Copiers: Gold Mines for Identity Theft
Typically home printers do not have hard drives. Small home office printer/copiers also generally don’t have hard drives, and even the mendium-sized printers and copiers don’t usually have them either. But the larger copiers and network printers are a different story.
Generally if a copier or printer dies and is scavenged for parts and the drive is removed, it’s not a problem because the ultimate user of the hard drive is unlikely to have the software to access the drive files, or take the time to do it.
The real problem is the used technology resellers. a good reseller, whether they are buying and selling old computers, or copiers, or anything with data on it, will wipe the data before resale.
The problem are the opportunistic sellers. For example I have bought and sold (to customers) several hundred Cisco routers from Ebay over the years (I work for an ISP) many times I get routers from Ebay sellers who are used equipment dealers who get these devices as part of pallets of used equipment, and don’t know what they are or what their value is, so they can’t wipe them (nor do they know they need wiping) and these devices have names and network passwords still in the configuration files saved in the router firmware. since it’s not uncommon for admins to reuse passwords I probably could have broken into a few dozen corporate networks by now if I had wanted to spend time doing it.
I am troubled by something mentioned in this story, though:
“…Juntunen, and his company Digital Copier Security, specialize in removing the data on those drives…”
“…Juntunen’s office is filled with hundreds of hard drives, many containing thousands of files…”
Now, I can understand why the guy has these drives, they are given to him by people like that guy who replaced his copier hard drive and noticed the old one had files, then brought it to Digital Copier Security since he was one of the few buyers with the wit to understand what it might have on it. these drives are leftovers from upgrades, most likely. But, what is DCS going to do with these drives? Blackmail the people who have data on them? why the heck are they saving them? They know the data on them isn’t their data, so they should wipe them and get rid of the drives. and if the drive is smaller than 100GB nobody is going to want it so you don’t even have to bother wiping them and reselling them – you just take a plain old household drill and drill a hole right through the drive platters, then throw it in the recycling.
What is this guy going to do a week from now when some identity thief gang reads this story, and goes to his company with a few friends with guns and a big bag in broad daylight, and demands all the hard drives?
I have a problem with companies like DCS – if they don’t have copier techs on staff and aren’t repairing copiers then all they are doing is when the copier tech comes out to your business and updates that used copier you bought, and hands you the old drive before he leaves, DCS expects you to take the drive to them and pay you money to “dispose” of it. Some business – they just reprogram the drive with a large, heavy axe and sell their piles of drive fragments to the scrap aluminum smelter. They get money from both sides of the business for doing something that a high school dropout and a sawzall could do, and then put on airs and call themselves a “security company”
Copiers: Gold Mines for Identity Theft
