Please turn your device

PewDiePie Hackers: What “Hat” Were They Wearing?

How “far” would you go if you were someone’s biggest fan?

We know that the word “fan” usually describes a devoted person who supports something/someone such as a singer or band, a sports team, a genre, a politician, a book, a movie, or an entertainer.

But, some fans take things onto a whole new level, and I don’t mean the people who literally stalk celebrities everywhere.

(Yes, it gets creepier than that.)

I’m talking about the ones who actually break international laws, and intervene in peoples’ lives in unethical ways.

This was at least the case for two teens who hacked tens of thousands of home and office printers in support of YouTube’s biggest star, PewDiePie.

LONDON, ENGLAND – DECEMBER 16: PewDiePie attends the European Premiere of “Star Wars: The Force Awakens” at Leicester Square on December 16, 2015 in London, England. (Photo by Chris Jackson/Getty Images)

Here’s what went down, and why we’re not sure how to feel about it.

Hackers and Hats

Before we go into the story, let’s have a quick recap on the types of hackers.

We’ve previously talked about the three types of hackers, and why they do what they do.

The black hat hackers that are basically the bad guys who have extensive knowledge about breaking security protocols and writing malware in order to access systems.

They are usually searching for financial gains, but also destroy systems for fun, just because they can.

They have the power to create disruption and chaos by spreading malware in systems, steal data, and financial information or login credentials.

They also seek to modify or destroy data as well.

The white hat hackers are the good guys. They choose to use their computing and programming skills to bring any errors to the company’s attention.

Also described as “ethical hackers”, their job is to test the security systems by trying to break them, but all of this with the permission of the owner of the system.

What they do is entirely legal because they are basically trying to find flaws in the programming security platforms and fix them. Courses, training, and certifications are even available on ethical hacking.

Last but not least, we have the grey hat hackers.

These guys, although they spot errors in programming/security systems, they will blackmail the company in order to fix them.

If the owner doesn’t reply or pay them for their discovery, they might dare to exploit the error online.

Who is PewDiePie?

First of all, in case you’ve been living under a rock, PewDiePie has the second most subscribed YouTube channel and is the first individual YouTuber to reach the milestone of 100 million subscribers.

The Swedish YouTuber and comedian (his real name is Felix Arvid Ulf Kjellberg by the way) is known for his YouTube video content, which mainly consists of Let’s Play videos and comedic formatted shows.

His channel was the most-subscribed channel on YouTube for more than five years, from 2013 to 2019, until  T-Series (an Indian record company run by Bhushan Kumar) got the title of the most-subscribed channel on YouTube.

So, What Happened With These Hackers Exactly?

Well, basically, there was an online competition between PewDiePie and T-Series, fighting over the most subscribed channel on YouTube.

PewDiePie fans run to his “rescue” and tried to promote his channel in every possible way. That’s when things turned ugly.

In 2018, an unknown individual with the pseudonym TheHackerGiraffe managed to hack 50,000 printers in order to spread the message in support of the YouTube star.

HackerGiraffe also claimed that he had discovered more than 800,000 vulnerable printers using the search engine Shodan used for finding vulnerable devices.

Another hacker under the pseudonym “j3ws3r” did the same to around 80,000 printers.

The message read: “PewDiePie is in trouble and he needs your help to defeat T-Series!”

The message then instructs readers to subscribe to the YouTuber before adding: “Seriously. Fix your printer. It can be abused!”

Additionally, other users received the following:

The hackers, however, didn’t stop there…

Hackers target smart TV devices in PewDiePie’s name

According to the BBC, the hackers also located more than 100,000 smart TV devices that are open to this type of cyber-attack.

After locating these devices, they managed to create popping ads to create awareness around the whole PewDiePie/T-Series feud.

Victims then started addressing the issue online, on social media.

More specifically, a Reddit user posted: “Every 20 minutes or so my TV switches to some crappy YouTube video about PewDiePie… Anyone know how to stop this, it’s driving me bonkers.”

The video message that would pop on people’s TV’s read: Your Chromecast/Smart TV is exposed to the public internet and is exposing sensitive information about you!”

It then encourages victims to visit a web address before finishing up with, “you should also subscribe to PewDiePie”.

“Welcome to PewDiePie Town”

To boost PewDiePie’s channel, even more, fans started literally renting billboards in cities and towns.

YouTuber Mr Beast transformed his entire city into a PewDiePie ad.

