In the past two months, two YouTube-fans-turned-hackers have conducted multiple public hacking stunts showing how vulnerable many personal devices are to digital invasion and attack.
Initially sparked by an intense competition between two of the most popular channels on YouTube - Swedish gaming channel PewDiePie and Bollywood-focused T-Series, the stunts targeted a section of the Wall Street Journal, and internet-connected devices owned by tens of thousands of people.
This week the hackers took over more than 65,000 smart TVs and forced them to display video messages via Google’s Chromecast digital media players. The message displayed on TVs said: "Your Chromecast/Smart TV is exposed to the public internet and is exposing sensitive information about you!" before pushing users to visit a web address and urging them to “subscribe to PewDiePie."
According to the website set up by the hackers, casthack.thehackergiraffe.com, video messages are no longer being sent. Instead, the website tracks how many devices are vulnerable to external hacking. The number of exposed devices has since risen to more than 72,000 as of January 4th.
Fourth hack in two months
The first successful stunt by the hackers, who are known only by their Twitter handles, @HackerGiraffe and @J3ws3r, affected 50,000 printers in mid November. On December 16th, they struck again with PrinterHack2, which they claim affected 100,000 printers. Both hacks involved forcing printers to print out messages with instructions to subscribe to the PewDiePie channel on YouTube. In PrinterHack2, the hackers also urged users to secure their devices and data.
In an interview conducted by BBC News via email, @HackerGiraffe said: “I’ve been trying to show that 'hacking' isn't a game or toy, it can have serious real-life consequences.” He explained that the printers could also be easily hacked in a way that would destroy the chips that control them, possibly doing thousands if not millions of dollars in damage if spread widely enough.
Around the same time, the hackers invaded the Wall Street Journal’s advertising arm to display a message on the global newspaper’s site with a pretended apology to the PewDiePie YouTube channel, and a message urging more people to subscribe to the channel.
Hackers offline for now
Citing intense abuse and threats, on January 3rd @HackerGiraffe stopped logging into his Twitter account and deleted all his previous tweets. In a message posted on pastebin.com, he explained: “I will have to disappear. Most probably for good this time.”
He added in an explanation that his intention was to make device users aware of their vulnerabilities. “There are still so many devices exposed to the public internet,” he said, “Routers...servers...printers...TVs,” and added that he “had a huge list of next targets,” but “that's all dead now.”
“I did what I believed in, what I felt like was my responsibility, and ran harmless ‘hacks’ that would hopefully alert the world to fix their devices.”