Washington Post's scanned-to-PDF Sniper Letter More Revealing Than Intended
Posted version allows easy removal of blacked-out details
26 October 2002
By Kurt Foss, Planet PDF Editor
[UPDATE: The Post appears to have removed the link from its article to the PDF file described below shortly after our report was first posted.]
As reported earlier today, The Washington Post published a scanned-to-PDF version of a handwritten letter left at the scene of one of the recent sniper shootings, allegedly written by the killers and intended for the police.
The Post published the downloadable version of the "Ashland Sniper letter" to illustrate its article explaining how police were able to decipher additional, significant information from both revealed and unintended clues communicated by the letter's author. In the letter, the sniper demands a $10 million dollar ransom and explains how that money should be delivered -- deposited in a specific, stolen credit card account. Certain personally identifying details are blacked out in the PDF file.
However, as a sharp-eyed Planet PDF reader has pointed out to us in an email message, the creators of the scanned PDF -- it's unclear whether it was produced at the newspaper or elsewhere -- have themselves revealed more information than they intended. Anyone using the full commercial version of Adobe Acrobat software (NOT the free Acrobat Reader) to display the PDF can very easily remove the blacked-out areas intended to hide certain details. The PDF is simply an image file to which an added layer of black has been added. By choosing Acrobat's TouchUp Object Tool, then selecting a particular section of the darkened area, one can easily drag the overlay away from the text it is meant to protect, clearly revealing details such as the name and account number of the person whose credit card the snipers were attempting to use to stash their ransom cash.
In pointing out the Post's blunder, our alert tipster adds "How long will
the media keep shooting itself in the foot this way. The file is not even protected in any way." The comment is a reference to a similar incident we reported a couple years ago in an article titled "PDF Secrets Revealed," in which we showed how The New York Times had inadvertently revealed the identities of several CIA agents who were named in a previously secret document the newspaper had obtained and later published.
As we noted at the time, there is commercial software available -- Redax from Appligent -- that works with Adobe Acrobat for this exact situation. Many government agencies commonly use it to redact, or extract, certain bits of information from private documents so they can be made publicly available. Redax actually removes the selected text (including text within a graphic) and replaces it with meaningless blocks; The redacted information is "permanently removed from the PDF stream," according to Appligent.