PALO ALTO, CALIF. – Noted Canadian teen hacker MafiaBoy AKA Michael Calce, made worldwide headlines just after the turn of the century for producing lethal denial of service attacks against Yahoo, Ebay Inc., CNN, and others that resulted in a $1.7 billion loss for the collective Web sites. And, he did this as a 15-year old.
Today Calce is all grown up and is an ethical hacker. He participated at the HP Power of Print event to inform the market about the vulnerability with printers on the network.
A new study has found that printing is not a high security priority. Only 18 per cent of Chief Information Security Officers (CISO) selected printers as a security concern. Compared to PCs at 91 per cent, mobile devices at 77 per cent and servers were also at 77 per cent.
The low concern level creates a weak link and this gives hackers a way to get in through a back door.
“I am astounded at how overlooked the printer is,” Calce said.
“There is zero cause for concern for these machines on the network. It is alarming and astounding at the same time because there is a vast amount of printers in the world. It amazes me that no one puts any focus on it.”
HP Inc. is moving forward on an awareness campaign to put more emphasis on securing printers on the network.
In an interview with ITBusiness.ca, Calce said the hacking community, which he is still a part of, enjoys smashing printers for fun.
Calce went on to say that the industry must work together to make the market understand the threat is real with printers and that they are a serious liability.
One ethical hacking job Calce did recently was on an employee who bought a new printer for his home. This person set up the printer as a default. Calce found it easy to tap into the printer and started accessing the equipment. Remotely he printed several pages saying “I am your printer and I am self-aware.” The next day that brand-new printer was sitting outside next to the trash.
Calce still believes employees are always the weakest link but the lack of awareness around the printer sets a new dangerous vulnerability for business.
It took 16 FBI units combined with four RCMP units to track down and arrest Calce, who operated in his father’s basement. Calce received a six-month sentence at a youth home and a $250 fine. The criticism at the time was that Canada was far too lenient with MafiaBoy.
But Calce looks at it differently. Working through the RCMP, the FBI put a lot of pressure on Calce to snitch on his hacker community brethren or work undercover. Instead Calce held firm and took his punishment, he told ITBusiness.ca. “I now work as a white hat. Now I try to thrive for the good guys,” he said.
This gained a lot of respect for MafiaBoy in the hacking community. “I’ve spent so many years rebuilding my credibility. I am a re-formed hacker. I was also very lucky because I was young. I had time to repair my credibility and I glad it all worked out.”
ITBusiness.ca will have more on MafiaBoy and his thoughts on WannaCry, Internet of Things, and what threat is lurking out there, ready to strike. Look for more stories on MafiaBoy on our website and the ITBusiness.ca newsletter.