September 2, 2015
By Armen Keteyian
See video here: Click here to see video
(CBS) At a warehouse in New Jersey, 6,000 used copy machines sit ready to be sold. CBS News chief investigative correspondent Armen Keteyian reports almost every one of them holds a secret.
Nearly every digital copier built since 2002 contains a hard drive - like the one on your personal computer - storing an image of every document copied, scanned, or emailed by the machine.
In the process, it's turned an office staple into a digital time-bomb packed with highly-personal or sensitive data.
If you're in the identity theft business it seems this would be a pot of gold.
"The type of information we see on these machines with the social security numbers, birth certificates, bank records, income tax forms," John Juntunen said, "that information would be very valuable."
Juntunen's Sacramento-based company Digital Copier Security developed software called "INFOSWEEP" that can scrub all the data on hard drives. He's been trying to warn people about the potential risk - with no luck.
"Nobody wants to step up and say, 'we see the problem, and we need to solve it,'" Juntunen said.
This past February, CBS News went with Juntunen to a warehouse in New Jersey, one of 25 across the country, to see how hard it would be to buy a used copier loaded with documents. It turns out ... it's pretty easy.
Juntunen picked four machines based on price and the number of pages printed. In less than two hours his selections were packed and loaded onto a truck. The cost? About $300 each.
Until we unpacked and plugged them in, we had no idea where the copiers came from or what we'd find.
We didn't even have to wait for the first one to warm up. One of the copiers had documents still on the copier glass, from the Buffalo, N.Y., Police Sex Crimes Division.
It took Juntunen just 30 minutes to pull the hard drives out of the copiers. Then, using a forensic software program available for free on the Internet, he ran a scan - downloading tens of thousands of documents in less than 12 hours.
The results were stunning: from the sex crimes unit there were detailed domestic violence complaints and a list of wanted sex offenders. On a second machine from the Buffalo Police Narcotics Unit we found a list of targets in a major drug raid.
The third machine, from a New York construction company, spit out design plans for a building near Ground Zero in Manhattan; 95 pages of pay stubs with names, addresses and social security numbers; and $40,000 in copied checks.
But it wasn't until hitting "print" on the fourth machine - from Affinity Health Plan, a New York insurance company, that we obtained the most disturbing documents: 300 pages of individual medical records. They included everything from drug prescriptions, to blood test results, to a cancer diagnosis. A potentially serious breach of federal privacy law.
"You're talking about potentially ruining someone's life," said Ira Winkler. "Where they could suffer serious social repercussions."
Winkler is a former analyst for the National Security Agency and a leading expert on digital security.
"You have to take some basic responsibility and know that these copiers are actually computers that need to be cleaned up," Winkler said.
The Buffalo Police Department and the New York construction company declined comment on our story. As for Affinity Health Plan, they issued a statement that said, in part, "we are taking the necessary steps to ensure that none of our customers' personal information remains on other previously leased copiers, and that no personal information will be released inadvertently in the future."
Ed McLaughlin is President of Sharp Imaging, the digital copier company.
"Has the industry failed, in your mind, to inform the general public of the potential risks involved with a copier?" Keteyian asked.
"Yes, in general, the industry has failed," McLaughlin said. (Please note: Sharp is the leader in MFP security. Click the following link to learn how to protect yourself: www.sharpusa.com/security.)
In 2008, Sharp commissioned a survey on copier security that found 60 percent of Americans "don't know" that copiers store images on a hard drive. Sharp tried to warn consumers about the simple act of copying.
"It's falling on deaf ears," McLaughlin said. "Or people don't feel it's important, or 'we'll take care of it later.'"
All the major manufacturers told us they offer security or encryption packages on their products. One product from Sharp automatically erases an image from the hard drive. It costs $500.
But evidence keeps piling up in warehouses that many businesses are unwilling to pay for such protection, and that the average American is completely unaware of the dangers posed by digital copiers.
The day we visited the New Jersey warehouse, two shipping containers packed with used copiers were headed overseas - loaded with secrets on their way to unknown buyers in Argentina and Singapore.
