Communications > Computer COMSEC Lessons
5 - Metadata
APX808:
Metadata
Metadata is “data about data”. Security wise metadata is important for us in two ways:
1 - Metadata about a communication.
2 - Metadata about a computer document.
Metadata about a communication
We can say that in a communication the data is the content of that communication, for instance
what you say over the phone, the metadata would be the data describing who was involved in
that phone call, how long it was, the time the communication started etc. That information usually
is used by the by the provider for billing purposes and by the government to keep track of what
you do and with whom you communicate.
Thanks to Snowden leaked documents was known an order from the Foreign Intelligence Surveillance
Court (or FISC) that directs Verizon to provide “on an ongoing daily basis” all call records for any call
“wholly within the United States, including local telephone calls” and any call made “between the
United States and abroad.”
Government officials claimed that they weren’t listening to your calls but “just analyzing the metadata”,
in a great article the EFF shows that metadata isn’t trivial, just check these examples:
- They know you rang a phone sex service at 2:24 am and spoke for 18 minutes. But they don't know
what you talked about.
- They know you called the suicide prevention hotline from the Golden Gate Bridge. But the topic of the
call remains a secret.
- They know you spoke with an HIV testing service, then your doctor, then your health insurance company
in the same hour. But they don't know what was discussed.
- They know you received a call from the local NRA office while it was having a campaign against gun legislation,
and then called your senators and congressional representatives immediately after. But the content of those
calls remains safe from government intrusion.
- They know you called a gynecologist, spoke for a half hour, and then called the local Planned Parenthood's
number later that day. But nobody knows what you spoke about.
Same happens when you use email, even using end-to-end encryption, metadata is available and it reveals
with whom you are communicating.
Sadly there isn’t a easy way to solve those issues, you can use discardable phones and email accounts.
Metadata about a computer document
Most computer documents, like images, word files, .ppt presentations etc; besides its contents include
information about the time they were created, the device that created them and its configuration, some
phones even included the GPS coordinates of pictures they took.
A few years ago, when IPhones just appeared, Hollywood stars noticed that paparazzis found them
everywhere, at one point they realized that it was because they were posting pictures took with their
phones on Twitter and those pictures included the GPS coordinates of the place they were took, so
paparazzis extracted that info and ran to there to get an exclusive picture.
Because of that, most Internet sites started cleaning up the metadata contained in pictures and some other
multimedia documents, known as EXIF data, but you shouldn’t trust in that, you should be cleaning the metadata
yourself, check your phones and turn off “geotagging”.
Documents created with Microsoft Office include metadata about who created or modified them and when, analyzing
them is a technique used by hackers to identify usernames inside a corporate network. The Microsoft’s competitors
“Office suites” behave the same way.
There are some online tools that allow you to view documents metadata, for pictures you can use http://metapicz.com
and to analyze documents http://www.informatica64.com/foca/.
Also to be sure you’re not leaking your identity, or little clues that could end up acting as a fingerprint you should
be cleaning up the metadata yourself, or avoid using documents that contain metadata. For instance is best to
exchange plain text files than Word documents.
Also, .pdf documents are the worst, you shouldn’t use them if possible, because they use an scripting language can
be exploited, there are many documented attacks using .pdf files.
Depending on your operating system there are many tools to clean up metadata, here are just a few of them:
Windows: http://www.thewindowsclub.com/office-metadata-cleaner-cleanup-tool
Linux: https://mat.boum.org/
Mac: Sorry I can’t find shit for Mac, except for people asking why would you like to do that...Please tell me if you find a nice tool.
Here is a nice list of incidents due leaked metadata:
http://www.digitalconfidence.com/the-importance-of-using-metadata-removal-software.html
And for the tl:dr; guys:
The Resident: How Metadata is Mega-dangerous
Practice
1 - Check a few of your files for metadata using the online resources I shared with you.
2 - Install one of the metadata removal tools and clean up a picture metadata.
3 - Start using plain text documents whenever is possible.
SonofLiberty:
Does Open office have the same type of metadata that microsoft office does? Thanks for this information. I rarely post pictures because I do not know how to scrub the metadata. Now, I know where to start. :thumbsUp:
JohnyMac:
I do not know. Interesting question. Anybody else that knows the answer?
APX808:
--- Quote from: SonofLiberty on August 23, 2019, 01:01:31 PM ---Does Open office have the same type of metadata that microsoft office does? Thanks for this information. I rarely post pictures because I do not know how to scrub the metadata. Now, I know where to start. :thumbsUp:
--- End quote ---
It saves some metadata too in order to track the file author, I think its less than MS, but it saves something.
You can check it manually, and thats really cool, .odt format is a zip file with many text documents inside that describe your document.
You can do this test, save a test document in odt format, rename the file to document.zip and open it with winRAR, 7zip or something like that to open zip files.
You'll see there is a file called meta.xml there you can see what info is being sent with your file without you knowing it.
If opsec is a must, my recomendation is to exchange plain text files
patriotman:
--- Quote from: APX808 on August 25, 2019, 05:54:26 PM ---
--- Quote from: SonofLiberty on August 23, 2019, 01:01:31 PM ---Does Open office have the same type of metadata that microsoft office does? Thanks for this information. I rarely post pictures because I do not know how to scrub the metadata. Now, I know where to start. :thumbsUp:
--- End quote ---
It saves some metadata too in order to track the file author, I think its less than MS, but it saves something.
You can check it manually, and thats really cool, .odt format is a zip file with many text documents inside that describe your document.
You can do this test, save a test document in odt format, rename the file to document.zip and open it with winRAR, 7zip or something like that to open zip files.
You'll see there is a file called meta.xml there you can see what info is being sent with your file without you knowing it.
If opsec is a must, my recomendation is to exchange plain text files
--- End quote ---
I never knew that about odt format. Interesting...
Yeah I would just go with .txt files
Navigation
[0] Message Index
[#] Next page
Go to full version