back to article Hacker: I made 160,000 printers spew out ASCII art around the world

Printers around the world have been hacked and instructed to churn out pages and even sales receipts of alarming ASCII art. The messages, which began spewing from internet-connected printers on Thursday, read: "Hacked. Stackoverflowin/stack the almighty, hacker god has returned to his throne, as the greatest memegod. Your …

  1. Oh Bother

    Adequate Pernicious Toerags.

    I can't even be arsed thinking of something interesting to say.

    1. Anonymous Coward
      Anonymous Coward

      Re: Adequate Pernicious Toerags.

      People have been known not to say anything in those circumstances. I know it's a novel idea, but still..

      :)

    2. Jan 0

      Re: Adequate Pernicious Toerags.

      Perhaps that's because you're a towrag?

      Icon needed: "Gotcha"

  2. Anonymous Coward
    Anonymous Coward

    That was an Epson printer

    In one of the pics I saw an Epson printer thus exposed, so I had a quick check of mine with nmap:

    Host is up (0.0015s latency).

    Not shown: 5256 closed ports

    PORT STATE SERVICE

    80/tcp open http

    139/tcp open netbios-ssn

    443/tcp open https

    445/tcp open microsoft-ds

    515/tcp open printer

    631/tcp open ipp

    1865/tcp open entp

    9100/tcp open hp-pdl-datastr

    Wow :(. Mine hangs off an isolated subnet so it doesn't see the Internet, but yeah, it could do with some control.

    Now, that said, the number of people who have that raw on the Net ought to be small as most networks are behind NAT, so I wonder how this can be accessed from the public side of even the most basic routers.

    1. d3vy

      Re: That was an Epson printer

      Universal plug and play.

      I've got a nas that opened up ports on my firewall for remote access when I plugged it in because I forgot to disable upnp on the new router I got a few weeks before.

      1. LDS Silver badge

        Re: That was an Epson printer

        Now there are probably also people opening ports for Google Cloud Print, HP ePrint, and the like - in work environments - and probably without actually knowing what they're doing. If you look on support forums, there are users telling others to open ports inbound when there should be no need.

        1. Roland6 Silver badge

          Re: That was an Epson printer

          >Now there are probably also people opening ports for Google Cloud Print, HP ePrint, and the like ... without actually knowing what they're doing.

          Agree, I use Google Cloud Print and HP ePrint and never had to open ports for them to work on corporate networks, perhaps I'm doing something wrong...

      2. Roland6 Silver badge

        Re: That was an Epson printer

        re: "I forgot to disable upnp on the new router"

        I've found this setting to be a little confusing, due to the lack of information. On some (DSL) routers/firewalls the UPnP setting applies to all interfaces, thus enabling UPnP enables it on the WAN and LAN interfaces, on others it just enables it for the internal LAN interfaces. The only way of telling which one you have is to enable UPnP on the router, boot up a UPnP enabled device on a LAN port and then do an external open ports scan.

  3. This post has been deleted by its author

  4. M7S

    That's no robot

    That's an Omnimech, known as a Mad Cat, or Timber Wolf to its Clan pilots.

    Quaff?

    1. Ugotta B. Kiddingme
      Pint

      Re: That's no robot

      indeed. Saw that and my first thought was "OK, I suppose Mechwarrior is relevant and/or appropriate for the circumstances."

      Here. On me. ------------------------>

  5. Gene Cash Silver badge

    "hadn't contacted Xerox"

    As the earlier poster mentions, it's not just Xerox. I wonder how many manufacturers are affected?

    Considering my prior experiences with Zebra, Xerox, Epson, and Lexmark... if he's *lucky* they'll just tell him to f*ck off.

    If they're on their usual behavior, they'll send all of the lawyers over.

  6. heyrick Silver badge

    Holy crap!

    He was able to get 160,000 printers doing stuff?

    I have enough trouble getting just one printer to do anything at all.

    God, life was so much simpler when printers had moving pins and paper had detachable strips with holes in. The most we had to worry about was if you needed CRLF or just LF, and whether £ was £ or just #. These days printers are so much more capable...and accordingly so much more a pain in the ass.

    So I take my hat of to him simply for getting results out of that many printers.

