recommended reading

Threatwatch

Anti-Semitic and Racist Fliers Print Out at Colleges

Network intrusion; Unauthorized use of system administrator privileges; Software vulnerability

A notorious hacker who goes by “Weev” says he transmitted the pages to every Internet accessible printer in North America.

Covered in swastikas, the fliers, which seemed to appear spontaneously on more than a dozen college printers, including those at Princeton University, mentioned “the struggle for global white supremacy.”

Weev, whose real name is Andrew Auernheimer, said he did not specifically target college campuses.

In addition to Princeton, the messages appeared at the University of California, Berkeley; Smith College; Brown University; the University of Massachusetts, Amherst; and Mount Holyoke College, among other places.

Many university printers allow printing from outside their computer networks. Auernheimer said he did not hack into the printers, but activated them using remote access.

The fliers directed readers to The Daily Stormer, a neo-Nazi website. Auernheimer said free speech was the motivation behind his printing spree: "White cultures and only white cultures are subject to an invasion of foreigners.”

Auernheimer told The Washington Post that he carried out the attack from his home in Abkhazia, a breakaway region of Georgia. He said he was able to print the fliers to at least 20,000 printers across the United States, exploiting vulnerable devices with Internet addresses that are publicly available online.

Princeton University officials said they believe someone was able to learn the unique Internet addresses of university printers and sent the document as part of a coordinated attack. Any networked printer is potentially vulnerable to such a breach if a computer user is able to hack into the network or learn its specific address.

sector

Education

reported

March 28, 2016

reported by

New York Times

number affected

20,000 printers

location of breach

United States

perpetrators

Hacktivists

location of perpetrators

Abkhazia, Georgia

date breach occurred

March 25, 2016

date breach detected

March 25, 2016