Hacker exploits printers worldwide urging people to subscribe to PewDiePie channel

T-series, PewDiePie
T-series, PewDiePie YouTube

The war between T-Series (The Gulshan Kumar-founded music label) and Swedish YouTuber PewDiePie (real name Felix Kjellberg) to become the most-subscribed/followed channel on YouTube turned ugly after many Twitter users complained of their printers being hacked and receiving a message pleading to help PewDiePie get more subscribers/followers.

"PewDiePie, the currently most subscribed to channel on YouTube, is at stake of losing his position as the number one position by an Indian company called T-Series that simply uploads videos of Bollywood trailers and songs," reads the message which many Twitter users received from unsolicited printouts.

The printouts were left with a message asking people to unsubscribe from T-Series and then subscribe to PewDiePie to help the YouTuber to remain the most followed YouTube channel. Currently, PewDiePie Youtube followers stand at 72,486,202 while T-Series' YouTube followers stand at 72,385,309.

However, a hacker has taken the responsibility for hacking worldwide printers and sending out the printouts. The hacker explained in a series of tweets how the entire printer hack went down. The hacker said that the hack was done to raise awareness of the printer security.

"Spread the word with your friends about printers and printer security! This is actually a scary matter. Will tweet everything about this entire #pewdiepie hack later to explain to everyone exactly what went down. Also @pewdiepie please notice me," read the tweet from TheHackerGiraffe with Twitter id @HackeGiraffe.

Read the hacker's entire Twitter thread here.

"Here is how the entire #pewdiepie printer hack went down:

1. I was bored after playing Destiny 2 for a continous 4 hours, and decided I wanted to hack something. So I thought of any vulnerable protocols I could find on shodan.‏

2. While playing around on Shodan, the idea came to me that maybe I can hack printers around the world to print something, I didn't know what at the time. After learning about the three different printing protocols (IPP, LPD, JetDirect), I went and searched those ports on shodan.

3. I was horrified to see over 800,000 results show up in total. I was baffled, but determined to try and fix this. So I picked the first 50,000 printers I found running on port 9100 and downloaded the list off shodan.

4. Now I had to think...What to print? It didn't take me long to realize that the most perfect thing to print would be a message supporting our dear overlord @pewdiepie himself! And so I opened up my text editor and typed up the following note:

5. Now: I needed a tool that lets me connect to printers on this port and print...a google search and I stumbled across PRET (https://github.com/RUB-NDS/PRET ) that fulfilled all my hopes and dreams...but also my nightmares. PRET had the scariest of features. Ability to access files, damage the printer, access the internal network...things that could really cause damage. So I had to do this, to at least help organizations and people that can protect themselves.

6. I typed up the following bash script which ironically can fit in a tweet:

#!/bin/bash
while read -r line; do
ip="$line"
torify ./PRET/pret.py $ip pjl -q -i ./commands.txt
done

Now what this script does, is simply take my input (potential_bros.txt) and loop through every line, running PRET against that IP with the commands in commands.txt

7. Commands.txt contains the following:

print ./message.pdf
display HACKED
quit

That's literally it.

8. Uploaded the script onto my server, opened a tmux session, ran the script in there and left it running. Came back to check Thursday night and just seeing the first person to be hacked by this made my entire week."