5 Clues Hidden in Computer Files That Can Get You Busted
It may seem like the Internet is a Wild Wild West of hackers, spammers and document leakers, but it's actually harder to get away with things in the computer age than you might think. Hidden in each and every computer file you create is another layer of data that even a mildly knowledgeable computer user can dig up. Documents and photos reveal more about you than you think, and data you think you deleted, don't stay gone.
You are leaving digital fingerprints all over everything you do on a computer and, unfortunately for the bad guys, it doesn't exactly take a CSI team to find them ...
Word Document Reveals That the Iraq Invasion Was Based on Plagiarized College Essays
Every Microsoft Word document you create contains a hidden log of everything you did to it, ever. Specifically, it contains a revision history showing who touched the document, and when. You'd think this would be the sort of thing military intelligence would care about when creating sensitive, world-changing documents, but you'd be wrong.
"Now replace 'No Evidence of WMDs' with 'Bulging titloads of WMDs, you guys.'"
So flash back to the early 2000s, when America was largely focused on two things -- the invasion of Iraq and justifying the invasion of Iraq, more or less in that order. The British government wanted to help out, so in January of 2003 they published a dossier entitled "Iraq: Its Infrastructure of Concealment, Deception and Intimidation." The dossier was supposedly a top-level report compiled by military intelligence outlining all the reasons America should get its tanks into Iraq as soon as possible (the report was even quoted by Colin Powell when he addressed the U.N. to support the invasion).
The problems with the report, which would later become known as "the dodgy dossier" despite its complete inability to dodge anything other than basic computer literacy, began when the government made the mistake of posting it online in its original Word document format. That meant its revision history was visible to anyone who knew where to look:
"Mnuts licked file ..."
That meant the public could easily see that the supposed military intelligence document was primarily written and edited by the staff at Downing Street (the British version of the White House) and the Prime Minister's Press Secretary.
Furthermore, the vast majority of the report was literally cut and pasted from various post-graduate essays published in academic journals as far back as 1997. To recap: The in-depth report on Iraq supposedly compiled by top-level military intelligence officials and drawn from the most current analysis of the region was actually created by a bunch of British interns hitting Ctrl-C on public information published back when Batman & Robin came out. And then they left the document's revision history visible, so that all of the world could see what they did.
"And once again, I'd like to stress that hackers put that information there to make us look bad."
The Word version was quickly removed from the website (and replaced with a PDF, which doesn't carry the same revision log), and U.K. Press Secretary Alastair Campbell had to appear in front of a parliamentary committee to explain a few things, like why in the hell his staff seemingly fabricated a report that was considered a key document in the decision to invade Iraq. The moral of this story is that Campbell resigned a few months later having worked at Downing Street for six years, and Iraq totally got invaded anyway.
A World-Class Hacker Is Caught by His Girlfriend's Boob Photo
Every photo you take with your phone gives away your location (as we mentioned here), due to embedded strings of information called Exif data, which we're betting most of you had no idea was even there. You'd think that, say, a world-class hacker would know about it, but you'd be wrong.
In February 2012, a member of CabinCr3w (an offshoot group of the Anonymous hackers) successfully hacked into private police databases and then published personal information (including home addresses and cell phone numbers) of over 100 Los Angeles police officers on the Internet. The digital bandit posted a calling card of sorts along with the stolen information:
Amazingly, this photo is directly relevant to this entry.
The photo was a taunt from the CabinCr3w, and that incredible boobie-boast almost came true -- the FBI had exactly zero leads on the cyber-attack and indeed were teetering on the verge of Pwnage. The hack job itself was untraceable, and the website where all the personal information of the police officers had been posted was just a link shared anonymously via Twitter. It seemed the only mistake CabinCr3w had made was the regrettable spelling of the word "bitches."
However, while the tweet and the hack were both untraceable, the image of gloating cleavage had not had its Exif data removed before it was posted. Even though this information can be removed pretty easily (especially for someone who can hack secure police databases without a trace), the photo above was posted with all its Exif data still embedded in it, almost as if the poster had been distracted by something else at the time. This is like shooting someone, wiping your fingerprints off of the bullet, and leaving the gun at the scene.
And then personally handing that gun directly to the bumbling detective assigned to the case.
The FBI, after many hours of closely scrutinizing the photo with a flashlight under the covers, after lights out, tracked the Exif information imbedded in the image file to a Higinio O. Ochoa III of Galveston, Texas. At the time, Ochoa was living in Australia with his girlfriend, and the boobs in question wound up being hers. The FBI arrested the shit out of him and brought him back to Texas, where he promptly pled guilty. He received a $14,000 fine for "accessing a protected computer without authorization" and over two years in federal prison, where he is presumably learning the powerful lesson that "anarchy" is only fun until someone takes your computer away. His girlfriend's breasts received a suspended sentence.
PwNd by fBi <3 u, prizn bitch lolz!
Word Doc Reveals a Drug's Dangerous Side Effect
In addition to keeping track of who touched a document (as in the Iraq case above), Word documents also keep track of the editing changes made. What, you thought that deleting a sentence from a document before emailing it to everyone caused it to vanish from the universe? Better hope you've never changed your mind about what you wanted to say halfway through a work memo ...
Which brings us to Merck & Co., the pharmaceutical company most famous for the arthritis medication Vioxx, which was pulled from the market after it was revealed that long term use of the drug caused heart attacks (even if it still worked really well on the whole). Merck was swiftly flooded with almost 7,000 lawsuits after the recall, but in their defense, it's not like anyone knew Vioxx would kill people.
"Now if you have a heart attack and die, whose fault is it? That's right, yours."
Actually, Merck had specifically known that exact thing for years. And the bizarre thing is, they almost told everyone about it, but changed their minds at the last minute and then poorly covered up their tracks. Thanks, again, to their Word document's revision history.
Five years before Vioxx got recalled, Merck had run a clinical study of the drug in The New England Journal of Medicine. After Vioxx was pulled, the editors of The New England Journal went back to the original file of the study Merck had sent to them and checked the editing history. Sure enough, they discovered a table that had been deleted from the study two days before Merck submitted the final draft -- a table called "Cardiovascular Events."
"His last words were that his heart attack had nothing to do with Vioxx. It was a personal choice."
As you might guess from the title, the chart detailed the cardiovascular effects of Vioxx, including at least three heart attacks that had occurred during the trial but which were never officially reported. Ever. Presumably because Merck had another table somewhere that told them heart attacks cause amnesia.
It would have been impossible to prove Merck knew anything about the drug's lethality if anyone in the upper echelon of a billion-dollar industry knew how to clear the document's revision history (again, see the "dodgy dossier", above). Consequently, the original version of the article was used as an exhibit by most Plaintiffs in the Vioxx lawsuits, which went pretty well for all non-Merck personnel involved (the ones that didn't have heart attacks, anyway) -- to date, the company has paid out almost $11.5 billion in fines and settlements.
Don't look at it as a loss of money. Look at it as getting away with mass murder.
A Politician's Wife Sends Libelous Emails Created on Her Home Computer
The great thing about email, as every terrible person knows, is that you can sign up for an address and spew out hatred to anyone you want, with no repercussions. What, afraid they'll track your ip address? Why, it's as simple as going to some public place and posting from there. Total anonymity.
Unless you, say, attach a Word document to your post.
"Oh, crap, I think I just sent a picture of my boobs. Where's the 'delete sent mail' button?"
Back in 2000, Mike Ciresi was one of four Democratic candidates jockeying to run against incumbent Republican Rod Grams for the Minnesota Senate. As the primary election got closer, Minnesota Democratic party officials began receiving scathing emails about Ciresi and his law firm from a woman named Katie Stevens, describing him as representing "a rogues' gallery of polluters, price fixers, tortfeasors, predators, civil-rights violators and frauds" -- basically, calling him a world-class shithead. Ciresi denied all of these allegations, presumably after doing a quick search for "tortfeasors" on dictionary.com.
The emails were strange enough on their own, but as the Ciresi team tried to track down "Katie Stevens" to find out what her beef was, it became clear that no such person existed. The mysterious bomb-thrower had even sent the emails from a Kinko's, making it impossible to link the IP address to anyone. And the emails kept coming for four months.
"Huh. Apparently, Mike committed 'double Holocaust-rape' ..."
