Detailed Information

Keep in mind that any data you print or fax can be sniffed and intercepted!

Xerox Targets Hard-Copy Theft     December 19, 2005  http://security.ithub.com/article/Xerox+Targets+HardCopy+Theft/167455_1.aspx

Multifunction devices that combine printing, copying, faxing and other features are a major source of data leaks, but few enterprise IT managers recognize the threat, according to security experts from Xerox Corp.Hackers, malicious insiders and even foreign governments are harvesting data from insecure printers and copiers, accounting for as much as 80 percent of corporate espionage, according to Xerox officials in Stamford, Conn.

Xerox is developing digital rights management technologies that can stop unauthorized printing and copying, but companies need to do more to lock down their peripherals, according to Dave Drab, a principal in Xerox Global Services. While IT departments struggle to patch vulnerable software applications and operating systems, their biggest exposure is often the printers and copiers that sit quietly outside workers' offices, said Drab, a former FBI agent who investigated corporate espionage and organized crime.

While multifunction printers and copiers don't look like PCs or servers, they have many of the same features: hard disk drives, always-on network connections and the ability to send information out via e-mail, Drab said. "They have all the intelligence that a computer has, but ... the tendency is to look at the device the same way as they did 10 years ago: Printers print," he said.

Groups such as The SANS Institute recently have warned about holes in anti-virus and backup software being exploited. However, skilled corporate spies are trained to sniff around printers and copiers, as well as paper recycling bins, for their information, Drab said.

Malicious insiders often target traffic to networked printers to harvest sensitive information from corporate networks. For example, Drab said these data thieves may spoof the address of a printer to collect print jobs or sniff traffic on its way to a printer. Misconfigured and inadequately secured printers and copiers are also a problem, he said.