Forged Documents and Microsoft Fonts

A set of documents in Pakistan were detected as forgeries because their fonts were not in circulation at the time the documents were dated.

Posted on July 14, 2017 at 6:51 AM • 15 Comments

Comments

meJuly 14, 2017 7:39 AM

epic fail... or... why metadata matter.
i also read about identify compiler version (in case of programs) by the way it emit code, so that also if you fake timestamp is possible to see which visual studio verson compiled it (for example)

Ewan MarshallJuly 14, 2017 8:37 AM

And if the documents are authentic and the fonts are for from a beta windows vista environment then it would be copyright infringment (Pakistan is a Berne signatory and based their copyright law on British law on gaining independence).

albertJuly 14, 2017 9:15 AM

Ewan,

If MS provided the fonts, it's not copyright infringement to use them. I've never heard of a EULA that forbade the use of fonts in a beta version. That's absurd, but it -is- MS....

. .. . .. --- ....

Robert Davenport alias James Robert Kirkland or James Kirk BirdJuly 14, 2017 9:19 AM

So leakers retyped the document in accordance with the Grugq's sound advice; US clients in Pakistan pulled out the GW Bush national-guard playbook to divert attention from the content; and Pakistani media fell for it. The Panama Papers was one big CIA ratfck but CIA is losing control. Close one!

Just like they're losing control of their malware. Highrise could underpin an SMS equivalent to i2pbote. Wikleaks should publish the source as free software.

CIA staff with critical thinking skills are complying with the public's right to know. The bureaucratic mass of brainwashed weasels leaking too, trading in secrets. Cyberweapons have become currency at CIA, just like nuclear secrets.

https://assets.documentcloud.org/documents/3894037/Leopold-FOIA-CIA-Source-Code-Inspector-General.pdf

Pompeo is running out of fingers to stick in the dyke.

controversial- who's more dangerousJuly 14, 2017 1:54 PM

@Ross Snider
You have to give the Republicans credit for turning the subject of Bush 'the lesser' from being a draft-dodger or someone awol or something to another topic. Of course, then there is chicken-hawk Cheney ...
Oh well, the MIC might be raking it in; 'wag the dog' might be whispering in Trump's ear: start a war or something. Time to change topics. Will the MIC fall for it or play along with 'make a war' should it happen?

PoopOOplatterJuly 14, 2017 4:01 PM

Nifty trick. I wonder if you can start doing this on internet facing US govt. documents to discover if they have been cauterized or treated.
I guess it pays to build a spreadsheet of font comparison across OS versions and whatnot. Since Win7 got blasted, I am curious now. I will have to load a 7 vm and see. Meta-forensics.

I had run a test against ZXX anti-OCR fonts with the Tesseract engine, which touts an 81% recognition. ABBYY OCR touts 100% recognition.
I discovered whole document scanning produces better results from contrast differential, versus cropping text chunks which fails regularly. Something the creator did not account for. The ZXX site went down, but his successful font was one that is basically a non-linear mapping of letters where the true letter was small next to a larger letter that the OCR preferred. You could make your own font type like this and prevent scraping.

Ivan DurakovJuly 14, 2017 7:14 PM

Sorta like what happened with Dan Rather's fake documents that he converted to fake news and end of a fake career.

sooth_sayerJuly 14, 2017 10:40 PM

These were not forgeries per se.

Term forgery would technically apply to a false copy of an original document.

These were documents created to fool the court -- originals most likely never existed so the defendant (PM's daughter) made up the "agreements" on an old date.

There probably was no reason to submit this - but she is smart by a half and shot herself in the mouth.

SteveJuly 15, 2017 6:18 PM

@Ivan Durakov: I was wondering when that would crop up.

If you read Mary Mapes's book on the subject, you might not be so sure the documents were fake. She makes a good case for their validity.

But set that aside. Perhaps they were faked.

Something that's been rolling around in the back of my head regarding that entire fiasco is the fact that as far as I know, at least, nobody has been identified as the source of the documents.

Assuming they're fake, that makes me want to ask who would fake them. There are a few plausible possibilities:

(1) The Bush campaign itself. It would not be at all out of character for Karl Rove or someone like him to pull such a stunt. But if so, one suspects it would have leaked by now.

(2) Someone who hated Bush. Possible, too. Perhaps likely. But, again, you'd expect that someone would have blabbed by now. It's just too juicy not to.

(3) The Russians. Yes, the Russians and the deception was designed to fail. Remember, the US had just stuck its feet deeply into the Afghanistan and Iraq quicksand. Bush was obviously going to continue flailing about, getting us deeper and deeper into the mire. His opponent, John Kerry, while no peacenik, no matter how he was portrayed in the media, might pull us out of one or both of those messes.

The motivation? Payback. The US sucked the Russians into the Afghanistan mess in the first place as a way of undermining the Soviet Union. Jimmy "Peace Prize" Carter's National Security Advisor, Zbigniew Brzezinski, admitted, in print, that was the plan. Google it if you don't believe me.

The TANG memo thing was crude but it worked. It "discredited" the media and probably helped George W Bush win the White House again in 2004.

Plausible? Seems so to me, but we'll probably never know. Do I believe it? Not necessarily but it would fall under the heading of things that don't surprise me if it did turn out to be even partly true.

Fixo FoxoJuly 24, 2017 3:32 PM

Programmatically generated unique fonts might be one way to distinguish seemingly identical documents from each other. -- To find out who actually leaked that document [to press].

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.