Over the weekend, a hacker who goes by the name Stackoverflowin claimed he hacked 150,000 insecure printers in an effort "to raise everyone's awareness towards the dangers of leaving printers exposed online without a firewall or other security settings enabled."
Hacking for a cause. What a sweetie!
Using his own automated script, Stackoverflowin detected insecure printers manufactured by a wide range companies, including HP, Brother, Epson, and Canon. He instructed the machines to print a document informing victims of the hack with ASCII art interspersed throughout, amongst other things. Here are some excerpts:
stackoverflowin has returned to his glory, / your printer is part of a botnet / the god has returned, / everyone likes a meme, / fix your bullshit… Email: [email protected] / Twitter: https://twitter.com/lmaostack... —-> YOUR PRINTER HAS BEEN OWNED <—- stackoverflowin the hacker god has returned, / your printer is part of a flaming botnet, / operating on Putin’s forehead utilising BTI’s (break the internet) complex infrastructure... hacked / hacked / lol just, / kidding For the love of God, please close this port, skid. FROM MICHAEL JENSCH, ROSENWEG, UNNA, DEUTSCHLAND.
Gizmodo has reached out to Stackoverflowin to clarify some of the message's more cryptic statements — Putin's forehead? Michael Jensch? — and will update the post if we get a response.
Victims of the hack took to Twitter and Reddit to share pictures of Stackoverflowin's message. They also inquired about it on HP's help forum, as well as an array of other sites. The hack targeted a large number of receipt printers, as well as office printers.
— lindsey (@lindsucks) February 3, 2017
Stackoverflowin told Bleeping Computer that the script he wrote "targets printing devices that have IPP (Internet Printing Protocol) ports, LPD (Line Printer Daemon) ports, and port 9100 left open to external connections." This comes off the heels of a study released last week from Ruhr University Bochum, which found an array of security vulnerabilities from machines made by 20 major brands.
The hacker assured Bleeping Computer his intentions were only noble. "Obviously there's no botnet," he said. "People have done this in the past and sent racist flyers... I'm not about that, I'm about helping people to fix their problem, but having a bit of fun at the same time."
— Kenshin el Manco (@d_kenshin) February 4, 2017
Stackoverflowin has mostly received messages of praise for his righteous mission. "Everyone's been cool about it and thanked me to be honest," he said.
The moral of the story for careless printer owners? In the iconic words of Stackoverflowin, "Fix your bullshit."