The controversial hacker said the prank was intended to demonstrate the security risks of the ‘Internet of Things’
A controversial hacker and self-proclaimed Internet troll has taken responsibility for bombarding Internet-connected printers around the world with a white supremacist flyer.
Andrew Auernheimer, who goes by the alias “weev”, said in a blog post over the weekend that he had scanned for printers open to to receiveing files via the Internet and had sent the flyer to about 20,000 printers, most of which were found on university networks.
“It seemed that to print to a printer with port 9100 exposed, all you have to do is netcat a postscript file to that port,” Auernheimer wrote.
Reports of the flyer’s appearance on university and office printers soon began appearing on social media, with those affected including Brown University, DePaul University, Northeastern University, Mount Holyoke College, Princeton University, Smith College, the University of California at Berkeley, the University of Maryland, the University of Massachussets at Amherst, the University of Southern California at Los Angeles, the University of Wisconsin-Milwaukee, Yale University and Canada’s Simon Fraser University.
Auernheimer denied hacking any printers, remarking that the units affected are configured to receive documents from any sender, and characterised the action as a prank.
“The Internet of Things will prove a most glorious contribution to comedy,” he wrote.
The flyer, which appeared on Thursday of last week, includes anti-Semitic remarks and the address of a white supremacist blog with which Auernheimer is associated.
University authorities condemned the exploit as hate speech, while UC Berkeley acknowledged that the security of its campus printers needed to be tightened.
“Berkeley wants to be #1 in many areas, but being #1 in printers listed as listening on the public internet as reported by Shodan shouldn’t be one of those areas,” said Paul Rivers, UC Berkeley’s chief information security officer, in an Internet discussion post.
Shodan is a search engine that specialises in listing insecure Internet-connected devices.
Auernheimer, known for his provocative comments and actions, was sentenced to 41 months in a federal prison on hacking charges in 2013, but was released in April of 2014 after the sentence was vacated.
He proclaimed himself a white supremacist later in the same year, and around the same time left the United States for Serbia, where he currently lives, saying he did so to avoid further prosecution by US authorities.
Last year Auernheimer worked to expose government employees whose personal details were made public in the data breaches of sex website Adult FriendFinder and adultery site Ashley Madison, telling CNN he wished to “shame” the individuals involved.
A supporter of Donald Trump’s bid for the US presidency, his LiveJournal blog describes his role as “infuriating snobby SJWs, corporate executives, and federal agents” while “defending your liberty”.
Are you a security pro? Try our quiz!