    1. RAMChYLD

      Re: Holy crap!

      My big beef with these printers is that they don't come with programming manuals anymore. I remember when I got my first printer, an Epson LQ-100, and it came with a nice, thick book explaining all the escape sequences one can send from BASIC. Spend enough time on it and you could practically draw really nice graphics.

      Those were the days.

      Also, back in those days you could practically get ISO/A2 printers off the shelf - I have a NEC P6300 with the color kit installed. It could do ISO/A2 color prints. Can't do that without spending big bucks on a large format printer nowadays.

      1. Loyal Commenter Silver badge

        Re: Holy crap!

        I remember those old Epson LQ series dot matrix printers. I think the one I had was the LQ-400. They were a seriously well engineered piece of kit, unlike modern printers which are on the whole made from flimsy plastic parts.

        1. disgustedoftunbridgewells Silver badge

          Re: Holy crap!

          And priced accordingly. I bought myself a mono laser printer for £30 recently. If it breaks, I'll chuck it out and buy a new one.

          1. Anonymous Coward
            Anonymous Coward

            Re: Holy crap!

            LOL, that's basically the price of the toner cartridge :).

            1. disgustedoftunbridgewells Silver badge

              Re: Holy crap!

              It came with a full cartridge of toner too.

      2. Anonymous Coward
        Anonymous Coward

        Re: Holy crap!

        I remember when I got my first printer, an Epson LQ-100, and it came with a nice, thick book explaining all the escape sequences one can send from BASIC. Spend enough time on it and you could practically draw really nice graphics.

        I once wrote barcode printing software for the Psion Organiser II, and in the process I learned a very important lesson: print heads get warm. I had a Star SR10, and I accidentally scaled a barcode wrong so it printed out a solid page of black (one bar - let's say I was off a bit :) ). Somewhere along the second page of black it jammed, made a very ugly sound and the entire ribbon cartridge came flying out, taking the lid above the printhead with it.

        It turned out the printhead had no thermal cutout, and by making it print solid black it overheated and jammed. This meant a few pins stuck out, and as it just reached the end of line, the carriage return meant the print pins (already busy deeply gauging the rubber roll on their way back) met the ink ribbon going in the opposite direction, so something had to give. Which turned out to be pretty much everything :).

        On the plus side, I already had my eye on the newly released Canon Bubblejet 130 (130 was the wide carriage version) so life became a lot quieter after that - still the same EPSON commands for graphics, though.

        Yes, fun times :).

      3. Anonymous Coward
        Anonymous Coward

        Re: Holy crap!

        What would you do with a manual today? Nobody - but for very niche printers, maybe - codes for a specific printer language (only maybe standard ones like Postscript or PCL, again for very specific needs). You let the OS turn drawing primitives into specific printer commands. After all, even to reach the printer itself you need to access the USB layer (for a local printer) and that usually require some sort od driver.

        I still remember when if your printer was not supported by your word processor, you could try to add it yourself using some arcane and little documented utility, or the time spent trying to adapt your software to the damned printer your customer bought. Good it's no longer needed.

        I also worked on PoS systems, but that's really a different world.

        1. Roland6 Silver badge

          Re: Holy crap!

          >What would you do with a manual today?

          Write a Linux driver for it!

          or even write an NT4/W2K3/XP/7 driver for a modern printer that only comes with Win10 driver support...

          Whilst I fully understand the lack of manuals in the box, what is irritating is the lack of such reference documentation available on the relevant vendor website.

        2. heyrick Silver badge

          Re: Holy crap!

          "What would you do with a manual today?"

          Be able to write printer drivers for systems not officially supported, rather than this modern era NDA bullshit.

    2. Anonymous Coward
      Anonymous Coward

      Re: Holy crap!

      God, life was so much simpler when printers had moving pins and paper had detachable strips with holes in.

      No it wasn't.

      Feed wheels going out alignment, ribbon jams, paper mis-feeds, print jobs colliding (several people sending prints at the same time and it throwing a wobbly), head jams, and the noise...oh god the noise!

      One in a room bearable, 20 in accounts, time for a soundproofed room!

    3. Colabroad

      Re: Holy crap!