However, the emails contained Word document attachments, and if you've been paying attention to this article, you know exactly where this is going. One of Ciresi's aides checked the document properties of one of the attachments and found that the document had been at least partially written by a "Christine Gunhus", the wife of senator Grams. Authorities later found that "Katie Stevens" had also logged into her email account several times from Christine Gunhus's home, which not only proved that Christine was Katie but was also the first reported instance of a make-believe woman on the Internet not turning out in real life to be a bearded man draped in an Insane Clown Posse T-shirt and loose Pringles.
Sending anonymous emails is usually no big deal, but since Gunhus was not only Grams' wife but also his political director and chief of staff, the emails were considered a form of political advertising, which must carry a disclaimer identifying the source. Ciresi had her arrested and Gunhus wound up with a $300 fine and a suspended sentence, which we hope she spent taking computer classes and watching videos about why you shouldn't send libelous emails directly to a lawyer.
"I just got four guilty gang members off on a murder charge. What's up, let's do this."
But in each of these cases, at least finding the hidden data took some work by someone who knew a thing or two about computers. Sometimes "hidden" data is so easy to spot, you can do it completely by accident ...
World Governments Don't Understand How to Use a Computer to Redact Documents
Redacting is basically when the government (or whoever) declassifies a document but blacks out all the sensitive information. One would think that modern technology would make the redacting of documents easier and more secure than ever, since the documents in question don't even exist in a tangible form. In reality, the exact opposite of this is true, and governments around the world catastrophically fail at redaction all the goddamned time, even when it comes to serious life-threatening secrets.
For example, the CIA released a redacted report called "Overthrow of Premier Mossadeq of Iran" in June of 2000. The original report contained the names of several CIA agents operating in foreign countries, but was released to the public with the names of those agents and their informants redacted, as there was an obvious risk that either they or their families could face retribution. However, the redaction was evidently headed up by Brigadier General Harcourt T. Failureburg, because rather than remove the agents' names, a separate image of a black bar was simply placed on top of each sensitive line but never combined into a single image.
"More to the left ... more ... more ... there we go."
So what's the problem? Well, your computer loads the text and the bars separately. The text first. On a fast computer this wouldn't matter, because the images would appear simultaneously, but if the document were opened on a slow computer, the sensitive lines would appear for all the world to see. Therefore, if you stopped the page before it finished loading, you could see the entire non-redacted report, stumbling ass-backwards into a master hack of top-level government secrets purely because you own an old, shitty computer.
The only saving grace was that the report was already 50 years old, so the risks to the individuals named were fairly minimal (and if the motion picture Red is to be believed, assassination attempts on elderly secret agents are both breezy and hilarious). But then there was the time in 2005 when U.S. troops in Iraq accidentally fired upon several Italian citizens, presumably because they had standing orders to shoot anything with facial hair. The Italian government demanded a response, so the U.S. released a redacted report on the altercation to appease them. Unfortunately, it was an electronic PDF with the redacted portions covered by a digital black highlighter, instead of just using an actual marker on the physical document and running the damn thing through a scanner.
Though, to be fair, sometimes the copy machine is in use, so you have to find other means.
Sure enough, an Italian blogger quickly found a way to remove the electronic redactions (harnessing all of his cunning to simply right-click the censored portions), and then posted the entire report online with names, operational details and unit positions now visible for the entire world to see, which is likely the most hateful thing done by an Italian since World War II.
The U.S. isn't the only government clumsily spilling things like a dude with a hangover trying to cook breakfast. In April 2011 the Ministry of Defence in Britain released several documents online under the Freedom of Information Act. The reports were all heavily redacted, but once again the redactions were done electronically and in a frighteningly unsecure manner -- the U.K. military had literally just Photoshopped black strips over the redacted areas.
"Yeah, that's should work. Just hit enter and call it a day."
All anyone had to do was highlight the text, then copy and paste it into a new document and the redactions disappeared completely. This goof wound up revealing several juicy tidbits such as expert opinions on how well the U.K. fleet could cope with a catastrophic accident, measures used by the U.S. Navy to protect its nuclear submarines, and a report that said the existing U.K. submarine reactors were "potentially vulnerable" to fatal accidents, helpfully letting enemies of the Crown know that to defeat the Royal Navy in an underwater battle, all they have to do is wait.
For more more ways you can screw yourself, check out 5 Wacky Internet Pranks That Can Get You Jail Time and 6 Romantic Movie Gestures That Can Get You Prison Time.
For more truth, check out Cracked's You Might Be a Zombie and Other Bad News: Shocking but Utterly True Facts!