5 Clues Hidden in Computer Files That Can Get You Busted

View previous topic View next topic Go down

5 Clues Hidden in Computer Files That Can Get You Busted

Post  Guest on Tue Oct 23, 2012 3:37 pm

5 Clues Hidden in Computer Files That Can Get You Busted






















It may seem like the Internet is a Wild Wild West of hackers,
spammers and document leakers, but it's actually harder to get away with
things in the computer age than you might think. Hidden in each and
every computer file you create is another layer of data that even a
mildly knowledgeable computer user can dig up. Documents and photos
reveal more about you than you think, and data you think you deleted,
don't stay gone.

You are leaving digital fingerprints all over everything you do on a
computer and, unfortunately for the bad guys, it doesn't exactly take a
CSI team to find them ...

#5. Word Document Reveals That the Iraq Invasion Was Based on Plagiarized College Essays


Getty


Every Microsoft Word document you create contains a hidden log of everything you did to it, ever.
Specifically, it contains a revision history showing who touched the
document, and when. You'd think this would be the sort of thing military
intelligence would care about when creating sensitive, world-changing
documents, but you'd be wrong.

Getty

"Now replace 'No Evidence of WMDs' with 'Bulging titloads of WMDs, you guys.'"

So flash back to the early 2000s, when America was largely focused on
two things -- the invasion of Iraq and justifying the invasion of Iraq,
more or less in that order. The British government wanted to help out,
so in January of 2003 they published a dossier entitled "Iraq: Its
Infrastructure of Concealment, Deception and Intimidation." The dossier
was supposedly a top-level report compiled by military intelligence
outlining all the reasons America should get its tanks into Iraq as soon
as possible (the report was even quoted by Colin Powell when he addressed the U.N. to support the invasion).

The problems with the report, which would later become known as "the
dodgy dossier" despite its complete inability to dodge anything other
than basic computer literacy, began when the government made the mistake
of posting it online in its original Word document format. That meant its revision history was visible to anyone who knew where to look:

Via Information Risk and Security

"Mnuts licked file ..."

That meant the public could easily see that the supposed military intelligence document was primarily written and edited by the staff at Downing Street (the British version of the White House) and the Prime Minister's Press Secretary.

Furthermore, the vast majority of the report was literally cut and pasted from various post-graduate essays
published in academic journals as far back as 1997. To recap: The
in-depth report on Iraq supposedly compiled by top-level military
intelligence officials and drawn from the most current analysis of the
region was actually created by a bunch of British interns hitting Ctrl-C
on public information published back when Batman & Robin came out. And then they left the document's revision history visible, so that all of the world could see what they did.

Getty

"And once again, I'd like to stress that hackers put that information there to make us look bad."

The Word version was quickly removed from the website (and replaced
with a PDF, which doesn't carry the same revision log), and U.K. Press
Secretary Alastair Campbell had to appear in front of a parliamentary committee to explain a few things,
like why in the hell his staff seemingly fabricated a report that was
considered a key document in the decision to invade Iraq. The moral of
this story is that Campbell resigned a few months later having worked at
Downing Street for six years, and Iraq totally got invaded anyway.

#4. A World-Class Hacker Is Caught by His Girlfriend's Boob Photo


Getty


Every photo you take with your phone gives away your location (as we mentioned here),
due to embedded strings of information called Exif data, which we're
betting most of you had no idea was even there. You'd think that, say, a
world-class hacker would know about it, but you'd be wrong.

In February 2012, a member of CabinCr3w (an offshoot group of the Anonymous hackers) successfully hacked into private police databases and then published personal information
(including home addresses and cell phone numbers) of over 100 Los
Angeles police officers on the Internet. The digital bandit posted a
calling card of sorts along with the stolen information:

Via Houston.cbslocal.com

Amazingly, this photo is directly relevant to this entry.

The photo was a taunt from the CabinCr3w, and that incredible
boobie-boast almost came true -- the FBI had exactly zero leads on the
cyber-attack and indeed were teetering on the verge of Pwnage. The hack
job itself was untraceable, and the website where all the personal
information of the police officers had been posted was just a link
shared anonymously via Twitter. It seemed the only mistake CabinCr3w had
made was the regrettable spelling of the word "bitches."

However, while the tweet and the hack were both untraceable, the image of gloating cleavage had not had its Exif data removed
before it was posted. Even though this information can be removed
pretty easily (especially for someone who can hack secure police
databases without a trace), the photo above was posted with all its Exif
data still embedded in it, almost as if the poster had been distracted
by something else at the time. This is like shooting someone, wiping
your fingerprints off of the bullet, and leaving the gun at the scene.

