Whitehall black-on-black text security blunder reveals info on multiple websites

The saga started when the Daily Star's Sunday edition published a headline story advising that classified nuclear submarine documents had been published online with "key parts blacked out."

"But a massive blunder has meant anyone with basic computer knowledge could reverse the censorship - and read every word of the -previously `restricted' report", noted the paper.

The newspaper says that the report – which reportedly revealed how easy it would be to cause a reactor meltdown in a sub and details the capabilities of US vessels – was published on the MoD's website after a Freedom of Information request by anti-nuclear campaigners.

Sophos' senior technology consultant Graham Cluely, is quoted by the paper as saying the "MoD had committed a schoolboy error."

"It's a staggeringly stupid thing to do. Anyone with even an elementary knowledge of computing would know how to read it. I can only assume they gave it to a junior member of staff to deal with", he told the paper.

By Sunday evening, the BBC and the Daily Telegraph had started researching the saga, with the BBC quoting Conservative MP Patrick Mercer, a former Army officer, as describing the leak as "potentially catastrophic", with the details "hugely interesting" to the UK's enemies.

The Daily Telegraph, meanwhile, claims that at least two other government departments – the Department of Health and the Department for Communities and Local Government – have made the black-on-black redacting blunder on documents they have published on the web.

The paper blames the use of Adobe Photoshop for the error, since when a black patch is pasted over the secret text; it only obscures the text, rather than removing it.

And when transcribed into HTMP format, Infosecurity notes, black text on a black background is effectively edited into the web page.

According to the Telegraph, "the MoD was last night examining other documents handled by the same junior official responsible for redacting the nuclear report."

The paper also quoted a Department of Communities and Local Government spokesman as saying that "there are robust procedures in place to protect personal details in FOI answers. Any replies that do not conform will be investigated."

What’s Hot on Infosecurity Magazine?