Are printers a threat to a business’s security?
Can you really rob a bank with a printer? Yes. It isn’t easy, but it did happen..more than once…and it could happen again because the perpetrators are still up to no good, and they’re outside the reach of conventional law enforcement.
Printer hacks are affecting businesses around the world
In 2016 the Bank of Bangladesh had $81 million stolen via fraudulently requested wire transfers from their account with the Federal Reserve Bank of New York. To keep anybody from noticing these illicit transfers, the hackers targeted a small office laser printer connected to the Bank of Bangladesh’s SWIFT messaging system.
The printer’s role was to print all transaction records automatically. The thieves took advantage of an unpatched vulnerability, hacked into the printer, and disabled it. Without the receipts being printed, the bank could not reconcile every transfer until they were able to repair it the next day.
By the time they realized some of the transfers were bogus, the money had been disbursed through subsequent transfers around the world and laundered through casinos in Macau. A printer that carried a retail price of a few hundred dollars had just been compromised, costing them $81 million.
The same modus operandi appeared in bank heists in Ecuador ($12 million stolen), Vietnam (thwarted), and as recently as in 2018 in India ($500,000), but cyber forensic investigators eventually determined the responsible party.
They identified the same unique coding found in the SONY Pictures hack of 2014. That hack was in response to the studio’s Seth Rogen & James Franco movie “The Interview” that included a less than flattering portrayal of Kim Jun-un. The Sony hack, the Bangladesh bank heist, and the WannaCry 2.0 ransomware attack of 2017 are attributed by the U.S. Department of Justice to the same group operating on behalf of the North Korean government.
State-sponsored cyber-crimes are nothing new
While nations such as China have been accused of conducting cyber espionage to gather intelligence information, the North Korean activities are believed to be for financial gain to fund the cash-starved dictatorship as they continue to deal with crippling sanctions.
The reality is the combination of motivation, success, and impunity makes the cessation of these attacks unlikely. To that point, on April 15, 2020, the Department of Homeland Security issued an alert warning that this group’s activities are ongoing and emphasized the need for those in the financial sector to be vigilant in proactively protecting themselves.
North Korea is not the only foreign adversary incorporating printers in covert cyber activities. A group linked to Russian intelligence triggered a warning in 2019 by Microsoft about a campaign targeting IoT devices, including printers.
Unlike the bank heist that used the hacked printer as a smokescreen for their digital getaway, the Russian campaign was believed to be about finding a weak link in corporate networks that could be exploited to gain a foothold behind the firewall.
Once inside, the corrupted printer could be used as a jumping-off point for the intruders to move laterally within the network to other devices, thereby allowing them to gain further access to sensitive information, including credentials, while establishing an undetected persistent presence inside the corporate network.
This type of breach lacks the dramatic climax of a bank robbery, but its widespread nature makes it a broader danger. Microsoft’s warning stated that they had issued over 1400 alerts over the prior 12 months to organizations targeted and/or breached by this group’s activities.
This same group was deemed by US intelligence to be responsible for a widespread ransomware attack in the summer of 2021 that used stolen credentials. The reconnaissance activities that enabled them to execute their attack were described as ongoing since at least 2019 and are assumed to be continuing presently.
These malicious nation-state affiliated groups are hardly the only actors targeting printers. Individual hackers have incorporated printers into their own campaigns. Shortly after the Bangladesh Bank heist, a hacker who had previously acknowledged responsibility for stealing personal information of more than 100,000 AT&T customers from a corporate server turned his sights on easily accessible printers.
The hacker used an online search tool to find vulnerable internet-connected printers. He sent a script forcing thousands of printers across the country (and Australia) to print out an anti-Semitic flyer replete with swastikas and the web address of an online neo-Nazi publication.
Among the scores of victimized organizations were more than 20 prestigious U.S. universities, including Stanford, Northeastern, and UMass Amherst. Similar instances, again forcing printers to print anti-Semitic flyers, have occurred at other universities, including Vanderbilt and the University of Buffalo.
Not all known printer hacks are part of nefarious agendas
In 2017 a teenage hacker going by the name Stackoverflowin hijacked 160,000 printers and began forcing them to print messages such as:
"Hacked. Stackoverflowin/stack the almighty, hacker god has returned to his throne, as the greatest memegod. Your printer is part of a flaming botnet. Your printer has been pwn'd."
The hacker reportedly was disappointed in how easy it was to compromise so many printers, even lamenting that, "With most of these printers, you can push your own firmware to them – the firmware doesn't need to be signed.”
Easily exploitable printers have continued to be found in large numbers despite these red flags. In 2019 the battle for the most subscribed YouTube channel took an unusual twist centered around another hijacking of thousands of printers.
In this case, a hacker engaged in a campaign to encourage people to subscribe to PewDiePew’s YouTube channel and unsubscribe from a channel called T-Series as the two battled it out for the title of the most popular channel.
The hacker also claimed in a Twitter post that he hoped this would help raise awareness of the lack of cyber security protections in many printer fleets worldwide. Whether or not the general public was paying attention, it is interesting to note that this is around the same time the Russian campaign targeting printers began, so perhaps at least someone was taking notice.
As recently as August 2020, an awareness campaign by CyberNews saw them force 28,000 printers to print out 5 pages of instructions letting people know their printer was not secure and giving instructions on how to secure it. Based on the sample size of their experiment, the white hat hackers at CyberNews estimate half a million printers could have been easily exploited.
While this group was acting benevolently, it brings up an unsettling question. If these people could do this with relative ease, how often are these devices being secretly targeted and compromised by those with similar skills…but bad intentions?
“Now you know. And knowing is half the battle.”
- 1980s G.I. Joe cartoon Public Service Announcements
How to mitigate print hacks
As both a managed IT provider and a member of the printing industry, Usherwood recognizes the importance of raising awareness around this issue, but knowing it is an issue is only the first step in dealing with it. Helping our clients understand the current state of their specific printer fleets and the inherent strengths and weaknesses of that fleet allows us to collaborate on a strategic path forward.
In developing strategies, we look at the age of devices, the level of security built into them by design, their firmware status, and which manufacturers still support devices for patching firmware. Not every printer on the market today is designed with the same levels of security protections built into them. For this reason, we help clients understand the differences and options available to them.
It has been said that security starts with procurement, but it does not end there by any stretch of the imagination. In addition to helping our clients plan for “what” to have in their environment, we also support them in strategic processes for patch management of their fleet. None of this reduces the need for a secure firewall, but it does add another layer to an organization’s cybersecurity plan.
We do all this with the mindset put forth by the NSA in their published document, “Embracing a Zero Trust Security Model,” which “assumes that a breach is inevitable or has likely already occurred.”
Looking to learn more about print security?
It is critical that businesses are taking the necessary precautions to keep all of their equipment secure. Hackers will use any access point they can find, to infiltrate a network. Printers are becoming more of a target and many businesses overlook their printers as a security risk. If you are interested in learning more about print security and what solutions are available, click here for a free consultation.