Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×
Printer Wireless Networking AT&T Education Network Networking Privacy Security The Internet United States News Technology

Hacker Weev Admits To Hacking Printers To Spew Racist and Anti-Semitic Messages (softpedia.com) 390

An anonymous reader writes: Andrew Auernheimer, a black hat hacker known as "Weev," has admitted to hacking thousands of Internet-connected printers and making them print-out racist and anti-semitic messages. As you'd expect, the hack took place after the hacker used a simple port scanner and found millions of unprotected, Internet-accessible printers. He then used a one-line Bash command that sent them a PostScript file on port 9100. This triggered all printers to print his anti-semitic message. Ironically, the hacker is a former Jew turned neo-nazi while incarcerated for a questionable "hacking" incident when he revealed to Gawker that ATT had failed to protect one of their servers. The printer hack affected devices at USC, UC Berkeley, Northwestern, UMass, Princeton, Brown University, the University of Wisconsin-Milwaukee, DePaul University in Chicago, Clark University in Worcester, and many more.
This discussion has been archived. No new comments can be posted.

Hacker Weev Admits To Hacking Printers To Spew Racist and Anti-Semitic Messages

Comments Filter:
  • by Anonymous Coward on Monday March 28, 2016 @09:18PM (#51796797)

    "Ironically, the hacker is a former Jew"

    Is an African American who develops a bizarre hatred of African Americans suddenly no longer black?
    Is a white man who believes that whites are responsible for all the evil in the world suddenly Native American?

    He can disavow Judaism - plenty of Jews do it. They're called "secular Jews." They're still Jews, and he is, too.

    • by Anonymous Coward

      I was born with a penis but consider myself female. Are you saying I can't be a real woman?

      • by Applehu Akbar ( 2968043 ) on Tuesday March 29, 2016 @12:13AM (#51797733)

        "I was born with a penis but consider myself female."

        Cool! You can be a high-maintenance aggressor now.

    • Is a white man who believes that whites are responsible for all the evil in the world suddenly Native American?

      I see this one happen all the time among affluent west coast new agers.

    • Re: (Score:2, Insightful)

      by gweihir ( 88907 )

      No, he is not. His former religion may claim that he is, but in actual fact he is a former Jew. Being a Jew is not something genetic. It takes two brain cells to rub together to see that however, which you obviously lack.

      • by lorinc ( 2470890 )

        Try to explain that to the nazis...

      • by TheReaperD ( 937405 ) on Tuesday March 29, 2016 @06:13AM (#51798581)

        I know it can be confusing but, Jew actually references two separate things. There's "Jew" as in the Judah religion which is something you can adopt or leave as most other religions. When you hear "former Jew", this is always what they are referring to. The second is ethnic "Jew" which refers to family lineages dating back to ancient Sumer and is not something you can leave. Most religious Jews and ex-Jews are also ethnic Jews but, there are exceptions. This is why Christian Jew or Muslim Jew are not oxymorons. Neo-nazi Jews have got to be some of the most self-loathing people on the planet.

    • by cas2000 ( 148703 ) on Tuesday March 29, 2016 @12:02AM (#51797675)

      Nonsense. 'Jew' is a religious and/or cultural affiliation only indirectly related to genetics (there are jews of all "races"). You can choose not to be a Jew anymore, same as you can choose not to be a Christian or an American (emigrate and renounce your US citizenship). You can even choose not to be a white-supremacist neo-nazi any more.

      Of course to neo-nazis, he'll still be a jew and will always be a jew. with their fuckwitted ideology, the "taint" can never be removed. It's no great strecth of the imagination to guess that this is the "reasoning" behind your objection.

      By contrast, you can't change your genes. You can't choose not to be black or white any more. Not that it matters that much, scientifically speaking - "race" has been conclusively proven to be primarily a cultural construct. The genetic differences are minor almost to the point of irrelevance, aside from cultural prejudices.

      of course, racist fuck-knuckles will never admit or acknowledge this fact.

      Ironically, the hacker is a former Jew turned neo-nazi

      and thus ends the idiotic myth that "hackers" are always smart. here's proof that at least one of them is a complete fucking cretin.