      Life was even simpler when you'd send your manuscript to a Monastery and have them copy it by hand.

      Of course, you had to worry about some black caped villain handing them a groat to add their own text, or the occasional scribble of "Bernarde woz 'ere 1126AD" in the margin.

      1. Anonymous Coward
        Anonymous Coward

        Re: Holy crap!

        They wrote with groats?

  7. Zmodem

    bit of a shit message, should have done some alien crop circle and GPS coordinates to a marsh in the amazon, and see how ufo hunters waste money and going there

    they hijacking printers instead of tv's now

    http://www.cropcirclesecrets.org/crop_circles_sacredgeo2.html

  8. Stevie Silver badge

    Bah!

    Seriously? This was the "disturbing" ASCII art?

    Sweet Azathoth's Nebular Nodes, we were experiencing better quality ASCII art, both of the distiurbing and non-disturbing schools, back in the 1970s, ASCII art that makes these efforts look like kindergarten crayonings in comparison.

    I've a particularly nice pair of recumbant tigers on a twelve-foot ribbon of greenbar tractor-feed in storage that dates from 1975 that is a 3D composition - with decent vanishing point perspective and stuff - that was run off on an ICL barrel printer (and that was archived by the owner on punched cards), and I recall a fine Mona Lisa and an El Greco interpretation also being popular subjects for late night unauthorized paper budget dinging. There was also a magnificent five-foot rendering of the Golden Gate Bridge now I come to think on it.

    Pfft, sir! Pfft!

    1. Peter Gathercole Silver badge

      Re: Bah!

      I remember seeing an astounding piece of ASCII art in the early 1980s. It was a picture of a mountain climber hanging off a cliff, printed on several lengths of 132 column line printer paper. The whole picture was hung on a wall, occupying something like a 6x4 foot space on the wall (I may have the dimensions over-blown due to poor memory, but it definitely filled a large part of the wall).

      I believe that it was printed from a card-deck, with just enough JCL to directly print from the deck to the line-printer.

      Apparently, printing it on the University's central line printer was banned, and several people got into real trouble, and had their copy of the card deck confiscated when trying to print it.

      1. allthecoolshortnamesweretaken

        Re: Bah!

        I remember going to fun fairs and events like that in the late 1970ies / early 1980ies, and there usually was at least one stall where you could buy all kinds of ASCII art and watch it being printed.

        At some stalls you could even get your portrait printed out as an ASCII graphic and for a couple of [insert local currency] more transferred to a cheap t-shirt.

        At that time, as a nerdy kid, better than going on the roller coaster.

  9. JeffyPoooh Silver badge
    Pint

    Silly...

    .--.

    (O)(O)

    | o /

    |`-/

    |_/

    _

    (_)

  10. kbannan

    "The hijacker says he or she wrote a script that scanned for insecure public-facing devices with open RAW, Internet Printing Protocol, and Line Printer Remote services – running on network ports 9100, 631, and 515, respectively – and fired over print jobs."

    Yes, it all goes back to user or IT mistakes. As mentioned above -- leaving ports open, not updating firmware, not having good user policies in place, etc. There's a great blog that gives you ideas on how to make sure your printer is protected including reviewing an existing security policy and assessing network vulnerabilities. You can read the rest of the blog here. It's a bitly: /2korB0y

    --Karen Bannan for IDG and HP

    1. Anonymous Coward
      Happy

      Good security policy is not to follow shortend urls.

      1. Anonymous Coward
        Anonymous Coward

        Good security policy is not to follow shortend urls.

        Good security is knowing how to preview them (so I would agree with you that it should be offered in the preview version).

        The actual link is https://www.tektonikamag.com/index.php/2016/12/02/hackers-know-your-printers-vulnerabilities-do-you/, which you could have previewed by adding a "+" sign to the bit.ly URL - observe: http://bit.ly/2korB0y+ - you even get to see the statistics (as a link shortener is also a perfect tracking device).

        As for the target article in question, it's a bit meh as it appears to have been for managers and only applies to smaller devices. Printer security for larger devices goes also into encrypted onboard storage with access control, secure queue deletes etc.

