The hidden dangers of documents

Dot.life - how technology changes us
By Mark Ward
BBC News Online technology correspondent
Last Updated: Monday, 18 August, 2003

Your Microsoft Word document can give readers more information about you than you might think. Even Alastair Campbell has fallen foul of the snippets of invisible data few of us realise our documents contain.


You could be leaking sensitive information

Usually with Microsoft Word, what you see is what you get.

If you make a change to a document, then that is what you see when it gets printed out.

But in fact, in many cases it is what you cannot see at first glance that proves more interesting.

Hidden and dangerous

Analysis of hidden information in the so-called Iraq "dodgy dossier" showed, among other things, the names of the four civil servants who worked on it.

Downing Street press office head Alastair Campbell had to explain who these people were to the House of Commons Foreign Affairs Select Committee investigating the genesis of the plagiarised document.


Alastair Campbell had to explain hidden names

"The time when most information tends to leak is when you are using a document that has a number of revisions or a number of people working on it," says Nick Spenceley, founder director of computer forensics firm Inforenz.

The UK government has now largely abandoned Microsoft Word for documents that become public and has turned to documents created using Adobe Acrobat which uses the Portable Data Format (PDF).

"I'm not sure many people check Word documents before they go out or are published," says Mr Spenceley.

He says he knows of a case in which someone found previous versions of an employment contract buried in the Word copy he was sent. Reading the hidden extras gave the person applying for the job a big advantage during negotiations.

Sometimes the mistakes are even more public.

During the hunt for the Washington sniper the police allowed the Washington Post to publish a letter sent to the police that included names and telephone numbers.

The newspaper tried to hide these details using black boxes which were easily removed and the sensitive details exposed for all to see.

But it is not just governments, businesses and newspapers that can be embarrassed in this way.

You could be too.

There is a function in many versions of Microsoft Office programs, which includes Word, Excel and PowerPoint, that means that fragments of data (which Microsoft refers to as metadata) from other files you deleted or were working on at the same time could be hidden in any document you save.

This could be embarrassing for any home workers whose colleagues find out that they have been applying for jobs while working at home or being less than complimentary about their co-workers.

HIDDEN TEXT

Text from other documents open at the same time

Previously deleted text

E-mail headers and server information

Printer names

Data about the machine where the document was written

Where the document was saved

Word version number and document format

Names and usernames of document authors

Look and learn

With the right tools this hidden data can easily be extracted.

Unix and Linux users can turn to tools such as Antiword and Catdoc to turn the document, including its formatting information, into a simple text file.

Computer researcher Simon Byers has conducted a survey of Word documents available on the net and found that many of them contain sensitive information.


Sensitive data was exposed during the hunt for the Washington sniper

He gathered about 100,000 Word documents from sites on the web and every single one of them had hidden information.

In a research paper about the work Mr Byers wrote that about half the documents gathered had up to 50 hidden words, a third up to 500 words hidden and 10% had more than 500 words concealed within them.

The hidden text revealed the names of document authors, their relationship to each other and earlier versions of documents.

Occasionally it revealed very personal information such as social security numbers that are beloved of criminals who specialise in identity theft.

Also available was useful information about the internal network the document travelled through, which could be useful to anyone looking for a route into a network.

Mr Byers wrote that the problem of leaky Word documents is pervasive and wrote that anyone worried about losing personal information might want to consider using a different word processing program.

Alternatively he recommends using utility programs that scrub information from Word documents or following Microsoft's advice about how to make documents safer.

"Microsoft is aware of the functionality of metadata being stored within Word 97 documents and would advise users to follow the instructions laid out in (the Microsoft Knowledge Base - see Related Internet Links)," says a spokesperson. "However, Microsoft do not wish to comment on how customers use the functionality within our software."

http://news.bbc.co.uk/2/hi/technology/3154479.stm

Plowshares Actions
The Nuclear Resister
School of the Americas Watch
miserable failure

Cauca, Colombia

I don't think I'm still getting exactly what or how this happens; is it more like not previewing your outgoing documents to make sure that the correct document/etc., is being sent, or is it more like whether you preview/double check or not, Word could sent other information/documentation from your system that you have not brought up or commanded to be sent without your being able to actually see this happening while you are sending/etc.?

quote:

---

Originally posted by sunnubian:
I don't think I'm still getting exactly what or how this happens; is it more like not previewing your outgoing documents to make sure that the correct document/etc., is being sent, or is it more like whether you preview/double check or not, Word could sent other information/documentation from your system that you have not brought up or commanded to be sent without your being able to actually see this happening while you are sending/etc.?

---

I'm not much of a word user myself, so I'm not quite sure, but my impression is that you have to go out of your way not to send the extra information, since it is not visible in any obvious way.

The simplest option would seem to convert your document to plain text (ascii) before sending it. That way you can see exactly what is being sent. Who wants to send the parts that were deleted along with the parts that weren't? LOL!

Previewing alone will not help if most of the stuff is hidden. For example, I don't think that the previewer will show the stuff that you deleted. Nor would the previewer show the text of other documents that you had open at the time.

I'm not sure that anybody outside of microsoft knows everything that could be sent, since the format, unlike most standard formats, is a trade secret, and from what I understand, it has not been completely decoded yet (and it keeps changing).

Another problem with word documents is that because it is a secret format, rather than a standard public format, the person on the recieving end needs special software to decode it. If you send plain text, html, or a pdf, then anybody can open it.

In the past, when I have recieved word attachments, I have been able to search through it and strip the ascii portion out to read it, but it can be confusing at times, since it sometimes gets mixed up with deleted text and lots and lots of formatting garbage.

I do know that I get really irritated at times having to dig through a huge file looking for some tiny bit of ascii that constitutes the actual message.

Plowshares Actions
The Nuclear Resister
School of the Americas Watch
miserable failure

Cauca, Colombia

I read this story last night, and I too, was confused by it, and I am a Word user!

But, sunnubian, from what I understand, Word sends hidden information in it's document that you can't do anything about unless you "wash" the document before you send it (which requires special software) or, as Ricardomath has stated, you send it in a text format ... which means you could lose some of the formatting what is contained in the Word program ... but, it can be opened easily and always re-saved has a Word document!

Most of my clients use Word and want their documents in that format ... and since that's what they pay for, that's what they get! I will just have to be more careful about that other programs I have open on my computer while working on their stuff!

BLACK by NATURE, PROUD by CHOICE.
Free your mind, and the rest will follow.

Thanks for the info Ricardo and Eboney, I think.
Not that I have any "sensitive" documents, but you never know. Also, it is comforting to know that anyone else would have to have special equipment to read hidden data--more than likely what an average person is sending it not worth the time, equipment and effort for the receiving party to try to locate any hidden data on the document, I hope.