Re: WikiLeaks and metadata (or who is Mike Kogut?)

["Richard M. Smith" <rms () computerbytesman com>]

Nobody can hide from Google:

FBI says it needs packet-network surveillance.
RCR Wireless News,  January, 2003  by Weaver, Heather Forsgren

http://findarticles.com/p/articles/mi_hb4962/is_200301/ai_n18159272

"The purpose [of the document] is to result in a cost-effective solution
that balances the privacy of the user and national security," said Mike
Kogut of Telecordia Technologies and author of the ...

Richard

-----Original Message-----
From: Dr. Neal Krawetz [mailto:hf () hackerfactor com] 
Sent: Wednesday, March 19, 2008 2:39 PM
To: coderman
Cc: Richard M. Smith; funsec () linuxbox org
Subject: Re: [funsec] WikiLeaks and metadata (or who is Mike Kogut?)

On Wed Mar 19 04:20:33 2008, coderman wrote:
> On Sat, Mar 15, 2008 at 4:25 PM, Richard M. Smith
> <rms () computerbytesman com> wrote:
> >  ...
http://wikileaks.org/wiki/FBI_-_Electronic_Surveillance_Needs_for_Carrier-Gr
ade_Voice_over_Packet_Service
> > According to the document properties for the file, "Mike Kogut" is the
> > author of the document  (See the attached screen shot).  So who is Mike
> > Kogut?
>
> probably Michael Kogut, Independent Security and Investigations
> Professional, Tampa/St. Petersburg, Florida

According to the meta data:

  0)  Size = 636
  1)  Info (SubDirectory) -->
  + [Info directory with 6 entries]
  | 0)  Producer = Acrobat Distiller 4.05 for Windows
  | 1)  Creator = Microsoft Word 9.0
  | 2)  ModifyDate = D:20030129163013-05'00'
  | 3)  Author = Mike Kogut
  | 4)  Title = Electronic Surveillance for CGVoP Service
  | 5)  CreateDate = D:20030129161752

"Mike Kogut" is the name registered to the Microsoft Word installation
that was used to generate the PDF, and it was generated back in 2003.

This does not mean that Mike Kogut authored the document.  For example,
someone else could have authored it and then Mike converted it to PDF.

In fact, Mike may not have even converted it to PDF.  This only shows
that the registration on the Windows installation was for "Mike Kogut",
but it does not identify the user sitting at the computer.

Finally, since the PDF was generated in 2003, we cannot even assume that
"Mike Kogut" leaked the document.  (In all likelihood, he probably didn't.)

(In fact, we cannot even prove that the meta data was not tampered with
and someone inserted his name.  Although it probably was not tampered...)

Since we don't know his role in all of this, providing his home address
-- even in part -- seems irresponsible.
(And since I'm including the offending text, I guess I am irresponsible
too.)

> previously at 10XXX Brigantine Blvd
> Tampa, FL 33615-3639
> Phone:  (813) 814-9XXX
> moved to zip 33602 october 2007
> [sorry, just not feeling like a jerk tonight, even if FBI respect for
> privacy is near zero these days]
>
> member of the Suncoast Chapter Society of Former Special Agents of the
> Federal Bureau of Investigation

[snip]

> > Also how common is it for Wikileaks to leave metadata in document files
they
> > published?
>
> very.  my favorite are the adobe acrobat redactions of confidential /
> proprietary information in court transcripts, legal documents/filings,
> etc.  extract the text for redacted content.

Agreed. :-)
I also like the ones where they draw the rectangles in pen and scan it in
a high quality scanner, only to have slightly different black-levels that
allow reading the redacted areas.  And I like it when they "merge" or
blend the black rather than doing a flat overwrite.

                                        -Neal
--
Neal Krawetz, Ph.D.
Hacker Factor Solutions
http://www.hackerfactor.com/
Author of "Introduction to Network Security" (Charles River Media, 2006)
and "Hacking Ubuntu" (Wiley, 2007)

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.