Spammers Send Junk Mail to Thousands of Printers

Spam has been with us since the very first days of email, but a Russian marketing agency recently took things a stage further by sending good old-fashioned paper-based junk mail over the internet.

The company claims to have advertised a graphic design course for its client Skillbox using a software bot that searched for online printers. It printed a one-page promotion on every device it found, directing them to a website boasting about its exploits.

The website for the company's marketing campaign, which I am deliberately not linking to here, explains that "by the 2024", it is "94% likely" that bots will replace accountants, auditors, and financial analysts by the million. Consequently, it says, accountants (or anyone else worried about being replaced by AI) should learn graphic design instead. The stats come from a five-year-old Oxford Martin School report, but that needn't concern us here.

What's more interesting is another statistic: 600,000. That’s how many printers the marketing agency claim to have clogged up with advertising, according to this report from Graham Cluley.

The agency pushing the training course used an increasingly common trick, scanning the Shodan search engine to find exposed devices that it could access. In this case, the devices were printers available on port 9100.

Port 9100 is the port used by the Windows printing architecture and CUPS, the 20-year-old modular printing system for UNIX -like operating systems, to communicate with network printers.

The agency exploited these open ports to send its unsolicited junk mail directly to printers over the internet, it said.

It wouldn't be the first time that someone had spammed printers online. In December, a hacker calling himself TheHackerGiraffe spammed 50,000 printers promoting popular YouTube celebrity PewDiePie. Other incidents have been much darker. Nazi nerd Andrew Aurenheimer, a.k.a. Weev, sent white supremacist messages to every printer in North America that he could find instead of using Shodan, he used Masscan, which is a mass IP port scanner. 

IoT security stories often talk about creeps spying on people via hacked webcams, or hacking industrial equipment to cause havoc. The headlines talk less about the everyday devices like printers that lie vulnerable across the Internet. 

Sending spam to these printers is only one possibility. The Printer Exploitation Toolkit (PRET), which was TheHackerGiraffe's weapon of choice, also allows intruders to capture or manipulate print jobs, access the device's file system and memory, or even cause physical damage to the machine.

You may not care about idiotic messages spewing out of your printer, but you probably should worry about someone halfway around the world slurping that internal contact list you just printed.

The topic of Cyber Physical/IoT will be covered throughout the free-to-attend conference at Infosecurity Europe in London from 4-6 June. See all the talks on Cyber Physical/IoT here. Infosecurity Europe is the leading European event for information and cyber security; find out more and secure your free visitor badge.

What’s Hot on Infosecurity Magazine?