Digital Photocopiers Loaded With Secrets

(CBS)  At a warehouse in New Jersey, 6,000 used copy machines sit ready to be sold. CBS News chief investigative correspondent Armen Keteyian reports almost every one of them holds a secret.

Nearly every digital copier built since 2002 contains a hard drive - like the one on your personal computer - storing an image of every document copied, scanned, or emailed by the machine.

In the process, it's turned an office staple into a digital time-bomb packed with highly-personal or sensitive data.

If you're in the identity theft business it seems this would be a pot of gold.

"The type of information we see on these machines with the social security numbers, birth certificates, bank records, income tax forms," John Juntunen said, "that information would be very valuable."

Buffalo Reacts to CBS News Investigation

Juntunen's Sacramento-based company Digital Copier Security developed software called "INFOSWEEP" that can scrub all the data on hard drives. He's been trying to warn people about the potential risk - with no luck.

"Nobody wants to step up and say, 'we see the problem, and we need to solve it,'" Juntunen said.

This past February, CBS News went with Juntunen to a warehouse in New Jersey, one of 25 across the country, to see how hard it would be to buy a used copier loaded with documents. It turns out ... it's pretty easy.

Juntunen picked four machines based on price and the number of pages printed. In less than two hours his selections were packed and loaded onto a truck. The cost? About $300 each.

Until we unpacked and plugged them in, we had no idea where the copiers came from or what we'd find.

We didn't even have to wait for the first one to warm up. One of the copiers had documents still on the copier glass, from the Buffalo, N.Y., Police Sex Crimes Division.

It took Juntunen just 30 minutes to pull the hard drives out of the copiers. Then, using a forensic software program available for free on the Internet, he ran a scan - downloading tens of thousands of documents in less than 12 hours.

The results were stunning: from the sex crimes unit there were detailed domestic violence complaints and a list of wanted sex offenders. On a second machine from the Buffalo Police Narcotics Unit we found a list of targets in a major drug raid.

The third machine, from a New York construction company, spit out design plans for a building near Ground Zero in Manhattan; 95 pages of pay stubs with names, addresses and social security numbers; and $40,000 in copied checks.

But it wasn't until hitting "print" on the fourth machine - from Affinity Health Plan, a New York insurance company, that we obtained the most disturbing documents: 300 pages of individual medical records. They included everything from drug prescriptions, to blood test results, to a cancer diagnosis. A potentially serious breach of federal privacy law.

"You're talking about potentially ruining someone's life," said Ira Winkler. "Where they could suffer serious social repercussions."

Winkler is a former analyst for the National Security Agency and a leading expert on digital security.

"You have to take some basic responsibility and know that these copiers are actually computers that need to be cleaned up," Winkler said.

The Buffalo Police Department and the New York construction company declined comment on our story. As for Affinity Health Plan, they issued a statement that said, in part, "we are taking the necessary steps to ensure that none of our customers' personal information remains on other previously leased copiers, and that no personal information will be released inadvertently in the future."

Ed McLaughlin is President of Sharp Imaging, the digital copier company.

"Has the industry failed, in your mind, to inform the general public of the potential risks involved with a copier?" Keteyian asked.

"Yes, in general, the industry has failed," McLaughlin said.

In 2008, Sharp commissioned a survey on copier security that found 60 percent of Americans "don't know" that copiers store images on a hard drive. Sharp tried to warn consumers about the simple act of copying.

"It's falling on deaf ears," McLaughlin said. "Or people don't feel it's important, or 'we'll take care of it later.'"

All the major manufacturers told us they offer security or encryption packages on their products. One product from Sharp automatically erases an image from the hard drive. It costs $500.

But evidence keeps piling up in warehouses that many businesses are unwilling to pay for such protection, and that the average American is completely unaware of the dangers posed by digital copiers.

The day we visited the New Jersey warehouse, two shipping containers packed with used copiers were headed overseas - loaded with secrets on their way to unknown buyers in Argentina and Singapore.

