Pewdiepie Printer and CenturyLink Hack – Are We Seeing the Next Generation of Hacktisement?
Hacktisement has been flooding our inboxes for decades. But now, it is taking a new form hitting us in ways that we may not be able to block.
We have seen two recent instances of next generation of malware, Hacktisement. The first instance of Hacktisement involves the popular Inter(net)tainer PewDiePie – ask a kid. Anyway @TheHackerGiraffe sent a print job shilling for PewDiePie to 100,000 poorly deployed printers across the globe — hitting 1/8th of accessible printers on the public Internet – wasting 200 reams of paper. Your math is correct, 800,000 printers are on public Internet. The silver lining fact, ~600 million printers are behind a firewall, NAT or some sort of physical port. To pull off the hack, @TheHackerGiraffe used a couple of common tools; Shodan – a device search service that indexes devices on public Internet, and Printer Exploit Toolkit (PRET) for sending a print job. The hack is simply iterating through a list of targets sending crafted message.
The second hack happened in Utah. Utah passed a law that requires ISPs to notify their customers that filtering software is available to block harmful content for minors. There are many free and well known DNS services for blocking illicit sites. The law was fairly open on how ISPs could notify their subscribers, including to simply notify on subscribers monthly bill. Instead, of using a simple, low tech, non-invasive method, CenturyLink decided to block all Internet traffic to a subscriber, redirecting their subscribers’ HTTP traffic to an advertisement for CenturyLink’s paid filtering software. Once the advertisement completed, the subscriber verified a notice to restore Internet service. In VPN/TOR/HTTPS world, what is the fallback plan? A subscriber would call CenturyLink tech support and then be directed to listen to advertisement to restore service.
Here we link some of the better sources of information related to these hacks: