Tuesday, May 4, 2010

Whoa... Scary Stuff

FYI - Did you know that photocopiers contain a hard drive that keeps a picture of everything ever copied? Most places do not remove or wipe out this hard drive when the copiers are replaced/sold and pretty much anyone can buy a used copier.  Our IT dept at school just found this out (right after we all copied our entire families' birth certificates as mandated by the health insurance we get through our employer, the ins. co. needed copies to prove eligibility) and will now be removing hard drives and wiping them out before getting rid of any copiers.

Here is a link to the story on CBS News.  Here is the print version of the story on the CBS website:

DIGITAL COPIERS LOADED WITH SECRETS

(CBS)  At a warehouse in New Jersey, 6,000 used copy machines sit ready to be sold. CBS News chief investigative correspondent Armen Keteyian reports almost every one of them holds a secret.

Nearly every digital copier built since 2002 contains a hard drive - like the one on your personal computer - storing an image of every document copied, scanned, or emailed by the machine.

In the process, it's turned an office staple into a digital time-bomb packed with highly-personal or sensitive data.

If you're in the identity theft business it seems this would be a pot of gold.

"The type of information we see on these machines with the social security numbers, birth certificates, bank records, income tax forms," John Juntunen said, "that information would be very valuable."

Buffalo Reacts to CBS News Investigation

Juntunen's Sacramento-based company Digital Copier Securitydeveloped software called "INFOSWEEP" that can scrub all the data on hard drives. He's been trying to warn people about the potential risk - with no luck.

"Nobody wants to step up and say, 'we see the problem, and we need to solve it,'" Juntunen said.

This past February, CBS News went with Juntunen to a warehouse in New Jersey, one of 25 across the country, to see how hard it would be to buy a used copier loaded with documents. It turns out ... it's pretty easy.

Juntunen picked four machines based on price and the number of pages printed. In less than two hours his selections were packed and loaded onto a truck. The cost? About $300 each.

Until we unpacked and plugged them in, we had no idea where the copiers came from or what we'd find.

We didn't even have to wait for the first one to warm up. One of the copiers had documents still on the copier glass, from the Buffalo, N.Y., Police Sex Crimes Division.

It took Juntunen just 30 minutes to pull the hard drives out of the copiers. Then, using a forensic software program available for free on the Internet, he ran a scan - downloading tens of thousands of documents in less than 12 hours.

The results were stunning: from the sex crimes unit there were detailed domestic violence complaints and a list of wanted sex offenders. On a second machine from the Buffalo Police Narcotics Unit we found a list of targets in a major drug raid.

The third machine, from a New York construction company, spit out design plans for a building near Ground Zero in Manhattan; 95 pages of pay stubs with names, addresses and social security numbers; and $40,000 in copied checks.

But it wasn't until hitting "print" on the fourth machine - from Affinity Health Plan, a New York insurance company, that we obtained the most disturbing documents: 300 pages of individual medical records. They included everything from drug prescriptions, to blood test results, to a cancer diagnosis. A potentially serious breach of federal privacy law.

"You're talking about potentially ruining someone's life," said Ira Winkler. "Where they could suffer serious social repercussions."

Winkler is a former analyst for the National Security Agency and a leading expert on digital security.

"You have to take some basic responsibility and know that these copiers are actually computers that need to be cleaned up," Winkler said.

The Buffalo Police Department and the New York construction company declined comment on our story. As for Affinity Health Plan, they issued a statement that said, in part, "we are taking the necessary steps to ensure that none of our customers' personal information remains on other previously leased copiers, and that no personal information will be released inadvertently in the future."

Ed McLaughlin is President of Sharp Imaging, the digital copier company.

"Has the industry failed, in your mind, to inform the general public of the potential risks involved with a copier?" Keteyian asked.

"Yes, in general, the industry has failed," McLaughlin said.

In 2008, Sharp commissioned a survey on copier security that found 60 percent of Americans "don't know" that copiers store images on a hard drive. Sharp tried to warn consumers about the simple act of copying.

"It's falling on deaf ears," McLaughlin said. "Or people don't feel it's important, or 'we'll take care of it later.'"

All the major manufacturers told us they offer security or encryption packages on their products. One product from Sharp automatically erases an image from the hard drive. It costs $500.

But evidence keeps piling up in warehouses that many businesses are unwilling to pay for such protection, and that the average American is completely unaware of the dangers posed by digital copiers.

