This year marks the 50th anniversary of the good, old-fashioned copy machine. But, as Armen Keteyian reports, advanced technology has opened a dangerous hole in data security.
Only 60% of Americans don't know that copiers store images on hard drives? I had no idea (why store images when you just duplicate print copies onto paper immediately?), and I'm a security minded IT professional.
Check out the Xerox copier line. It has image disk overwrite. It clears that sector of the hard drive after every copy or print. You can set it to overwrite the drive every night.
I've been in the copier business for twenty years, from the analog days now I'm pretty much an I.T. guy for a large copier company with DOD contracts. This old news story is actually pretty close, the problem is that today the machines are so complex, run every protocol there is and are basically an NAS device. Copier manufacturers should not charge for the digital overwrite options, they rip people off with this.
This has been known in security circles for years. There are even specific copier models with removable hard drives. If you return your copier with a hard drive inside, you're asking for trouble. The only way to secure a hard drive is with a big hammer or a blow torch.
@Alistairville I would say it's somewhere between convenience and big brother (company watching employees). When you're fax scans stuff into memory, to send as you walk off, it has to store it somewhere. That and when it kicks out a "failure" to send, it's from (HD) storage. I can give a good number or reasons, but it's the same thing.
@Missymugsy so that the copier can scan multiple pages at once for faxing or sending to someone email box or hard drive. Also to store the whole document that is being printed from a computer. Once there was a need for the hard drive, it became a feature. You can store all the scanned documents for later retrieval, or to use as a print on demand server for forms or other documents to print only when needed. More and more 'clicks' on copiers are not for copying but for computer printing.
Seems to me that the warehouse housing and receiving these copiers should have advised the companies from where they originated about the hard drives and given them the option of removing it before being shipped overseas. This, of course, would entail costs that should be paid by the last owner. Just a thought!
Even though this is from 2010, it's still relevant. Yes, not everyone has "cache all images" turned on, yes, many companies have scrubbing policies that ensure they remove hard drives or properly erase when they throw them out... but not all. For those who say "I'm not worried, I know enough to use MY copier properly", I'd point out that you have no control if the bank, insurance company, policed dept, etc... actually cleans their copiers before disposal. This is something worth thinking about
Holy Moley! I never really thought about whether or not copiers had hard drives. It makes sense that they do. This kind of freaks me out. The scariest bit is at the end! I wonder how many identities have been stolen this way.
@jaginaz: By the way, jaginaz, the harddisk pulled out at 0:13 appears to be a Western Digital 40 gigabyte (40 billion bytes in SI decimal GB) harddisk. . Suppose all copies are 256 color, 600 dpi, letter sized (8.5 * 11) scans. That would take up about ...oh, say 64 kilobyte (approximately 64 thousand bytes) per copy. . Divide 40,000,000,000 (SI decimal gigabyte) by 65536 (actual 64 kibibyte) and you have storage capacity for about 610,351 documents.
@Missymugsy I'm assuming it's because the copier is basically just a big camera... It has to take a picture of what you are copying, and in order to produce more copies it has to save that image. You can't save anything unless you have a hard-drive.
if I took apart one of these copiers and found the HDD i'd erase everything off it and use it as an external HDD for music or something. anyone know how much data these drives can hold?
I wonder if you could pop the hd out and use a free dwipe utility like DBAN, and then format the hard drive with whatever filesystem is required and replace it to sell it as surplus. It would only take a couple lawsuits to turn this issue around, I would not be surprised if we see a few in the coming months.
Don't blame the copy machine makers. I've worked in offices where you desperately need to find a record some something copied. It's the responsibility of the copier owner to scrub the hard drive prior to it being resold.
@Missymugsy when you copy an image it copies it to the hard drive and then it takes the image from the hard drive and prints it out. you cant copy the image directly to paper just doesnt work that way.
There are devices that can be purchased that wipe the hard drive clean (write all zero's) after each job. It is the only way the copiers can be sold to the us government.
Way to go CBS for letting us (and every criminal out there) know just where to find personal information. Why don't you have a documentary on the most effective way to pull off a terrorist attack while you're at it? Sheeesh!
what they don't tell you is if you look closely all the documents are pdf intentionally scanned into a file storage unit on the copier not just walk up copies stored in the hard drives also in 2 minutes a trained technician can wipe a copier hard drive making it unrecoverable
There's no reason these manufacturers should not be automatically wiping out the information on completion of a copy - why aren't the manufacturer's being looked at for breaching federal laws? Or, at the very least, encouraging it?
