
Twitter user hacks 50k printers to tell people to subscribe to PewDiePie - smacktoward
https://www.zdnet.com/google-amp/article/twitter-user-hacks-50000-printers-to-tell-people-to-subscribe-to-pewdiepie/
======
classichasclass
The April Fool's joke that nearly got me fired was a combination of easily
accessible JetAdmin ports, an HP control sequence, a script to find every
JetAdmin on the internal network and a distinct lack of common sense. But it
was so worth it. So worth it.

~~~
rixrax
Many years a go in college, on some course one guy created a postscript file
that when printed reprogrammed HP printer(s?) of the time to add one (1) zero
to every number on documents that were subsequently printed.

~~~
devbug
All fun and games until you accidentally commit fraud.

~~~
zAy0LfpBZLC8mAC
> accidentally commit fraud.

That isn't a thing. Fraud is deliberate deception. You can not commit
accidental deliberate deception.

~~~
leereeves
True, but you can still be found guilty of fraud even so.

------
gregmac
The only thing surprising about this is that these printers hadn't already
printed enough random garbage to get disconnected/firewalled off from the
internet.

The number of printers from a simple search [1] that have no authentication is
staggering.

[1]
[https://www.shodan.io/search?query=printer](https://www.shodan.io/search?query=printer)

~~~
HarryHirsch
That was astounding already 20 years ago. Fax spam was out of control then to
such a degree that Congress roused itself to pass legislation with teeth, yet
it occurred to no one to send printer spam. The only thing that would connect
to our printers was viruses, the probable target was port 631 with buggy CUPS
or other LPD daemon behind, because every few hours the printer would run off
a page with just a few gibberish letters.

------
mprev
I thought Twitter might somehow be pertinent to the hack but, apparently, this
person just happens to have a Twitter account.

------
arkadiyt
"Hacked" = people left their printers open to the internet.

~~~
cpsempek
Identical actions of another can result in my car being stolen whether I leave
it locked or unlocked.

~~~
mirimir
Sure, but that doesn't mean that it was "hacked", either.

This is lots closer to calling unlisted telephones.

~~~
ChrisLomont
Printing one sheet costs around $0.15. The 50,000 he printed likely cost his
targets a total of $7500. That’s second degree felony grand theft territory.
Good luck.

~~~
gnicholas
Can prosecutors aggregate the value of damage across thousands of unrelated
victims for the purpose of charging grand theft? My gut says this is probably
not the way it works, but I’m curious if others know more.

As a side note, I don’t think what he did can be charged as theft, technically
speaking, because theft laws generally require the perpetrator to _take_
property from the victim.

This case would be destruction of property or vandalism, if my memory of law
school serves. And I don’t think there are _grand_ versions of those crimes,
at any rate.

~~~
ChrisLomont
If I stole a penny from millions of people do you think I'd be charged for
stealing a penny?

Yes, this is how it would be charged.

>because theft laws generally require the perpetrator to take property from
the victim.

If I sent a penny from millions of people to another person, would I be
innocent of crime?

If I burned up money in another person's safe, would I be innocent?

The law will look at the damage to the victim(s), in aggregate. That the
person causing the losses only hurts each a little or doesn't end up with
goods is irrelevant.

Besides the normal value of goods laws, there are even tougher computer fraud
and abuse type laws. Those could really cost him if some prosecutor decided to
pursue those. I suspect there are Feds right now looking at this case and how
to proceed.

Personally I don't want to see this person get prison for a felony, but
perhaps charging him with it will make him or others think twice about such
behavior next time. Community service or such would be a good outcome.

------
philliphaydon
Never new that guy was so popular... I don’t really understand why. But damn
that’s some dedication by fans to boost his subscriber count...

~~~
eksemplar
It’s really silly to ruin your life with a criminal record like this, but at
least the guy did something useful with his fandom. A lot of kids on YouTube
are just watching, wasting away.

~~~
petercooper
A lot of (adults) on (Netflix) are just watching, wasting away.

~~~
birracerveza
A lot of (people) on (television) are just watching, wasting away.

So at the end of the day we learned that nothing ever really changed.

~~~
riffraff
My mother objected to me spending too much time reading and not enough
outside.

I imagine there were people in the stone age that objected to people wasting
too much time near the fire and not enough fighting with sabertooth tigers.

~~~
heronymus
Exactly that! When I was living on the street, we used to call the fire
"stoneage-tv". Because the human brains have such a long history of staring
"into" the fire, I have the mild suspicion, that reading on e-ink displays
without a backlight might make it less likely to get lost in thoughts, than
when staring on a "glowing" screen. Unfortunately the only competetive screens
are still rather expensive (paperlike)..

..damn, I got lost in offtopic thoughts again! ; )

~~~
wpietri
It's an interesting thought! If you had a Twitter account in your bio, I would
have followed it.

------
pugworthy
I work at a large printer company - similar name to a famous fantasy novel
series. I have joked for ages about "Denial of Ink and Paper" attacks. To co-
workers: I told you so.

~~~
joatmon-snoo
It's even got a Wikipedia entry!
[https://en.wikipedia.org/wiki/Black_fax](https://en.wikipedia.org/wiki/Black_fax)

------
krylon
A number of years back, I was trying to learn about network programming and
SQL and decided to try and build a a kind of randomized port scanner that
would generate IP addresses randomly, then scan semi-random ports on those
that were pingable, and finally store the results in a database.

I quickly found a couple (not a lot, but I was kind of shocked to find _any_ )
of printers that were totally exposed to the Internet. While I can proudly say
I even resisted the temptation to make them print out something clever like
"Wer das liest, ist doof", I figured it was only a matter of time before
somebody with less self-restraint would come along.

At work, all our printers still respond to the default passwords one can so
easily find on the Internet, but at least they are not reachable from the
outside. Printers are not considered a security problem, because once someone
is on our internal network, they could do much worse things.

But still, exposing them to random people on the Internet is begging for
something like this to happen.

------
Rjevski
I am really surprised these kinds of printer "hacks" are still possible _in
2018_.