      • by DarkOx ( 621550 )

        This is like the sex vs gender thing, its a not an important distinction most of the time so its easy to miss. There are Jews of all races because its not closed system, others are allowed to adopt the faith. Other races become included by marriage as well etc.

        There is also the genetic issue of being descended from the Hebrew tribes.

      • i think he just misheard it when his parents told him that they were "ashkenazi jews".

    • by Maritz ( 1829006 )
      So is Judaism a religion or a race? I would say the former but it seems to be widely regarded as the latter.
    • "Ironically, the hacker is a former Jew"

      Is an African American who develops a bizarre hatred of African Americans suddenly no longer black?
      Is a white man who believes that whites are responsible for all the evil in the world suddenly Native American?

      He can disavow Judaism - plenty of Jews do it. They're called "secular Jews." They're still Jews, and he is, too.

      No. Religion is a choice one makes and has nothing to do with genetics. If he decided not to be Jewish, then he is no longer Jewish.

    • "Ironically, the hacker is a former Jew"

      Is an African American who develops a bizarre hatred of African Americans suddenly no longer black? Is a white man who believes that whites are responsible for all the evil in the world suddenly Native American?

      He can disavow Judaism - plenty of Jews do it. They're called "secular Jews." They're still Jews, and he is, too.

      Even if he and "the Jews" accepted he's no longer a Jew - why the hell would the neo-Nazis? The old-time-Nazis killed many who thought of themselves as Germans (and even fought for them in the first World War), and didn't practice the religion in generations.

      IOW, no he isn't a neo-Nazi, because they won't accept him as anything but an example how opportunistic Jews are; certainly not as one of their own.

  • by Joe_Dragon ( 2206452 ) on Monday March 28, 2016 @09:21PM (#51796813)

    Printer with public internet ip? why?

    • by Obfuscant ( 592200 ) on Monday March 28, 2016 @09:31PM (#51796861)
      Because they got connected to a network and nobody thought about how the data was getting to them. The admins made it easy to connect, using DHCP to grant them addresses and not being in tight control of every attached device. Notice that most of the targets (all?) were universities.

      Except some places. Here, for example, the admin blocks access to known printers at the router.

      But this was not "hacking a printer". It was using a publicly available printer for the purpose it was designed to do. It took no intelligence to do this, no modification to the printers, only a brute force scan of the net for addresses with an open port 9100. Yawn. Very impressive.

      • "hacking a printer" maybe the pay system by just useing the open door to get past it.

        Now let's say an hotel has payed breakfast but it's some what hidden as where that is listed and there is no on at the wide open door to the breakfast room and no system to stop people from useing the door at all?

        • by AmiMoJo ( 196126 )

          The problem is he port scanned to find the printers. The law in many places views that as going to every house in a town and checking to see if the front door is unlocked. Even if it is, all you did was avoid a "breaking an entering" charge but are still guilty of trespass.

      • They can't be on the DMZ. Most likely he guessed and "walked" (war dialed) the internal private IP range of 192.168.1.x and attempted port 9100. OTOH, firewalls are SPI at the least so I'm not sure how he pulled that off. The fact the private IP assigned was static or dynamic doesn't matter with regards to this ability.

        • You throw around nice terms like "walk" and "spi" having no clue of network architecture and how ip actually works. Stateful package inspection has no relevance to inability to pass NAT to the internal network. It requires a reverse NAT action from their router to reach inside.

          Also you assume that the printers were on private ip range and NATted - which they probably were not.

          • You throw around nice terms like "walk" and "spi" having no clue of network architecture and how ip actually works.

            Thanks for being a dick.

            But to respond to your comment directly; yes, I assume that the printer is on a private ip. Why not? Who in the fuck puts client devices on the internet these days??!! It's just back practice all around. I'm not saying it can't happen, but in my professional experience with the SMB market, NAT implies extra client address space as well as implicit security. Of course, ha

            • by shitzu ( 931108 )

              You're welcome.

              My point is that SPI is totally irrelevant on accessing NATted private IPs from outside. The router drops the packets from outside not because of SPI, but because it has no instruction what to do with those packets. If you try going around calling your opinions "professional", you should know that.

