Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Digital Photocopiers Loaded With Secrets

CmdrTaco posted more than 4 years ago | from the office-party-bums dept.

Security 204

skids writes 'File this under "no, really?" CBS news catches up with the fact that photocopiers, whether networked or not, tend to have a much longer memory these days. When they eventually get tossed, few companies bother to scrub them. Couple this with the tendency of older employees to consider hard-copy to be "secure," and your most protected secrets may be shipped directly to information resellers — no hacking required. "The day we visited the New Jersey warehouse, two shipping containers packed with used copiers were headed overseas — loaded with secrets on their way to unknown buyers in Argentina and Singapore."'

cancel ×

204 comments

Sorry! There are no comments related to the filter you selected.

No problem (5, Funny)

eln (21727) | more than 4 years ago | (#31912648)

I always take care to disguise my ass before photocopying it. You can never be too careful these days.

Re:No problem (5, Funny)

Darkman, Walkin Dude (707389) | more than 4 years ago | (#31912686)

If you get the moustache just right you can do a passable Mr Potato Head.

Re:No problem (0)

Anonymous Coward | more than 4 years ago | (#31913496)

And there's always a legal wig for that Pink Floyd - The Wall look.

Re:No problem (4, Funny)

Monkeedude1212 (1560403) | more than 4 years ago | (#31912978)

I somehow knew this topic would be the butt of every joke.

Re:No problem (1)

interkin3tic (1469267) | more than 4 years ago | (#31913296)

Taco really was assking for it with the "office-party-bums dept" bit.

Re:No problem (1)

vikingpower (768921) | more than 4 years ago | (#31913252)

Is your ass industrial secret ?? Wow, I wish I had your ass !

Thats supposed to be obvious? (5, Insightful)

EricX2 (670266) | more than 4 years ago | (#31912650)

I never would have guessed the copy stayed in memory on the device. When I copy, scan to email or, scan to file it doesn't give me the option to 'scan again without reinserting original'... or does that imply the ones we have don't have this 'feature'?

Re:Thats supposed to be obvious? (5, Informative)

fuzzyfuzzyfungus (1223518) | more than 4 years ago | (#31912720)

It depends on the calibre of the device. Your basic deskside all-in-one isn't much of a risk. The real cheap seats might only have enough onboard storage to show up on the USB bus and have their firmware blob dumped to them by the driver.

Many of the nicer models, though, have an internal HDD, often with a webserver, to support use cases like "scan, retrieve document through web interface" or "receive and store faxes without printing them all". Those are the ones you have to watch out for.

Given that most printer manufacturers can't seem to design UIs that aren't exercises in pain, it may or may not be obvious based on using the device how much storing it is doing.

Re:Thats supposed to be obvious? (3, Informative)

Em Emalb (452530) | more than 4 years ago | (#31912854)

that and a lot of them these days have email capabilities (scan and email) so you get the directory full of usernames and email addresses. We actually barely remembered in time to do this when we shipped back a bunch of dell all in ones after their lease was up.

Re:Thats supposed to be obvious? (3, Interesting)

xOneca (1271886) | more than 4 years ago | (#31912906)

Your basic deskside all-in-one isn't much of a risk.

You mean cheap all-in-one are more secure than expensive ones? I wouldn't say that if it wasn't for this article...

Seems one more thing to have in mind when buying a printer...

Re:Thats supposed to be obvious? (3, Insightful)

Jaysyn (203771) | more than 4 years ago | (#31913020)

Security thru lack of features, maybe.

Re:Thats supposed to be obvious? (1)

Kral_Blbec (1201285) | more than 4 years ago | (#31912908)

I used to work in a print shop with some really nice machines. None of them had a function to reprint a previously printed document from the main display. The one I used the most had a 120gb drive in it that I could access, but I couldn't print from there either. I could view the queue of what had been previously printed by document type/name, but I couldn't actually print or view it. It also had a display of how full it was, and the only time I ever saw it fill up was when I was printing a large raw file (usually by accident :| ) Maybe some of the higher ups with a different log-in could have recovered documents, but not as far as I know. I was the one that was usually tinkering with the machines and figuring out new functions nobody else used/knew. I never would have thought that it kept a copy after finishing. I figured it would be recoverable in some form due to weak deletion/erasing, but not archived in full.

Re:Thats supposed to be obvious? (1)

ashidosan (1790808) | more than 4 years ago | (#31913312)

Print shop copiers != business copiers. Our Canon all-in-one device does all the crap you said yours didn't, including a full reprint of every document stored on the machine.

Re:Thats supposed to be obvious? (1)

tagno25 (1518033) | more than 4 years ago | (#31913402)

but that is a setting that has to be enabled to work, and even then the files (and possibly file system) are encrypted for that device.

