Author Topic: Identity Theft OFFLINE - Get ready to be VERY scared (Read 19077 times)

Renegade · « **on:** May 12, 2010, 08:02 PM »

Get ready to be very scared...

Now, how many people still have clean underwear?

mouser · « **Reply #1 on:** May 12, 2010, 08:11 PM »

this goes way beyond the dangers of identity theft, and is so outrageous and could have been entirely foreseen as a huge security risk by copy machine makers..

in fact it reeks of a purposeful "bug" in the system put in place for national security reasons. ironic that it's ending up backfiring on the security/police organizations.

lanux128 · « **Reply #2 on:** May 12, 2010, 08:35 PM »

scary.. all copiers should have a disk wipe program as part of the package, not a $500 option.

Deozaan · « **Reply #3 on:** May 12, 2010, 09:07 PM »

Count me as among those who didn't realize copy machines had a hard drive in them. Scary indeed!

Though I'm left wondering how prevalent that is. Would, for instance, my little HP All-In-One home printer also have a hard drive in it? How about my Brother MFC-7840W?

Or is this just a "feature" of "commercial-grade" copiers?

Renegade · « **Reply #4 on:** May 12, 2010, 09:08 PM »

Gross negligence? Criminal negligence? It's beyond insane.

J-Mac · « **Reply #5 on:** May 12, 2010, 10:22 PM »

WOw - that is indeed scary. And actually, I think that down deep on some level I knew that copiers had some capabilities like this. I remember when I was still working we got Canon copiers that were connected to our company network; we could scan documents to PDF and distribute/email them right from the machines. I just never considered the personal privacy risks inherent.

Thanks!

Jim

mwb1100 · « **Reply #6 on:** May 12, 2010, 11:03 PM »

I think that down deep on some level I knew that copiers had some capabilities like this. I remember when I was still working we got Canon copiers that were connected to our company network; we could scan documents to PDF and distribute/email them right from the machines. I just never considered the personal privacy risks inherent.
-J-Mac (May 12, 2010, 10:22 PM)

My thoughts exactly - and I'll tell you what, if the tech-savvy people here seem to be unaware of this, I have to believe that far more than 60% of Americans are unaware of this issue.

JavaJones · « **Reply #7 on:** May 13, 2010, 12:50 AM »

I heard about this recently too (maybe on Slashdot?). Not that surprising, but definitely worrying. Not so much for what *I've* done with copiers as what others do with my info on *their* copiers. I trust myself to be diligent.

This is generally not a problem for home machines btw. Your $100 All-in-one printer/copier/scanner isn't going to justify having a HD on it. But when you see features like "store and print later", that's when you need to worry.

One interesting thing I thought of is that many businesses simply lease their copying equipment. Most of the time their local IT staff isn't even *allowed* to mess with the hardware or software or it voids the support terms of the lease. All well and good. But one wonders if these copier leasing companies are savvy to this and are wiping machine's HDs when they go to another company, or are sent for recycling. Probably not.

Definitely something to inquire about if you're ever in the position to lease a copier!

- Oshyan

TucknDar · « **Reply #8 on:** May 13, 2010, 03:46 AM »

That's extraordinary! I had no idea about this.

I wonder how many images of butts they find on average...

Renegade · « **Reply #9 on:** May 13, 2010, 03:56 AM »

I wonder how many images of butts they find on average...
-TucknDar (May 13, 2010, 03:46 AM)

Hahahaaha~!

I think that 60% mark is way off. It's probably from "Did you know that photocopiers have hard drives?" Which a lot of people will non-nonchalantly lie about (if even inadvertently). I'd certainly never thought of it before. (I'm now searching for used photocopiers... Muahahahaha~!)

Stoic Joker · « **Reply #10 on:** May 13, 2010, 05:54 AM »

Count me as among those who didn't realize copy machines had a hard drive in them. Scary indeed!

Though I'm left wondering how prevalent that is. Would, for instance, my little HP All-In-One home printer also have a hard drive in it? How about my Brother MFC-7840W?

