Feeds

eBay photocopier data risk ignored

Hidden danger of copier/printer hard disks

Secure remote control for conventional and virtual desktops

Analysis The security threat from carelessly ditched computers increasingly applies to a much wider range of office equipment, as sophisticated storage technology finds its way into humble devices such as fax machines and printers.

The risk that sensitive documents might make their way into the hands of undesirables was neatly illustrated by a recent News of the World investigation, which discovered sensitive information on office kit sold through a second-hand supplier.

Multi-purpose photocopiers, which double as scanners and printers, use hard drives to store data. Firms frequently fail to apply basic security precautions before disposing of the equipment, which sometimes ends up on eBay or second-hand office equipment suppliers.

As part of an investigation the News of the World bought a number of second-hand copiers, one of which contained data left over from its use by defence supplier Cobham.

With the assistance of experts, the paper was able to recover documents and faxes including an April purchase order from aerospace giant BAE Systems and NATO briefing notes. It also found a direct debit instruction that gave away the details of one of the firm's bank accounts, along with an authorised signature and the personal details of one worker from a vetting request.

The Canon machine was bought for £411.25 from JKBM.com of Ashford, Kent, a reseller of second-hand office machinery and copiers, who exports much of the equipment that passes through its hands, especially to Nigeria and Ghana. The IR3100CN copier came with a 40GB hard drive.

The NotW passed on details of its find to privacy watchdogs at the Information Commissioner's Office.

Cobham told the NotW that it intended to change its equipment disposal procedures in the wake of the incident. "We take data privacy very seriously and have rigorous procedures," he said. "We are taking all necessary steps to recover the equipment and its data and ensure there's no recurrence."

Independent security experts said the photocopier data disclosure risk has existed for about eight years, but was poorly understood even today.

"Since about 2002 commercial copiers are built with hard drives for purposes of networking and multitasking," said Robert Siciliano, a security consultant at net security firm McAfee. "Organisations who upgrade their hardware are most often unaware of this fact.

"Once sold/donated/refurbished the data is up for grabs. Copiers need to fall under the same categories as computers and mobiles as devices that require compliance to security standards when reselling or disposing."

Harlan Simpson, director of data recovery firm Disklabs, explained that the majority of firms ignore the risk when it comes to getting rid of outdated kit.

"People are simply ignorant to the data stored on photocopiers - they just don't even realise that it's just data stored on a hard disk - the same as in their computers," Simpson explained.

"Because of this, it's treated like an old piece of hardware, not like the storage device it actually is. It's exactly the same with most fax machines."

"People have to learn which devices store data. Photocopiers, faxes, scanners, phones, computers, laptops, BlackBerrys, PDAs... all are potential data vulnerabilities."

While the risk involved in mobile phone are better understood, office kit disposal threat awareness is still in the 1990s, he added.

"We are all aware of the potential for data loss from BlackBerrys and memory sticks which has been frequently reported in the national press over the last few years. Disposing of a photocopier, fax machine, scanner, phone etc, in certain circumstances, can be no different to leaving a laptop or BlackBerry on a train or in a taxi.

"Everyone knows the risk with losing their laptops, few consider disposing of photocopiers in the same way. In some instances, we have even found the hard copies of documents left in the photocopiers."

Andrew Goodwill, a director at credit card fraud prevention firm 3rd Man, said that most of the copiers for sale through eBay are made available by second-hand firms. ®

Remote control for virtualized desktops

More from The Register

next story
Webcam hacker pervs in MASS HOME INVASION
You thought you were all alone? Nope – change your password, says ICO
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Meet OneRNG: a fully-open entropy generator for a paranoid age
Kiwis to seek random investors for crowd-funded randomiser
USB coding anarchy: Consider all sticks licked
Thumb drive design ruled by almighty buck
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Getting ahead of the compliance curve
Learn about new services that make it easy to discover and manage certificates across the enterprise and how to get ahead of the compliance curve.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.