I started seeing the rounds of the
exploits of the Canadian hacker as
Twitter blew up with people saying I
came into work today
and on my printer was this printout and
the printout was from the canadian
hacker he is the Politis hacker that
you'll ever meet
he will hack your devices and then
apologize yeah he is none other then the
Canadian hacker the one fantastic how
about yourself
listen you call yourself the Canadian
hacker just to give us a sense of the
scale of things how many how many
devices have you seriously hacked I mean
I've hacked about a hundred and fifty
devices how many devices have you hacked
well for the printers one hundred
thousand of them a hundred thousand
print heads why'd you hack printers well
my main motivation for doing all this
was to give myself more of a challenge
without really affecting the people
around me when you say that when you say
without affecting are you talking about
being benign in your attacks so that
you're not actually creating damage
you're walking would be something that I
wanted to do and is what I did with the
pictures I saw the pictures I was a very
open target especially with how many
like everybody know everybody's home has
a picture rate every business has a
picture and young people don't even care
for something that you could exploit
rage so you could pretty big
vulnerability right there
so my my whole law
being was to create a challenge for
myself while not affecting others and me
I guess you could say yeah I got here
good Anya good Anya how did you get
started hacking well around seven years
old I actually you know what that's
actually really good question you're
sorry I'm just um did you know my
timeline
yes I guess there's there's a point in
in your like you're growing up in an era
unlike I did so when I was when I was in
high school is when I realized hey I can
hack systems and I can make them do what
I want them to do there must have been a
point in your life where you said hey I
can do more than what Windows allows me
to do what Linux allows me to do what
when was that point for you probably
around ten or eleven I'd say when I
started when a lot of people on the
internet started coming out and trying
to the public like what you can do with
this and how everything can be explained
I thought I wanted to learn that ability
more so for good about okay so you know
and these devices you mentioned printers
and we're gonna talk more about that but
these devices are benign considered safe
these are these are devices that people
trust to plug into their network I mean
you walk into any super Center you buy a
printer and you install it and it just
works
yeah what is it that drew you to start
attacking those devices a little bit
easier of an access then a more
sophisticated system so it was easy
enough for each of you but just don't
have a challenge and a large amount to
bomb like a surplus of pincers on up and
you
then network so you know you're I have a
lot of access to them and it made it a
little bit easier sorry I'm kind of
tracker no not at all not at all so but
it makes me think though and we're
speaking with the Canadian hacker here
the Canadian hacker we know you by no
other name when you're attacking
printers so so I think as a consoled me
as a consumer or our viewers as
consumers will purchase a printer and
just install it on their network so what
makes that device a vulnerable device
you just think it's a benign device just
sitting on your network that you print -
well how are we able to attack that how
what is what is it that I should know as
a consumer that you can share with me as
a hacker that I should know about that
printer being connected to my network
like security feeder I guess you can say
um you might think that they're safe
when they really truly not and for
printers in this case um there's a lot
of it's on your network that it can be
accessed with which I don't mean that
you don't you shouldn't connected to
your network I mean it makes it so much
easier to think anything else but you
just have to be really careful with
what's exposed because there's outputs
ninety one hundred five one five and six
three one which is the main three ports
that then it's mainly ninety one hundred
six three one isn't that cups yeah so
you gotta be really careful with thumb
what you're exposing um and you just
always not be watching out with what
you're installing to hear about what
were you're adding to network cuz I
guess I could get into that venture and
if I wanted to attack it for malicious
reasons on the theory large business I
could anything you print off finance
reports or anything
I would actually be able to use a man
and she drops solaar and she really have
to be careful with what you're putting
or connecting to your network and you
should always be checking on your
settings on your modem or I mean people
know this router but it's really holding
rate on to see what ports your long to
pass through the network and that makes
me think now the Canadian hacker you're
dropping a bunch of bombs here so I got
to cut you off because like okay and we
got to talk about this UPnP is enabled
on a lot of routers you UPnP means as
soon as you plug that printer in it
opens up the ports it doesn't matter if
you specifically said open up those
ports no UPnP will automatically do that
because it detects the new printer and
allows it to open those ports
automatically that's dangerous that's
what I'm learning here but you're
talking about okay not only are you able
to send print jobs to my printer but
you're able to intercept the print jobs
that I send to my printer exactly yeah
and you can see how interest is and a
lot of the security features on printers
that say like only our men will be saved
on the system or anything like that um
[Music]
because it's not it's again a form of
security feeder you're really thinking
it's more safe than it truly is I can't
help but think about accounting firms
lawyers offices who just okay let's back
up a second the Canadian hacker has
revealed themselves to the world and
said look your printers are unsafe you
need to secure these things
what if there
r10 other hackers who have accessed that
printer and have never even unveiled the
fact that they have access to that
printer is there isn't it true the
Canadian hacker that they could
compromise this printer and be receiving
every single print job from this
lawyer's office from this accounting
office from wherever this office is and
never you'd never be the wiser you just
be sending them this information is that
