Andrew “Weev” Auernheimer, one of the two men who were prosecuted and convicted
for harvesting e-mails and authentication IDs of 114,000 early-adopters
of Apple’s iPad from AT&T’s servers, is back to his old tricks:
using publicly accessible assets for furthering his own goals.
As described in an extensive blog post, he discovered a great number of printers accessible (without authentication) through port 9100 open to the Internet, and fed them a simple Bash script that would instruct them to repeatedly print an anti-Semitic flier sent in the form of a PostScript file.
To find these printers he used port scanning software masscan, but noted that the Shodan search engine could be used as well.
The contents of the flier point to a neo-Nazi website. Auernheimer didn’t target specific printers, but apparently sent the instruction to every publicly accessible printer in North America.
Many private individuals and business entities witnessed their printers “going haywire” and printing the fliers, but the incident was publicly revealed when many US universities and colleges began issuing statements about it.
Auernheimer’s stated intent is to show his fellow white supremacist “how easy it is to make the world move with as little as a bash one-liner.”
The fact that many printers are exposed to the Internet is not exactly news, but this particular incident seems like it might finally teach individuals and organizations about the danger of unsecured, Internet-facing systems and make them do something about it.
Unfortunately, some have failed to react promptly, and copycat “attacks” involving alternative fliers sent to the still-accessible printers have already been spotted. Others have implemented mitigations such as setting up firewalls between the printers and the Internet or putting the machines on an network cut off from the Internet.
Auernheimer, who ultimately successfully appealed to the conviction for the AT&T iPad hack and had it overturned, has left the US after he was released from prison and is apparently currently living in Abkhazia, a region of Georgia and a partially recognised, separatist state.
helpnetsecurity
As described in an extensive blog post, he discovered a great number of printers accessible (without authentication) through port 9100 open to the Internet, and fed them a simple Bash script that would instruct them to repeatedly print an anti-Semitic flier sent in the form of a PostScript file.
To find these printers he used port scanning software masscan, but noted that the Shodan search engine could be used as well.
The contents of the flier point to a neo-Nazi website. Auernheimer didn’t target specific printers, but apparently sent the instruction to every publicly accessible printer in North America.
Many private individuals and business entities witnessed their printers “going haywire” and printing the fliers, but the incident was publicly revealed when many US universities and colleges began issuing statements about it.
Auernheimer’s stated intent is to show his fellow white supremacist “how easy it is to make the world move with as little as a bash one-liner.”
The fact that many printers are exposed to the Internet is not exactly news, but this particular incident seems like it might finally teach individuals and organizations about the danger of unsecured, Internet-facing systems and make them do something about it.
Unfortunately, some have failed to react promptly, and copycat “attacks” involving alternative fliers sent to the still-accessible printers have already been spotted. Others have implemented mitigations such as setting up firewalls between the printers and the Internet or putting the machines on an network cut off from the Internet.
Auernheimer, who ultimately successfully appealed to the conviction for the AT&T iPad hack and had it overturned, has left the US after he was released from prison and is apparently currently living in Abkhazia, a region of Georgia and a partially recognised, separatist state.
helpnetsecurity