Posted on December 4, 2021 at 4:24 PM

Hackers exploit business receipt printers with antiwork messages

Hackers are now targeting businesses to compromise receipt printers to circulate pro-labour messages. The reports of the circulating messages have been published on Vice, and evidence of the same has been published on Reddit and Twitter posts.

The screenshots of the receipts that have been comprised by the hackers have been shared on online platforms. The details show that the hackers have shared pro-labour messages and those inciting workers to be more concerned about their working environment.

Hackers targeting business receipt partners

The screenshots shared on Reddit and Twitter share messages such as “Are you being underpaid?”. Another message also attacks McDonald and its payments policy, stating, “How can the McDonald’s in Denmark pay their staff $22 an hour and still manage to sell a Big MAC for less than in America? Answer: Unions.”

The hackers have not sent the same message to advocate for workers’ rights. Instead, they have posted varied messages, but they are all pro-labour, and the message shares lead to the same goal, which is to protect workers’ rights.

The majority of these messages also directed those who received them to go to a subreddit dubbed r/antiwork. The subreddits became active during the Covid-19 pandemic, and it has since attracted a lot of followers. Moreover, the activation of this subreddit also happened during the Covid-19 pandemic, when many workers started advocating for more rights in their workplaces.

Given that the targeted recipients of these messages are workers in their workplaces, the subreddit is expected to attract more workers who want to advocate for their rights and ensure that the workplace is equitable for all workers. Moreover, the creation of these messages and the subreddit is seeking to create an online union that will advocate for the rights of all workers.

Hackers message supported by Reddit users

Reddit is a social media platform that is popular for allowing community discussions. Therefore, the message that these hackers were putting across was most definitely finding a space in the Reddit community.

Given the rapid growth of the Reddit community, this message could trigger major gains for the pro-labour advocates, and they could end garnering more followers. Currently, the latest sentiments from Reddit show that the majority of the community supports the hack of the business receipts.

One of the users who commented on these messages stated that it was hilarious. “These keep randomly printing out at my job, which one of you is doing this because it’s hilarious – me and my co-workers need answers.”

However, some Reddit users question the messages’ authenticity, noting that the screenshots could have been fabricated. However, a cybersecurity company has confirmed that a hack on business receipts has happened, and these messages are being passed around.

Vice confirmed the authenticity of the messages through a report provided by a cybersecurity firm that monitors the internet. The report stated that someone was exploiting receipt printers to send these messages across the internet.

According to the founder of GreyNoise, Andrew Morris, the messages on these receipts were definitely accurate.

“Someone is… blasting raw TCP data directly to printer services across the internet. Basically to every single device that has port TCP 9100 open, and printing a pre-written document that references /r/antiwork with some workers’ rights/counter capitalist messaging.”

Moreover, Morrison stated that the hack on these printers was sophisticated and that it had required the expertise of an advanced hacker or hacking group. According to Morrison, the individual or individuals who were behind the hack exploited 25 different servers. Therefore, even if a business blocks one IP address, it will not stop the messages from transmitting.

“A technical person is broadcasting print requests for a document containing workers rights messaging to all printers that are misconfigured to be exposed to the internet,” Morris stated.

Therefore, businesses that have connected their printers to the internet could continue being targeted by these messages. Moreover, all other internet-connected devices in companies could also be the next victims of these attacks.

The report states that the threat actor behind this hack is knowledgeable and has the knowledge and technical expertise needed to take advantage of the compromised servers. Moreover, there is no telling when the threat actor will stop spreading these messages, or it could worsen with time.

This is not the first time a hacker has taken control of printers. In 2018, a hacker took control of around 50,000 printers. At the time, the hack was aimed at promoting the online presence of PewDiePie, a controversial influencer.