
Manafort Left an Incriminating Paper Trail Converting PDFs to Word - ronwen
https://slate.com/technology/2018/02/paul-manafort-couldnt-convert-pdfs-to-word-documents.html
======
retSava
Semi-related tip: I despise protected pdfs with a passion. Especially when you
download a datasheet and you can't add annotations or highlights to it. So,
how to remove this protection? One way is to print to postscript and convert
back to pdf, but then you can't copy text from it.

Here's how (on windows): download qpdf
([http://qpdf.sourceforge.net/](http://qpdf.sourceforge.net/)) and run

    
    
         qpdf.exe -decrypt encrypted.pdf woho.pdf
    

I made a small batchfile since I never remembered that syntax,

    
    
        # usage:
        #    decrypt.sh mypdf.pdf
        # the decrypted file will be named mypdf.pdf, while the old encrypted is now mypdf.pdf-encrypted.pdf
        # 
        echo pdf to de-secure: $1
        read -n 1 -s -p "Press any key to continue"
        mv "$1" "$1"-encrypted.pdf
        qpdf.exe -decrypt "$1-encrypted.pdf" "$1"
        echo encrypted file is now named: $1-encrypted.pdf
        echo decrypted file is: $1

~~~
raquo
On a Mac I think printing to the built in PDF saver might work?

~~~
tgb
Windows also has this now: "Microsoft print to PDF". Might be only Windows 10,
not sure.

~~~
Crontab
I've used the Windows XPS printer as well.

------
freehunter
There are certain things I cannot believe are still this difficult with as
advanced as user-friendly technology is: sending files to someone else, and
converting documents.

Sending files to someone else is a problem with a ton of solutions, some of
them better than others, but none of them actually solving the problem. Email
often has size limits and spam filters block certain attachments. Dropbox is
often restricted at most workplaces, and not everyone uses it. It also has
size restrictions. USB is the most reliable, but then you get into the whole
"it's NTFS formatted which doesn't work on my Linux machine" or it's HFS and I
need to use it on Windows" nonsense, plus sending it longer distances takes
days through the mail.

But converting documents... guys it's just electricity running through fancy
sand. It shouldn't be that hard. I work on software where I'm often connected
to a jump server without Office installed on it, and the software expects me
to open a spreadsheet for troubleshooting. I was doing some audio recording
recently and the hoops I had to jump through to save it as MP3 weren't
insurmountable, but still pretty annoying.

And don't get me started on the Office 2003 spreadsheet that makes me boot up
my Windows XP VM to open because the macros won't work on Office 2017. Or when
I need to use Visio but there's no Mac version so I have to open my VM too.

And the web just makes it worse... no more software incompatibilities because
when software isn't supported anymore, we just shut the servers down and
everything is gone forever.

~~~
mtgx
For sending files, Firefox Send is pretty cool and straightforward. The files
are sent P2P and are E2E encrypted. I'm not sure why Mozilla hasn't added a
bookmark for it in Firefox yet.

[https://send.firefox.com/](https://send.firefox.com/)

~~~
neilsimp1
They push Pocket more than Send, it seems, and as far as I know Send is
actually built by Mozilla, and Pocket isn't. (Someone correct me if I'm
wrong).

~~~
TD-Linux
Both are built and run by Mozilla. (Pocket started out as a separate company,
but then the whole company was bought by Mozilla). That said, Send is the
right thing to use here, not Pocket.

------
lisper
Nixon was caught because he taped himself obstructing justice. Manafort was
caught because he emailed incriminating documents in the clear. How the hell
are we going to catch criminals who somehow avoid doing monumentally stupid
things?

~~~
lovefromatx
Different context but Buffett's quote “If a cop follows you for 500 miles,
you’re going to get a ticket,” applies here. If you are a criminal you don't
violate only one law. You tend to violate multiple laws and at some point you
are going to be sloppy.

~~~
jacquesm
Buffet's quote applies to non-criminals as well.

~~~
stcredzero
More in the US than elsewhere. In Germany, you obey the speed limit, and only
rubes pass on the right. In the US, everyone drives 9 mph above the posted
limit if they're being careful, and people pass on the right willy-nilly,
regardless of what local laws say. But if the police really want to enforce
that on you, they can.

There are tons of "blue laws" in the US, some from over a hundred years back.
Sometimes the police decide to enforce those. One such occasion precipitated
the landmark Supreme Court case Lawrence vs. Texas.

[http://www.politifact.com/truth-o-
meter/statements/2014/jan/...](http://www.politifact.com/truth-o-
meter/statements/2014/jan/19/vladimir-putin/putin-some-places-united-states-
homosexuality-rema/)

~~~
Chathamization
It's kind of strange. In the U.S., people get angry if they get a speeding
ticket for going 12 miles over the speed limit (see any conversation about
speed cameras). There doesn't seem to be any push back against having speed
limits; rather, it seems like most people think we should have them and then
ignore them.

~~~
adventured
That has varied. The speed limit commonly got set to 50/55 mph due to the
National Maximum Speed Law in 1974 [1]. It ended up being a giant government
shit show that resulted in an estimated < 1% gasoline savings. There was a lot
of push to repeal that over time, which worked.

Typically you'll see 70 or 75 on US highways now. To go much higher, the US is
going to have to up its road construction & maintenance game, as the German
autobahn is maintained at considerably higher quality.

[1]
[https://en.wikipedia.org/wiki/National_Maximum_Speed_Law](https://en.wikipedia.org/wiki/National_Maximum_Speed_Law)

~~~
majewsky
You mean this German autobahn? ->
[https://de.wikipedia.org/wiki/Bundesautobahn_20#/media/File:...](https://de.wikipedia.org/wiki/Bundesautobahn_20#/media/File:BAB20_Trebeltalbr%C3%BCcke_2017-10-11-2.jpg)

:)

------
ordinaryperson
What, the spending at $25,000 at Duane Reade (NYC-area drugstore) wasn't a
dead giveaway of money laundering?

[https://www.buzzfeed.com/jasonleopold/manafort-under-
scrutin...](https://www.buzzfeed.com/jasonleopold/manafort-under-scrutiny-
for-40-million-in-suspicious?utm_term=.jf740k8e9#.iuxxOAPWQ) (bottom)

The entire inventory of the store is barely worth 25K, I assume he must have
been loading up on gift cards a la Mexican drug lords
([http://am.blogs.cnn.com/2009/06/10/drug-lords-using-gift-
car...](http://am.blogs.cnn.com/2009/06/10/drug-lords-using-gift-cards-to-
smuggle-money/)).

~~~
trendia
Or he had some really expensive meds and bad insurance. That's pretty unlikely
though.

~~~
nasredin
Bingo!

$21,300 for his meds. The remaining ~4,000 maybe just fell out of his wallet.

[https://nytimes.com/2018/02/23/health/valeant-drug-price-
syp...](https://nytimes.com/2018/02/23/health/valeant-drug-price-syprine.html)

------
fencepost
For people thinking that he should have known better on a technical basis,
maybe but remember that during the time in question he was a 64-68 year old
man (= graduated college around the time Unix was being rewritten in C) who's
never worked in a technical field. By the time most of these capabilities
existed Manafort had been management/executive for years or decades.

That's not to say that he couldn't have learned were he interested, but his
daily life had very little intersection with this kind of thing until he
spiraled into a hole of debt, at which point "do I trust this person" ranked a
lot higher than "how are this person's technical skills?"

~~~
jdavis703
Not sending a written paper trail should be covered in Criminal Surivial
Strategies 101. Whether it's telegraph, snail mail, email or WhatsApp, this is
just sloppy criminal work. For example Steven Cohen avoided an insider trading
conviction by making sure nothing bad ever had his name on it. If you needed
to discuss something secret, you talked to him in person.

Background:
[https://www.google.com/amp/s/amp.ft.com/content/efda2ca2-ec6...](https://www.google.com/amp/s/amp.ft.com/content/efda2ca2-ec69-11e6-930f-061b01e23655)

~~~
gscott
Even though Manafort was associated with foreign government figures it took
being associated with the U.S President to be investigated. It didn't matter
before... having a paper trail was ok, no one cared.

------
Bucephalus355
We all leave huge incriminating paper trails to some extent. This is why
privacy is so important, because we’re all committing crimes in theory. That
being said Manafort looks very very guilty and his crimes, which are
financially based, I think are even more reprehensible in this era of global
austerity and low economic growth.

Back to the privacy point, we are currently going through NIST 800-53 at work.
We only need 800-171 but we thought the 800-53 standard would make us a better
organization. So many things I didn’t think of. Do you have a micro-cut
shredder first of all? Those Enron-esque cross-cut shredders don’t cut it
anymore with open source machine learning that can easily reassemble those
documents. Also, do you have an access code for your printer so the document
only prints when he/she is up there, and doesn’t get left throughout the day
in the tray for prying eyes? Also are your servers currently sitting in
inventory up high on the shelves in case water gets into the building? So many
things...

AmazonBasics 12-Sheet High-Security Micro-Cut Paper, CD, and Credit Card
Shredder with Pullout Basket
[https://www.amazon.com/dp/B00D7H8XB6/ref=cm_sw_r_cp_api_zCfK...](https://www.amazon.com/dp/B00D7H8XB6/ref=cm_sw_r_cp_api_zCfKAb1E3WBY5)

~~~
delish
> Those Enron-esque cross-cut shredders don’t cut it anymore with open source
> machine learning that can easily reassemble those documents.

That's interesting! When I googled for this, I found a few papers, but nothing
like a git repository. Do you have more information?

~~~
matt4077
I remember there was also a big effort to reassemble the shredded files by the
German Stasi after the fall of the wall, both algorithmically and manually.
Not sure if those efforts are ongoing, but it could be another avenue to
explore if you are interested.

~~~
satori99
I recently read that the digital scanning of shredded Stasi documents ran into
some technical trouble;

[https://www.theguardian.com/world/2018/jan/03/stasi-files-
ea...](https://www.theguardian.com/world/2018/jan/03/stasi-files-east-germany-
archivists-losing-hope-solving-worlds-biggest-puzzle)

------
simias
I scoffed a bit at this part:

>Try it in Adobe Acrobat (via the “Save as Other” command under “File” on a
Mac) and you’ll quickly be redirected to Adobe’s website and presented with a
handful of subscription packages that will allow you to transform your
documents. [...] Indeed, it’s probably a little safer, all things considered.

If I was doing shady stuff the last thing I'd want to do is send my
incriminating documents to some 3rd party service. That being said I would
also probably not send them over the clear in emails either.

It's pretty insane how cavalier people are with email security (or lack
thereof). I can't imagine that they would be so lenient if they were sending
each other the files over regular mail. I think most people simply don't
realize how thoroughly unsecure stock email is, you're basically lending an
open postcard over the internet and you can be sure that a bunch of copies are
made along the way. It's pretty much the worst way to share sensitive
documents online short of posting them on facebook.

~~~
jmull
It's actually much worse than sending incriminating documents through the
mail, even printed brazenly on a postcard.

To capture incriminating physical mail, the authorities have to already be
monitoring you at the time you send the documents. With email they are
typically able to go back and capture emails from days, weeks, and years
prior.

~~~
sangnoir
> It's actually much worse than sending incriminating documents through the
> mail, _even printed brazenly on a postcard._

I know I'm nitpickig, but the USPS photographs of all pieces of mail and
digitizes it. This information is considered _metadata_ and is not protected
against unwarranted searches, so postcards are much worse (for privacy),
because even the small-town PD can get access to them without having to look
for an "IT guy" to help. Email requires assistance from a TLA agency (or a
search warrant served to the mail provider).

~~~
macintux
> the USPS photographs of all pieces of mail and digitizes it

Thanks, I had no idea.

While doing some genealogy recently I found that a distant ancestor had
unclaimed mail in the post office shortly before he died.

I found it vaguely amusing to envision walking in and asking for it now, 125
years later; I guess some distant descendant of mine might be able to ask for
a photo of mail I'd sent or received.

------
Nokinside
When I was involved with a contract negotiation, they emailed me a pdf offer
with addresses, names and important numbers retracted with black and asked if
these terms are OK with me and we can talk about the numbers.

I noticed that when I select a region of text with a mouse, the retracted'
black text becomes white text over black background. It revealed name of our
competitor, addressees and numbers in their offer, the whole retraction was
just a typographic trick.

When in doubt, print -> scan -> convert to pdf.

~~~
eyepulp
I think you meant "redacted" vs "retracted". But yeah, there are a lot of
stories out there of people assuming a black bar over black text is high
security.

~~~
refurb
There was a document released by the State Dept at one point where the
redactions were just black box over the text. You could just select, copy and
paste to see it.

I compared documents and maybe not surprisingly, they seemed relatively minor
points.

------
_Codemonkeyism
Hilarious those journalists

"I attempted to transform my Word draft of this blog post into a PDF. I
confess that I did fumble a bit at first (it’s been a while), but I eventually
managed to get the job done. According to my stopwatch, the full ordeal took
me 42 seconds."

When the real problem ws turning a PDF into Word.

~~~
mi100hael
Not necessarily. There might not have been an obvious criminal action if
Manafort just had someone else convert an existing P&L disclosure from PDF to
Word. The real problem was asking someone to convert his fraudulent Word doc
to PDF.

------
makecheck
The complexity of many file formats is staggering and I try (usually with no
success) to convince people to rely only on simpler formats that can be
audited easily.

Another example: I seem to recall a case awhile back where Word change-
tracking contained sensitive information even though “the document” didn’t
seem to.

Sadly it used to be easy to rely on plain text implicitly but then we made
_Unicode_ so complicated that you have to be careful there too. Fingerprinting
through zero-width sequences, etc. is essentially unnoticeable if you do not
actively look for it.

~~~
stevenwoo
They caught the BTK killer because law enforcement told him he would be
anonymous if he simply sent them a word doc.
[https://en.wikipedia.org/wiki/Dennis_Rader](https://en.wikipedia.org/wiki/Dennis_Rader)

------
bandrami
Another life ruined by not knowing LaTeX

~~~
matt4077
...and other criminal activity.

------
socalnate1
This is sort of an aside to the article; but it boggles my mind how many
people in the business world view PDF's as secure, unalterable documents.

~~~
ajross
No, Manafort knew what he was doing here, and was doing it for technically
sound (albeit legally fraudulent) reasons: Word documents, unlike PDFs[1],
store editting history. Manafort knew this, and wanted to evade that tracking.

Where he fell down was in the actual conversion step, and in failing to
realize that his email to Gates about the conversion were themselves a history
of the edit. But his technical instincts were sound. If all Mueller had was
that final PDF, he wouldn't have been able to detect the fraud (absent some
other info, that is).

[1] Obviously "PDF" is a histoically complicated format and some versions have
features that might allow tracking. But the PDF/A documents emitted by typical
"export" tools are stateless representations of printed documents, AFAIK.

~~~
jacquesm
Exactly. Conversion to PDF 'flattens' the document.

~~~
scblock
In what way do you mean flattened?

Authorship and metadata? No, that is often still present, and many tools will
include author and software data by default.

Layers? No, PDFs can have extensive layers.

~~~
ajross
> In what way do you mean flattened?

Surely in the context of the episode we're talking about: the discovery of the
$4M in fraudulent income claimed in the document. In the Word document, that
edit would be discoverable. In PDF it is not.

You seem to be making an abstract argument about "PDF security" here. The
point of the subthread is a practical point about whether Manafort was
correctly generating a fraudulent document or whether he was being a technical
rube. He was doing the fraud the right way.

~~~
scblock
I am trying to clear up what appear to be hugely misleading assumptions about
how PDFs work.

Edit: and based on the information provided in these news reports, he was
being a massive technology rube.

~~~
ajross
> I am trying to clear up what appear to be hugely misleading assumptions
> about how PDFs work.

I'm sure you are. But in the process you are spamming an only tangentially
related subthread with the clear implication that PDFs store editting history
in the way Word documents do (they don't). This is doing the opposite of what
you want.

No one here is talking about "editing PDFs" or making PDFs "secure from
editting", so your points are only confusing the matter.

------
jorblumesea
If you have a track record on the span of decades of doing shady stuff, why
would you associate yourself with a lightning rod of controversy? Why join any
political campaign?

Manafort is not a smart man.

~~~
chestervonwinch
Money and a desire to get back to positions of influence, most likely. See
this article for a lot of detail:

[https://www.theatlantic.com/magazine/archive/2018/03/paul-
ma...](https://www.theatlantic.com/magazine/archive/2018/03/paul-manafort-
american-hustler/550925/)

~~~
nasredin
People need to read this if it's the one thing they read about this guy.

------
staunch
This is an example of bad technology failing its user.

These programs should protect user privacy by stripping identifying
information by default, allowing the user the option to preserve it.

All technology should protect its users by default, otherwise everyone is at
risk, not just the bad guys.

~~~
Strom
> _This is an example of bad technology failing its user._

I don't think that's fair to say. You can literally import PDF files in Word
via the most common _File > Open_ dialog. [1] You can also save as PDF in Word
via the _File > Save As_ dialog. [2] These are not exactly some obscure hidden
functions.

\--

[1] [https://support.office.com/en-us/article/edit-pdf-content-
in...](https://support.office.com/en-us/article/edit-pdf-content-in-
word-b2d1d729-6b79-499a-bcdb-233379c2f63a)

[2] [https://support.office.com/en-us/article/save-or-convert-
to-...](https://support.office.com/en-us/article/save-or-convert-to-pdf-or-
xps-d85416c5-7d77-4fd6-a216-6f4bf7c7c110)

~~~
NautilusWave
You can also right click a pdf > Open with > Word.

------
busterarm
Stringer Bell said it best:
[https://www.youtube.com/watch?v=pBdGOrcUEg8](https://www.youtube.com/watch?v=pBdGOrcUEg8)

------
Cw67NTN8F
FBI has virtually unlimited resources and they really want this guy. So, he
only made it easier, no doubt they would have caught that even without the
paper trail. FBI had access to his corp returns and to his loan application.
Everything he has done is under the microscope and unless he can hand Trump on
a silver plate, he's toast. He's almost 70 years old and you're talking about
20 years sentences.

When you deal with Russians crooks and people in those circles, you tend to
lower your guard. You think you will not get caught "because in Ukraine they
had money in suitcases," or through a gazillion shell companies. The funny
thing is that he might have just gotten away, if he wasn't involved in the
Trump campaign. Call it greed or money mismanagement, but knowing when to quit
may mean life or death (kinda)

~~~
threeseed
The other factor at play is presidential pardons.

Manafort pleading innocent could be a strategy to appear as the victim of the
"deep state".

~~~
Cw67NTN8F
Not a lawyer, but IMO someone has to go to jail. All this money spent, the
media and Mueller isn't going to end his career shooting blanks.

You can plead however you want to, but if the evidence is crystal clear,
you're toast. Even if Trump pardons him, NY would step in
[http://thehill.com/homenews/state-watch/333370-ny-ag-
investi...](http://thehill.com/homenews/state-watch/333370-ny-ag-
investigating-manaforts-real-estate-deals-report) , apparently a lot of the
laundering took place in NY (get paid in foreign bank from foreign sources;
don't declare to IRS+State; pay suppliers and mortgages from that account
directly, without declaring it. Millions and millions of it, not chump change)

Decisions, decisions. Give up Trump (if he is hiding something) and kinda go
to witness protection because they'll get sued for decades or life in jail.

------
btown
As an aside, Adobe Acrobat Pro's PDF-to-PPTX is a godsend if you're ever given
a slide deck in PDF form that you need to update/remake to certain aesthetic
standards (i.e. a partner/coworker sends you something you need to update to
your company's standard formatting, for distribution to management, potential
investors, etc.). Images become editable, backgrounds become editable shapes,
and text boxes and even tables are preserved with remarkable accuracy.
Extremely useful if you ever find yourself in such a situation.

------
coliveira
The real lesson is: if you're going to do anything ilegal, don't discuss what
you're doing on email. People so often forget that email is an official paper
trail of everything you do.

~~~
neaden
As Olivia Nuzzi put it: "Dance Like No One is Watching; Email Like It May One
Day Be Read Aloud in a Deposition"

------
meaydinli
All PDF to Word convertors I know are online services. Does that mean these
people left copies of their documents on some servers? Those servers could
also have timestamped logs of these people's access. If they were so careless
with their own documents, if they altered more important ones, does that mean
that there are now important documents stored somewhere in a random online
pdf-word convertor?

~~~
jonbarker
You can actually convert pdf to word in word, it's pretty cool!

~~~
fhrow4484
right, do people still use online tools these days?

[https://support.office.com/en-us/article/edit-pdf-content-
in...](https://support.office.com/en-us/article/edit-pdf-content-in-
word-b2d1d729-6b79-499a-bcdb-233379c2f63a)

------
mullingitover
The whole point of a PDF is that it's an artifact that isn't meant to be
edited. You edit the source document that the PDF was generated from, then
generate a new PDF from that. In this case, Manafort specifically couldn't do
that because he was up to something shady. If people were using the electronic
signatures properly, his modifications would've stuck out like a sore thumb.

------
Animats
Getting a clean conversion from PDF to some editable format is hard, at least
without Microsoft tools. I've been trying to convert a PDF manual to something
I can edit using Ubuntu. LibreOffice produces a Draw document where the text
is too big for its text boxes. Abiword extracts the text and loses the images
and most of the formatting. An online service at least produced a usable
document.

------
Balgair
Even a guy with millions won't buy Acrobat.

------
braderhart
If drug dealers on Tor are smart enough to use GPG to encrypt communications
and files, then it does sort of surprise me that these multi-millionaire
mafia-type elitist with connections to Russian cybercriminal oligarchs, can't
get basic security right.

------
duxup
You can't make this stuff up, but someone will certainly claim it is made up.

------
zelon88
Too bad Manafort and Gates didn't have an account on my unlimited Cloud
Platform. They could've created an account, uploaded the .pdf, converted it to
.doc, edited it online, and then converted it back to .pdf without being
tracked. The only evidence would have been user-specific log files showing
which user changed which filenames and when, but all those content changes
would have been lost provided they delete the originals.

Hindsight is always 20/20 I guess.

------
foobaw
I'm sure they asked their "IT" staff to do the work for them. I wonder how
they felt about doing these things

~~~
stevenwoo
IT staff regularly have to lock people out of accounts/computers remotely
after workers are fired or monitor everyone's internet access so they either
get used to just doing what is told or don't work.

------
cjcampbell
Thinking of launching a cyber-essentials course for aspiring white collar
criminals. What are the easiest online training platforms.

j/k

------
thrusong
Even my mother who actually couldn't find the "any" key to continue knows how
to do this...

------
not_that_noob
I don't think it was the conversion that was the issue, the gleeful
schadenfreude of the article notwithstanding. Mueller is armed with subpoenas
after all. This makes it easier for Mueller at best.

------
trs80
Maybe Gates had the conversion program installed and Manafort did not?

------
IshKebab
It is actually really difficult to convert a PDF to Word. Clearly the author
has never tried.

------
merb
well with adobe pro he would not have these problems.

------
puppetmaster40
OT: Does this have ANYTHING to do w/ Trump Russia Collusion?

Separate OT: Do we know any political party that colluded, in primaries? Or
that received foreign $? Or used 'bots' to make it seem like they have
support? Or that had it's operatives use state instruments to disrupt the
opposing party?

~~~
threeseed
Mueller's remit is to investigate any crimes related to the campaign and
election. Trump/Russia collusion is just one of many including money
laundering and obstruction of justice.

Manafort was campaign chairman and is alleged to have convinced Trump to
change positions on Ukraine as a a result of outside funds. Hence
investigating money laundering is directly relevant to Mueller's remit.

~~~
puppetmaster40
Where is what the internets say: according to WaPo (
[http://archive.is/AUN7q](http://archive.is/AUN7q) ) Manafort was operating
for 10 years - each of the 8 years of Obama.

Where can I find the source for: 'Manafort was campaign chairman and is
alleged to have convinced Trump to change positions'.

Also, what is your feeling on amount and frequency Dems were actually paid
directly by foreign govs?