The YouTuber, bought billboards, local television spots, radio sound bites, and more, all urging people to subscribe to Kjellberg.

Other fans were inspired by this too, so they went on by putting out posters, talking to strangers and renting out billboards.

Hackers in Hiding

The hackers are now in hiding from the police and internet vengeance.

The teenager who started the wave of attacks in November 2018 and called himself “Hacker Giraffe” online has since deleted his tweets and “retired” from hacking out of fear of being caught.

In a letter posted online, he said: “I just wanted to inform people of their vulnerable devices while supporting a YouTuber I liked. I never meant any hard, nor did I ever have any ill intentions. I’m sorry if anything I’ve done has made you feel under attack or threatened.”

White, Black or Grey Hackers?

What the two hacks have made clear is that there are an awful lot of exposed printers on the Web that can be used for pranks like this one.

But the true question is: Are these hackers the bad guys or the good guys?

Technically, these ports are accessible on the open internet, instead of protected behind a router firewall. This is how remote printing works.

The hackers didn’t really need to “hack” anything in order to access them.

Additionally, although the hackers sent the message about PewDiePie’s feud with T-Series, they also informed the printer’s owner that their device is unprotected.

Whereas they could have ignored the whole thing, and use this hacking technique for possible advertising purposes.

(Now, wait… Don’t be getting any ideas. You’ll definitely get in trouble if you do this. All we’re trying to say is that the hackers could have had a lot worse intentions!)

According to Vice, these hackers are doing what’s considered “white hat hacking”.

They did take advantage of vulnerabilities and exploits without malicious intent, but to expose flaws in a system in order to have them repaired.

Many white-hat hackers do this either for money or fame.

According to  HackerGiraffe’s himself, they seemed to have done it to spread awareness of the danger of internet-exposed devices, and for the love of his favourite YouTuber, PewDiePie.

Cybersecurity researcher and founder of GreyNoiseIO, Andrew Morris, talked to Forbes about this whole printing situation, and how it could turn out to be catastrophic.

More specifically he said: “Though it’s relatively uncommon for printers to be exposed directly to the internet, a bad guy would still almost certainly be able to find upwards of a few hundred thousand to a few million

Adding, “My fear would be that people would get really malicious and send something like child pornography or something threatening.”

The famous YouTuber commented on the situation through a video on his channel.

The Hackers Talk

In January 2019, the hacker involved in the whole PewDiePie printing scandal made a statement on Pastebin and informed the public that he is quitting hacking.

I guess there is a lesson to be learned here, don’t fly too close to the sun and then act like you don’t know you’ll get burned. Well, here I am, burned and roasted, awaiting my maybe-coming end,” HackerGiraffe wrote.

I just wanted to inform people of their vulnerable devices while supporting a YouTuber I liked. I never meant any harm, nor did I ever have any ill intentions. I’m sorry if anything I’ve done has made you feel under attack or threatened.

In a Livestream audio clip obtained by Motherboard, someone claiming to be HackerGiraffe said that they’ve received death threats and harassment in the last month. “It’s crazy what I have to endure day by day.”

The clip was originally posted to HackerGiraffe’s now-deleted Twitter, but Motherboard has not been able to verify that the person speaking was definitely HackerGiraffe.

People underestimate how easy a malicious hacker could have used a vulnerability like this to cause major havoc,” TheHackerGiraffe said to The Verge.

Hackers could have stolen files, installed malware, caused physical damage to the printers and even use the printer as a foothold into the inner network. The most horrifying part is I never considered hacking printers before, the whole learning, downloading and scripting process took no more than 30 minutes.”

What Now?

We frequently discuss the subject of Cybersecurity and hackings of different forms.

What is interesting about this story is that the “hackers” (and we use quotation marks because as mentioned above they didn’t exactly hack the printers) tried to “hit two birds with one stone”.

Promote their favourite YouTuber, and create awareness on this printer-reaching issue.

The motivation was fun, fame, and cybersecurity awareness for the two teenagers, but the police could be looking for them even now that they’ve quit hacking.

We are still not completely sure how ethical or not their actions were.

According to BBC’s interview with the two hackers, the number of printers open “before and after” their attacks proves that people started protecting their devices better.

The number of reachable printers was approximately 60 or 70 thousand before their attack. That number then fell to less than 40 thousand.

Who is to blame?

Well, regarding the offices targeted, definitely the network administrators allowing direct access to their devices over the internet.