              As far as private ips are concerned - it is quite obvious from the article that the printers had public ips. Universities put them on public ips. That in itself is not a bad practice as they have no

              • My point is that SPI is totally irrelevant on accessing NATted private IPs from outside. The router drops the packets from outside not because of SPI, but because it has no instruction what to do with those packets

                So you're saying forged packets aren't broadcasted in the open? I've seen plenty of firewall rules where the source from = public IP to destination = private IP. That could be internal 192.168.x.x or 10.x.x.x. Obviously, if that private IP subnet doesn't exist, there won't be a route for it.

                Also -

      • by houghi ( 78078 )

        I often hear when a simple hack happens is that is was very easy to do and not a chalange at all. To me that does not make it less scary, it makes it more scary.

    • by Gumbercules!! ( 1158841 ) on Monday March 28, 2016 @09:53PM (#51796987)
      Many years ago I worked in a University. All devices, printers included, had public IP addresses (and open ports). It was a hang-over from a previous time, when that was just how the uni set things up and deeply tied into the internet billing (charge by the byte) system the uni had. I was only a lowly desktop guy at the time but it was still a real problem for us. Every desktop PC, server, printer, whatever had a public IP. To block any ports, and I am being fully serious here, required approval from the university senate. Not an IT group - a bunch of arts lecturers and student guild type people. And they equated "blocking ports" with "censoring the internet". So absolutely every time we tried to change things, senate voted it down and we were stuck, for many years, with only ports for SMB blocked - every other port was open. To the world. On all our devices. We were allowed firewalls on devices like PCs - but that's not so easy on a printer.

      Every morning we had to restart every printer with a HP jet direct (and many times during the day) because it turns out of you port scan an old jet direct, it hangs. We'd also have to leave printer trays open over night, so they couldn't just waste printer paper all night long, printing NIMBDA crap. We used to find that if you installed Windows on a PC or server with the NIC connected, it was literally infected before the installation was complete (truly).
      • Invisible mod points applied.... Thank you for the laugh. It has been a while since I have been in that kind of environment. It is unreal how many non-IT people are in charge of the most important aspects. The only thing worse than University network play callers are in the medical realm. Doctors think they are God over EVERYTHING and when you combine university AND medical facilities.....hang on to your sanity.
      • by adri ( 173121 )

        Sounds like the university I worked at! One /16 for everyone.

      • by antdude ( 79039 )

        I remember when my friends' employers have their computers, printers, etc. wide open online. You could send winnuke, print requests, netshare, etc. It was crazy! :O

      • by Kvathe ( 3869749 ) on Tuesday March 29, 2016 @03:13AM (#51798193)

        From the email I received last week:

        "The University’s Office of Equal Opportunity and Access and Bias Response Team are investigating hateful anti-Semitic fliers that were sent Friday, March 25, to several networked print and FAX devices. Other universities across the country also have reported receiving similar fliers."

        I'd be much more impressed if they had IT investigating.

      • by swb ( 14022 )

        I'm pretty sure this is how it worked at the University I worked for, although I left before even dialup IP was widespread.

        But we did have a giant Appletalk internetwork and a friend and I always wondered how much campus infamy we could create by printing smut all over campus through all of the many LaserWriters visible on the the Appletalk network.

        The downside was that printing was relatively slow and while waiting to print I think you could see some kind of computername and zone name of the user who was c

    • by gweihir ( 88907 )

      Because people are stupid. And I do not mean users, I mean the sysadmin that configured the printer with a public IP or allowed it to get one from the DHCP server. An ordinary user would at least have some level of valid excuse...

      • Sysadmins have assigned public ip, because that is how it works in a uni. There is no NAT. NAT is a hack for the puny humans who do not have /16 ip blocks lying around. So assigning an ip from a private ip range would not work at all...

        Also it is not at all stupid to assign said public ips with dhcp. On the contrary - it is very smart.

        However it was stupid to allow public access from the internet to said ip addresses.

        And it is stupid to assume that all networks are like your network at home.

  • Asshole acts like asshole

    • I don't blame this guy. Sure, he's got extreme views, but he has done all those companies a great service by showing them how UTTERLY STUPID THEY ARE by allowing public access to their printers.
      • by OzPeter ( 195038 )

        I don't blame this guy. Sure, he's got extreme views, but he has done all those companies a great service by showing them how UTTERLY STUPID THEY ARE by allowing public access to their printers.