@JamesMorlan They store the images because they can then manipulate the stored images in many ways, allowing the copier to become much more flexible and versatile. For example, you can scan in 200 pages, then output them in reverse order that you scanned them, or output every alternate page, or crop them, or blow them up, or fax them, or any of a dozen other things. There's nothing wrong with these copiers, the only problem here is dumb staff not cleaning the drives at disposal.
The hard drives are necessary, he says, because most copiers also now handle printing, faxing, scanning and e-mail. When performing large fast print copy jobs to store an image of the document on the drive until the copier needs to recall it. Ever notice how a copier is done scanning before its done printing? Thats because setting up the image is the slowest part of the process. Home type machines dont have hardrives, thats why it scans and prints one page at a time.
@drummerego I agree, but if the end-user doesn't even know a hard drive exists within the copier, there's no way they can take the appropriate action to purge the data before dumping the machine. It would be like if Abit Motherboards started storing your saved passwords and username from internet pages onto a tiny hard drive embedded into the board itself. If you don't know that hard drive exists, how can you be blamed for not clearing it out before you toss out the computer?
@jaginaz: Okay, but the big problem is (A) They don't all have you working for them and (B) I don't understand the need for big harddisks in these devices anyhow, except to act as some sort of clandestine law enforcement tool, like so many others that we've seen.
some of these act as networked printers and some render images too. I don't work for a copier manufacturer, but unless you're doing high quality graphic prints, RAM should be cheap enough to install. I suspect hard disk drivers are probably cheaper. If you have a data policy then this should not be an issue. However, you do need to know that the hard drive is there first!
Why give these hard drives the capacity to store this information in the first place? It obviously doesn't do the consumer any good, since most people don't know it's there and wouldn't know how to access the information anyway. If the customer does not benefit from it, this data storage capacity should not be put in the machine.
MOST copier manufacturers use a proprietary language to store the data on the hard drive. That's not to say that there isn't information that can be obtained, it is just more difficult than plugging the hard drive into a computer and reading it. You would need special software in order to do it. Did anyone notice that all the machines in the article were Toshibas? Guess who writes their files in a Windows compatible file system? There are still easier and cheaper ways to steal identities.
@IuIz7 The people who are inclined to misuse this information know this already! Keeping this information secret DOES NOT mean nobody knows or will misuse it! People need to know so they can do something about it!
It's trivial for someone in say IT to hook up the drive to a computer and obliterate all the data before sending it out. Problem is apparently people don't know about it.
The point is that using a public copier or a copier from an office is potentially dangerous. Your own personal information from your employer may have been stored in a copier that was sold off and bought by someone else. That's disturbing.
@Reaperold I guess the copy machine developers are unfamiliar with the concept of flushing the cache. When the print job is done, there's no reason to hang on to the file, unless there is some kind of audit requirement in the company - in which case they should be aware that the machine is holding, what, 28 THOUSAND documents!? That's ridiculous. The machines should auto-erase (not just flush) the cache when done printing, and have a customer switch to deliberately enable a save function.
This is what the public wants in journalism. Not 2 year bogus investigations of Trump. If they did investigative journalism like this they’d be making tons of money again. I’m not that smart. Why don’t they know this?
Wow. What about copiers at Staples & Office Depot? I'm a fairly intelligent, computer savvy person & I didn't know about this. But here's a comparison: I don't stay up at night worried that I use the Internet to pay bills & buy stuff. We all do that. This is just another risk that we have to take in 2010. Compared to not having a sufficient safety plan in place when drilling for oil in the ocean...not such a big deal. I agree that there's some sensationalism in this the way this report was done.
Wow, it's amazing how they'll go after the little fish, but since they work for the big fish, never mention them. God I hate the mainstream news. Medical records, eh. Federal Privacy law. Social reprecussions.
@jaginaz: I know, I've seen the bloated capabilities of such machines before, double sided large sheet color printing, color copying, network scanning, PIN codes on a per print job or per user basis, automatic binding or stapling, etc. . However, IMO, any data belongs in the server/storage park, not on some local harddisk.. I see it as an absolute non-feature, but I guess we'll have to agree to disagree.
