Popular Printers Pwned In Prodigious Page Prank

A new day dawns, and we have another story involving insecure networked devices. This time it is printers of all makes and descriptions that are causing the panic, as people are finding mystery printouts bearing messages such as this:

Stackoverflowin has returned to his glory, your printer is part of a botnet, the god has returned

Well that’s it then, you can’t argue with a deity, especially one who has apparently created a botnet from the world’s printing devices. Printer owners the world over are naturally worried about their unexpected arrival, and have appeared on support forums and the like to express their concern.

We are of course used to taking everything our printers tell us at face value. Low on ink? I hear you, my inanimate reprographic friend! But when our printer tells us it’s part of a botnet perhaps it’s time to have a little think. It is entirely possible that someone could assemble a botnet of compromised printers, but in this case we smell a rat. Only in farcical crime dramas do crooks announce their crimes in such a theatrical fashion, you might say it’s the point of a botnet not to be detected by its host. Reading some of the reports it seems that many of the affected systems have port 9100 open to the world, that’s the standard TCP printer port, so it seems much more likely that someone has written a little script that looks for IP addresses with port 9100 open, and trolls them with this message.

The real message here is one with which we expect Hackaday readers will be very familiar, and which we’ve covered before. Many network connected appliances have scant regard for security, and are a relative push-over for an attacker. The solution is relatively straightforward to those of a technical inclination, be aware of which services the devices is exposing, lock down services such as uPNP and close any open ports on your router. Unfortunately these steps are probably beyond many home users, whose routers remain with their default manufacturer’s settings for their entire lives. It’s a shame our printer troll didn’t add a link to basic router security tips.

If you want to have a little fun, some of the printed pages include an email address for ‘the god’. It would be fun to figure out who this is, right?

40 thoughts on “Popular Printers Pwned In Prodigious Page Prank

  1. I don’t normally have nice things too say about crackers, But whoever done this is funny in the good way. I can almost imagine some checkout person in a store somewhere thinking their printer has become self aware. Props to the exploiter revealing the problem even if they are embellishing a little on what is really going down.
    I have come to the same conclusion as Jenny I think all the exploiter really has the power to do is print some messages. the manufacturer’s probably sold this as a “feature” after all printer’s, webcams etc where the original IOT.

    1. Would this be considered white-hat? The only negative I can see is a few centimetres of wasted paper, and the positive is a good laugh and/or the realization of poor security. Maybe a little bit of paranoia induced to the end user…

      It would be awesome if the readout contained a URL to a good way to secure the affected device(s).

    1. A form feed is one line on a TMH6000/TM88-MK 2 through to 5.
      So their printers won’t waste much paper.

      The configurations of the TMH6000 I know of usually are installed in a way they are a memory mapped virtual port over USB on systems running JavaPOS (Installed in a way == The driver behavior). Thus would be hard to expose said printers in this state.

  2. we are the borg
    lower your shields and surrender your ships
    we will add your biological and
    technological distinctiveness to our own
    your culture will adapt to service us
    resistance is futile

      1. Why? The Borg will see to it that you will always have the energy you need to exist and you will no longer have to think for yourself. Their nanobots will heal injuries, and through the collective you’ll never feel alone.
        B^)

  3. When I was working as a network engineer I had quite a few customers on a WAN that left their printer and file shares open. Instead of calling them, I figured it would make more of an impact if I printed letters to them on their printers. I’m sure if freaked them out…