Admin rights required!! (5, Interesting)

IrishHammo (1784970) | more than 4 years ago | (#31913418)

Even nicer, I remember a few years ago I needed to scan the work permit in my passport for HR. So I went to the photocopier, did a scan to storage, and from my desktop retrieved from the photocopier storage and emailed. Job done I went to delete my passport from the photocopier storage. No Dice, windows admin rights required, and when I asked a windows admin to delete it for me (and the other 8 confidential documents sitting there with full read access) I got a very blank look.

Re:Thats supposed to be obvious? (1)

ElectricTurtle (1171201) | more than 4 years ago | (#31912830)

It's supposed to be obvious when your giant MFP has a goddamn HARD DRIVE in it, and I've seen many that do.

Not being able to go from email to file on the same image(s) is just bad interface design that assumes you want to do only one thing with the document. Whether it's still in memory or not depends of course on the design of the MFP's platform. The large memory capacity in terms of both flash and magnetic media is mostly for balancing high resolution input from multiple sources in a network environment.

Re:Thats supposed to be obvious? (2, Funny)

interkin3tic (1469267) | more than 4 years ago | (#31913380)

It's supposed to be obvious when your giant MFP has a goddamn HARD DRIVE in it, and I've seen many that do.

See, I don't even know what an MFP is, so whether or not mine has a hard drive in it is really not obvious to me or my coworkers at the buffalo police office sex crimes division.

(For those of you who didn't RTFA, the "buffalo police office sex crimes division" was a humorous reference to the article. You missed out on that very funny joke. That'll learn you to not RTFA.)

Re:Thats supposed to be obvious? (5, Informative)

YttriumOxide (837412) | more than 4 years ago | (#31912842)

I never would have guessed the copy stayed in memory on the device.
When I copy, scan to email or, scan to file it doesn't give me the option to 'scan again without reinserting original'... or does that imply the ones we have don't have this 'feature'?

Generally it doesn't. Many devices have the ability to store at the same time as copy, however it's a feature you generally have to explicitly choose (unless enabled as a security mechanism by the device administrator). Some devices also have the option to keep the last job in memory (however not permanent storage such as HDD) in order for a "fast reprint" or "fast resend", but it's not a common feature, so I wouldn't be too surprised that the ones you're using don't have it.

A far more pressing concern than memory is the permanent storage. Most devices these days have an HDD that will store data for various purposes. Actual images of copy/print/scan jobs are only rarely stored, and usually only when explicitly set to do so (as above), however user data information in the form of job logs, counter information, credit information (for embedded accounting applications) and so on can be quite a concern. Most decent devices will however have a "secure erase" feature to be used by the administrator before disposing of the device, and often also an option whereby data going through HDD and RAM is encrypted on the way in/out (except of course actual operating code - but that doesn't contain YOUR sensitive data, only the manufacturers...).

To all: Feel free to ask for clarification on anything copier/MFP related... writing code for these things is my day job. Many things in the article are half-truths and some are just flat out wrong.

Re:Thats supposed to be obvious? (1, Interesting)

Anonymous Coward | more than 4 years ago | (#31913098)

How long has it been taking you to improve the horrible UI?

Re:Thats supposed to be obvious? (1)

mat128 (735121) | more than 4 years ago | (#31913360)

He writes code for these things, he doesnt write the UI! That's done by the marketing dept!

Re:That's supposed to be obvious? (1)

michaelwv (1371157) | more than 4 years ago | (#31912866)

When you make 10 copies of something, it only scans the original once. That means that the image is being stored somewhere. The only question then is for how long is that image stored. It's reasonable to assume that it's stored until that space is needed for something else, so the lifetime is going to be directly a function of the size of the internal storage device.

true story (4, Interesting)

cinnamon colbert (732724) | more than 4 years ago | (#31913386)

many years ago, in the ages of DOS 4.0 and so forth, we had a hewlett packard laser jet, which we thought pretty slick, that connected with a huge fat parallel port cable. One day, I unplug the printer and hook it up to another PC, which, children, in those far off days was quite an adventure in drivers (this was before you could download drivers off the web.....almost pre historic) While, I send some print jobs, say job1, job2.... to the printer, some of which print and some of which vanish, but, eventually, I get all the printouts I need and hook the laserjet back to its orignal computer. A month or two later, printjob2 popped out of the printer. snce the software for this was not installed on the pc the printer was hooked up tow, the job must have sat in the printer all that time (this is long before any "wireless" was available - it would be 2 or 3 years later that the marvel of 802.11A came along)

Re:Thats supposed to be obvious? (3, Insightful)

drooling-dog (189103) | more than 4 years ago | (#31913504)

Well, the original submission says,

Coupled with the tendency of older employees to consider hard-copy to be "secure"...

