
The PewDiePie Hackers: Could hacking printers ruin your life? [video] - petercooper
https://www.bbc.com/news/av/technology-47032600/the-pewdiepie-hackers-could-hacking-printers-ruin-your-life
======
bemmu
This has a mockumentary vibe to it. BBC making a seriously produced video out
of this joke, with the hackers in masks with voices changed, kept me
questioning if the producers were being serious or not. Felt like an episode
of Nathan for You.

~~~
mikeywazowski
I wasn't going to watch this video until I read your comment.

The producers were quite successful in temporarily filling the Nathan for You
shaped hole in my life.

However, I must agree that I'm unsure whether that was their aim or not..

------
Zafira
There is always going to be a portion of the population that are just users of
technology, without any understanding of how it works. Consequently, there are
going to be people who are going to feel violated, confused and angered by
stunts like this. I don't think there was any malicious intent by the Hacker
Giraffe, but I doubt they thought this through. One was bound to encounter a
fair amount of systems owned by not-so-tech-literate persons who would react
in the worst way possible to stunts like the ones they did.

I think some of the real questions that events like this raise are:

* How do reduce the technological illiteracy in the population?

* How do we develop polices to ensure that these devices that are being sold to millions of people are properly protected?

~~~
watwut
Technological illiteracy is red herring. The actual issues are lack of
security on the devices and lack of boundaries on side of some tech and tech-
adjacent subcultures. The third issue are disproportionate penalties, they are
really too big now.

People are angry about analogical non-tech "pranks" when those happen too. It
is convenient to chulk anger of prank target to his own faults, but no, they
are not as cool as you think you are and people in general don't like pranks.
And I am blaming culture instead of teenagers, because you have adults like
PewDiePie saying this "I love it. Please keep it up, just don’t do anything
illegal, because that will look bad on me—that’s the only reason—that will
look bad on PewDiePie". What exactly does teenager hears there and would the
teenager in that culture hear the opposite clear "it is illegal" and "don't do
it, boundaries of others" messages?

~~~
who-knows95
i agree tech illiteracy is the red herring, the fact this vulnerability
affected so many people, points to the issue being with the manufacturer,
designing and coding this, without consideration to the security.

i think the "attack" they did is pretty perfectly grey hat, expose a weakness
to the user with a "how-to-fix" guide.

(i should note, i'm talking about the chrome hack.)

~~~
isostatic
One prank would be egging cars. Clearly it's the car companies fault for
building cars that have paint ruined if you don't wash it quickly.

Another would be putting a potato in the exhaust -- why don't they build
potato proof exhausts?

You can let car tyres down without causing an ounce of damage, what a hoot.
It's the car company's fault that so many cars are susceptible.

~~~
who-knows95
sorry, i guess companies shouldn't worry about writing code or making products
that have vulnerability built in.

i'm sure you don't want secure strong products.

~~~
watwut
Of course they should. And we all on this forum know small internet devices
are full of vulnerabilities. We also all know smart homes and such are
security disaster waiting for happen. That does not mean it is for me to take
advantage of that for pranks, fun or profit.

Just as we should not demonize acts like this as something more dangerous then
it is, we should not add naive feel good interpretations that makes them
misunderstood heroes.

~~~
who-knows95
the chrome cast hack, along with the printer hack aren't pranks, for fun or
profit?

they did them to expose a weakness to the user so they could fix it.

if white hat is employed by companies, and black hat is working for malicious
gain. their actions fall squarely into grey hat.

i'm not calling them saints, but it confuses me that anyone would have a issue
with their actions? can you explain why they don't fit the model of grey hat?

what they do wrong?

~~~
watwut
They are pranks for fun. I don't buy "to expose vulnerability so that users
fix it" explanation.

I think that what they did crossed the boundaries of other people. It did not
caused much harm, just like walking around directors office without permission
and without taking away something.

I don't care about hat color games. That just serves to obfuscate issues.

Also, it was illegal and put themselves in danger for that reason. So
PewDiePie along with all adults who talk from both sides of their mounth in
front of audience they intentionally build from young inexperienced impulsive
people can stuff themselves too. "This illegal thing is totally cool I love
you, I mean don't do anything illegal, I love you for doing that ilegal thing"
is mastery of double message and manipulation.

~~~
who-knows95
"I don't buy "to expose vulnerability so that users fix it" explanation"

so why did the chrome cast hack include a 'how to fix this' guide?

[https://www.veracode.com/blog/security-news/hackers-
exploit-...](https://www.veracode.com/blog/security-news/hackers-exploit-
known-google-chromecast-vulnerability-thousands-devices)

"the CastHack bug, allegedly disclosed nearly five years ago"

"A spokesperson from Google told TechCrunch, “We have received reports from
users who have had an unauthorized video played on their TVs via a Chromecast
device. This is not an issue with Chromecast specifically, but is rather the
result of router settings that make smart devices, including Chromecast,
publicly reachable.”"

google has ignored this bug as it isn't a issue with the chromecast, but the
router, so using this hack to teach users to fix the router issue is a
legitimate way to help users.

your analogy suck, a better one is how bug hunters work, except this bug was
exposed directly to the end-user.

sorry i know colours can be confusing, don't worry about it.

point me to the laws that were broken, just because you hate a YouTuber
doesn't make him a bad person.

