14 DAY TRIAL // Andrew Auernheimer, a black hat hacker known as Weev, has admitted to hacking thousands of Internet-connected printers and making them print out racist and anti-Semitic messages.
The actual hack took place on Thursday, March 24, and by the second day, local newspapers were reporting on thousands of printers spewing out nasty messages all over their towns.
Attack hit hardest in US universities
The attack hit printers in the US, but there were cases in Australia as well. While many companies reported the incident, it was in universities where things escalated, some of them calling the police and even the FBI.
There were reports of the hack affecting printers at USC, UC Berkeley, Northwestern, UMass, Princeton, Brown University, the University of Wisconsin-Milwaukee, DePaul University in Chicago, Clark University in Worcester, and many more.
Paul Rivers, UC Berkeley CISO, was quoted as saying that "Berkeley wants to be #1 in many areas, but being #1 in printers listed as listening on the public internet as reported by [S]hodan shouldn't be one of those areas."
Auernheimer used Shodan to scan for Internet-accessible printers
Auernheimer explained his attack in a blog post the following day. Berkeley's CISO was semi-right when he said that the attack was probably carried out after querying Shodan for Internet-connected printers. Auernheimer said he used another port scanner called masscan, but that Shodan would have worked as well.
The hacker claims that after compiling a list of unprotected printers in the US and Australia, he created a simple one-line Bash script that connected to the printers' 9100 port and sent a PostScript file. The default behavior in most printers is to take this file and print it out.
The first message Auernheimer sent out contained the following text (removed all caps spelling, also embedded below): "White man are you sick and tired of the Jews destroying your country through mass immigration and degeneracy? Join us in the struggle for global white supremacy at The Daily Stormer // www.dailystormer.com."
Auernheimer identifies as a "white nationalist"
The reason Auernheimer chose to do this is rooted in his personal history. Back in 2010, while a member of the Goatse Security group, Auernheimer exposed a flaw in a public AT&T server to Gawker Media before telling AT&T about it.
This incident led to the exposure of details about 114,000 iPad users, many of whom belonged to military and government personnel, along with high-profile celebrities.
FBI indicted Auernheimer, who was later sentenced to 41 months in jail, during which time he joined a "white nationalist" movement. Ironically, Auernheimer is a former Jew converted to Mormonism.
In his blog post, Auernheimer explained his actions as an experiment, claiming that all the printers had open connections. It is this same defense that Auernheimer used in his AT&T trial, saying that the server was open to anyone. That didn't work well back then, and we doubt it will work now.
Never done before: mass printer trolling. Y'all think this PostScript is offensive enough? https://t.co/7RN4DKM9lR pic.twitter.com/HqDwvx9bhZ — Andrew Auernheimer (@rabite) March 24, 2016
Cry more, USC. pic.twitter.com/JAbtu4pCAg — Andrew Auernheimer (@rabite) March 25, 2016
Looks like this has been a teachable moment for UC Berkeley. pic.twitter.com/SX4Fwu2Pid — Andrew Auernheimer (@rabite) March 24, 2016
.@hackerfantastic the copycats are already here. pic.twitter.com/zJ7o5EVe8x — Andrew Auernheimer (@rabite) March 27, 2016
A brief experiment in printing: a lesson in how positively hilarious the IoT will be in the future. https://t.co/F54NirCkoN — Andrew Auernheimer (@rabite) March 25, 2016
The FBI is trying to make another harassing indictment against me for lawfully accessing public systems. pic.twitter.com/kJLPMr9wIY — Andrew Auernheimer (@rabite) March 26, 2016