...so it looks like this is only a problem for the geezers; after all, digital photocopiers are like magic to them. There's virtually no chance that any of the savvy young hipsters in your organization could fail to be aware of this threat.

S/N (4, Funny)

paiute (550198) | more than 4 years ago | (#31912652)

If they are anything like our photocopiers, the criminals will have to wade through a sea of lolcats and fail posters to get to any actual business information.

Re:S/N (0)

Anonymous Coward | more than 4 years ago | (#31912688)

Which is a lot easier than breaking and entering or hacking. They're also a lot less likely to get caught.

LOLcats ARE our business (0)

Anonymous Coward | more than 4 years ago | (#31912920)

LOLcats ARE our business, you insensitive clod! :)

Re:S/N (4, Insightful)

interkin3tic (1469267) | more than 4 years ago | (#31913424)

the criminals will have to wade through a sea of lolcats and fail posters to get to any actual business information

Unless they find a way to make the text searcheable and just search for "social security number" or "credit card number" and look at what's written right next to it. And while I don't know how to do that personally, it seems like the type of thing that would take about 10 minutes to figure out and then another 10 minutes to actually do.

Introducing the Xerox Assjet 790 (0)

Anonymous Coward | more than 4 years ago | (#31912660)

Photocopying your ass on a standard copier results in an "overall compromise of ass clarity," and no one wants that.

Why? (4, Interesting)

kabloom (755503) | more than 4 years ago | (#31912662)

Why did they start designing copy machines to have long term storage, and to keep a copy of everything ever copied?

Re:Why? (0)

Anonymous Coward | more than 4 years ago | (#31912754)

The operative hint is "no hacking required," as in "painfully obviously open." Government back-door!

Re:Why? (1)

spire3661 (1038968) | more than 4 years ago | (#31912762)

Pretty much since hard drives were cheap enough to mate up with their digitizers.

Re:Why? (1)

NeoSkandranon (515696) | more than 4 years ago | (#31912862)

Because as I understand it really fancy copiers are also document repositories of sorts, with a web interface to retrieve faxes and scans, and so on.

Not saying it's a good idea, but it's an extension of the "multifunction machine" that copiers have become anyway

Re:Why? (1)

socsoc (1116769) | more than 4 years ago | (#31913208)

Could you please photocopy that post without specifying the monospace font? It's messing up my digitizer scripts and I won't be able to have a copy of everything ever posted in the thread.

Re:Why? (1)

Z34107 (925136) | more than 4 years ago | (#31912882)

It depends on the model, but a lot of features need long-term storage. Things like "secure" printing, where you have to type in a PIN before it will release our document.

Other features like "print from the web interface" or "print from e-mail" (running on a server on the printer itself) need storage. Keeping a history can also make management easier - some people use it to keep track of who is using company printers for personal use.

Re:Why? (4, Informative)

SoTerrified (660807) | more than 4 years ago | (#31912890)

Why did they start designing copy machines to have long term storage, and to keep a copy of everything ever copied?

In the old days, if you wanted 5 copies of a sheet of paper, the scanner would scan 5 times. Then someone thought "Hey, what if we could save the scanned image?" So you could scan once, and print out 5 copies. The easiest method is just to toss in a hard drive, and store the copies on there. Now, copying a variable number of pages, then erasing them immediately is extra wear and tear on the HD. You can get a longer drive life by distribute the data all over the HD so it's easily written, then only overwrite when the entire HD was full.

Pretty simple, really. The only downside is that the HD inside contains the last items scanned, up to the memory of the device. (So while it doesn't keep a copy of "everything ever copied", it could easily be the last several thousand items copied.)

Re:Why? (2, Interesting)

iamhassi (659463) | more than 4 years ago | (#31913462)

" Now, copying a variable number of pages, then erasing them immediately is extra wear and tear on the HD."

Sure that makes sense, but why the long-term storage? Why does it store the copies from 6 months ago? Shouldn't it go through every week wipe anything over a week old?

Of course that's not perfect, there's still going to be that final week on there, but at least no one will be "downloading tens of thousands of documents" from a photocopy machine like they did.

Also shouldn't the manufacture's be responsible for this somewhat? It's obvious when you save a document to a computer that the drive needs to be wiped, not so obvious when it's a copy machine. Shouldn't there be big warning labels and a "wipe all" button on the back somewhere? Sharp apparently offers a product to wipe copy machine hard drives.... for $500: [cbsnews.com]
"One product from Sharp automatically erases an image from the hard drive. It costs $500. "

WTF Sharp? You couldn't just put a button on the back that does a DoD wipe? [smartcomputing.com]

Re:Why? (0)

Anonymous Coward | more than 4 years ago | (#31913488)

That's fucking bullshit, the duty cycle of a photocopier HD is so light that the head activity would have no bearing on drive life.

