An infamous black hat hacker and internet troll has admitted to hijacking 29,000 printers in dozens of college campuses across the US to remotely print out multiple copies of racist and anti-Semitic flyers between Thursday to Friday 24-25 March. Andrew Auernheimer, known as Hacker Weev, explained in a blog post how he was able to exploit a vulnerability in certain online printers.
Auernheimer used a single line of Bash script code to scan the internet for unprotected printers that were connected to the web using the open port 9100, and then created a PostScript file containing a flyer advertising a white supremacist news website called Daily Stormer. Since the printers were programmed to automatically print this file format out, they immediately complied.
The flyer read: "White man, are you sick and tired of the Jews destroying your country through mass immigration and degeneracy? Join us in the struggle for global white supremacy at The Daily Stormer," in bold, black capitalised font, accompanied by a pair of large swastikas, as well as the website's URL, and the hacker confirmed that the flyer was specially made for him by Daily Stormer staff.
US universities up in arms over hate crime incident
The flyers were discovered at multiple colleges, including Princeton University, Brown University, Yale, University of California at Berkley, Northeastern University, DePaul University, Smith College, UMass Amherst, University of Wisconsin-Milwaukee, Depaulia, Mt Holyoke and Clark University, according to the multiple US TV channels that picked up the story over the weekend.
The universities in question took the flyers extremely seriously, launching investigations and in some cases even calling the police to report the incident as a hate crime, which led to the FBI getting involved. However, it is unlikely that Auernheimer will be prosecuted, as according to New Jersey newspaper The Star-Ledger, he is now living in Sukhumi, Abkhazia – formerly a city in Georgia that now considers itself to be an independent republic.
"The Internet of Things will prove a most glorious contribution to comedy," Auernheimer wrote, making sarcastic jokes as he followed the news coverage, posts on Reddit and Twitter, as well as uproar from the universities affected. His experiment was designed to see how easy it would be for a hacker to hijack printers connected to the open internet.
Why Weev has it in for the US
Auernheimer, now 30, became infamous in 2010 when he was arrested in New Jersey for stealing 114,000 email addresses from iPads connected to AT&T by hacking into the service provider's public servers. At the time, Auernheimer was a member of the Goatse Security group, but he chose to expose the flaw and reveal the email addresses to Gawker Media before informing AT&T.
The email addresses belonged to regular citizens as well as government officials, like the New York City mayor Michael Bloomberg, military personnel and even high-profile celebrities like Miramax co-founder and film producer Harvey Weinstein.
Because the flaw was exposed before AT&T had a chance to fix the problem, Auernheimer was prosecuted for theft and in 2012, a federal court sentenced him to 41 months in prison and ordered him to pay $73,000 (£51,190) in restitution, despite an outcry from human rights activists and the computer industry.
Although Auernheimer told Gawker in 2012 that he had Jewish ancestry and then converted to Mormonism, he told IBTimes UK that this is not true:"Before I was a Mormon, I was a Lutheran. I have never attended a synagogue, do not speak Hebrew, and do not worship the Jewish god."
It is believed that while in prison, Auernheimer then became a white supremacist, as he published an article on the Daily Stormer entitled What I Learned From My Time in Prison in October 2014 after he was released, accompanied by a picture of himself with a swastika tattoo on his chest.
Auernheimer maintains that he wasn't fairly prosecuted. He claims in the article that the Jewish lead prosecutor who tried him and the federal court judge ignored testimonies in his defence from multiple technology experts, computer crime legal experts, Harvard and Stanford law scholars, as well as the Electronic Frontier Foundation and the National Association of Criminal Defense Lawyers.
Eventually in 2014, the Third US Circuit Court of Appeals found that Auernheimer was prosecuted in the wrong federal court and decided to completely reverse his conviction, but it did so without addressing the controversial Computer Fraud and Abuse Act (CFAA), which was used to justify jailing him. Hence, ever since his release, Auernheimer has taken the opportunity to expose the US government whenever any major data breach occurs.