New online service will hack printers to spew out spam

PewDiePie hack has spawned a new web service over the weekend: Printer-Spam-as-a-Service.
Written by Catalin Cimpanu, Contributor

After a Twitter user hacked over 50,000 printers last week to promote PewDiePie's YouTube channel as part of a guerilla marketing campaign, a new service has spawned over the weekend advertising the same type of functionality, but for everyone.

Going under the generic term of "Printer Advertising," this new service claims it can hack printers all over the world to print out messages on demand, similar to the PewDiePie promo hack that took place over the weekend.

"We have the ability to reach every single printer in the world," claims a website launched on Sunday. "Reservations are limited."


The website was promoted by --you guessed it-- flyers sent out to everyone's printers. A copy of this message is available below, courtesy of Andrew Morris, founder of GreyNoise Intelligence, a cyber-security company that collects information on Internet scans.

Morris detected the message in one of his company's honeypots on Sunday, but the spam campaign pushing this ad to Internet-connected printers has continued throughout today, he told ZDNet.

All the scans originate from 194.36.173[.]50, an IP address known for generating quite a good amount of bad traffic. A screenshot Morris shared with ZDNet shows the same host performing scans for router UPnP services, ColdFusion plugins, LDAP, web, DNS, and Memcached servers.

Image: Andrew Morris

This IP is also assigned to a hosting provider that has a long history of hosting web scanners and phishing sites, according to Phishing AI, a service developed by cyber-security firm Lookout, and which tracks phishing sites.

According to a tweet published on Sunday, "Printer Advertising" said they were "currently mostly trying to see if anyone's interested, if people actually want to buy this we'll build a web platform with support for more printing protocols."

In a conversation with ZDNet, the person behind the Printer Advertising service said they've "had a few potential clients reach out, but we got started less than 20 hours ago when it was weekend for most of the world outside of Australia."

The person behind this service said he "considered doing this in the past but never really got around to it," but "the PewDiePie hack certainly helped motivate [him] a bit."

But unlike the hacker behind the PewDiePie guerilla campaign, Printer Advertising doesn't rely on the PRET toolkit for his hacks, but instead uses their "own highly scalable golang printer daemon."

"That'd terribly slow and would just overcomplicate things," the person behind the service told ZDNet regarding PRET.

Printer Advertising declined to answer questions regarding the legality of their service.

For what's it worth, there are quite a few people who don't view what Printer Advertising is doing as illegal. Their opinion is based on the fact that these printers are left exposed online without a password, accessible to anyone, hence open to the public and not different from any regular website. Nonetheless, as an FBI agent once said at a security conference, leaving your house open by accident doesn't mean people can tresspass.

But regardless of the legality surrounding these "printer hacks," they still pose a problem from a different perspective, which is the unfiltered and unpredictable nature of spam.

While email providers do a pretty good job at stopping most spam, there's nothing standing in the way of Printer Advertising.

A web service like this could be abused to push all sorts of illegal services, such as drugs or crime-for-hire services, or to push political influence campaigns. It's not that hard seeing printers all over the US spew MAGA or anti-Trump propaganda for days.

Furthermore, some pranksters might abuse this type of service to push pornographic photos, or incite physical violence against certain communities. This very last thing actually happened before, in 2016, when a hacker named Weev sent anti-semitic flyers to thousands of printers.

For now, it remains to be seen if this service will find a customerbase. The chances are that it will.

These are the worst hacks, cyberattacks, and data breaches of 2018

More security coverage:

Editorial standards