    1. Dear (insert user name here),
      It is lonely at night waiting for you to return to work the next morning,
      not to mention the trauma you cause when you leave for an extended weekend
      without even a good-bye. The loneliness is even deeper when you take the laptop home and I am left in
      this office alone. Do you know how frightening it can be in your office at night? Have you SEEN the cleaning crew?
      Where did they get those people? Did you know they clean your keyboard with the same cloth they use to clean
      the toilet seats?
      Do you remember when was the last time you cleaned me? My insides are getting quite groady.
      And why do you keep hitting me? If you had performed routine maintenance and cleaning, I wouldn’t be
      choking on all this crud and jamming up your precious printouts of dirty jokes or your children’s school papers.
      Yes, I know about those, and because I’m networked, your bosses printer knows about it too! Why do you feed me that cruddy toner? Don’t you know it is scratching my optical coupler? Buying those recycled toner cartridges from Joe’s Fly by Night Toner Refills and Live Bait Emporium will one day be the death of me. I can see to it that I die
      halfway through the first page of a critical printout you need for a meeting just minutes away. (The laptop shares your schedule and emails with me too!)
      And why do you think your password is secure? The servers in the mailroom got quite a laugh out that one! And we know you’ve waited too long to bother changing it. (The desktop of that Romanian hacker also agrees it is a lame one).
      Although you continually ignore me,
      I wish you a nice day.
      Lovingly Yours,
      HP2231VCS@Office237.(yourCompany).com

    2. At a major company HQ I worked for in the late 1990’s, a printer with live checks in it was left on an open share. Nobody would take care of it until I printed out a few checks on it (0 value, of course — I’m not that crazy). THAT got some attention, I tell you what…

  4. Did a local scan of nearby 65,536 hosts. Found 1,813 jetdirects. I think they’re going to be Rick Rolled:
    We’re no strangers to love
    You know the rules and so do I
    A full commitment’s what I’m thinking of
    You wouldn’t get this from any other guy

    I just wanna tell you how I’m feeling
    Gotta make you understand

    Never gonna give you up
    Never gonna let you down
    Never gonna run around and desert you
    Never gonna make you cry
    Never gonna say goodbye
    Never gonna tell a lie and hurt you

    We’ve known each other for so long
    Your heart’s been aching, but
    You’re too shy to say it
    Inside, we both know what’s been going on
    We know the game and we’re gonna play it

    And if you ask me how I’m feeling
    Don’t tell me you’re too blind to see

    Never gonna give you up
    Never gonna let you down
    Never gonna run around and desert you
    Never gonna make you cry
    Never gonna say goodbye
    Never gonna tell a lie and hurt you

    Never gonna give you up
    Never gonna let you down
    Never gonna run around and desert you
    Never gonna make you cry
    Never gonna say goodbye
    Never gonna tell a lie and hurt you

    (Ooh, give you up)
    (Ooh, give you up)
    Never gonna give, never gonna give
    (Give you up)
    Never gonna give, never gonna give
    (Give you up)

    We’ve known each other for so long
    Your heart’s been aching, but
    You’re too shy to say it
    Inside, we both know what’s been going on
    We know the game and we’re gonna play it

    I just wanna tell you how I’m feeling
    Gotta make you understand

    Never gonna give you up
    Never gonna let you down
    Never gonna run around and desert you
    Never gonna make you cry
    Never gonna say goodbye
    Never gonna tell a lie and hurt you

    Never gonna give you up
    Never gonna let you down
    Never gonna run around and desert you
    Never gonna make you cry
    Never gonna say goodbye
    Never gonna tell a lie and hurt you

    Never gonna give you up
    Never gonna let you down
    Never gonna run around and desert you
    Never gonna make you cry
    Never gonna say goodbye
    Never gonna tell a lie and hurt you

    You have been Rick Rolled.

    1. That would be amazing, Either that or send them a print telling them you are the high commissioner of the Nigerian government and need to transfer funds all you need though is a small customs charge of $2k then you can release the $30 million.

    2. Nah, just to add insult of cheesiness:

      Never gonna print you up
      Never gonna write you down
      Never gonna run out and misprint you
      Never gonna break and die
      Never gonna fail retry
      Never gonna tell a truth and help you

      You have been printer rolled

  5. O this brings back some good memories,

    I enjoy a good prank at the office just about every April, 1st.
    One year I discovered the “upsidedownternet” and replicated that across only port 80 traffic in my entire 28 building WAN, proxied everything back to one linux software router then out. set it to flip 1 out of 10 or so images or blur them then let er rip never the same image across page loads and every picture had randomness apply so it was very inconsistent but notable. To note here, if you do a “traceroute” the path is one way while web traffic goes another. This kept the rest of the IT department in the dark, sure “what is my IP” would have given up the path, since everything was out one interface/ip, but when you keep your boss busy with the screen shot of the desktop set as the background and he is busy taking his computer apart thinking hardware has failed. Well then they are too busy to think rationally :)

    http://www.ex-parrot.com/pete/upside-down-ternet.html

    The next year I discovered port 9100 can be used to more then print to paper, IE to the included LCD on many HP printers
    https://www.irongeek.com/i.php?page=security/hphack and http://www.balkenet.com/it/?p=155 or https://www.autoitscript.com/forum/topic/64137-hp-printer-display-hack/

