Xerox Targets Hard-Copy Theft

Multifunction devices that combine printing, copying, faxing and other features are a major source of data leaks, but few enterprise IT managers recognize the threat.

Multifunction devices that combine printing, copying, faxing and other features are a major source of data leaks, but few enterprise IT managers recognize the threat, according to security experts from Xerox Corp.

Hackers, malicious insiders and even foreign governments are harvesting data from insecure printers and copiers, accounting for as much as 80 percent of corporate espionage, according to Xerox officials in Stamford, Conn.

Xerox is developing digital rights management technologies that can stop unauthorized printing and copying, but companies need to do more to lock down their peripherals, according to Dave Drab, a principal in Xerox Global Services.

While IT departments struggle to patch vulnerable software applications and operating systems, their biggest exposure is often the printers and copiers that sit quietly outside workers offices, said Drab, a former FBI agent who investigated corporate espionage and organized crime.

"The corporate world is pretty much in the mind-set of [information security] and data protection," Drab said.

While multifunction printers and copiers dont look like PCs or servers, they have many of the same features: hard disk drives, always-on network connections and the ability to send information out via e-mail, Drab said. "They have all the intelligence that a computer has, but ... the tendency is to look at the device the same way as they did 10 years ago: Printers print," he said.

Groups such as The SANS Institute recently have warned about holes in anti-virus and backup software being exploited. However, skilled corporate spies are trained to sniff around printers and copiers, as well as paper recycling bins, for their information, Drab said.

/zimages/4/28571.gifClick here to read more about the SANS Institutes recent warnings about critical holes in backup and antivirus applications, as well as switches and routers.

Malicious insiders often target traffic to networked printers to harvest sensitive information from corporate networks. For example, Drab said these data thieves may spoof the address of a printer to collect print jobs or sniff traffic on its way to a printer. Misconfigured and inadequately secured printers and copiers are also a problem, he said.

Most multifunction devices arrive from the factory with a host of services—such as FTP, e-mail and communications ports—open. Administrators commonly plug those into the network without disabling features they dont need or shutting off ports that wont be used, Drab said.

And with large enterprises creating more than 850 million "impressions" of their data a year using printers and copiers, malicious insiders and corporate spies have plenty of data to choose from, said Jim Joyce, a senior vice president for North American Office Services at Xerox. Preventing sensitive information from being printed and copied at all is more difficult, Drab said.

Xerox has developed search technology—code-named Categorizer—that can find and automatically classify documents on its network based on the datas content.

/zimages/4/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.