Well, if people didn't know you could do this before. They know now. It's good that these things are reported. However, this report is about 5 years too late.
I would consider the social security numbers on those machines a greater risk than the medical records.
Thank you for telling us AND the criminals!!!!
Great. I didn't know this, glad I do now. But I wonder how many thieves and cons now have more to go on thanks to this.
Holy sweet bajeezis! Thanks for the great journalism here. This is must-know stuff!
This is an interesting video. Still applies to small companies that have not upgraded their devices.
Only 60% of Americans don't know that copiers store images on hard drives? I had no idea (why store images when you just duplicate print copies onto paper immediately?), and I'm a security minded IT professional.
Great Information, thank you.
Check out the Xerox copier line. It has image disk overwrite. It clears that sector of the hard drive after every copy or print. You can set it to overwrite the drive every night.
I've been in the copier business for twenty years, from the analog days now I'm pretty much an I.T. guy for a large copier company with DOD contracts. This old news story is actually pretty close, the problem is that today the machines are so complex, run every protocol there is and are basically an NAS device. Copier manufacturers should not charge for the digital overwrite options, they rip people off with this.
Thank you for that information
I never knew or thought about it.
This has been known in security circles for years. There are even specific copier models with removable hard drives. If you return your copier with a hard drive inside, you're asking for trouble. The only way to secure a hard drive is with a big hammer or a blow torch.
From a friend who worked for a major copy machine company for over 20 years.. Heads up!
@Alistairville I would say it's somewhere between convenience and big brother (company watching employees). When you're fax scans stuff into memory, to send as you walk off, it has to store it somewhere. That and when it kicks out a "failure" to send, it's from (HD) storage. I can give a good number or reasons, but it's the same thing.
@Missymugsy so that the copier can scan multiple pages at once for faxing or sending to someone email box or hard drive. Also to store the whole document that is being printed from a computer.
Once there was a need for the hard drive, it became a feature. You can store all the scanned documents for later retrieval, or to use as a print on demand server for forms or other documents to print only when needed.
More and more 'clicks' on copiers are not for copying but for computer printing.
i had not thought of that.
People in my office never knew there was a HD in the copier. I bet the news story increased sales on used copy machines.
new laws obviously need to be made when it comes to coppiers used by public bodies.
Seems to me that the warehouse housing and receiving these copiers should have advised the companies from where they originated about the hard drives and given them the option of removing it before being shipped overseas. This, of course, would entail costs that should be paid by the last owner. Just a thought!
Even though this is from 2010, it's still relevant. Yes, not everyone has "cache all images" turned on, yes, many companies have scrubbing policies that ensure they remove hard drives or properly erase when they throw them out... but not all.
For those who say "I'm not worried, I know enough to use MY copier properly", I'd point out that you have no control if the bank, insurance company, policed dept, etc... actually cleans their copiers before disposal.
This is something worth thinking about
I suggest looking at the Ricoh Web Site and seraching for their DOSS (Data Overwrite Security System)
How reassurring......
Holy Moley! I never really thought about whether or not copiers had hard drives. It makes sense that they do. This kind of freaks me out. The scariest bit is at the end! I wonder how many identities have been stolen this way.
unfreakin believable!
does anyone know what the free forensic program is that i can download and where? thanks
What organization has authority over the violations??? and What security measures should be put into place to prevent this type of security breach? ??
it's obvious that companies wanted it as a part of enforcing policies /watching employees.
@jaginaz:
By the way, jaginaz, the harddisk pulled out at 0:13 appears to be a Western Digital 40 gigabyte (40 billion bytes in SI decimal GB) harddisk.
.
Suppose all copies are 256 color, 600 dpi, letter sized (8.5 * 11) scans. That would take up about ...oh, say 64 kilobyte (approximately 64 thousand bytes) per copy.
.
Divide 40,000,000,000 (SI decimal gigabyte) by 65536 (actual 64 kibibyte) and you have storage capacity for about 610,351 documents.
just wow!
What is the name of the forensics software that the video mentioned is available free on the Internet?
@Missymugsy I'm assuming it's because the copier is basically just a big camera... It has to take a picture of what you are copying, and in order to produce more copies it has to save that image. You can't save anything unless you have a hard-drive.