Re:Why? (1)

Cassini2 (956052) | more than 4 years ago | (#31912942)

Why did they start designing copy machines to have long term storage, and to keep a copy of everything ever copied?

The copiers scan the originals into memory, and then print from memory. It allows them to print 5 copies of a 100 page document, all perfectly collated. The long term storage is a side effect.

Having a hard drive also enables new features, like network printing to the photocopier, and network scanning. These command a significant price premium with minimal hardware cost. As such, the photocopier sales people are encouraged to sell these features.

Finally, hard drives are significantly cheaper than RAM and ROM, I wouldn't expect them to go away either. It would actually cost more to build the modern copier without the hard drive.

Re:Why? (2, Insightful)

Corporate Drone (316880) | more than 4 years ago | (#31913314)

Why did they start designing copy machines to have long term storage, and to keep a copy of everything ever copied?

The news report is being sensationalist, and leading you to believe that it's keeping the data. Listen to the report again: they use a forensic program to get at the files. In other words, unless you tell the device to save the image, it's deleted. (The catch is that "deleted" means "entry deleted", not "file wiped off the drive".)

In other words, companies aren't wiping the hard drives of leased copiers. (Then again, are companies wiping the drives of leased PCs? Of PCs they owned, then threw away?)

Sun rises in east. Water is wet. Files that aren't wiped are able to be recovered from hard disks. Yawn...

Oh NO! (-1, Redundant)

electricprof (1410233) | more than 4 years ago | (#31912670)

What will we do if they get their hands on all those photocopies of employees' backsides????

Re:Oh NO! (0)

Anonymous Coward | more than 4 years ago | (#31912976)

If there's one thing this country doesn't need, it's an ass gap.

Heh (-1, Troll)

Pojut (1027544) | more than 4 years ago | (#31912708)

Now, I didn't get this rich by being stupid. I would never do something like you saw in tonight's episode. Electricity and water.. just do not mix. So, be a winner like "Quinner," and don't play with electricity. Right, ladies? Yeahhh, that's right...

No one will bother (2)

GigsVT (208848) | more than 4 years ago | (#31912756)

No one is going to sort through millions of pointless memos about employee picnics and birthday party announcements on the off chance that there's something potentially valuable to someone somewhere.

Re:No one will bother (1)

logjon (1411219) | more than 4 years ago | (#31912828)

They don't have to. It's a trivial matter to set up a script with a regex to root through the hard drive looking for something formatted like a social security number, or any other info that tickles your fancy.

Re:No one will bother (0)

Anonymous Coward | more than 4 years ago | (#31912956)

They don't have to. It's a trivial matter to set up a script with a regex to root through the hard drive looking for something formatted like a social security number, or any other info that tickles your fancy.

Presumably OCRing everything along the way? That's some script.

Re:No one will bother (2, Informative)

logjon (1411219) | more than 4 years ago | (#31913084)

It's really not. Command line OCR is a reality, and anything with a command line interface makes for easy scripting.

Re:No one will bother (1)

mikael_j (106439) | more than 4 years ago | (#31913202)

Don't forget that most of these machines are also printers, and most office workers print a lot more than they copy.

stored as pdfs (0)

Anonymous Coward | more than 4 years ago | (#31913236)

more docs are printed than photocopied, and these would be stored as pdfs or ps files.

Re:No one will bother (1)

geekoid (135745) | more than 4 years ago | (#31913140)

That is not a trivial matter. I mean, when I did printer software, every model would need to have a different script. For example The HP Laser III would need a different script then the HOP laser IIIA. And from all out word appearances, the models were identical. In fact, with the exception of the printer codes, they were the same and would be sold as the same HP Laser III.

Yes, that's correct, you could have two printers that looked identical, behaved Identical, but had different printer codes.

Add tot hat, you would need to hook up EVERY single printer from every single resold or decommission printer just to have a chance that you might find one.

Finally, how many printers have hard drive? almost none, and you might not know which ones have a hard drive unless you by them.

Re:No one will bother (2, Informative)

logjon (1411219) | more than 4 years ago | (#31913244)

It took Juntunen just 30 minutes to pull the hard drives out of the copiers. Then, using a forensic software program available for free on the Internet, he ran a scan - downloading tens of thousands of documents in less than 12 hours. rtfa

Re:No one will bother (1)

skids (119237) | more than 4 years ago | (#31913434)

What you do is suck in the raw data and search for chunks in known formats. The PS and PDF can mostly just be text searched, bitmap OCR is extremely easy to automate if all you want is a raw text dump and do not care too much about the occasional column-interleave scramble.

The point is you aren't looking to do a thorough scan, just enough of a scan to find some of the interesting things. If you let some interesting things slip through your fingers, that's no big loss, there are plenty more hard drives where that one came from.