a valid point it's a very valid point
and that is very true of course I've
never necessarily seen that in action
but it is definitely in the realm of
possibilities yeah if you have anything
that's open to the network open to your
network um there's IP crawlers that can
go through every single IP address in
the world and will tell you objectable
puts their alignment for example things
like shoe soles like they show them
online and then anybody with the
malicious intent like the people you
said or that you stated ah can use Dodge
Chu um they men and millet ATS or puppy
off any files from your be damaged
adventurer you do most anything
unreal and to speak now getting away
from printers are there other devices
that we as consumers may pick up whether
they be from a retailer or from say our
Internet service provider that would
allow us to be compromised without us
even thinking about the security aspect
of it Oh
there are times on a really big example
that I personally found him I was that I
actually experienced myself in my own
home what is on a certain ISP company
that are not the stage ah that I would
say a major is PE in Canada Oh what did
Islam
in my own personal and actually opened
up the web interface to the public and
it had a standard like usually password
like you know like it's not like admin
password so so many people don't
understand that this is such a huge
issue and be like I haven't contacted
them up avenge um I probably should most
like people in the future but you really
have to be careful with what you're
installing onto your network because uh
especially with that like that did send
a bit of a shock because with that
anybody could walk into my mode on um
and we need to do more basic things like
we said it or power it off but then it
also gives you more access to your
network then you should ever have like
me but a modem or a router would allow
me to open up say port 3389 yeah the
network which would allow me as a hacker
to remotely access your computer desktop
and wreak all kinds of havoc what other
kinds of what are the kinds of threats
does this introduce to our network I
mean these are devices that we trust so
the Internet service provider says
here's your new modem it's gonna be
faster it's gonna be better and you
don't ever think twice about the
security of that device what what does
it open up to a hacker such as yourself
now I understand that you're taking the
you're taking the high road
and saying you know I'm gonna educate
people but what about those hackers that
are saying no I'm gonna exploit people
that's very good question I'm just gonna
put that on their own
it is truly astonishing what you can do
when you have access to these systems
like you said I mean I believe that's
our DP current yeah yeah so figure out
that one you most likely chap you need
to have that one enabled but there's so
many exploits with this and a modem you
know you'll be able just in most cases
you can see what is installed on the
network and then your shoulder specific
IP address and you can find
vulnerabilities in like tv-48 CDE
database and they can say oh yeah on
this thermostat which is a thermostat
you know IOT thermostats this thermostat
has this vulnerability that hasn't been
patched yet and access it using this or
this point and jacked up to temperature
or kill it or damage the thermostat and
then you can because you have access to
the modem you can open that porch so you
can access it yourself even if you
weren't able to before can I didn't put
something out there because you touched
on thermostats here the Canadian hacker
I could also as a hacker monitor that
thermostat and see when the people are
coming and going so then it brings it
into a physical realm of saying okay
well my nest thermostat tells whoever
has access to it whether I'm home or not
yeah so what if I was a physical robber
it's definitely a scary world for a lot
of people have smartphones right and
communicate you zippe for example now
you have a lake as a bus into album that
connects all of those systems together
and if you don't have that set up
properly or if they didn't track any
security issues that they saw present ah
that would allow you access to for
example unlock the door
or training and it's really bad because
there are a lot of systems don't use any
other education with that I mean there
are some that do uh but yeah with like
one of those smart phones you know it's
just like if you were hacked everything
out you could press a button on your
phone maneuver lock the door a wall we
can somebody else that has access to
your modem do the same thing so think
thought yeah never even really thought
that we were always thinking in terms of
you know the the actual app well if I
have access to the modem I can access
any of the devices within the same
network that's scary stuff
well we're speaking with the Canadian
hacker and before we take a quick break
let's have a look at a video of how the
Canadian hacker was able to compromise
all those printers
please don't go anywhere when we come
back from this short break the Canadian
hacker is not only going to be sharing
with us about the response that he's
received to the printer Hanna but also
he's going to share his concerns about
how young people could use similar hacks
to damage devices around the world and
how governments could use it for cyber
espionage don't go anywhere
jumping back to your own hack of
printers across Canada the US and even
overseas what is the response that
you've received like have you have you
gotten a lot of feedback from that hack
yes I have so the attack
I added my Twitter handle as well as my
email now the majority of the feedback
has been positive and a lot of people
action font acted me to help with the
problem a lot of the folks - I don't
know how to do this me help me and you
know you this stuff there's some other
people which I mean necessarily know
your motives but I have bought in
actually a few death threats from Nam
Russia which is why you can see their
master in this aw sure is it possible
the Canadian hacker and we don't like to
get into politics or any of that kind of
stuff here on category 5 but is it
possible that they're utilizing these
exploits and you are educating the
people to these exploits you know what
I've never thought and that is very good
possibility that is very much so
possibility yes and I could be showing
by doing this I could be showing the
public are things that maybe those
people who said those threats they want
to see oh yeah that's a very good point
how do you think the CIA felt when