I can't believe that everyone is so surprised. Nothing that you write short of handwritten documents that are not photocopied is private.
if I took apart one of these copiers and found the HDD i'd erase everything off it and use it as an external HDD for music or something. anyone know how much data these drives can hold?
@Alistairville -these are scanned images. Things that are printed are stored in temp memory and then erased.
I wonder if you could pop the hd out and use a free dwipe utility like DBAN, and then format the hard drive with whatever filesystem is required and replace it to sell it as surplus. It would only take a couple lawsuits to turn this issue around, I would not be surprised if we see a few in the coming months.
We all need to report this to everyone immediately because this is as bad as someone getting a hold of your credit card or worse!
do home printers/scanners have the HDD?im looking for a file I printed in the past
Pretty fucking important that is, imagine how many people have this information overseas now?
Way to give people ideas! Oh geez....
@Snowycat2 -exactly!
SCARY STUFF !!!!
Really good info..thank you for putting it out because the damn copy machine people sure didn't!
@hotmercedes it depends on the model. if you google your printers name and the word hard drive you could probably find out
Don't blame the copy machine makers. I've worked in offices where you desperately need to find a record some something copied. It's the responsibility of the copier owner to scrub the hard drive prior to it being resold.
Scary to say the least.
@Missymugsy when you copy an image it copies it to the hard drive and then it takes the image from the hard drive and prints it out. you cant copy the image directly to paper just doesnt work that way.
There are devices that can be purchased that wipe the hard drive clean (write all zero's) after each job. It is the only way the copiers can be sold to the us government.
Way to go CBS for letting us (and every criminal out there) know just where to find personal information. Why don't you have a documentary on the most effective way to pull off a terrorist attack while you're at it? Sheeesh!
what they don't tell you is if you look closely all the documents are pdf intentionally scanned into a file storage unit on the copier not just walk up copies stored in the hard drives also in 2 minutes a trained technician can wipe a copier hard drive making it unrecoverable
@optimistsRUS agreed, they should pay for the replacement drives.
Look what and where our security data!
There's no reason these manufacturers should not be automatically wiping out the information on completion of a copy - why aren't the manufacturer's being looked at for breaching federal laws? Or, at the very least, encouraging it?
Why do the copiers store the images in the first place?
FIGHT THE MACHINE!
@JamesMorlan If you want 10,000 copies you would have to wait for 10,000 scans. Saving the image cuts over 50% waiting time.
@JamesMorlan
They store the images because they can then manipulate the stored images in many ways, allowing the copier to become much more flexible and versatile. For example, you can scan in 200 pages, then output them in reverse order that you scanned them, or output every alternate page, or crop them, or blow them up, or fax them, or any of a dozen other things.
There's nothing wrong with these copiers, the only problem here is dumb staff not cleaning the drives at disposal.
Gee, wonder what purpose a hard-drive in a copy machine would serve??? Lawsuit waiting to happen.....
hope it has a big hard drive cause i made a copy of my junk last week!
So that nightshift guy that photocopied his butt, will still have it stored in the hard drive!
someone is gonna try this now.
The hard drives are necessary, he says, because most copiers also now handle printing, faxing, scanning and e-mail. When performing large fast print copy jobs to store an image of the document on the drive until the copier needs to recall it. Ever notice how a copier is done scanning before its done printing? Thats because setting up the image is the slowest part of the process. Home type machines dont have hardrives, thats why it scans and prints one page at a time.
@drummerego I agree, but if the end-user doesn't even know a hard drive exists within the copier, there's no way they can take the appropriate action to purge the data before dumping the machine. It would be like if Abit Motherboards started storing your saved passwords and username from internet pages onto a tiny hard drive embedded into the board itself. If you don't know that hard drive exists, how can you be blamed for not clearing it out before you toss out the computer?
@jaginaz:
Okay, but the big problem is (A) They don't all have you working for them and (B) I don't understand the need for big harddisks in these devices anyhow, except to act as some sort of clandestine law enforcement tool, like so many others that we've seen.
some of these act as networked printers and some render images too. I don't work for a copier manufacturer, but unless you're doing high quality graphic prints, RAM should be cheap enough to install. I suspect hard disk drivers are probably cheaper. If you have a data policy then this should not be an issue. However, you do need to know that the hard drive is there first!