Once you've found something interesting then you put more effort into that.

How much effort you put in depends on how hard it is to make a living doing legitimate work where you live. Outside of the developed world, that equation is a lot different.

Re:No one will bother (3, Insightful)

rhsanborn (773855) | more than 4 years ago | (#31912872)

No one is going to go dumpster diving and digging through reams of discarded employee picnic announcements just to try and find some corporate secrets, wait... shoot.

Ok, let's try this again. No one is going to go through piles of keylogger data most of which is filled with lols and a\s\l?s to try and find a persons banking credentials, wait ... frick.

No one will do it, except the people that do. There is a buck to be made, people will do it.

Re:No one will bother (2, Insightful)

bdsesq (515351) | more than 4 years ago | (#31912874)

No one is going to sort through millions of pointless memos about employee picnics and birthday party announcements on the off chance that there's something potentially valuable to someone somewhere.

Want to bet? Oh, that's right you already are betting. If no one goes through your copier data you win -- nothing. If someone finds a password or credit card number you lose -- big time.

So nothing to gain and everything to lose. Sounds like wiping the copier disk is a "must do"!

Re:No one will bother (1)

natehoy (1608657) | more than 4 years ago | (#31913258)

Personally, I think finding the drive/memory and smashing the shit out of it would be cheaper and more effective. Shame that the photocopier can't be reused, but spending $500 to wipe a photocopier that you can sell for $300 isn't very efficient either. Recycle the parts, and give $300 to a charity so they can buy a used photocopier from someone else.

Re:No one will bother (1)

GigsVT (208848) | more than 4 years ago | (#31913388)

If you are making photocopies of a sheet with your password on it, you have way bigger security issues to worry about.

Re:No one will bother (1)

Kral_Blbec (1201285) | more than 4 years ago | (#31912940)

Yup, because OCR would take too long and they would never think of that. If it kept printouts and not just copies (and many copy machines can also function as a printer) it would be very quick and accurate to OCR everything on a drive and do a text search for S/N

Re:No one will bother (4, Insightful)

_Sprocket_ (42527) | more than 4 years ago | (#31913072)

Data is valuable. Labor is cheap.

Re:No one will bother (1)

natehoy (1608657) | more than 4 years ago | (#31913224)

Your statement is an example of "security through obscurity" or "hiding in plain sight". That model of security was already disproved long ago. And, by "long ago", I'm referring to thousands of years, not weeks. It not only predates the invention of the photocopier, it predates the invention of paper. It probably even predates the concept of walking upright.

Hiding important things in an ocean of unimportant things means that someone can still get at the important things if they try hard enough, or are aware enough to look. The chances of discovery are directly proportional to the amount of knowledge the attacker has about how the data is hidden and roughly inversely proportional to the amount of "chaff" data you put out there to hide the "wheat".

And with the "try hard enough" being "extract the contents of the drive and show me thumbnails of everything on it", or even "extract the contents and OCR the whole lot and search for words like CONFIDENTIAL, SSN, and PAY TO THE ORDER OF" (all of which would be a couple of minutes' work for a 12-year-old child these days), you're not going to be able to obscure things all that well.

What is data worth these days? If you could buy, say, 10 of these $300 printers, you're out $3,000. If each one yields 100 pages for a total yield of 1000 pages, you're paying $3 a page. 99% of the images are likely going to be company picnic memos. Until you get the 10 pages that contain the company payroll data, or something someone will pay good money for. And if it doesn't work out, you rebuild the photocopier and resell it, or even rent it to a company you know has lots of juicy data going through and make sure the sale includes a routine maintenance agreement so you can swap drives out every few weeks.

Of course, if you know where your used photocopiers are coming from, they could yield a much higher return. Did your local hospital just make a big deal of donating photocopiers to a local charity? Go in to the charity with a nicer model of photocopier and offer to swap them out. With a little creative thinking, you could get photocopiers that are more likely to have good salable information in them.

This isn't the biggest security hole ever, it's not even the biggest security hole this month, but it is pretty scary.

Re:No one will bother (1)

GigsVT (208848) | more than 4 years ago | (#31913310)

I didn't say it was secure, just that no one will bother.

Re:No one will bother (1)

Hatta (162192) | more than 4 years ago | (#31913328)

Do you have any idea how much electronic waste gets sent to Africa? Do you have any idea what the economy there is like? Do you have any idea how much identity theft originates from Africa? These are people with very few legitimate options, and a very low risk to reward ratio for the illegtimate options.

Secrets (4, Interesting)

Z34107 (925136) | more than 4 years ago | (#31912760)

I'm not surprised - there are all sorts of nifty things mere "copiers" do. They can store documents forever, especially "secure" ones that you have to release with a PIN. They provide network services - some include (hackable!) FTP servers.