~~~
tempodox
Are you kidding? IoT stuff doesn't have any security either, and it wasn't
invented 100 years ago.

~~~
squarefoot
True although there are previous technologies enabling home appliances to be
connected and controlled from outside through radio and telephone couplers.
X10 which dates back to the mid 70s is probably the most famous one. Back then
there were no such things as encryption protocols: if someone knew your air
conditioner was connected to your phone line he could turn it on just by
phoning to your home and sending the right tone over the line. Hacking was
just a matter of time spent finding the right frequencies; no firewall to
prevent anyone from trying a thousand times until someone would hopefully
notice and pull the cord. Despite those "vulnerabilities" though, I never
heard about abusing other peoples devices. I would be interested in hearing
experiences from actual owners (or hackers:) of those old systems.

------
felipemnoa
Anybody have any idea if bots (or fake accounts) are involved in increasing
the subscription count?

~~~
inawarminister
I've heard of rumours of T-Series, the challenger, got their subscribers count
steadily moving up when YouTube was down globally earlier this month, which
indicates botting, but what do we know? It's all foggy under Google's
algorithms.

[0]
[https://mobile.twitter.com/socialblade/status/10523754246160...](https://mobile.twitter.com/socialblade/status/1052375424616030209?lang=en)

~~~
RandomInteger4
Most of T-Series' subscribers come from people creating accounts in India and
getting automatically subscribed to T-Series by YouTube's algorithms.

YouTube did this a while back with other demographics. For instance,
CaptainSparklez often mentions this as one of the reasons why he became big;
i.e. YouTube was autosubscribing folks to certain creators.

EDIT: If I recall correctly, when you create a new YouTube account, they give
you a list of channel suggestions that you can check off to bootstrap you into
suggestions based on your preferences, so this could be that, meaning people
just "select all".

~~~
keketi
One Pewdiepie fan created a USB device that automatically unsubscribes from
T-Series when plugged in:
[https://www.reddit.com/r/PewdiepieSubmissions/comments/a0ldp...](https://www.reddit.com/r/PewdiepieSubmissions/comments/a0ldpi/i_made_a_script_that_unsubs_to_tseries_when/)

Here's one that auto-subscribes to Pewdiepie:
[https://www.reddit.com/r/PewdiepieSubmissions/comments/a0wcd...](https://www.reddit.com/r/PewdiepieSubmissions/comments/a0wcdb/just_saw_that_guy_who_made_a_unsubscribe_from/)

Source code:
[https://github.com/Alone2/SubscribeToPewdsScript/blob/master...](https://github.com/Alone2/SubscribeToPewdsScript/blob/master/digiPew.ino)

------
hi41
How was this done? I think of Twitter messages as something you can view in
the app or browser. How can you send a message to the printer from there? Can
someone please explain.

~~~
bobcat9
Try reading the story and not just the headline.

------
anon2775
Many organizations are in dire need of departmental NAT firewalls and VPN
solutions. I had to beg, bitch and moan before a Pac10 uni would offer such a
service to protect our users.

~~~
BenjiWiebe
Actually all it takes is a firewall. As far as hiding hosts goes, a firewall
is just as good as NAT. And then if you _do_ need a host or two accessible,
the firewall is easier to change than the NAT.

------
jjuhl
If I was subscribed to that guys YouTube channel (which I'm not, since the guy
is an idiot), someone pulling a stunt like this would probably prompt me to
unsubscribe.

------
reshie
ah distinct IP's that can not be distinguished as proxies. suppose this goes
to the iot as apposed to zombie computers.

------
navinsylvester
We all know youtubers will go to any length to grab subscribers but the way
pewdiepie is doing the campaign has left a very bad taste.

He started to drag India and even released a diss track, made it look like its
T-Series/India vs rest of the world. I think its a deliberate ploy to drag
India since he can pull more subscribers that way. There are lot of live count
stream tracking the subscribers between pewdiepie vs T-Series. On the chat i
could see lot of hate from these kids like lets beat up Indian kids on school
& lot of ethnic hate. I know these are something you can't avoid in Internet
and best to ignore. But i can't help but feel bad for Indian kids living
abroad since most of his subscribers are kids/teens and they can be easily
influenced by these sort of campaigns.

We can't blame pewdiepie nor expect him to act mature even though he has more
than 70 million subscribers. But youtube needs to have some sort of policy on
subscriber campaigns to avoid these type of scenarios. If not for all at least
for influential youtubers.

~~~
dariusm5
It's quite obvious after watching his videos that the 'campaign' is just a
joke. Felix and his subscribers know that he will inevitably lose the top spot
on Youtube and they're just having some fun.

Majority of Felix's content is just satire and inside jokes. If you know Felix
and his content, it's very obvious that the diss track is actually poking more
fun at other Youtubers who make diss tracks unironically.

Here's a decent video by EmpLemon explaining the history of Pewdiepie's
channel and where he is now:
[https://www.youtube.com/watch?v=1cvgoY0cmzk](https://www.youtube.com/watch?v=1cvgoY0cmzk)

~~~
navinsylvester
He used to be all that but i don't think its the case off late. But i know his
jokes are not for everyone so may be its not for me.

Thanks for the clarification and video.

