PewDiePie Hackers Launch Second Printer Siege, According to Reports | Threatpost | The first stop for security news

Hackers have claimed that they launched yet another attack tricking printers globally to print pamphlets promoting YouTube celebrity “PewDiePie.”

The latest incident comes on the heels of a similar hack last month. That’s when hackers claimed they commandeered 50,000 printers globally to promote Felix Kjellberg, also known as PewDiePie, a Swedish YouTuber, comedian and video game commentator.

Most recently, over the weekend two hackers who claim be behind the attack, told the BBC anonymously that they have hacked another 100,000 printers – although the BBC said it was unable to verify the claim.

The hackers, who go under the Twitter handles @HackerGiraffe and @j3ws3r, dubbed the attack on Twitterverse as #PrinterHack2.

Similar to the first hack, the message in this latest printer hack instructs the user to subscribe to PewDiePie. The back story of the campaign is that the famed YouTube personality is currently going head-to-head with “T-Series”, an Indian music record label and film company, for the top YouTube spot. Both YouTubers’ channels have at least 73 million subscribers.

The first alleged victim of the latest printer attack shared a tweet of an image of his message on Dec. 14.

— nico gentille (@nnnicogentille) December 14, 2018

However, the latest message now includes bullet points about “Things You Should Know,” including outlining how Port 631 ( a well-known internet printing protocol system port)  is open and how printers are exposed.

My Dymo printer just told me that I need to subscribe to @pewdiepie but I’m already a subscriber 😂

— Jéssica Llinares (@Thrillka) December 15, 2018

According to the hacker behind the @j3ws3r handle, the hack is meant to spread awareness about printer vulnerabilities: “Again – the point of this is to point out security flaws and common points of attack IT seems to overlook,” the hacker said in a tweet.

So I have one question for you. Are you subscribed to PewDiePie yet?

More to come. More things that will break the internet (not literally).

Again—the point of this is to point out security flaws and common points of attack IT seems to overlook.While obviously spreading a meme

— j3ws3r 🖨 (@j3ws3r) December 17, 2018

One of the hackers, behind the handle @HackerGiraffe, explained that he found vulnerable three different printing protocols via Shodan (IPP, LPD, and JetDirect) with up to 800,000 vulnerable printers in total.

He then used the well known Printer Exploitation Toolkit carry out the malicious print jobs. The Printer Exploitation Toolkit gives hackers the ability to access files, damage a printer, or potentially access an internal network a vulnerable printer is connected to. In the case of @HackerGiraffe, the hacker allegedly used a bash script to run the attack against exposed printers, instructing the printer to print the message then quit. He then uploaded the script onto his server and left it running.

The alleged widespread hack sheds light on just how insecure printers are, and how precarious printer vulnerabilities could be when they offer an easy route into the enterprise network. Over the summer, researchers at Check Point highlighted a vulnerability that allowed the compromise of printers with fax capabilities when a fax is sent. And in August, HP Inc. patched hundreds of inkjet models that were open to two different remote code execution flaws (CVE-2018-5924, CVE-2018-5925).