Several years ago, BIT security noticed that an unusually high number of large documents were being downloaded from State agency websites. Most of the downloads were Microsoft Office documents and they were all being downloaded by malicious Internet Protocol (IP) addresses. BIT was quickly able to determine that the documents were being targeted because they contained descriptive metadata. If you don’t know what metadata is, it's simply data about data.
Once these documents were downloaded, malicious hackers could use specialized tools that extracted data in batch mode. You may wonder just how much information could be extracted from a Word document? Well, quite a bit. Here are some examples of information that can be stored in metadata files.
- User name or document creator
- Names of previous document creators or authors
- Company or organization name
- Computer name
- Emails associated with the document
- Name of the network server or hard disk where document was saved
- Name and full paths of network printers
- Other file properties and summary information
- Non-visible portions of object linking and embedding (OLE)
- Document Passwords
- Document revisions
- Document versions
- Template information can include data on the document creators
- Hidden text or cells can contain data that is formatted as invisible
- Personalized views can contain data such as names and addresses
- Comments contain names and document change information
To read more, click on the ITSP shortcut on your desktop and navigate to policy 230.17.