Turnbull ebook leak prompts investigation

A remarkable breakdown in document security saw a PDF copy of former Prime Minister Malcolm Turnbull’s autobiography widely distributed on the weekend ahead of its official release on Monday, April 20. A staff member at the office of Prime Minister Scott Morrison has been found to have distributed the pirate copy of A Bigger Picture.

The publishing company is now reportedly pursuing all 59 people who received a pirated copy of the memoir from Mr Morrison's adviser, Nico Louw, in the next stage of a civil legal action to identify a wider network of people.

Publisher Hardie Grant believes an ebook of the of the memoir was hacked and then made available online and then distributed widely as a PDF. Ebooks are typically distributed in the EPUB file format, an XML-based e-book publishing standard.

“From that, the Liberal party team decided it was fun to distribute to as many people as they could,” Sandy Grant, CEO of Hardie Grant, told Inq. 

DRM protection on EPUB books is not difficult to remove, so it would not have required a very sophisticated hack. The free Calibre EPUB reader, for instance, offers a plug-in called DeDRM that advertises its ability to  remove the DRM from Kindle ebooks, Adobe Digital ePubs and Adobe Digital Editions (v2.0.1) PDFs.

A commercial software tool called Epubor is available from a Chinese firm based in Wuhan. The ebook format conversion software from Wuhan Jindu Technology Co., Ltd, offers drag and drop removal of DRM from EPUB or Kindle books.

According to the firm’s web site, “The majority of eBooks (sic) retailers are using Kindle DRM, Adobe Adept DRM, Nook DRM and Apple Fairplay DRM. However, there are still some non-mainstream DRM types.”

There are many standalone software and cloud-based tools offering EPUB to PDF file conversion.

Zamzar is an online file conversion tool that automatically removes metadata providing information on the date of creation and date of modification when converting into PDF format, so that data would not be available to the forensic team investigating the leak of A Bigger Picture.

Zamzar also does not seem bothered by DRM. It will not convert a PDF that requires a password to open, but if the PDF only requires a password to edit it will happily convert into EPUB and back to an unencrypted PDF retaining a hyperlinked table of contents and any images contained in the PDF.

Forensic investigators attempting to trace the source of the leaked copy of Mr Turnbull’s memoir will have professional forensic software that enables them to see further into the document metadata than provide by examining a PDF document’s properties.

Brendan Read, Executive Director | Forensic at advisory firm KordaMentha, said, “The process of identifying whether electronic information had been obtained without knowledge of the controller or has been altered from its original state is not necessarily an easy job and requires a thorough investigation using appropriate forensic tools.”

A former detective from the Queensland Police High Tech Crime Investigation Unit, Read has over 15 years’ experience in giving evidence in criminal and civil cases. His is also a Committee Member for Brisbane chapter of the Association of Certified Fraud Examiners (ACFE).

“To identify if a document has been modified or data has been compromised you need to conduct a thorough digital investigation. Digital investigations can be similar to fraud investigations in that you may need to work backwards. You identify where the money ended up and work back. The same can be true for digital investigations. By working back you develop a timeline of activity to determine where the source of the document may have come from or at what point the document may have been tampered with.

“Electronic documents themselves are open to being tampered with. The digital information which is embedded in a document to describe details about how it was created etc (document metadata) can be subject to manipulation. This information is not always visible to the standard user. Like the iceberg which only shows a portion of itself above the water, it is what lies beneath the water which is of particular interest to forensic investigators.

“There are various tools available online which can allow a person to modify the metadata of a document. When these changes occur to the document is possible that little clues are left behind. Sometimes these clues are hidden beneath the water and are embedded in the document or on a device that the document existed on. Using specialist forensic tools these clues can be identified and verified to provide important factual information about the authenticity or legitimacy of a document. It is important to use multiple forensic tools to maintain the integrity of your investigation and any findings,” said Read.

The Australian Publisher’s Association (APA) has written to the Prime Minister with its concerns over the security breach.

“During a government lockdown that has caused the most difficult economic crisis for a generation, a senior economic adviser in your office has sent to more than 50 people unauthorised copies of a book printed in Australia and published by an Australian company forced by that lockdown to make people redundant and to cut hours and salaries by 25%.

“It is likely that members of your party, including members of your government and their staff, have created and distributed well over1000 copies of the book without either payment or permission. Although the Treasurer announced in the same week that ‘...it's only fair that those that generate content get paid for it…’, ministers in your government have reportedly treated this unauthorised copying as trivial. These actions have caused immediate harm to one Australian publisher. The muted response by your government now risks long term damage to every copyright owner in Australia.”