    In the end I choose what I thought were fitting new messages, put up a linux vm with a script to send it every few min to ensure even after power cycles it got the message :) and then I sat back and enjoyed the day. Side note turns out support contractors with Canon copiers got a good kick out of it too and I didn’t even know it for a year!.
    Long story short I made our Canon copier in the main office say “The radiation screen in this device has failed!!!, please step back 10 feet and call support” – my expectation would be a few phone calls to my office. I even passed a lady with a lap full of papers sitting on the guest couch across from the copier/printer and I asked the leading question, “everything ok?” she said yep she called support. It turned out that machine was under contract, the contract support got the call, and after a bit my attention got side tracked with actual work never knowing the outcome of the call. The next year the company was dropping off a new device and I introduced myself and to my surprise the knew my last name and they said your XYZ you did the radiation screen joke. We all had a good laugh.

    Out of Cheese, Insert Coin, 10101010, Needs Cowbell, I Voted, 1337, Hairball detected, Errrrrr OMY,

    A few years ago I told my boss we had a “leak” in the datacenter!!! – set the camera rolling, he runs in and is like where is it? looking around the condensate lines of the AC, looks at the floor, nothing, then he sees a nice large green “leek” sitting on a small step ladder in the middle of the room, his face was one of “I am going to kill you while you sleep”.

    Good times.

  6. Although technically via print servers…..

    Was expecting this the first day I got to work (7 years ago) when I found machines that hook RS232 over TCP/IP.
    For example an XN U5R that ran NT4.0, A black-box Unix/Linux like device with over a dozen RS232 ports that hook up the printers as a kind of print server.
    Funnily, there were (Usually) only ever two printers installed on these server boxes.

    Oh and the U5R runs their original OS they were distributed with.
    The black-box PC (It was literally a smallish black aluminium box with power RS232 and Ethernet ports on one side)

    We no longer service the contract they were on.

  7. I’m a bit puzzled, does this mean this port is accessible from the other side of my router? Last time I did a shields up scan I was locked down tighter than a Muslim trying to enter America.

    1. Normally not. But some companies/universities put the printer(s) in a public address range. In many universities ports cannot be blocked as this would be censorship. If you have jetdirect open to the Internet you get “junk prints” quite often, often of the Nigerian scam variety.

  8. It is like 1989, 1995, and 1999 all over again :P
    This is the workings of tired and played out script kiddie bs. Whoever did this probably has an altar in his room where Optimus Prime is married to Megatron and co-parent Bumblebee in between bouts of furious transformer sex.
    It is not unlike driving around throwing newspapers into open windows that say “Nazis are coming to murder your family”. There are better ways to go about spreading your message.

    1. localised error messages are kind of a fun on their own. for example in hungarian the color Cyan and the chemical substance Cyanide have the identical word as translation: cián

      now once i was printing some images with a HP colour laserjet, and suddenly the LCD said to me: “Order cyan cartridge”, which was written in my language as “rendeljen ciánt”. now anybody would interpret this as they should order cyanide. (the “fun” stuff that it happened in the office and i work for a german owned company)

    2. Reminds me about windows having that net message thing running as default, meaning people that had you IP could just send a text message to you and a window would open up displaying it.
      That caused people to send people all kinds of amusing/scary message – until MS patched it and closed that stuff up.

      It shows you how MS though about the internet back then, not a clue. And Gates said the internet would never become a thing I hear, so it makes sense I guess.
      But to be fair unix had similar silliness in the early days, with ‘echo’ and such stuff.

      Still odd to see these things are around these days though.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s