Cyber Incident Victim: Brown University
Date:
Mar 2016
Location:
United States of America
Summary
Public networked printers at multiple universities, including Brown University, were exploited to print white supremacist flyers containing swastikas and offensive messages, facilitated by their open internet accessibility. The perpetrator, a known hacker, claimed to have broadcast the print jobs indiscriminately to all publicly exposed printers across North America without unauthorized system access, leveraging network vulnerabilities. Several institutions confirmed unauthorized outputs, with some subsequently implementing traffic filters to block similar incidents, while unrelated anti-LGBT flyers emerged as apparent copycat actions at two affected campuses. The individual responsible, previously involved in high-profile data exposure cases, operated from abroad and faced no legal repercussions for this incident due to the printers' intentionally permissive configurations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In March 2016, public networked printers at multiple North American universities, including Brown University, Princeton University, University of California-Berkeley, University of Massachusetts-Amherst, Smith College, and Mount Holyoke College, printed unsolicited flyers containing swastikas and white-supremacist messages. The incident occurred when Andrew "Weev" Auernheimer, a hacker and internet troll residing in Serbia, exploited openly accessible printers by sending the print jobs en masse without targeting specific institutions. Auernheimer identified vulnerable devices through network scans of public internet addresses, capitalizing on printers deliberately configured to allow remote printing for academic convenience. The flyers emerged on or around March 27, 2016, with Stony Brook University confirming at least one printer output the material. Auernheimer later claimed in a New York Times interview that he had broadcast the print job to all publicly accessible printers across North America rather than singling out universities. No evidence indicated he gained unauthorized access to systems, as he merely transmitted print commands to exposed devices.
University IT departments responded by implementing network traffic filters to block similar incidents, as documented in Stony Brook's internal communications. Philip Doesschate, Stony Brook's chief information security officer, cited unsecured printers as the root vulnerability in a March 27 email to staff. Separately, copycat print jobs distributing anti-LGBT flyers occurred at Berkeley and Amherst on March 28, though Auernheimer denied involvement. The incident highlighted systemic security weaknesses in academic printer configurations without causing reported data breaches or system compromises. Auernheimer, previously convicted and later acquitted for the 2010 AT&T iPad email exposure incident, faced no legal action for the printer exploit due to the absence of unauthorized access. The flyers' distribution caused reputational concerns for affected institutions but no documented operational disruptions beyond the unauthorized print jobs.