~~~
watwut
1.)The laws are certainly structured the way this is illegal. If in USA,
unauthorised access and tampering as even quite extreme possible punishments.
World is full of easy to exploit security bugs are everywhere around and that
changes nothing on anything. The only exceptional thing is popularity.

Bug hunters work with prior agreement, they don't access devices owned by
third parties without it. When they do they anonymize and hisr themselves.
They do indeed fear legal and go through steps to protect themselves. They
complain about these processes like all the time.

2.) Dude, the hacker giraffe wrote that he had anxiety attacks due to his
activities even before all this. He also wrote he could not sleep due to
persistent fear that every noise is swat team knocking. He wrote that he won't
touch computer and will seek job without them. I am sceptical about
feasibility of the last one.

I don't know whether youtuber is good or bad person. He is definitely
irresponsible when he encourages teenagers to do what giraffe did.

Giraffe did everyone good service writing that letter, so really go read it.
It might be fun and games for PewDiePie, but is not for giraffe. So let's hope
he won't get caught affecting him even more, that his past activities are not
too bad and that he learns from experience.

3.) This is exactly what compelled me to answer. These things have very real
serious consequences, but due to the way we talk about it people don't realize
until is too late. Go lob for change of laws, but don't say they don't exist
to kids who might believe you.

~~~
who-knows95
1.) so you quote both the Serious Crime Act 2007 and the Computer Misuse Act
1990. both of these are UK laws, and don't apply to giraffe, as he's from the
Midwest USA.

he wasn't bug hunting? he was showing users they are exposed to the internet
so they could fix it!

2.) yes, i don't blame him, what was meant to be a harmless exercise in google
scanning, has lead to people throwing death threats at him, and threatening
law suits.

he didn't encourage any reckless actions, i see Felix as quite a rational guy.

i have read the chromecast hack, and the printer one, have you? i doubt he
will, and if he does a simple defence could be made to fight for his case in
court.

3.) i don't know if you are talking about me or felix? i doubt felix has a
firm grasp on computer hacking law, but like i said he didn't tell them to do
that, in fact he's stayed at arms length. the actions giraffe took don't fall
foul of the UK law, idk about american.

i'm pretty much done with this exchange, and who ever has been down-voting my
comments.

~~~
watwut
1.) That is not what bug hunting is. Also, law does not care about it and that
is not how real world world bug fixing works at all.

2.) Just one note: being rational does not exclude irresponsible. Because what
is in rational for Félix self-interest is not in interest of hacker giraffe
nor in interest wannabe pre-teenage hackers in his audience. It might as well
be rational for him to be irresponsible as his audience like it.

3.) No, he does not have form grasp of laws. Again that would be against his
self interest, as he could not be funny clueless after.

I quoted him at full above. Frankly, sleezy and talking from both sides of
mounth. Encouraging it while keeping plausible deniality. End result: he is
safe while audience is having fun while they all think how cool consequences
less it was.

4.) American law is batshit crazy with penalties, expansive and absurdly
expensive even if you are actually innocent.

------
kazinator
If you really want to piss of authorities with printer hacking, remove the
watermarking.

[https://en.wikipedia.org/wiki/Machine_Identification_Code](https://en.wikipedia.org/wiki/Machine_Identification_Code)

------
dangero
I doubt anyone is after them because even 50K pages of paper /ink is not much
financial damage and I'm sure very few whose printer joined the party bothered
reporting it. Am I missing something?

~~~
Buge
Weev found that certain urls had private AT&T user information on them, and
scraped them to get 114k users' information. Then he notified a journalist and
sent the information to the journalist as proof.

He was found to have done $73k damages. Why? AT&T sent a physical letter to
all 114k people, and that was the cost of the postage. Convicted to 41 months
in prison.

[https://techcrunch.com/2013/03/22/weev-files-appeal-gets-
new...](https://techcrunch.com/2013/03/22/weev-files-appeal-gets-new-lawyer/)

~~~
CaptainZapp
Let's not forget that this gentleman is a neo nazi and white supremacist of
the vilest sort.[1]

I may be downvoted to hell and then some, but it's impossible to look beyond
those _facts_ before mythologizing him into some sort of hacker hero

[https://en.wikipedia.org/wiki/Weev#After_prison](https://en.wikipedia.org/wiki/Weev#After_prison)

~~~
shakna
One can both dislike a person and believe their actions were above board.

He doesn't have to be hero worshipped - his actions in this particular case
should stand on their own. His terrible beliefs may only come into it if they
are relevant to what actions he performed.

Serving prison time for notifying people of a serious privacy breach doesn't
seem to be a balanced approach.

~~~
eridius
> _Serving prison time for notifying people of a serious privacy breach doesn
> 't seem to be a balanced approach._

Except his crime wasn't "notifying people of a privacy breach". It was
_breaching that privacy_. There was absolutely no reason whatsoever for him to
actually scrape the personal information of 114k people.

------
_aravindc
Subscribe to PewDiePie !

~~~
abledon
I may just might if Elon musk actually goes on after his tweet. If anything
that’s definitely strong marketing game to gen -X-ers

~~~
lihaciudaniel
I don't think that may be the case, in his video he posts too many "far right"
red pills, even Paul Graham got criticised on Twitter for defending Kjelberg.

~~~
broodbucket
This simply isn't true, and just because someone gets criticised it doesn't
mean that criticism is valid.

