Someone is hacking receipt printers with 'antiwork' messages
The hacker is exploiting insecure printers with port TCP 9100 open.
Hackers are attacking business receipt printers to insert pro-labor messages, according to a report from Vice and posts on Reddit. "Are you being underpaid?", reads one message and "How can the McDonald's in Denmark pay their staff $22 an hour and still manage to sell a Big Mac for less than in America?" another states.
Numerous similar images have been posted on Reddit, Twitter and elsewhere. The messages vary, but most point readers toward the r/antiwork subreddit that recently became popular during the COVID-19 pandemic, as workers starting demanding more rights.
Some users suggested that the messages were fake, but a cybersecurity firm that monitors the internet told Vice that they're legit. "Someone is... blast[ing] raw TCP data directly to printer services across the internet," GreyNoise founder Andrew Morris told Vice. "Basically to every single device that has port TCP 9100 open, and print[ing] a pre-written document that references /r/antiwork with some workers rights/counter capitalist messaging."
The individual[s] behind the attack are using 25 separate servers, according to Morris, so blocking one IP won't necessarily stop the attacks. "A technical person is broadcasting print requests for a document containing workers rights messaging to all printers that are misconfigured to be exposed to the internet, and we've confirmed that it is printing successfully in some number of places," he said.
Printers and other internet-connected devices can be notoriously insecure. In 2018, a hacker hijacked 50,000 printers with a message telling people to subscribe to PewDiePie, of all the random things. The receipt printer hack, by contrast, has a much more focused set of targets and messages.