Getty

And then personally handing that gun directly to the bumbling detective assigned to the case.

The FBI, after many hours of closely scrutinizing the photo with a
flashlight under the covers, after lights out, tracked the Exif
information imbedded in the image file to a Higinio O. Ochoa III of
Galveston, Texas. At the time, Ochoa was living in Australia with his
girlfriend, and the boobs
in question wound up being hers. The FBI arrested the shit out of him
and brought him back to Texas, where he promptly pled guilty. He
received a $14,000 fine for "accessing a protected computer without
authorization" and over two years in federal prison,
where he is presumably learning the powerful lesson that "anarchy" is
only fun until someone takes your computer away. His girlfriend's
breasts received a suspended sentence.

Via News92fm.com

PwNd by fBi <3 u, prizn bitch lolz!

#3. Word Doc Reveals a Drug's Dangerous Side Effect


Getty


In addition to keeping track of who touched a document (as in the
Iraq case above), Word documents also keep track of the editing changes
made. What, you thought that deleting a sentence from a document before
emailing it to everyone caused it to vanish from the universe? Better
hope you've never changed your mind about what you wanted to say halfway
through a work memo ...

Which brings us to Merck & Co., the pharmaceutical company most famous for the arthritis medication Vioxx, which was pulled from the market after it was revealed that long term use of the drug caused heart attacks (even if it still worked really well on the whole).
Merck was swiftly flooded with almost 7,000 lawsuits after the recall,
but in their defense, it's not like anyone knew Vioxx would kill people.

Getty

"Now if you have a heart attack and die, whose fault is it? That's right, yours."

Actually, Merck had specifically known that exact thing for years. And the bizarre thing is, they almost
told everyone about it, but changed their minds at the last minute and
then poorly covered up their tracks. Thanks, again, to their Word
document's revision history.

Five years before Vioxx got recalled, Merck had run a clinical study of the drug in The New England Journal of Medicine. After Vioxx was pulled, the editors of The New England Journal
went back to the original file of the study Merck had sent to them and
checked the editing history. Sure enough, they discovered a table that
had been deleted from the study two days before Merck submitted the
final draft -- a table called "Cardiovascular Events."

Getty

"His last words were that his heart attack had nothing to do with Vioxx. It was a personal choice."

As you might guess from the title, the chart detailed the cardiovascular effects of Vioxx, including at least three heart attacks
that had occurred during the trial but which were never officially
reported. Ever. Presumably because Merck had another table somewhere
that told them heart attacks cause amnesia.

It would have been impossible to prove Merck knew anything about the
drug's lethality if anyone in the upper echelon of a billion-dollar
industry knew how to clear the document's revision history (again, see
the "dodgy dossier", above). Consequently, the original version of the
article was used as an exhibit by most Plaintiffs in the Vioxx lawsuits,
which went pretty well for all non-Merck personnel involved (the ones
that didn't have heart attacks, anyway) -- to date, the company has paid out almost $11.5 billion in fines and settlements.

Getty

Don't look at it as a loss of money. Look at it as getting away with mass murder.


#2. A Politician's Wife Sends Libelous Emails Created on Her Home Computer


Getty


The great thing about email, as every terrible person knows, is that
you can sign up for an address and spew out hatred to anyone you want,
with no repercussions. What, afraid they'll track your ip address? Why,
it's as simple as going to some public place and posting from there.
Total anonymity.

Unless you, say, attach a Word document to your post.

Getty

"Oh, crap, I think I just sent a picture of my boobs. Where's the 'delete sent mail' button?"

Back in 2000, Mike Ciresi was one of four Democratic candidates
jockeying to run against incumbent Republican Rod Grams for the
Minnesota Senate. As the primary election got closer, Minnesota
Democratic party officials began receiving scathing emails about Ciresi
and his law firm from a woman named Katie Stevens, describing him as
representing "a rogues' gallery of polluters, price fixers, tortfeasors, predators, civil-rights violators and frauds"
-- basically, calling him a world-class shithead. Ciresi denied all of
these allegations, presumably after doing a quick search for
"tortfeasors" on dictionary.com.

The emails were strange enough on their own, but as the Ciresi team
tried to track down "Katie Stevens" to find out what her beef was, it
became clear that no such person existed. The mysterious bomb-thrower
had even sent the emails from a Kinko's, making it impossible to link
the IP address to anyone. And the emails kept coming for four months.

Getty

"Huh. Apparently, Mike committed 'double Holocaust-rape' ..."

