu vaccine released by managers that went nowhere near an immunologist or virologist.

    Still, I'm sure that, sometime soon, MS will remove the Ctrl+C combination. For national security, of course.

    • Re:Who's responsible..? (Score:5, Insightful)

      by MrMr (219533) on Tuesday May 20 2008, @07:33AM (#23473760)
      ...assume that there's an IT professional somewhere that looks over these released files prior to their release?

      Apparently you have never worked for a government department.

      Otherwise it's like having a flu vaccine released by managers that went nowhere near an immunologist or virologist.

      or in the pharmaceutical industry.

      • Re:Who's responsible..? (Score:5, Funny)

        by Thanshin (1188877) on Tuesday May 20 2008, @07:38AM (#23473814)

        ...assume that there's an IT professional somewhere that looks over these released files prior to their release?

        Apparently you have never worked for a government department.

        Otherwise it's like having a flu vaccine released by managers that went nowhere near an immunologist or virologist.

        or in the pharmaceutical industry.
        It's not lack of knowledge, it's optimism. Don't pop the pink bubble.
    • I assume that there's an IT professional somewhere that looks over these released files prior to their release?

      Well, it was an IT guy, but no-one calls him a professional.

    • Re: (Score:3, Insightful)

      by Bushcat (615449)
      No, the "IT professional", if any, will have been excluded by the "incredibly thick underlings" thinking they actually have a clue. I've worked in such environments: the thicker the person, the more that person thinks s/he knows, and the more important that person believes s/he is.

  • Not everything is censorship. (Score:5, Informative)

    by R2.0 (532027) on Tuesday May 20 2008, @07:37AM (#23473802)
    Sometimes items are redacted because of contractual commitments or confidentiality agreements. Take the example in the story; now, all Verizon's competition needs to do is bid $2,499 per switch and they get the job. So what if they could have supplied the switches at $2,200 and still made a healthy profit - they just need to be low. So that's $299 extra per switch that the government (aka, taxpayers) will have to pay because the competitive bid environment has been contaminated.

    But hey, they made their point about evil government masterminds being wholly incompetent, so what does logic matter?

  • LOL! (Score:4, Insightful)

    by sm62704 (957197) on Tuesday May 20 2008, @07:38AM (#23473820) Journal
    visible by computer experts armed with the Ctrl+C keys

    The FBI is trying to trick me into thinking they're all stupid so they can find out where I've got the 500 acre marijuana farm with its fiftten thousand tons of marijuana in the barn, 500 beautiful hookers and the casino downstairs, where you can buy white lightning and moonshine.

    Meanwhile, Osama's still loose.

    Attention FBI: Look, dumbasses, print the damned thing out, black out the parts that embarrass the President and your Director with a magic marker and scan it to a TIF file (that's a graphics format, guys. Pay attention!) and "print" THAT to PDF.

    But you already know that, you're trying to find my pot gambling hooker farm!

    • Re:LOL! (Score:4, Funny)

      by Thanshin (1188877) on Tuesday May 20 2008, @07:47AM (#23473914)

      print the damned thing out, black out the parts that embarrass the President and your Director with a magic marker and scan it to a TIF file (that's a graphics format, guys. Pay attention!) and "print" THAT to PDF.
      WRONG!

      The official method is:

      1 - Print the document.
      2 - Cut the private parts away with a cutter.
      3 - If you've not castrated yourself, you should have a paper with holes. Put it in a wooden table.
      4 - Make a photo of said table.
      5 - Load the photo in a power point.
      6 - publish the ppt file.

  • The New Math (Score:2, Interesting)

    by nqz (778393)
    Maybe the FBI should stick to something, like wiretapping for example, rather than performing simple math for a report ... 1140 x $2,500 $2.9 million (see the reverse pacman sign)

  • The mosaic effect (Score:3, Insightful)

    by Anonymous Coward on Tuesday May 20 2008, @07:49AM (#23473936)
    Now, I'm all up for good gov't conspiracy, and working for the gov't, I know how they spend inappropriately.

    But there is something called the mosaic effect. The short of it is that you have two (or more) documents. None of them by themselves are sensitive, but as a group, they become sensitive because they give you a complete picture. It's quite possible that this redacted info gives that picture.

    In addition, gov't entities regularly leave out the specifics like the number of switches because they do not want to demonstrate the scope of their operations. Not for any malicious reasons, but for what they perceive as a security risk. It might be a false risk, but it's not malicious.

  • Follow the evil overlord tips (Score:5, Insightful)

    by vecctor (935163) on Tuesday May 20 2008, @07:55AM (#23473986)
    When I read this, the first thing I thought of were the evil overlord rules - specifically this one:

    One of my advisors will be an average five-year-old child. Any flaws in my plan that he is able to spot will be corrected before implementation.
    They just need to have some intern to sit around and spot obvious flaws in document security. Any idiot giving this doc a cursory examination would have found this.

  • It looks like you're trying to redact a document! (Score:5, Informative)

    by Halo- (175936) on Tuesday May 20 2008, @07:56AM (#23474000)
    For me, the best part of the article was the link to the NSA redaction guidelines. Interesting reading I suppose, but the fact that throughout the entire paper the screencaps of MS Word had that damn Clippy-substitute cat sitting in the corner was classic. I'm not sure I'd trust someone (even at the NSA) to give me advice on MS Word options and settings when they can't even turn of the animated assistant.