HPs printers support SNMP, but usually in the most insecure method possible. One of the simpler things you can do (Google it, perhaps not using SNMP) is remotely change the LCD text and blink the status lights. I wrote a script that would make all the HP printers on campus flash an animated ASCII Kirby dance.

Print servers are just that - servers. But, they look like copiers, so they get thrown out with secrets.

Re:Secrets (3, Funny)

zill (1690130) | more than 4 years ago | (#31913298)

I wrote a script that would make all the HP printers on campus flash an animated ASCII Kirby dance.

Travis! You finally made a slip of tongue. Us sysadmins has been hunting the culprit for years now and now we finally got you!

Re:Secrets (4, Funny)

Lumpy (12016) | more than 4 years ago | (#31913350)

My favorite was to change the language file and make "ready" be "insert coin"...

Re:Secrets (0)

Anonymous Coward | more than 4 years ago | (#31913362)

Should've been an animated goatse

Some people don't listen (5, Insightful)

bfmorgan (839462) | more than 4 years ago | (#31912798)

I have pointed this out to my company's computer security guy and his response was, "I don't worry about copiers, that is a human resource issue". I have sent him this story. Maybe that will get him worried. Oh, and I cc'd the CEO.

Re:Some people don't listen (4, Insightful)

Red Flayer (890720) | more than 4 years ago | (#31913064)

Why didn't you email the local head of HR? The guy told you who is responsible...

Instead now you have a situation where you're calling someone out on something that is not their responsibility... that's not the nicest (or most effective!) way of handling it.

Re:Some people don't listen (5, Insightful)

vbraga (228124) | more than 4 years ago | (#31913074)

Better write 'Pro golf tips at the bottom' in the subject or the CEO isn't going to read it.

Re:Some people don't listen (1)

Kozz (7764) | more than 4 years ago | (#31913508)

So you're eager to tangle with both HR and the CEO? Around here that's a sign that you hate your job.

But... (1)

Theuberelite (1786666) | more than 4 years ago | (#31912822)

What they don't have is the photopaster. They can copy -- but they can't paste!

From the article (2, Insightful)

Itninja (937614) | more than 4 years ago | (#31912844)

Nearly every digital copier built since 2002 contains a hard drive - like the one on your personal computer - storing an image of every document copied, scanned, or emailed by the machine.

Having worked in the digital industry up until 2007 I can tell you, that is a laughably inaccurate statement. We had half a dozen industrial-class copiers, all from 2004 or newer. The only one with a 'hard drive' in it was the high end color copier/printer; and we had to specifically add that option. I think it would be accurate to say that nearly all digital copiers might be configured to use a hard drive, though many are external and often separated from the device when it's sold.

Re:From the article (1)

michaelwv (1371157) | more than 4 years ago | (#31912900)

Storage space you have access to and storage space used by the machine don't have to be the same thing.

Re:From the article (2, Interesting)

Itninja (937614) | more than 4 years ago | (#31913110)

Indeed. But even storage used by the machine would required some physical presence. Having torn these machine down to almost the bare frame on more than one occasion, if there's a hard drive in there, it's invisible. Maybe some flash memory on the board somewhere, but I doubt it could store more than the last 100 pages or so....

Re:From the article (1)

kriston (7886) | more than 4 years ago | (#31913254)

Thanks for your post. I thought it laughingly idiotic to assume that so many of these devices have hard drives in them to begin with. I guess it wouldn't have made the local public-interest story on so many radio stations this morning if they didn't say that.

Re:From the article (2, Interesting)

michaelwv (1371157) | more than 4 years ago | (#31913466)

And I suppose that's really the distinction. If you asked people, "does the copier right now have a copy of that page you just copied?" that might not be surprised by that, but "does the copier right now have a copy of that page you copied last year?" they would be, and the difference comes down to how much storage and whether or not you have persistent storage.

Re:From the article (0)

Anonymous Coward | more than 4 years ago | (#31912982)

Nearly every digital copier built since 2002 contains a hard drive - like the one on your personal computer - storing an image of every document copied, scanned, or emailed by the machine.

Having worked in the digital industry up until 2007 I can tell you, that is a laughably inaccurate statement.

We had half a dozen industrial-class copiers, all from 2004 or newer. The only one with a 'hard drive' in it was the high end color copier/printer; and we had to specifically add that option. I think it would be accurate to say that nearly all digital copiers might be configured to use a hard drive, though many are external and often separated from the device when it's sold.

Of course the HDD is separate, that's the copier sales man's up sell.

Sell a 100gig HDD for $500, but of course you can only use our HD because it has a modified firmware. The copier wont recognize an off the shelf HD that has 10x the capacity and costs 1/5th the price.