However, the emails contained Word document attachments, and if
you've been paying attention to this article, you know exactly where
this is going. One of Ciresi's aides checked the document properties of
one of the attachments and found that the document had been at least partially written by a "Christine Gunhus",
the wife of senator Grams. Authorities later found that "Katie Stevens"
had also logged into her email account several times from Christine
Gunhus's home, which not only proved that Christine was Katie but was
also the first reported instance of a make-believe woman on the Internet
not turning out in real life to be a bearded man draped in an Insane
Clown Posse T-shirt and loose Pringles.

Sending anonymous emails is usually no big deal, but since Gunhus was
not only Grams' wife but also his political director and chief of
staff, the emails were considered a form of political advertising, which
must carry a disclaimer identifying the source. Ciresi had her arrested
and Gunhus wound up with a $300 fine and a suspended sentence,
which we hope she spent taking computer classes and watching videos
about why you shouldn't send libelous emails directly to a lawyer.

Getty

"I just got four guilty gang members off on a murder charge. What's up, let's do this."

But in each of these cases, at least finding the hidden data took
some work by someone who knew a thing or two about computers. Sometimes
"hidden" data is so easy to spot, you can do it completely by accident
...

#1. World Governments Don't Understand How to Use a Computer to Redact Documents


Photos.com


Redacting is basically when the government (or whoever) declassifies a
document but blacks out all the sensitive information. One would think
that modern technology would make the redacting of documents easier and
more secure than ever, since the documents in question don't even exist
in a tangible form. In reality, the exact opposite of this is true, and
governments around the world catastrophically fail at redaction all the
goddamned time, even when it comes to serious life-threatening secrets.

For example, the CIA released a redacted report called "Overthrow of Premier Mossadeq of Iran"
in June of 2000. The original report contained the names of several CIA
agents operating in foreign countries, but was released to the public
with the names of those agents and their informants redacted, as there
was an obvious risk that either they or their families could face
retribution. However, the redaction was evidently headed up by Brigadier
General Harcourt T. Failureburg, because rather than remove
the agents' names, a separate image of a black bar was simply placed on
top of each sensitive line but never combined into a single image.


"More to the left ... more ... more ... there we go."

So what's the problem? Well, your computer loads the text and the
bars separately. The text first. On a fast computer this wouldn't
matter, because the images would appear simultaneously, but if the
document were opened on a slow computer, the sensitive lines would
appear for all the world to see. Therefore, if you stopped the page
before it finished loading, you could see the entire non-redacted report, stumbling ass-backwards into a master hack of top-level government secrets purely because you own an old, shitty computer.

The only saving grace was that the report was already 50 years old,
so the risks to the individuals named were fairly minimal (and if the
motion picture Red is to be believed, assassination attempts on
elderly secret agents are both breezy and hilarious). But then there
was the time in 2005 when U.S. troops in Iraq accidentally fired upon
several Italian citizens, presumably because they had standing orders to
shoot anything with facial hair. The Italian government demanded a
response, so the U.S. released a redacted report on the altercation to
appease them. Unfortunately, it was an electronic PDF with the redacted portions covered by a digital black highlighter, instead of just using an actual marker on the physical document and running the damn thing through a scanner.

Getty

Though, to be fair, sometimes the copy machine is in use, so you have to find other means.

Sure enough, an Italian blogger quickly found a way to remove the electronic redactions (harnessing all of his cunning to simply right-click the censored portions),
and then posted the entire report online with names, operational
details and unit positions now visible for the entire world to see,
which is likely the most hateful thing done by an Italian since World
War II.

The U.S. isn't the only government clumsily spilling things like a
dude with a hangover trying to cook breakfast. In April 2011 the
Ministry of Defence in Britain released several documents online under the Freedom of Information Act.
The reports were all heavily redacted, but once again the redactions
were done electronically and in a frighteningly unsecure manner -- the
U.K. military had literally just Photoshopped black strips over the redacted areas.


"Yeah, that's should work. Just hit enter and call it a day."

All anyone had to do was highlight the text, then copy and paste it
into a new document and the redactions disappeared completely. This goof
wound up revealing several juicy tidbits such as expert opinions on how
well the U.K. fleet could cope with a catastrophic accident, measures
used by the U.S. Navy to protect its nuclear submarines, and a report
that said the existing U.K. submarine reactors were "potentially vulnerable"
to fatal accidents, helpfully letting enemies of the Crown know that to
defeat the Royal Navy in an underwater battle, all they have to do is
wait.




Guest
Guest


Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum