Copy Machines Digitally Store 1000s of Documents That Get Passed on at Resale

[jimmy olsen]

Damn,  that's a crazy security loophole. Who thought this was a good idea?
http://www.cbsnews.com/stories/2010/04/19/eveningnews/main6412439.shtml

NEW YORK, April 15, 2010
Digital Photocopiers Loaded With Secrets
Your Office Copy Machine Might Digitally Store Thousands of Documents That Get Passed on at Resale

By Armen Keteyian

(CBS)   At a warehouse in New Jersey, 6,000 used copy machines sit ready to be sold. CBS News chief investigative correspondent Armen Keteyian reports almost every one of them holds a secret.

Nearly every digital copier built since 2002 contains a hard drive - like the one on your personal computer - storing an image of every document copied, scanned, or emailed by the machine.

In the process, it's turned an office staple into a digital time-bomb packed with highly-personal or sensitive data.

If you're in the identity theft business it seems this would be a pot of gold.

"The type of information we see on these machines with the social security numbers, birth certificates, bank records, income tax forms," John Juntunen said, "that information would be very valuable."

Buffalo Reacts to CBS News Investigation

Juntunen's Sacramento-based company Digital Copier Security developed software called "INFOSWEEP" that can scrub all the data on hard drives. He's been trying to warn people about the potential risk - with no luck.

"Nobody wants to step up and say, 'we see the problem, and we need to solve it,'" Juntunen said.

This past February, CBS News went with Juntunen to a warehouse in New Jersey, one of 25 across the country, to see how hard it would be to buy a used copier loaded with documents. It turns out ... it's pretty easy.

Juntunen picked four machines based on price and the number of pages printed. In less than two hours his selections were packed and loaded onto a truck. The cost? About $300 each.

Until we unpacked and plugged them in, we had no idea where the copiers came from or what we'd find.

We didn't even have to wait for the first one to warm up. One of the copiers had documents still on the copier glass, from the Buffalo, N.Y., Police Sex Crimes Division.

It took Juntunen just 30 minutes to pull the hard drives out of the copiers. Then, using a forensic software program available for free on the Internet, he ran a scan - downloading tens of thousands of documents in less than 12 hours.

The results were stunning: from the sex crimes unit there were detailed domestic violence complaints and a list of wanted sex offenders. On a second machine from the Buffalo Police Narcotics Unit we found a list of targets in a major drug raid.

The third machine, from a New York construction company, spit out design plans for a building near Ground Zero in Manhattan; 95 pages of pay stubs with names, addresses and social security numbers; and $40,000 in copied checks.

But it wasn't until hitting "print" on the fourth machine - from Affinity Health Plan, a New York insurance company, that we obtained the most disturbing documents: 300 pages of individual medical records. They included everything from drug prescriptions, to blood test results, to a cancer diagnosis. A potentially serious breach of federal privacy law.

"You're talking about potentially ruining someone's life," said Ira Winkler. "Where they could suffer serious social repercussions."

Winkler is a former analyst for the National Security Agency and a leading expert on digital security.

"You have to take some basic responsibility and know that these copiers are actually computers that need to be cleaned up," Winkler said.

The Buffalo Police Department and the New York construction company declined comment on our story. As for Affinity Health Plan, they issued a statement that said, in part, "we are taking the necessary steps to ensure that none of our customers' personal information remains on other previously leased copiers, and that no personal information will be released inadvertently in the future."

Ed McLaughlin is President of Sharp Imaging, the digital copier company.

"Has the industry failed, in your mind, to inform the general public of the potential risks involved with a copier?" Keteyian asked.

"Yes, in general, the industry has failed," McLaughlin said.

In 2008, Sharp commissioned a survey on copier security that found 60 percent of Americans "don't know" that copiers store images on a hard drive. Sharp tried to warn consumers about the simple act of copying.

"It's falling on deaf ears," McLaughlin said. "Or people don't feel it's important, or 'we'll take care of it later.'"

All the major manufacturers told us they offer security or encryption packages on their products. One product from Sharp automatically erases an image from the hard drive. It costs $500.

But evidence keeps piling up in warehouses that many businesses are unwilling to pay for such protection, and that the average American is completely unaware of the dangers posed by digital copiers.

The day we visited the New Jersey warehouse, two shipping containers packed with used copiers were headed overseas - loaded with secrets on their way to unknown buyers in Argentina and Singapore.

©MMX, CBS Interactive Inc.. All Rights Reserved.

