A grey-hat hacker with the pseudo name Stackoverflowin claims he’s trolled over 150,000 printers that have been been publicly facing.
According to an interview with Bleeping Computer the hacker says he wanted to raise people’s awareness to the dangers of having poorly configured firewalls, in this case publicly exposed printers.
This is the latest version of the message spewed out via people’s printers:
stackoverflowin the hacker god has returned, your printer is part of a flaming botnet, operating on putin's forehead utilising BTI's (break the internet) complex infrastructure. [ASCII ART HERE] For the love of God, please close this port, skid. ------- Questions? Twitter: https://twitter.com/lmaostack -------
The original version of the message included ASCII art illustrating a robot, and the hackers email address. The latest version of the message includes ASCII art showing a computer and a nearby printer in the image below.
Multiple printer models have been reported as being affected. Including brands such as Afico, Brother, Canon, Epson, HP, Lexmark, Konica Minolta, Oki, and Samsung.
Stackoverflowin said in a statement to Bleeping Computer that his script is designed to target printing devices that have IPP (Internet Printing Protocol) port 631 and LPD (Line Printer Daemon) port 515 and port 9100 open from insufficient inbound firewalling.
Additionally the script includes an exploit that uses a remote code execution vulnerability designed target Dell Xeon printers. “This allowed me to inject PostScript and invoke rouge jobs,”.
Why do it?
“Obviously there’s no botnet,” he says. “People have done this in the past and sent racist flyers etc.. I’m not about that, I’m about helping people to fix their problem, but having a bit of fun at the same time ; ) Everyone’s been cool about it and thanked me to be honest.”
The incident Stackoverflowin was talking about happened back in early 2016, when famous hacker Weev made thousands of Internet-connected printers print out anti-Semitic messages.