Or is this just a "feature" of "commercial-grade" copiers?
-Deozaan (May 12, 2010, 09:07 PM)

You'd be surprised just how low that line is (HDD's are cheap...) Pretty much any machine that offers "Job Storage" (fax machine runs out of paper...) gotta put it somewhere. For HP's AIO series printers I'd say no. But for the MFP class machine (the distinction is less than $100), yeah most have them. The brother I'd have to look up, but it will be listed (semi prominently - sales hype...) in the machines spec sheet.

Actually, if you really want to scare the shit outta yourself...Lookup IronGeeks printer hacking articles - Your printer/copier may be hosting Kiddie Porn.

40hz · « **Reply #11 on:** May 13, 2010, 07:00 AM »

Funny CBS is making such a big deal of this. Corporate IT departments have known about this for years. And the techs who service these printers knew about it from day one. And if I recall correctly, this very same story got press coverage some years back. It was in the late 90s if I'm not mistaken...

Four predictions:

1) All those overpriced wipe utilities and "features" will soon be available free of charge from the printer manufacturers. But not before some twit on TV tries to sell everybody one for $100.

2) The used upper-end laser printer market will suffer a temporary drop in volume. Many companies will likely stop selling off their old printers and decide to mothball them "just to be on the safe side" until the scare is over. Should be a good 6 to 8 month business opportunity for someone who wants to go around zapping printer hard drives for these people.

3) Lawyers are already dreaming of class action lawsuits.

4) The boys up on Capitol Hill will quickly call for hearings to address this "huge security menace." Expect a great deal of hand wringing and moral outrage. Elections are coming up, and this one is fairly safe from a political perspective. Especially since many of these printers are also from non-US companies. So expect a token bit of Euro/Nippon 'bashing' from the all the usual blowhards and pundits.

Can't wait to see what happens when they next "discover" that many of these same printers also have unprotected mini-webservers on them - and support javascript as well...

$:-\$

Stoic Joker · « **Reply #12 on:** May 13, 2010, 10:23 AM »

^^^Nostradamus has spoken^^^

40hz · « **Reply #13 on:** May 13, 2010, 11:25 AM »

^ Don't know about Nostradsmus...

But I am in on a tech news pool. You get to make predictions based on the news reports. You're allowed up to eight predictions at a time. Whoever has the most correct predictions for the previous week wins. You also get to smile insufferably and say "I told ya so!" (And best of all - the rules say nobody is allowed to smack you if you do. Or not too hard anyway. )

If nobody hits, the pool accumulates until somebody does.

I expect to win with this story.

Stoic Joker · « **Reply #14 on:** May 13, 2010, 02:26 PM »

It's as close to a sure thing as there ever was.

Note: Our company specializes in printers, printer refurbishing, & printing supplies ... So I am the "front line" of which you speak...

...and yes we wipe all our drives.

40hz · « **Reply #15 on:** May 13, 2010, 03:40 PM »

...and yes we wipe all our drives.
-Stoic Joker (May 13, 2010, 02:26 PM)

We're network integrators.

And we're very careful to wipe sensitive data off all our customer's drives too.

Sometimes even intentionally!

Kidding...just kidding...

Stoic Joker · « **Reply #16 on:** May 13, 2010, 04:58 PM »

ROFL

A wise man once said: (sh)IT Happens - and he was right...

mwb1100 · « **Reply #17 on:** May 13, 2010, 05:04 PM »

All those overpriced wipe utilities and "features" will soon be available free of charge from the printer manufacturers. But not before some twit on TV tries to sell everybody one for $100.
-40hz (May 13, 2010, 07:00 AM)

Well, here's what I want - a stand-alone gizmo that will plug into an IDE or SATA drive and wipe the thing by just pressing a button. I have drives that aren't housed in a computer (or worse, the computer they're in is kaput), and I'd like an easy way to wipe them without having to futz around getting them into (or just hooked up to) a working computer to get them wiped. That's more pain that I'd lke to go through, and even when I actually do it (it's made much easier with one of those USB to IDE/SATA adapters), I'm always deathly afraid that I'm going to select the wrong item or option and wipe a drive that I'd really rather keep the data from (for some reason, when I find myself doing this kind of thing it's usually at 2am, which probably isn't very smart...).

And I don't really trust a service that claims to do this. I'd imagine to myself that I'd hand over a bunch of drives and $40 per drive to get them cleaned, and the drives would just end up going right into a dumpster.