@Skormm Yeah, you could use a screwdriver, but it's not nearly as much fun.
Big brotha is still watching
Not well known, now it is.
Why does the machine keep copies in the first place? To stop counterfeiters??
Why give these hard drives the capacity to store this information in the first place? It obviously doesn't do the consumer any good, since most people don't know it's there and wouldn't know how to access the information anyway. If the customer does not benefit from it, this data storage capacity should not be put in the machine.
Oh good, another thing for us to be terrified of.
MOST copier manufacturers use a proprietary language to store the data on the hard drive. That's not to say that there isn't information that can be obtained, it is just more difficult than plugging the hard drive into a computer and reading it. You would need special software in order to do it. Did anyone notice that all the machines in the article were Toshibas? Guess who writes their files in a Windows compatible file system? There are still easier and cheaper ways to steal identities.
It doesn’t keep all the documents ever scanned
I love the resource monitor you used to make it look like your hacking lmfao!
damn! i got one in my truck right now that somebody threw out for garbage!
I use Free Forensic program all the time. Its great for enhancing photographs
if criminals didn't know about this type of stuff they sure do now.
Great! Let's clue in MORE sheisty criminals on how to be corrupt!
@IuIz7 The people who are inclined to misuse this information know this already!
Keeping this information secret DOES NOT mean nobody knows or will misuse it!
People need to know so they can do something about it!
It's trivial for someone in say IT to hook up the drive to a computer and obliterate all the data before sending it out. Problem is apparently people don't know about it.
Only wiping a drive makes it unrecoverable. Wiping a hard drive requires writing to each sector, and take serveral hours on an 80G HDD
maybe we could find one with the O's birth certificate stored on it.
@Missymugsy In case you loose a document and for security.
James-so your bosses can spy on you.
The point is that using a public copier or a copier from an office is potentially dangerous. Your own personal information from your employer may have been stored in a copier that was sold off and bought by someone else. That's disturbing.
@stewartx5 this is why they should use copiers that DONT have hard drives in them. Just copy a paper or print a paper.
wow, time for us to clean up our collective acts!
Better not have one of those wild office parties. You might find yourself on some website showing it all. lol
@Reaperold I guess the copy machine developers are unfamiliar with the concept of flushing the cache. When the print job is done, there's no reason to hang on to the file, unless there is some kind of audit requirement in the company - in which case they should be aware that the machine is holding, what, 28 THOUSAND documents!? That's ridiculous. The machines should auto-erase (not just flush) the cache when done printing, and have a customer switch to deliberately enable a save function.
This is what the public wants in journalism. Not 2 year bogus investigations of Trump. If they did investigative journalism like this they’d be making tons of money again. I’m not that smart. Why don’t they know this?
Wow. What about copiers at Staples & Office Depot? I'm a fairly intelligent, computer savvy person & I didn't know about this. But here's a comparison: I don't stay up at night worried that I use the Internet to pay bills & buy stuff. We all do that. This is just another risk that we have to take in 2010. Compared to not having a sufficient safety plan in place when drilling for oil in the ocean...not such a big deal. I agree that there's some sensationalism in this the way this report was done.
Wow, it's amazing how they'll go after the little fish, but since they work for the big fish, never mention them. God I hate the mainstream news. Medical records, eh. Federal Privacy law. Social reprecussions.
What the hell... wow. You can tell the NSA consultant was doing a "less-angry" take. He looks like he just finished yelling the same words.
Good thing the only copier i use to copy secretive documents is my personal copier
what advice to Australian cinsumers?????
@jaginaz: I know, I've seen the bloated capabilities of such machines before, double sided large sheet color printing, color copying, network scanning, PIN codes on a per print job or per user basis, automatic binding or stapling, etc.
.
However, IMO, any data belongs in the server/storage park, not on some local harddisk.. I see it as an absolute non-feature, but I guess we'll have to agree to disagree.
$500 for a feature to erase contents of hard drive? shit, i can make a program that does that, and charge $0 for it
Use Xerox, all problems solved. Xerox has been at the forefront with document security for over a decade. Plus it's standard on their machines.
New Hire On-Boarding process
Can't they just remove the Hard Drive before it leaves the building?
Well, if people didn't know you could do this before. They know now. It's good that these things are reported. However, this report is about 5 years too late.