Why a Hacker Exploited Printers to Make PewDiePie Propaganda

Credit to Author: Louise Matsakis| Date: Fri, 30 Nov 2018 23:12:17 +0000

By now, you’ve probably heard of PewDiePie, a Swedish comedian and video game commentator who has been the most followed creator on YouTube for years. But you might not be as familiar with T-Series, an almost equally popular Indian media company.

For months, T-Series and PewDiePie, whose real name is Felix Kjellberg, have been dueling over who will be the king of YouTube. In October, PewDiePie even released a diss track about T-Series, which has been viewed more than 47 million times. As of Friday afternoon, both channels were hovering around 72.5 million YouTube subscribers.

As T-Series encroached on PewDiePie’s number of subscribers, the Swedish star’s fans engaged in a series of stunts to drum up support, including buying billboard ads and hanging up flyers. These antics often have the added benefit of garnering attention not just for PewDiePie himself, but also for the people who carry them out: PewDiePie has featured some of his fans’ work in his enormously popular videos.

That brings us to today’s “hack,” which isn’t really a hack at all, since it doesn’t involve breaking into anything. A self-described “huge” PewDiePie fan and university student says they exploited tens of thousands of internet-connected printers earlier this week to spit out a message telling people, in part, “PewDiePie is in trouble and he needs your help to defeat T-Series!” The incident was first reported by The Verge. It’s worth noting this isn’t the first time printers have been hijacked in this way.

An anonymous Twitter account, @HackerGiraffe, popped up Thursday to take credit for the pro-PewDiePie propaganda (though it's possible someone else could be responsible for it). In a direct message, the hacker says they first obtained a list of vulnerable printers from Shodan, a search engine for internet-connected devices. They then wrote an automated script that causes each affected printer to spit out their message, one after another. The anonymous giraffe says they carried out the attack via open 9100 network ports. Essentially, these ports are accessible via the open internet, instead of protected behind a router firewall. (This is what facilitates printing remotely.) The hacker didn’t really need to “hack” anything in order to access them. “The only thing people can do is close their ports, because this isn't a vulnerability,” writes @HackerGiraffe. “It's just that these protocols don't have options for authentication.”

The hacker says he crafted a list of over 800,000 vulnerable printers, but they only targeted 50,000 in order to “test if this would actually work.” They said they witnessed some errors, but that they believe around 48,000 printers were affected. There are a good number of pictures of @HackerGiraffe’s printout on Twitter, though there’s no way to verify exactly how many printers were really impacted.

In this case, the hacker appears not to have any malicious intent, which is the good news. They claim their motivation is not only to support PewDiePie, but also to warn people about the dangers of leaving their network ports open on the internet. “I killed two birds with one stone, raised awareness for this issue and helped PewDiePie get a slight edge,” writes @HackerGiraffe.

The bad news is, the hacker also says their attack was easy to execute. The script they wrote, which was shared with WIRED, is extremely short. “This entire process could have been carried out by a 12-year-old and could have had grave, grave consequences,” they wrote. “I could have physically damaged printers. Caused organizations hundreds of dollars in ink and paper.”

The giraffe has a point. Many internet-connected devices—including printers, but also things like baby monitors—have been found to be easily hackable. As more and more gadgets are connected to the internet, there are far greater opportunities for bad actors to try to break into them. This isn’t even the first time a young hacker brought attention to this exact issue. In 2017, a self-described “pissed off high school student” said they hacked more than 150,000 printers using open ports.

In both the 2017 case and this more recent one, the attackers had fairly benign intentions, though they certainly wasted lots of ink and paper. But that hasn’t always been the case: In 2016, hacker Andrew Auernheimer, also known as weev, exploited printers to print racist and anti-Semitic flyers, also by using open ports.

There’s a simple and evergreen lesson in all of these incidents: Make sure your devices aren’t exposed on the open internet.

https://www.wired.com/category/security/feed/