[Zanza]

That's not a security hole, but users being ignorant or careless. Totally different and not really fixable.

[Tamas]

That's not a security hole, but users being ignorant or careless. Totally different and not really fixable.

Indeed.

[grumbler]

That's not a security hole, but users being ignorant or careless. Totally different and not really fixable.

  How do the users even know about, let alone erase, the scan copy that was in the machine?  This is a massive security hole that shouldn't exist, because the default copier mode should be to delete the stored image after it has been processed.

We simply redirect the image to the file server and don't use the drive on the machine at all.

[Darth Wagtaros]

That's not a security hole, but users being ignorant or careless. Totally different and not really fixable.

  How do the users even know about, let alone erase, the scan copy that was in the machine?  This is a massive security hole that shouldn't exist, because the default copier mode should be to delete the stored image after it has been processed.

We simply redirect the image to the file server and don't use the drive on the machine at all.

Yeah, no shit.  how the hell would your average secretary know that the copier machine is storing images?  More to the point, how would they know how to get rid of the images if they did? 

[Palisadoes]

There's loads of these technological security holes about. There was a recent study into disposed hard-drives from companies, of which they found a large proportion hadn't formatted/wiped the hard-drives, meaning a lot of information (some of it sensitive) was left on there.

[Berkut]

Yeah, that is most certainly a rather gaping hole.

I am pretty damn computer savvy, and *I* did not know that copiers saved an image on the drive - and if I had known it, I would assume that the image was destroyed as soon as it was no longer needed to produce copies. Why wouldn't it be?

[Darth Wagtaros]

I forwarded this article on to IT Security. I don't think anybody would really have thought abuot this.  Like I said, why would anyone?

[grumbler]

Yeah, that is most certainly a rather gaping hole.

I am pretty damn computer savvy, and *I* did not know that copiers saved an image on the drive - and if I had known it, I would assume that the image was destroyed as soon as it was no longer needed to produce copies. Why wouldn't it be?

Because deletion doesn't destroy the data, just the MFT entry.  The images are no longer accessible, but they are still there (unless over-written by later images).  Special (though readily available) software is needed to retrieve them or over-write them.

[derspiess]

We simply redirect the image to the file server and don't use the drive on the machine at all.

Ours are stored locally, but are deleted and wiped after each job.

[derspiess]

I am pretty damn computer savvy, and *I* did not know that copiers saved an image on the drive - and if I had known it, I would assume that the image was destroyed as soon as it was no longer needed to produce copies. Why wouldn't it be?

It surprised me when my department got a new copier back in 2007 that they even had hard drives. 

[grumbler]

We simply redirect the image to the file server and don't use the drive on the machine at all.

Ours are stored locally, but are deleted and wiped after each job.

Asking around, I have discovered that the tech people that replaced me have stopped my practice of redirecting the images, so my school now stores them on the machine without any further protection for the data.  They don't think it is an issue worth worrying about.

[grumbler]

I am pretty damn computer savvy, and *I* did not know that copiers saved an image on the drive - and if I had known it, I would assume that the image was destroyed as soon as it was no longer needed to produce copies. Why wouldn't it be?

It surprised me when my department got a new copier back in 2007 that they even had hard drives.

It is a means of saving money - cheaper to make images and store than than to scan for each copy (like they used to).  The scanner moving parts can now be made less robust/expensive.

[Berkut]

Yeah, that is most certainly a rather gaping hole.

I am pretty damn computer savvy, and *I* did not know that copiers saved an image on the drive - and if I had known it, I would assume that the image was destroyed as soon as it was no longer needed to produce copies. Why wouldn't it be?

Because deletion doesn't destroy the data, just the MFT entry.  The images are no longer accessible, but they are still there (unless over-written by later images).  Special (though readily available) software is needed to retrieve them or over-write them.

Well of course - that is standard HDD file storage - but its not like overwriting the data is hard, or even takes any appreciable amount of time. Still surprised the file manager OS on the drives isn't doing that automatically. Hell, I think my W7 OS will do that if I tell it to...

[Zanza]

That's not a security hole, but users being ignorant or careless. Totally different and not really fixable.

  How do the users even know about, let alone erase, the scan copy that was in the machine?  This is a massive security hole that shouldn't exist, because the default copier mode should be to delete the stored image after it has been processed.

The manufacturers offer extra equipment that encrypts or erases such data. If you don't buy that extra equipment, you should at least ask yourself why they offer such equipment and if your expectation of default behaviour is correct.