Hacking. Disinformation. Surveillance. CYBER is Motherboard’s podcast and reporting on the dark underbelly of the internet.
Someone or multiple people are blasting “antiwork” manifestos to receipt printers at businesses around the world, according to people who claim to have seen the printed manifesto, dozens of posts on Reddit, and a cybersecurity company that is analyzing network traffic to insecure printers.
“ARE YOU BEING UNDERPAID?” one of the manifestos read, according to several screenshots posted on Reddit and Twitter. “You have a protected LEGAL RIGHT to discuss your pay with your coworkers. […] POVERTY WAGES only exist because people are ‘willing’ to work for them.”
On Tuesday, a Reddit user wrote in a post that the manifesto was getting randomly printed at his job.
“Which one of you is doing this because it’s hilarious,” the user wrote. “Me and my co-workers need answers.”
There are countless similar posts on the r/Antiwork subreddit, some of which have this same manifesto. Others have different messages with the same sentiment of worker empowerment. All of them suggest that the reader of the message check out the r/antiwork subreddit, which has exploded in size and influence over the last several months as workers begin to demand their worth and organize against abusive workplaces.
“Stop using my receipt printer dudes. Although hilarious, I’d like it to stop,” one Reddit post read. Another one read: “I’ve received about 4 different messages at random times over the last week at work. Very inspiring, encouraging, and fun to see my bosses face when he has to rip them off the printer.”
“Love r/antiwork but please stop spamming my receipt printer,” another post read.
Some people on Reddit have suggested that the messages are fake (i.e. printed by people with access to a receipt printer and posted for Reddit clout) or as part of a conspiracy to make it seem like the r/antiwork subreddit is doing something illegal.
But Andrew Morris, the founder of GreyNoise, a cybersecurity firm that monitors the internet, told Motherboard that his firm has seen actual network traffic going to insecure receipt printers, and that it seems someone or multiple people are sending these printing jobs all over the internet indiscriminately, as if spraying or blasting them all over. Morris has a history of catching hackers exploiting insecure printers.
“Someone is using a similar technique as ‘mass scanning’ to massively blast raw TCP data directly to printer services across the internet,” Morris told Motherboard in an online chat. “Basically to every single device that has port TCP 9100 open and print a pre-written document that references /r/antiwork with some workers rights/counter capitalist messaging.”
Whoever is doing this, Morris said, is doing it “in an intelligent way.”
“The person or people behind this are distributing the mass-print from 25 separate servers so blocking one IP isn’t enough,” he said.
“A technical person is broadcasting print requests for a document containing workers rights messaging to all printers that are misconfigured to be exposed to the internet and we’ve confirmed that it is printing successfully in some number of places the exact number would be difficult to confirm but Shodan suggests that thousands of printers are exposed,” he added, referring to Shodan, a tool that scans the internet for insecure computers, servers, and other devices.
There is a long history of hackers exploiting insecure printers. In fact, it’s a classic hack. A few years ago, a hacker made printers print out promotions for the YouTube channel of the controversial influence PewDiePie. In 2017, another hacker made printers spit out a message where they were bragging and calling themselves “the hacker god.”
If you know who is behind this, or you are the person doing this, please reach out. You can message securely on Signal at +1 917 257 1382, Wickr/Telegram/Wire @lorenzofb, or email [email protected].