Hackers are taking control of receipt printers worldwide, printing “antiwork” messages as part of a propaganda operation targeting store employees.
The image of one such receipt was uploaded to Twitter. The message began with the headline “Are you being underpaid?” and went on to encourage workers to ask for higher pay or quit their jobs. It also asks them to discuss wage issues with coworkers “regularly.”
“You have a legal, protected right to discuss your pay with your coworkers… If you learn that you are being paid less than someone else who is doing the same job, you should demand a raise or consider quitting and finding a different job. Slave wages only exist because people are willing to work for them,” the message states.
Images of such receipts have spread over the internet, especially in the Antiwork subreddit that has become popular on the platform with approximately 1.3 million subscribers. Many Reddit users of the sub have publicly asked the hackers to stop printing the messages on receipts and some have suggested that the messages might actually not be the act of hackers. Instead, a few employees that have access to the printers might be doing this to create content to post it to the Antiwork subreddit for attention.
However, cybersecurity experts are of the opinion that the antiwork messages are the work of hackers. In an interview with Vice, Andrew Morris, founder of the cybersecurity firm GreyNoise, states that an individual hacker or a group of hackers are sending such printing tasks to printers indiscriminately.
“Someone is using a similar technique as ‘mass scanning’ to massively blast raw TCP data directly to printer services across the internet… Basically to every single device that has port TCP 9100 open and print a pre-written document that references /r/antiwork with some workers rights/counter capitalist messaging,” Morris said.
His firm has tracked some of the network traffic going to insecure receipt printers. Experts say those who are engaging in such activities are doing so in “an intelligent way.” Around 25 separate servers are being used to send these mass messages. As such, blocking one IP address will not solve the issue.
Using printers to spread propaganda is nothing new as similar incidents have occurred in the past. In 2018, a person hacked 50,000 printers, printing out messages that asked people to subscribe to the YouTube channel PewDiePie. However, this hack had a more focused set of targets. A year earlier in 2017, a hacker broke into printers to print out a message which stated that he was “the hacker god.”