Stop the Presses

Anti-Semitic fliers printed remotely at dozens of universities are a reminder than even printers can serve as a gateway for hackers.

March 29, 2016

Last week’s flood of anti-Semitic fliers printed at colleges across the U.S. is a “wake-up call” to college and university IT security offices about the risk that Internet-connected devices pose to their networks, experts say.

Just days before Easter weekend, printers at a large number of colleges and universities began spitting out fliers accusing Jews of “destroying your country through mass immigration and degeneracy” and pointing readers to The Daily Stormer, a neo-Nazi website. Many institutions immediately began investigating if their networks had been hacked.

The culprit was quickly identified, however, as he had made little effort to conceal what he called a “brief experiment” to determine how many printers were sitting on the public Internet, available for anyone to discover -- and print from.

Andrew Auernheimer, the hacker and white supremacist known as Weev, on Friday claimed responsibility for the fliers. In a blog post, Auernheimer described how he was able to use a simple bit of code to scan the Internet for vulnerable printers.

“Of course, most of the printers that are on public networks belong to universities and colleges,” Auernheimer wrote. “These are of course ‘safe spaces’ which should never be violated with terrible wrongthink [sic]. What kind of a horrid person would trigger innocent people wrapped in a safe monoculture free of political dissent?”

Speaking to Motherboard, Auernheimer said he sent the flier to more than 20,000 printers.

The case highlights the information security risks higher education faces as the “Internet of things” -- networks of Internet-connected devices -- catches on. This time, Auernheimer identified a vulnerability that let him print some offensive fliers. A different vulnerability could let a hacker gain access to a university’s network to steal personal information or research.

Bret Brasso, a vice president at the cybersecurity firm FireEye, said the company has seen more malicious attacks being conducted through printers. In some cases, hackers have forced printers to process thousands of printing jobs, crashing the network or slowing it to a crawl. In other cases, hackers have used printers as a “reconnaissance base” to obtain information in emails or spread malware from inside a university’s firewall, he said.

Unsecured devices connected to a network is not a new issue. Donald J. Welch, chief information security officer at the University of Michigan, said in an email that the problem dates back to the 1990s, when colleges worked on networking projects that eventually led to the creation of the Internet as we know it. In the spirit of cooperation, he said, researchers put devices on the public Internet, where many of them remain today.

“It takes time and effort to move devices off the public Internet into private networks, as we now all know is the right way to configure our networks,” Welch wrote. “Many campus IT organizations never found the time to make this change without external motivation. These and other attacks on networked printers are providing the motivation to make these moves.”

Auernheimer also gave universities a simple way to block similar experiments. In the blog post, he explained that he specifically looked for printers with port 9100 open. Network printers use that port to accept remote print requests. To prevent outsiders from using their printers, some universities block the port.

Kim Milford, executive director of the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC), said many university IT offices view printer security as a low-priority item on their to-do lists.

“We operate from a risk-management perspective, and we take the biggest risks first,” Milford said in an interview. “One of the biggest things that anyone has to overcome about printers is the idea that, ‘Oh, it’s just a printer.’”

While she didn’t go as far as to say Auernheimer did colleges a favor by pointing out the vulnerability, Milford added that "there’s some perceived value" in reminding colleges that low-priority items can still pose significant security risks.

“It’s like locking your door but leaving a window open in your house,” Milford said. “[A hacker] can’t carry everything in a house through that open window. He can’t take the stereo and the TV, but he can take jewelry.”


Back to Top