Members of cyber-hacking group Anonymous are protesting against the war in Ukraine by sending a flood of anti-war messages to vulnerable printers in the Russian Federation, reports industry researcher Keypoint Intelligence.
| "Easy for an experienced
hacker": Jamie Bsales,
“We spend a lot of time and resources here at Keypoint Intelligence educating about (and testing for) printer vulnerabilities,” says Jamie Bsales, director, office workflow solutions analysis, Keypoint. “So, we never thought we would be happy to see a widespread printer hack…until this one.
“Members of the notorious cyber-hacking collective know as Anonymous have put their skills to use in supporting Ukraine by sending anti-war messages to printers around the Russian Federation that were left vulnerable to the exploit.
“With information about the war tightly controlled by the Kremlin, Anonymous decided this end-run directly to Russian citizens would be an effective way to try to counter Russian disinformation.
“The group claims to have printed hundreds of thousands of pages bearing messages that include, “Citizens of Russia, act now to stop terrorists…Putin killing over thousands in Ukraine…The people of Russia should find horror in Putin's actions…Fight for your heritage and honor, overthrow Putin's corrupt system that steals from your pockets…Give peace and glory to Ukraine, which did not deserve the murder of its innocents! This message was brought to you by Anonymous. We are legion. We do not forgive. We do not forget. Expect us.”
Printer hacking is easier than you might think, according to Bsales.
“You might think getting printers on private networks and spread around a country to spit out a PDF file sent from overseas would be a tough feat. But, unfortunately, with printers not getting the same attention from IT departments as PCs, servers, and other endpoints, accomplishing this is easy for an experienced hacker.
“Our penetration testing of network MFPs has revealed that most devices are shipped from the factory with almost no security enabled. The rationale is that the dealer or IT personnel placing the device will turn off access to unsecure ports and protocols and enable more secure alternatives. But, as Anonymous’ successful exploit shows, that doesn’t always happen in the real world.
“Our research has also shown that office equipment service departments are too often lax in keeping printers and MFPs in their purview up to date with the manufacturers’ latest firmware updates. Firmware updates often contain crucial improvements to remedy a newly uncovered security flaw, so ensuring devices are up to date is vital for cyber hygiene. In our conversations, however, some service managers took an “if it ain’t broke, don’t fix it” approach to updating device firmware in the field.
“While we applaud Anonymous’ efforts (in this instance, at least), we are dismayed to see just how many printers are vulnerable to such an attack. We implore all organizations to treat their output devices just like any other endpoint gateway to the network and secure them as such.”