Subject: Sharp MFP Volatility
Sharp engineers have confirmed that Sharp RAM based multifunctional copiers lose all document data in memory in a typical time of 550 milliseconds (about one half second) after the copier power is turned off. Sharp copiers do not battery backup or in any way provide support to the RAM that would prevent the data from being lost in about one half second after power down.
Sharp’s MFP architecture that is not based on Windows or a UNIX variant also provides no access to the copier RAM. There is no administrator, user, or service interface that would permit an attacker to access the RAM even if power was not turned off. By providing product not based on soft operating systems Sharp provides multifunctional copiers (MFDs) that are not only not open to memory attacks but also are not subject to viruses or worms or other PC-like vulnerabilities. This eliminates the possibility that document data in memory might be accessed, copied, redirected or compromised.
Sharp copiers equipped with Sharp Common Criteria validated Data Security Kits (DSKs) offer additional memory protection. RAM based (no hard drive) Sharp MFPs in the 22 to 27 ppm range with DSKs overwrite the RAM with random data as soon as copy, print, or scan jobs complete. This eliminates the need to cut power to clear RAM. Faster Sharp MFPs, without hard drives, in the 35 to 45ppm range use a DSK with additional features. All data buffered to RAM is encrypted and the encrypted data is then overwritten. This provides a higher level of security for classified environments.
Sharp MFDs with hard drives and DSKs buffer all document data to memory as AES encrypted data and overwrite the encrypted document data up to seven times (exceeding the typical three overwrites) to provide a much higher level of assurance.
In all cases above Sharp MFDs do not accumulate documents (filing them like a PC). The memory (RAM or hard drive) is used as a temporary buffer and the document data is constantly overwritten by new jobs so a large number of documents are never accumulated on the copier.
The Sharp Common Criteria validated (typically at EAL3 ) Data Security Kits were developed to provide security for RAM based MFDs as well as hard drive based units to not only eliminate the need to cut power but by using overwriting and encryption to add additional layers of security.
The Sharp would not have recoverable data within less than one second of being disconnected. It should be noted that copied documents are not stored as easily read ASCII files but as compressed bit maps that are very difficult to decode even if the data could be accessed. Since a computer like OS is not used, the memory cannot be accessed and the storage format used is proprietary so even before power is cut there is little vulnerability to attack in a Sharp MFD.
Sharp secure network interface—port management
Securing a company's computer network against hacker, attacker or virus via the Internet is a significant issue in both private and public sectors. If trouble strikes, crucial files could be lost or corrupted, productivity could be hurt, communication lines might be blocked and resources disabled.
Sharp MFPs use unique, embedded firmware not based on the Windows®/Linux® operating system. Therefore, the Sharp MFP’s internal systems are not subject to the same virus vulnerability as Microsoft and Linux operating systems. The unique Sharp architecture provides no user interface and cannot execute downloaded files or commands sent by an attacker to compromise the system.
Sharp MFPs feature an intelligent network interface that can limit access to specific computers on a network by IP or MAC address and selectively enable or disable any protocol or service port on each device. All communications to and from the MFP can utilize Secure Socket Layer (SSL) or Transport Layer Security (TLS) for secure transmission over the network and most devices also support SMB, IPv6, IPSec and SNMPv3.
Access can be controlled at 4 levels:
(1) IP address filtering: limits access to select IP addresses
(2) MAC address filtering: limits access to specific PCs regardless of IP address
(3) Protocol Disabling: specific communication protocols are disabled (such as TCP/IP, NetBEUI, NetWare, AppleTalk)
(4) Port Disabling: specific communication ports are disabled (such as USB, SMTP, LDAP, HTTP, FTP, LDAP, LPD, IPP, Telnet, WINS, JCP, RARP, POP3, SSL, TLS)
Sharp MFPs easily connect to your office network. Setup and configuration are greatly simplified through intuitive Web pages that can be accessed remotely and securely by a network administrator.
Restricts printer usage to authorized users
Safe remote (Web) configuration
Helps protect against hacker threats
Helps prevent unauthorized direct connections
IP address filtering
MAC address filtering