Re:From the article (1)

geekoid (135745) | more than 4 years ago | (#31913162)

"digital industry"?

what? you carved atoms into bits for a living?

Oh no... (1)

MXPS (1091249) | more than 4 years ago | (#31912924)

Let's hope those copiers weren't taken from the Jersey Shore house or else they might have a Situation on their hands. His trade secrets can't and most not be duplicated in other areas of the world.

that's an interesting bank statement, mr salesman (2, Insightful)

wfmcwalter (124904) | more than 4 years ago | (#31912932)

My company recently bought a used copier/scanner/printer, which had supposedly been reconditioned and cleaned. It included a "document server" feature, whereby jobs could be scanned to its internal disk (or print jobs could be stored in the printer for later printing). The salesman who sold it to us had helpfully left scans of his current account statement in the document server, together with some placating letters to other customers. After thinking about what uses we'd actually have, I decided just to turn the document server feature off for everyone. I did leave the deferred-jobs part on (as it's useful when someone is printing on weird stock or printing something confidential) - thus ensuring that anything left on the copier (the company is now defunct, the copier presumably resold) is guaranteed to be juicy.

Re:that's an interesting bank statement, mr salesm (1)

ae1294 (1547521) | more than 4 years ago | (#31913230)

The salesman who sold it to us had helpfully left scans of his current account statement in the document server ... After thinking about what uses we'd actually have, I decided ... it's useful ... printing something confidential ... thus ensuring that ... (the company is now defunct)

Hummm... that must have been a really awesome hookers and blow party your company had!

new feature idea... (2, Interesting)

Stewie241 (1035724) | more than 4 years ago | (#31912994)

Isn't there a spec for deleting data? Seems it would be a good selling feature and cheap to implement a system in the BIOS of all PCs and any device that has a hard drive a way to securely delete all data. This would make it much easier to get rid of old equipment without having to worry about what data is left.

Sensationalize much? (1)

geekoid (135745) | more than 4 years ago | (#31913006)

Yes, are secrets ar in da printed memory...oh noes!

What are the odds that any printer happens to have some damming secret in it that's being reomoved? Is it worth going there avery single decommissioned printer to find it?

No.

Re:Sensationalize much? (1)

Amouth (879122) | more than 4 years ago | (#31913338)

Every? yea that would be a waist.. but you know if you showed me different copiers - i could tell you roughly what each one would be used for (aka the departments) and if you could get any of the back history of the last lease.. that is when you start targeting companies or government groups for specific info.. and that my friend is where you start getting info that can make you money.

even where i work - i know of 1 copier that gets used for a couple random things BUT it is also the one the book keeper uses to make copies of the paychecks and stubs - what do you want to bet that she uses that for other things like coping ETF's and other fun info

Re:Sensationalize much? (0)

Anonymous Coward | more than 4 years ago | (#31913436)

Grammar! Your sentence doesn't make _any_ sense.

Wow, way to be on top of things, CBS (0)

Anonymous Coward | more than 4 years ago | (#31913018)

Hah! (1)

SnarfQuest (469614) | more than 4 years ago | (#31913052)

That's why I use a cheap netbook/scanner/printer. Periodically, I can just toss the netbook into a Salvation Army bin, and there's no way for them to get anything off my scanner!

Anonymous Coward (0)

Anonymous Coward | more than 4 years ago | (#31913054)

So, why is this a problem?

http://www.youtube.com/watch?v=nfCYzJAgwrw

done and done...

The real WTF (1)

operagost (62405) | more than 4 years ago | (#31913122)

We didn't even have to wait for the first one to warm up. One of the copiers had documents still on the copier glass, from the Buffalo, N.Y., Police Sex Crimes Division.

No hard drive needed-- just stupidity.

Dracula says... (0)

Anonymous Coward | more than 4 years ago | (#31913172)

"What is man? A miserable little pile of secrets!" -- Dracula

They aren't really files--it's raw data (1)

kriston (7886) | more than 4 years ago | (#31913190)

They aren't really finding files. The files, of course, are marked for deletion and are deleted with the data left behind in unallocated sectors. What they're doing is using forensic tools to take this raw data off the hard drive and re-assemble it into files, something well-known about computers. The point of the story is that nobody knows it's true about many digital copiers, too.

As for the $500 device to wipe the drive, this device is expensive because it's a little computer that does a "wipe" of the hard drive data to FIPS 142-2 and NIST 800-88 4 standards.

For practical purposes I think the copiers should wipe free space on the hard drives on a regular basis, but this would likely result in premature drive failure in the field.

These are machines with hard drives. (1)

Delusion_ (56114) | more than 4 years ago | (#31913214)

No hard drive, no real issue.