  • How much!!! (Score:5, Insightful)

    by JaJ_D (652372) on Tuesday May 20 2008, @07:57AM (#23474008)
    The FBI paid Verizon $2,500 apiece to upgrade 1,140 old telephone switches. Oddly the report didn't redact the total amount paid to the telecom â" slightly more than $2.9 million dollars â" but somehow the bad guys will win if they knew the number of switches and the cost paid.

    It's more likely that the total number is large and people go "ok must be a lot" but at 2.5k usd per switch people would go "how fucking much!!!" - that's what they may want to avoid

    Jaj

  • this just goes to show (Score:5, Insightful)

    by v1 (525388) on Tuesday May 20 2008, @08:01AM (#23474044) Homepage Journal
    how abused and misapplied all those "in the interest of national security" procedures are when there is no oversight in place. When will the legislators ever learn, anything that can be abused or misused, will be abused and misused in the absence of oversight? It's not even "might" or "is very likely". It always happens. It's human nature to take advantage for personal gain without risk. They censor anything that they want to, for any agenda, because they can. And this just exposes that truth.

    Now watch how they react to it. Do they straighten up their censorship policies? of course not. They'll simply make the abuse harder to discover.

  • Be happy its still number of switches (Score:4, Interesting)

    by AHuxley (892839) on Tuesday May 20 2008, @08:11AM (#23474152)
    In the USA you still only have to do the math on the 'number' and 'quality' of roving witetaps.
    The use of public or released data to see what police forces are doing is interesting.
    In India you have to count the number of dead.
    "The records show that Durgiyana Mandir ground was one of three cremation sites in Amritsar
    illegally used by the police.
    It takes about 300kg of wood to burn a single body and each wood purchase is written in a register.
    The police subverted the system, by burning more than one body on each pyre.

    http://news.sbs.com.au/dateline/india__who_killed_the_sikhs_130052 [sbs.com.au] [sbs.com.au]

  • You idiots... (Score:3, Funny)

    by rpp3po (641313) on Tuesday May 20 2008, @08:54AM (#23474714)
    this is reverse psychology! Hide some nonsense behind CRTL+C and the people point at you laughing about hiding such nonsense. Give 'em nothing but black bars and they will be afraid what terrible things are behind them and shout for more transparency.
  • the FBI had spent $500 Million for these sort of upgrades. If verizon only cost them $2.9 million, and the other carriers cost only slightly more, where's the other $475 million dollars?

  • The naivete! (Score:5, Interesting)

    by wfolta (603698) on Tuesday May 20 2008, @09:30AM (#23475290)
    It hurts my brain. The person who (incompetently) redacted the document was probably just following guidelines. My guess is that there's a guideline that says that specific numbers and costs cannot be published in reference to secure systems used by an intelligence or law enforcement agency. Only aggregate costs, as necessary to inform the public and lawmakers.

    No conspiracy. No corruption. No deeper meaning than a guideline that requires sticking your neck out and making a case if you want to violate it.

    Makes sense, actually, as most intelligence gathering is probably not about sentences like, "John Doe is our super-secret mole in the office of the director", but rather "the phone system has 1100 switches for all of North America, and is taken down every 2 weeks at 1 am for maintenance."

    And this leaves me wondering if those who are laughing or outraged at the attempted redaction (as opposed to the incompetence in implementing it) are also the same people who insist that they must have military-grade encryption and anonymous re-routing, using spread-spectrum wireless transmissions to public access facilities, in order to protect their private emails to grandmother. Sigh.

  • this actually makes some sense... (Score:3, Insightful)

    by virmaior (1186271) on Tuesday May 20 2008, @10:34AM (#23476350)
    from an information security standpoint, this actually makes some sense. Allow me to explain. First, the high value number is going to show up in budgets anyway, so anyone who wants that number could already find it. It's hard to not have a few million dollars show up in the accounting somehow. Second, the reason the exact dollar value per part is usually redacted is that this is a giant clue as to the identity of the part used in the infrastructure. E.g. if I tell you I have a $300 mp3 player, then you know that I have an IPOD. But if I tell you that I bought a bunch of mp3 players and spent $100,000 then you don't know whether I've bought Zens, Zunes, ipods, sansas, or something else. And the problem with telling people what your infrastructure is made of who shouldn't know is that it enables them to focus on vulnerabilities for just that one device. caveat: I actually have a $10 mp3 player.

  • "Sorry to bust your bubble"or"The Mundane Answer" (Score:3, Insightful)

    by Specter (11099) on Tuesday May 20 2008, @10:59AM (#23476794) Journal
    The actual cost of performing the service was likely redacted, not as a matter of national security, but because the pricing is contractually considered proprietary information .

    Most companies include this as a standard clause in their master service agreements so that Joe's Barber shop isn't upset that Big Government Office is getting a different (presumably better) price for exactly the same service.

  • Why the cost per switch would be redacted (Score:3, Insightful)

    by gizmonic (302697) * on Tuesday May 20 2008, @01:01PM (#23479244) Homepage
    The reason to hide the cost per switch is to keep the negotiations invisible from other providers. Sure, you can report $2.9 million to Verizon, but AT&T doesn't know how many switches that was or the cost per switch. Maybe they worked out a cheaper deal with AT&T for, say, $2,000 per switch instead of $2,500. If AT&T knew what Verizon was getting paid, they'd hold out for more themselves. While it may seem silly to hide the details, doing so probably saves a little cash in the long run.

    Of course, now, if they ever need to do more switches, I am betting every vendor will be holding out for the highest publicized price (or their own private price, if it's higher still). So, yeah, sometimes disseminating what you think is non-critical information will in fact cost us more in the long run. Revealing it may not make "the bad guys win" but it can definitely make the taxpayer lose.

    Just my unredacted $0.02.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.