Cyber Threat Actor: Andrew Weev Auernheimer
| Actor Type | Location | Known Incidents |
Sensationalist
|
United States of America
|
6 incidents |
|---|
Profile
Andrew Auernheimer, operating under aliases including Andrew Weev Auernheimer and Weev, is a threat actor based in the United States who later relocated to Belgrade, Serbia. His activities primarily target educational institutions in North America, exploiting publicly accessible networked printers to distribute offensive content. The strategic objective behind these operations centers on ideological disruption and notoriety rather than financial gain or data theft. Auernheimer leverages misconfigured or deliberately exposed printing infrastructure, identifying vulnerable devices through network scanning of public internet addresses. His tactics involve mass-sending unauthorized print jobs without breaching system security, capitalizing on insufficient network traffic filtering. This approach intentionally avoids unauthorized access, relying instead on the open nature of institutional printing services designed for remote faculty and student use.
Auernheimer's most documented campaign occurred in March 2016, when he distributed white supremacist flyers containing swastikas and racist messages to printers at multiple universities including Princeton, UC Berkeley, UMass Amherst, Brown, Smith College, Mount Holyoke, and Stony Brook. He claimed to have indiscriminately targeted all publicly accessible printers across North America rather than specifically selecting institutions. The incident prompted several universities to implement traffic filtering measures to block similar attacks. A prior notable operation involved the 2010 exposure of AT&T customer email addresses through exploitation of a script vulnerability related to iPad users. Auernheimer faced legal consequences for the AT&T breach initially, but his conviction was overturned on appeal. No prosecution resulted from the printer incidents due to the absence of unauthorized system access, as the targeted devices were intentionally configured for remote use. Copycat actions distributing anti-LGBT content emerged at some universities following his campaign, though he denied involvement in these subsequent incidents.