It seems to me that all that needs to be done is have a small ARM microcontroller embedded in something much like one of those USB to IDE/SATA adapters, give it the right firmware and a power plug and - bam! a gizmo that that'll wipe a drive at the press of a button for less than $100. I'd buy something like that for my own piece of mind (definitely for $50).

If someone out there is aware of such a device, let me know.

If not, maybe I'll be able to make some time for a project (chances of that happening by the time the Sun collapses - pretty near zero).

40hz · « **Reply #18 on:** May 13, 2010, 05:26 PM »

^all you'd need is something that could run Darik's Boot & Nuke in autonuke mode. DBAN is tiny. It fits on a bootable floppy. So a small bit of ROM and a CPU would be all that's needed for the smarts.

Stoic Joker · « **Reply #19 on:** May 13, 2010, 09:07 PM »

^^Yepper^^

ljbirns · « **Reply #20 on:** May 15, 2010, 11:21 AM »

My question is " Why do copiers have HD that store the information ?"

40hz · « **Reply #21 on:** May 15, 2010, 12:08 PM »

^It's just caching the print jobs for network and print queue efficiency. Biggest advantage is that it eases network congestion because multi-copy print jobs get sent once rather than as many times as you need copies. It also frees up the sending PC by not making it's print manager keep polling the network to see if the office printer is ready to accept the job. In a small office, onboard RAM is usually sufficient to handle this function. But for large document or 'high traffic' situations, hard drives are (currently) a much less expensive and more efficient way to build a print queue.

Caching allows you to prioritize or delay print jobs. You can set your print job to run at a lower priority or after regular office hours if you want to. That way, the office football pool sheets don't get delayed because some dork in accounting is frantically rushing to get 5000 pages worth of subpoenaed financial data over to the SEC by close of business!

Caching also comes in handy when you have a paper jam. Most good printers (and copiers) have the ability to recover exactly where they left off. Nice for when you jam up on page 275 of a 280-page job and you don't want to resend and reprint the whole schmeer.

Another big advantage is it separates the print job queue from the actual print function. Network data flows at megabytes per second. Paper prints in pages per minute. Caching lets people pile jobs on the printer's drive, after which the print engine does its best to get it all done. (Often by working through lunch break and staying late.) It's an obvious idea when you think about it... Bosses have been doing the same thing to their employees since the dawn of bureaucracy.

---

Most copiers and printers don't maintain archives of files unless they're set up to do some sort of low-end "print on demand" function. Some offices will do that so they can generate paper forms and handout sheets as they need them. Much easier than having to hunt down a form somebody desperately needs when the office manager is out for the afternoon. Again!

So the fact these gadgets don't completely erase* old print jobs is a side effect rather than a feature - or a conspiracy. Think of it more like forgetting to shred paper documents before you put them in the dumpster.

-----

*Note: it's a pretty well known fact that most computer systems don't actually erase files when you tell them to. What they do is mark the disk sectors as being available for reuse by new saved files. If it were a library, that would be the equivalent of cleaning out old books by simply tossing the catalog card and telling everyone they were gone. These 'deleted' books, however, would remain on the shelves until somebody needed the space and got around to actually tossing them.

cranioscopical · « **Reply #22 on:** May 15, 2010, 12:27 PM »

These 'deleted' books, however, would remain on the shelves until somebody needed the space and got around to actually tossing them.
-40hz (May 15, 2010, 12:08 PM)

So much for those dewey-eyed librarians!

ljbirns · « **Reply #23 on:** May 15, 2010, 12:31 PM »

40hz

Thanks for enlightening me. That does make perfect sense. A ' delete ' button that would allow IT or management an easy way to clear the cache would be appropriate.
I am sure that all the people that make copies of their personal stuff have no idea that it is saved on the company copy machine. I sure didn't.

40hz · « **Reply #24 on:** May 15, 2010, 12:33 PM »

These 'deleted' books, however, would remain on the shelves until somebody needed the space and got around to actually tossing them.
-40hz (May 15, 2010, 12:08 PM)
So much for those dewey-eyed librarians!
-cranioscopical (May 15, 2010, 12:27 PM)

Still...rumor has it they do it by the book. And in several different languages!!!