[localbizgeek]

Perhaps I missed it, I don't see any mention of using services like Kinko's (FedEx), Office Depot, Staples etc. How are they handling this issue? And how aware of the potential risk are their consumers?

[akinsd]

You might want to stop using computers too because images of data stored on hard drives remains there forever. If you have sold, traded, or given your computer away without removing the hard drive, you might want to also consider taking IT lessons. Encrypting you data, locking it down with passwords, overwritting it, or formatting it makes it more difficult to access. Think "Locksmith" and "Onstar"

[genxandy]

This definitely is a security issue, but to most Americans who would take the time to buy a used copier and do all that work? Not too many are that ambitious to do wrong. Thank goodness! But sending the copiers overseas is another issue and I agree that they need to be erased prior to shipping. Might need to have it be the responsibilty of the resailer to erase all the hard drives prior to sale overseas.

[jeffb1000]

This is old news to most of us, but thought it deserved some attention anyway. Most color copiers have some form of ID unique to the printer, and every page printed in color has the "ID" printed on every page. The only way you can see it is if you use a particular type of flash light and simply shine the light on the page and the "ID" is perfectly visible. Typically, I think the "ID" is colored yellow, at least that is how it appears visibly on the printed page. Originally, I think this was a security measure to nab people making counterfeit money. Leave it to your imagination in considering the ramifications this could have on a private citizen, or worse yet, some corporations, or charities, or government facilities, and the list goes on. If you check YouTube, you might find a video demonstration that is proof of the "ID" unique to the printer, and maybe the owner as well.

[tnjman]

YES - the same storage happens when the machine functions as a 'receiving fax' machine. ALL of these areas a HIGHLY overlooked, and should be focused on as EXTREMELY SERIOUS security holes!

On top of ALL of these facts is the SCARIEST FACT: using "nmap" and other tools, you can bypass IPS IDS (Intrusion Prevention / Intrusion Detection) and you can hack virtually undetected!

Just like a physical "vault / safe" keeps people OUT and not "in," an IPS or IDS is designed in a similar fashion - it primarily detects OUTSIDE attempts, coming inbound!

WARNING: *ALWAYS* INCLUDE PRINTERS (EVEN NON-MFD PRINTERS) IN SECURITY PENETRATION ASSESSMENTS!

Tidbit: Did you know that, by default, Kyocera and some other MDF printer/scanner/copiers, have NO ADMIN PASSWORD; and that you can telnet directly into the machine and use: "username: admin, password: [LEAVE IT BLANK] and you are then in a restricted Linux menu shell, that lets you display device settings and reboot the printer?!
Did you know that, if you FTP to these Kyoceras and others similar printers, you can pull off the 'config' files and, in some cases, you can get to the hidden "file/data" areas and pull off the temporarily stored documents that, in some cases, are ANYTHING BUT TEMPORARY!

[tnjman]

Oops, I said "MDF" in one place above - meant "MFD" (multi-function device). At any rate, a clarification:

Expounding on the IDS/IPS issue: Remember that things such as "inside devices" and/or "internal printers" often are excluded from IDS/IPS even LOOKING AT THEM! i.e., "Well, its an inside printer, why would I have IDS/IPS scan against it?" Again, with "nmap" and other tools, since most hackers know printers are not considered by most such IDS/IPS and scans and so forth, printers are a prime target as a virtually undetectable hacking vector!

ADDITIONALLY SCARY: Some Security Administrators PURPOSEFULY EXCLUDE printers and MFD's from the IDS/IPS, because they wrongly assume that all traffic coming from/going to a printer will be innocuous/harmless!
WRONG ASSUMPTION! As well, when they set up printers, they often see IPS/IDS warning about 'such and such' traffic to/from the printer and, at that time, certainly, most such warnings are simply seeing "back and forth" printing of documents; BUT, then the Security Admins go the extra step and exclude them from being checked by IDS/IPS because they don't want to be bothered by all the "false positives" that they figure are just regular back-and-forth printing of documents! Again, a VERY bad practice, as far as 'Security Best Practices.' Printers and MFDs are a HUGE SECURITY HOLE!