I see this issue crop up with large-format printers/copiers, but the issue is really the same as what the article is talking about. Many photocopiers, printers - both small format and large format - have the ability to re-print from history, and this is because all the jobs are saved locally to the device. Depending on the device and manufacturer, this may or may not be a real problem. On some of our devices (large format), the history is set in terms of gigabytes - usually ten or less - and for some of our less-frequent users, that can actually cover a year or more. Other devices are set in terms of time period. This setting may be applied differently to scans and prints on many devices.

In our case these are our devices that we lease out. When a is taken from one customer to another, it's necessary to clear out history queues if they've been set, but sometimes also necessary to delete problem queues that some devices send jobs to if there is a failure of some sort. In most small-format devices that are customer-owned, there should be a way to delete histories and user data, but short of re-installing the device's operating system, there's no way to securely wipe the now-unused portion of the hard drive and sell the device, and most end users do not have access to re-installation discs for the printer's firmware/OS. If the device is being decommissioned, though, destroying the hard drive is easier to justify.

Re:These are machines with hard drives. (1)

Delusion_ (56114) | more than 4 years ago | (#31913452)

Yes, TFA is a bit of scare-mongering. Quite honestly, most businesses are not in jeopardy if their old printed/scanned documents get out of their hands; by the time anyone else has access to the device, the documents aren't timely.

Having said that, the article also points out that two of the devices they scanned were from police departments and contained documents that, if leaked, would put their previous owners in liability, and the subjects of the documents in jeopardy of blackmail or worse.

I think that, with the proper amount of user education, this can be dealt with properly, either by the lessee being required to wipe the device between users or by the owner doing so. If the product is at the end of its life, destroying a hard drive to the degree that it would not be practical to recover requires very little: a cheap torx screwdriver and a ten minute fun session of scraping the hell out of the platters should do the trick.

Completely unrelated, but you'd be amazed at how far an eighteen inch hard drive platter will go if bounced off a smooth surface. When it made contact with the wall, it was about four inches into the drywall. Whoops.

don't forget the serial # yellow dot pattern (1)

cinnamon colbert (732724) | more than 4 years ago | (#31913216)

It is true - 1st saw this about 8 years ago - that color copiers put a pattern of yellow dots on every sheet; supposedly, the pattern is tied to the serial number of the machine. You can see the dots, at least for some machines, with the naked eye, if you look really carefully and know what to look for. and this is just what we know http://www.pcworld.com/article/118664/government_uses_color_laser_printer_technology_to_track_documents.html [pcworld.com]

How to clear them out? (1)

schwit1 (797399) | more than 4 years ago | (#31913246)

Is their a site on the web that lists the procedures for clearing out saved data for each copier/printer model?

I discovered this fact the hard way... (2, Funny)

xandercash (1791710) | more than 4 years ago | (#31913260)

...(in 1999) when I copied an offer letter for better employment on my current employer's copier, then left for a long weekend. I came back on Monday to find my offer letter pasted all over the company.

Gross (1)

Stele (9443) | more than 4 years ago | (#31913364)

When they eventually get tossed, very few companies bother to scrub them.

With years of ass-stain buildup, who's going to bother scrubbing them? Better to just incinerate the lot. It's the only way to be sure.

Digital Everything (2, Interesting)

colmore (56499) | more than 4 years ago | (#31913384)

I'm starting to really think that we're making a mistake putting full-fledged computers in everything we build. They allow for an amazing array of features, but it makes fully understanding our machines much more difficult. Security problems like this one are inevitable.

A dumb analog xerox machine is pretty easy to understand, and one that runs on a microcontroller and a few KB of ram (if that) isn't much harder. But who but the most dedicated hacker has any real idea about what is going on inside a modern Xerox. It *might* not have any undocumented "features," but you have no way of knowing. Security has gone from being a matter of applied common sense to involving a large amount of blind trust in these manufacturers.

It's a symptom of a larger issue though. We're rapidly getting away from having a society where a well educated and technically minded person can understand the actual inner workings of the technology they interact with every day. The tradeoff might be worth it, I'm not a luddite. But we should remember that we are entering into a new kind of relationship with our machines,

Apple (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#31913444)

Anyone know the copier repair man that services the copiers at Apple?

Bet gizmodo would pay handsomely for some HDDs.

LOL!

Do it like lab devices do? (1)

drolli (522659) | more than 4 years ago | (#31913500)

On many modern devices in the lab (e.g. Arbitrary Waveform Generators, Oscilloscopes) the hd can be easily removed withou opening the case. That would be fairly easy. Or: mount the hd firmly but make a slot for a i GB compactflash card containing the encryption key. or store the encryption key on the hd and delete it 1 time per month.

ShitE... (-1, Troll)

Anonymous Coward | more than 4 years ago | (#31913512)

Pr1vate sex party long term survival
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?