eternal blue was revealed publicly
you know I don't know what happened to
those hackers we nobody knows so looking
at so this is the Canadian hacker that
we're speaking with her and and we joke
but the truth is is that the Canadian
hacker has taken a very high road
approach to these types of exploits and
in your actual printout so understand
hundreds of thousands of printers around
the world suddenly started printing out
this printout from this hacker and on
this printout it says if you are unable
to find suitable instructions you are
welcome to contact me via email or
Twitter and I'll be glad to help you out
you mentioned some older folks reaching
out like have you really received folks
reaching out and saying I need help with
this yes I have um the majority of the
emails I've received where people
thanking me all which I necessarily will
pay for that
through the email or anything like that
but uh is more to provide a support
system to help people with that and yes
I could receive multitudes of emails
stating that they required help and
their company hasn't told them where
they don't know how to of things like
that and I could provide a step-by-step
process and then there's also some
people some people that don't
necessarily know how I did the exploit
but you know how fix the problem and
they've contacted me to test it again to
make sure that the printer isn't
accessible
Oh fantastic okay so are you gonna
continue hacking printers in this way
almost definitely um I am gonna be
sending out another wave I'm a good
defender mom they're not gonna make them
fight but I don't know how many pictures
I'll be sending this Oh - OH
I'm thinking maybe five hundred thousand
so that'll be much larger amount of
pictures that I sent it to before but
also
sorry no no you're fantastic and we
appreciate your time so very much
the Canadian hacker so many hackers
would utilize these types of exploits
for example I mean you're talking about
sending you've already sent to over a
hundred thousand printers print out jobs
okay and now we're talking about the
next wave being another five hundred
thousand printers where a lot of hackers
would just like hey let's print out a
mass amount of porn on all these
business printers let's like print out
some some horrible things this is you
know the approach of the traditional
hacker and this is how I think media has
painted the hacker so we have this
picture of what a hacker is and that's
what we expect of them what has caused
you to take a different approach and
instead send to 600,000 printers
instructions and assistance with helping
to close these exploits I thought or not
nuts to Sarah thought they'd never ever
wanted to have any devices for immoral
purposes or to do for reasons of my own
oh that first they wouldn't like
necessarily a dump so I think it was
just I wanted to be able to make a
difference in something without
necessarily hurting the persons involved
oh yeah that's pretty much home and
sorry
are you you live up to the the handle of
the Canadian hacker by apologizing but
what what you're revealing to us
I I just envision like a new world of
philanthropy in a way like as a hacker
you're choosing to help others by
exploiting the very things that are
exploitable within their networks
so you're saying hey by the way your
printers could be used for these
malicious purposes but I want to help
you to lock those down exactly and of
course I didn't have to do that if I
wanted to I could dumb or completely
destroy those printers by deflating DEP
wrong over and over and over again
um takes about 24 hours and I'm
completely toilet printer oh I could do
that I could print off some images that
you wouldn't necessarily want to be
printed off Oh
things like that I could out permanently
ash like a lot but not necessarily text
you could do anything you wanted any
image Oh but yeah I've chosen June all
the things that you could do but you're
choosing the highroad did kudos and and
and well done do you have plans you know
stepping away from the so the printer
hack has been a successful hack and and
you've been making a difference for
those who receive it and realize oh my
goodness my printer is exploitable but
this hacker has chosen to tell me about
it so that I'm no longer susceptible
what what do you have planned beyond
that so when this is exhausted itself
what's the next step for the Canadian
hacker to career paths I still always
want you to go Hawking depending on
whatever career I choose and I
definitely wanted definitely one go on
to the dark side of that either so I've
been looking at excite any sort of
cybersecurity
so anything like that um seeing if I can
get a degree of some sort with that um
or I've also didn't care of engineering
electrical so you're talking about
you're talking about career paths as
future tense so am I to understand that
you are younger than twenty ten so high
school
so I still have a good bit of time but
it kind of just goes to show that if I'm
able to do this as a pretense to didn't
lift is somebody with a lot more
knowledge who's actually got a degree MS
or can do it why don't you and the
Canadian hacker what this is what this
is revealing to me is that if you can do
this and you can choose the the moral
Road and help people to secure their
networks what about the next grade 10
student like folks I mean there's a lot
of people who just woke up and said oh
my goodness like and I apologize the
Canadian hacker but you some people are
saying this is a kid what we've learned
here is that you could have used this
exploit for for malicious purposes of
purposes and you haven't personally but
what about the next grade ten kid and
not not to necessarily put my own gender
here but there are not three people out
there especially of my group and if they
so desire to do this like you know the
possibilities are almost endless yeah
and it is necessary to be printers rage
it can be any sort of ing device or
anything connected to your network Wow
well I encourage you as we wrap up this
interview the Canadian hacker I
encourage you to continue pursuing that
positive path there are a lot of cyber
security companies out there that want
people like you that
can exploit systems for the good so that
they can help patch them and and I
encourage you to pursue that career path
absolutely and keep up the great work
and what you're doing and I and I hope
that everything goes very very well for
you thank you the Canadian hacker do you
have any final words for us today as we
close off our interview well the future
I'm sorry