Cyber Incident Victim: University of California, Berkeley
Date:
Mar 2016
Location:
United States of America
Summary
Public networked printers at multiple universities were exploited to print unsolicited white supremacist flyers containing swastikas, attributed to Andrew Auernheimer, who leveraged openly accessible devices without unauthorized access. The incident affected institutions including Princeton, UC Berkeley, UMass Amherst, Brown, Smith College, Mount Holyoke, and Stony Brook, with printers deliberately exposed to the internet for remote use. Auernheimer claimed to have broadcast the print jobs indiscriminately to all publicly reachable North American printers, while unrelated anti-LGBT flyers later emerged at some locations through apparent copycat actions. Affected universities responded by implementing traffic filters to block similar incidents, highlighting vulnerabilities in printer security configurations. No legal action was anticipated due to the absence of system breaches.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In late March 2016, public networked printers at multiple North American universities printed unsolicited flyers containing swastikas and white-supremacist messages. The incident occurred on or around March 27 when Andrew "Weev" Auernheimer, a hacker residing in Serbia, mass-distributed the print jobs to publicly accessible printers across the continent. At least seven institutions confirmed printer activations, including Princeton University, University of California-Berkeley, University of Massachusetts-Amherst, Brown University, Smith College, Mount Holyoke College, and Stony Brook University. Auernheimer exploited open network configurations that allowed direct internet access to printers, many intentionally configured for remote printing by students and faculty. He identified vulnerable devices through network scanning of public IP addresses rather than breaching secured systems. The attacker claimed no specific targeting of universities, stating he sent the print jobs indiscriminately to all publicly exposed printers in North America. University IT departments discovered the incident when printers spontaneously output the offensive materials, which featured racist imagery and text.
Stony Brook University's Chief Information Security Officer Philip Doesschate confirmed in a March 27 email that at least one campus printer produced the flyer. The university responded by implementing network traffic filters to block similar malicious print jobs. No evidence indicated system compromises beyond unauthorized print queue submissions, as Auernheimer leveraged existing open configurations without circumventing access controls. On March 28, separate anti-LGBT flyers appeared at Berkeley and Amherst through apparent copycat actions, which Auernheimer denied orchestrating. The incident highlighted security risks of internet-exposed printers, with Doesschate noting such problems arise when devices lack proper safeguards. Legal repercussions appeared unlikely since the actions exploited accessibility rather than violating computer intrusion statutes. Auernheimer, previously convicted and later acquitted for the 2010 AT&T iPad email data exposure, conducted the printer campaign from Belgrade following his departure from the United States after his overturned conviction.