        1. allthecoolshortnamesweretaken

          "... you even get to see the statistics (as a link shortener is also a perfect tracking device)."

          Which is another reason why not to follow shortened URLs is good security policy, no?

        2. Roland6 Silver badge

          Good security is knowing how to preview them

          Yes, it is useful to do some background checks, as it would seem that "Karen Bannan" and "Tektonika" are names being used by HP marketing - see

          https://disqus.com/by/Karen_Bannan/ - note the absence of comments on anything other than HP printers.

          https://www.tektonikamag.com/index.php/about-us/ - note the contact email tektonika@hp.com

    2. Anonymous Coward
      Anonymous Coward

      >Karen Bannan for IDG and HP

      "There's a great blog that gives you ideas on how to make sure your printer is protected "

      I wonder if the limitations of HP Secure Print we found when developing an (enhanced) secure print environment for a UK government department back in 2007 have been fixed yet...

  11. Adam 52 Silver badge

    I'm gently curious, did all those Twitter users consent to their personal information and copyright material being reprinted in El Reg?

    Sure there's a fair use loophole and an "already in the public domain" defense but it feels, well, unethical.

    1. 0laf Silver badge

      Twatter

      Twatter is in the public domain. Anything you post there is fair game to be republished. Copyrighted images excepted except that if it's yours you probably signed over the copyright to Twatter to be able to send it.

      It's very old advice but still very applicable - If you wouldn't want it published on the front of your local newspaper don't post it on the fucking internet.

    2. Anonymous Coward
      Anonymous Coward

      If you don't want it seen, don't make it public.

      In the old days it would be like printing a million leaflets with your details on it, leaving them spread across a thousand city centres and then complaining someone you don't know has a copy.

  12. lansalot
    Alert

    hmmm

    LPR exposed to the internet (check!), but he also had to invoke his mysterious zero-days, and firmware updates?

    Why bother, when LPR is so easy to do?

    1. Paul Woodhouse

      Re: hmmm

      hmm, indeed I was thinking that... can replicate that by just scanning everything for port 9100 and then just sending some postscript to it... for the really lazy, you can just hit http:\\ipaddress|DNSname:9100 in a browser to make it print something, although all it'll be printing is the GET request and your user agent string...

  13. Steve Evans

    It's either UPNP being it's usual helpful self (i.e. too helpful and opening up everything), or people with absolutely no clue what they're doing and routing ports themselves.

    There is *no* reason 99.9% of the printer owning population of the world would want or need their printer to be visible from the intertubes.

    The 0.1% who do should be the ones who have to jump through hoops to do it and have it done properly (VPN).

    The IoT is going to be a lot of fun for some people.

  14. Anonymous Coward
    Anonymous Coward

    1. Search for internet accessible printer

    2. Send print job to it.

    It's not exacly rocket science. Where does the hack come in exactly?

    Any organisation that gets one of these needs to have a serious talk with the person who misconfigured their firewall.

    1. JohnG Silver badge

      You can just Google for stuff like:

      inurl:hp/device/this

      ...and then just select "Print" from the menu.

  15. phuzz Silver badge

    A while ago I was searching for an error that an HP printer had thrown up. Rather than an explanation of the error, instead I got a listing of the publicly accessible web admin pages of a bunch of similar printers.

    I did send an email pointing out the problem where ever I could find a contact, but never got any replies.

  16. Bob Dole (tm)
    Facepalm

    Really old vulnerability...

    I remember finding open printers back in '01. The HP ones were fun because you could easily monitor and get a copy of the print jobs....

    There was one poor company I did something similar to. Each day for a couple weeks I'd print a nice message letting them know their print jobs were hacked. They ignored it though as the same printers were still open a few months after that.

    I also figured out how to remotely change those fun LCD displays to show any message I wanted. At one company I worked I had the printers show a message calling a particular manager a dick head. Much to my chagrin no one ever said anything about it.

    Eventually I got bored and moved on to securing networks.

    So here we have devices with security holes that have been around for at least 15 years and we expect these same companies to magically do a better job?

    1. d3vy

      Re: Really old vulnerability...

      I seriously hope. You changed. The LCD to read "white toner low, unable to print white"

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019