[tnjman]

YES, it's true. most of these multi-function devices are running a stripped-down, allegedly 'hardened' version of Linux. Virtually ALL of them have an embedded Web server - just go: http://ip-of-printer
and you will be at the Web page. Alternatively, try these:
ftp ip-of-printer
tftp ip-of-printer
telnet ip-of-printer

Those are some typical steps to see if the machine has an embedded o/s and, along with that, normally the system will also have a hard drive.

And - patches? They don't allow you to go and get security updates; so, what if a buffer overflow or Web server or o/s vulnerability is found on these?

Also of note:
CARS now have hard drives
Some TVs and, as pointed out already, other devices, have hard drives.

BOTTOM LINE:
1) ALWAYS DISCLOSE TO THE CUSTOMER THAT THEIR DATA IS BEING STORED!
2) LET *ME*, as Security Admin, browse & delete my own documents, WIHOUT CHARGING ME EXTRA!

[yuki_ykchan]

I think that $500 is erase data use with the Degaussers

[lschwarcz]

This has been an issue for both copiers and for computer hard disks for a long time now. I see people selling and giving away their old computers everyday! I personally have received free computers from people and found highly confidential data on them like name, address and SSN.

This is why products like DISKSTROYER are around (http://www.diskstroyer.com). People are realizing that they need to take precautions to not let this type of information out.

[tnjman]

Exactly - free encrypt & erase should be included! You can do that on EVERY PC/Mac/Linux/UNIX platform - granted, you also can pay more and get beefier options but, seriously, the Open Source encryption available are sufficient for most folks; and are VERY difficult and/or virtually impossible to compromise.

[swamibob]

I can't believe that one guy said you can have the feature to erase your documents for $500 extra. What a load of crap. They should by default have the option to say not to store documents on the hard drive after printing or to allow a full format of the drive if the user so desires. There is no purpose for the drive to store that many documents in the first place. If the copier won't allow you to go back and reprint old documents, which in that case you would know they are being stored, what is the point in keeping them in the first place? If they did include something like a history that you could set how many days to save copied or printed documents, that would be cool if it was being sold as an additional feature, but for the typical moron user, that should be turned off and have to be enabled in the administration menu.

[MarineWife209]

Does this "feature" happen at the RECEIVING FAX machine as well????

[tnjman]

YES - the same storage happens when the machine functions as a 'receiving fax' machine. ALL of these areas a HIGHLY overlooked, and should be focused on as EXTREMELY SERIOUS security holes!

On top of ALL of these facts is the SCARIEST FACT: using "nmap" and other tools, you can bypass IPS IDS (Intrusion Prevention / Intrusion Detection) and you can hack virtually undetected!

Just like a physical "vault / safe" keeps people OUT and not "in," an IPS or IDS is designed in a similar fashion - it primarily detects OUTSIDE attempts, coming inbound!

WARNING: *ALWAYS* INCLUDE PRINTERS (EVEN NON-MFD PRINTERS) IN SECURITY PENETRATION ASSESSMENTS!

Tidbit: Did you know that, by default, Kyocera and some other MDF printer/scanner/copiers, have NO ADMIN PASSWORD; and that you can telnet directly into the machine and use: "username: admin, password: [LEAVE IT BLANK] and you are then in a restricted Linux menu shell, that lets you display device settings and reboot the printer?!
Did you know that, if you FTP to these Kyoceras and others similar printers, you can pull off the 'config' files and, in some cases, you can get to the hidden "file/data" areas and pull off the temporarily stored documents that, in some cases, are ANYTHING BUT TEMPORARY!