        Lets try a simple thought exercise. Would you also not blame this guy if instead of sending out anti-Semitic messages he instead sent out naked pics of you jerking off to bestiality porn while on a business trip to a very conservative location?

        After all its the fact that he could send his message and not the content of the message that is important according to you.

      • Yeah, he did some real good public service there. We should give him a fucking Nobel prize for service to the community or something \s

        What next? Stab people to teach them a lesson for being so utterly stupid by not wearing stab proof vests in public? Burn peoples houses down to teach them a lesson for being so utterly stupid by not installing sprinkler systems? Put cyanide in the municipal water supply to teach everyone a lesson for being so utterly stupid by not installing cyanide detectors in the municip

    • It could have been worse. I remember when something like this happened at work (for very similar reasons) except whoever was doing it was sending seemingly unlimited jobs that would run through entire reams of paper and eat through toner, so when you'd get to work in the morning there'd be a huge stack of wasted paper. This is pretty damned childish, but he could have done worse by inverting the image so it was mostly printing black and had it spit out thousands of copies.

      Got fixed quickly enough and it'
  • There are a lot of incompetent IT departments who never have pen tests.

    • by Rhys ( 96510 )

      You've clearly never worked in higher ed. Very Important Professors like to hand a (grad) student a printer and tell them to "set it up" -- by which they mean plug it in, find an IP it can sit on (probably squatting on someone else's but who cares it mostly works), install it on the prof's machine, and get back to that research said student is supposed to be doing.

      You will note the IT folks were never involved in this sequence.

  • Are local network printers in a public place fair game to print to under the law?

    I know of libraries where you have to pay to print and they have some kind of card / coin system hooked to the printers and copiers.

    Some hotels have free printers in the guest areas some even have them on the guest network.

      DePaul University seems to have pay printing with 3rd party software?

    But will the printers just show up in windows add printers just by it doing an local network printer scan? Now what if you are at a place with pay printing or printers that use some kind of AD lockdown / windows based pay printing but you don't know that (say they have free wifi) and windows just auto finds the printer / jet direct card did you just brake the law?

    • did you just brake the law?

      Woah... Slow down there cowboy!

  • What self loathing will make some people do.
  • Should have just stuck to quietly replacing every instance of the word "strategic" printed with the word "satanic."
  • It looks like sending him to prison the first time was counter-productive. What a surprise.

  • Wait until the Weev finds out about all the telefacsimile systems left on the public network.

    He'll have a direct line to "hack" critical hardware inside banks, law and investment firms, medical labs and offices and the even the Pentagon.

    We're obviously doomed.

  • I would have pumped a stock or something.
  • The IoT insecurity issue is one that needed highlighting in a way that people would notice, without any real harm being done. If this makes people close a few holes and go looking for others then it is without doubt a very good thing.

    He could have done much worse, there are pieces of information that would fit onto a single page that could actually do a lot of harm if violent sociopaths got hold of it. So I see the Neo-Nazism thing as just an advertising ploy, like the sound of a door bell, microwave bee
    • by dbIII ( 701233 )
      Yet I don't think anyone is really going to learn anything from it.
      All the people who don't think computers are some sort of mysterious magic already know it's a stupid idea to put a printer on the internet.
  • I am sure he could have had the printers spew out plenty of things that would go unreported... as long as they were politically correct.

    I am sure this guy violated FAX spamming and unauthorized computer access laws, but, on a related note the USA now punishes thought crimes.
  • Weev made a much more sympathetic figure when he was busy being a symbol of prosecutorial overreach and badly designed computer security laws. He's a lot less sympathetic as a committed white supremacist troll. Also see: This is why we can't have nice things.
  • Sending jobs to open printers in the Internet without any kind of authentication is "hacking"? Slashdot, what have you became...
  • at least people will know who is really behind all this hacking hoopla and stop blaming poor people in Russia, China, Ukraine, etc.

"Stupidity, like virtue, is its own reward" -- William E. Davidsen

Working...