The day we visited the New Jersey warehouse, two shipping containers packed with used copiers were headed overseas - loaded with secrets on their way to unknown buyers in Argentina and Singapore. 

32 comments:

Wendy Ramer, Author said...

VERY educational. Thanks for posting about this.

Sarah Ahiers said...

...holy crap!

Saumya said...

Wow that is super scary!!

Anne Gallagher said...

Holy Crap is right! No wonder my identity has been stolen 3 times.

Unknown said...

May be something to think about, passing this along to your places of business, local libraries, etc.

Yikes!

Roxy said...

Nooo! Those photocopies of my profile from 1987 are still out there somewhere? Very interesting, if disturbing, post. It's great to hear from you, blogger buddy!

Creepy Query Girl said...

wow! I had no idea. Guess I probably shouldn't have photocopied my ass when I used to work in the accounting department of my university...
Really interesting info!

Ps- there's a little suttin suttin waiting for you on my blog;)

Talli Roland said...

Whoa! That is scary! Thanks for the heads-up.

Unknown said...

That's terrifying! Thanks for bringing it to my attention.

:)) Hope you're doing well!

Jaime Wright said...

That could set the stage for an intriguing suspense novel. :)

Old Kitty said...

OK. This is quite scary. And very educational - thank you.

Is nothing sacred anymore?!?!

Yikes!

Take care
x

Sharon K. Mayhew said...

OMGoodness! I think about all of the documents I copied relating to children on copiers...Then I think about my medical records perhaps being out there for anyone to dig up...Great post!

Unknown said...

Handsome Hubby: I wonder how many copies of butts the hackers find?

Me: Probably not nearly as many as they hope for. :)

HH: Too bad. They must be BUMmed!

Har har har. ;)

Shelley Sly said...

Oh gosh, that is scary stuff! I had no idea. Thanks for sharing this.

Jemi Fraser said...

Wow - I had no idea - but it makes sense! I wonder who will dig through the archives to find the ever-exciting projects my kids are working on! :)

Dawn Ius said...

Yep, definitely scary. And yet, the creative brain has now engaged and I sense a story...

Kathi Oram Peterson said...

I had no idea copiers had memories, but it makes sense. Scary is soooo right. Thanks for sharing the info.

Erin Kuhns said...

That is SO frightening! What I don't understand is why it would be necessary for ANY photocopier to save the copies to a hard drive in the first place. It strikes me as a bit dodgy in the first place.

I had no idea about this. I'm so glad you shared this article. Thank you!

Anonymous said...

I had no idea. That's so scary. I hope this filters to the people who service large workplace copiers so that they can help businesses erase the hard drives.

I just tried to look up information for the small multi-function printers I use at home, and it seems like they only keep fax logs.

Glynis Peters said...

Gosh, that is worrying. No more public copying for me. I will do it all at home.

Clementine said...

That doesn't surprise me - we live in a scary world, don't we? Very interesting article!

Unknown said...

My oh my, the things electronics say about you!

Tracy said...

I had to laugh. Not because this isn't a serious issue, but because my first response was similar to your husband's. I wondered how many random body parts show up in the memory!!

I followed you over from my blog, and wanted to say "Hi!"

Hannah said...

huh, it makes sense. It's a computer. Just one more thing to be wary of. *sigh*

Angie Paxton said...

Whoa, that is scary. I wonder if my ex bosses (both attorneys who copy a lot of highly sensitive material every day) know this? I tagged you in a little blogger game. If you'd like to play the details are on my blog.

Daniel Dragomirescu said...

Your blog looks good.
Daniel D. Peaceman, writer (other "dangerous with a pen")

Walter Knight said...

I am more concerned that my employer could see what I copied late at night after everyone left. No asses, and I am so glad I didn't go forward with my counterfeiting plans.

I have also heard copiers put a secret mark on every page, so a copier can be traced.

Lola Sharp said...

OMG!!!!!

SKIZO said...

In your honour and in the honour of wall the Writwrs and Poets, I published an ilustration.

Josie said...

Hi, I just happened upon your blog and it seems like I'm just in time for your photocopy alert! This is pbably one of the most important blogs I've read in a while! Yikes! I used to do a lot of copies at Kinkos etc...makes you wonder...

Dicy said...

Hi, I too happened upon the site and appreciate the info about the copier. I am a retired teacher and like to write, mostly poems. I just put my site up today with one of my poems. I also like to write for children. I plan to follow you on your journey, and if you have any suggestions I would appreciate them.

Elizabeth Mueller said...

LOL, I'm so glad I've never sat on one! ;)