XEROX TARGETS HARD-COPY THEFT
XEROX TARGETS HARD-COPY THEFT
user 2005-12-19 at 10:28:00 am Views: 66
2005-12-19 at 10:28:00 am #13737Xerox Targets Hard-Copy Theft
devices that combine printing, copying, faxing and other features are a
major source of data leaks, but few enterprise IT managers recognize
the threat, according to security experts from Xerox Corp.
Hackers, malicious insiders and even foreign governments are harvesting
data from insecure printers and copiers, accounting for as much as 80
percent of corporate espionage, according to Xerox officials in
Xerox is developing digital rights management technologies that can
stop unauthorized printing and copying, but companies need to do more
to lock down their peripherals, according to Dave Drab, a principal in
Xerox Global Services.
While IT departments struggle to patch vulnerable software
applications and operating systems, their biggest exposure is often the
printers and copiers that sit quietly outside workers’ offices, said
Drab, a former FBI agent who investigated corporate espionage and
“The corporate world is pretty much in the mind-set of [information security] and data protection,” Drab said.
While multifunction printers and copiers don’t look like PCs or
servers, they have many of the same features: hard disk drives,
always-on network connections and the ability to send information out
via e-mail, Drab said. “They have all the intelligence that a computer
has, but … the tendency is to look at the device the same way as they
did 10 years ago: Printers print,” he said.
Groups such as The SANS Institute recently have warned about holes
in anti-virus and backup software being exploited. However, skilled
corporate spies are trained to sniff around printers and copiers, as
well as paper recycling bins, for their information, Drab said.
Malicious insiders often target traffic to networked
printers to harvest sensitive information from corporate networks. For
example, Drab said these data thieves may spoof the address of a
printer to collect print jobs or sniff traffic on its way to a printer.
Misconfigured and inadequately secured printers and copiers are also a
problem, he said.Most multifunction devices arrive from the factory
with a host of services—such as FTP, e-mail and communications
ports—open. Administrators commonly plug those into the network without
disabling features they don’t need or shutting off ports that won’t be
used, Drab said.And with large enterprises creating more than 850 million
“impressions” of their data a year using printers and copiers,
malicious insiders and corporate spies have plenty of data to choose
from, said Jim Joyce, a senior vice president for North American Office
Services at Xerox. Preventing sensitive information from being printed
and copied at all is more difficult, Drab said.
Xerox has developed search technology—code-named Categorizer—that
can find and automatically classify documents on its network based on
the data’s content.