Linus Tech Tips Got Hacked
HTML-код
- Опубликовано: 22 мар 2023
- In this video I discuss how the Linus tech tips RUclips channel, TechQuickie, and TechLinked all got taken over by a hacker and redirected to "double your crypto" scam site, I also explain how you can protect yourself from this kind of attack.
My online store is live at based.win/
₿💰💵💲Help Support the Channel by Donating Crypto💲💵💰₿
Monero
45F2bNHVcRzXVBsvZ5giyvKGAgm6LFhMsjUUVPTEtdgJJ5SNyxzSNUmFSBR5qCCWLpjiUjYMkmZoX9b3cChNjvxR7kvh436
Bitcoin
3MMKHXPQrGHEsmdHaAGD59FWhKFGeUsAxV
Ethereum
0xeA4DA3F9BAb091Eb86921CA6E41712438f4E5079
Litecoin
MBfrxLJMuw26hbVi2MjCVDFkkExz8rYvUF
Dash
Xh9PXPEy5RoLJgFDGYCDjrbXdjshMaYerz
Zcash
t1aWtU5SBpxuUWBSwDKy4gTkT2T1ZwtFvrr
Chainlink
0x0f7f21D267d2C9dbae17fd8c20012eFEA3678F14
Bitcoin Cash
qz2st00dtu9e79zrq5wshsgaxsjw299n7c69th8ryp
Etherum Classic
0xeA641e59913960f578ad39A6B4d02051A5556BfC
USD Coin
0x0B045f743A693b225630862a3464B52fefE79FdB
Subscribe to my RUclips channel goo.gl/9U10Wz
and be sure to click that notification bell so you know when new videos are released. 
Наука
The best security measure that I've found is quite literally what you said at the end. Delete browser data on exit and then making sure people actually exit the browser (maybe set like a 15 min timeout as well) on a completely separate sandboxed device you use for 1 thing and 1 thing only. That makes this not impossible to pull off but much, much harder.
It would be hard for such a big channel. Surely at least half a dozen people would have access to the channel. Getting so many people to be security conscious is nearly impossible.
I wish there was a place for normies like me to learn better security practices.
Actually use the log out button to end your session, then your session token is useless if someone managed to steal it. It's really impractical, but that is the best, if not only, way to guard against session hijacking.
@@nes999 Don't do anything this channel recommends he is clearly a glowie
If you have a malware it can just live read the sessions so even deleting wont help
Google can sometimes be half decent at flagging sites if someone reports it via their Safe Browsing form. I assume it’s partly automated and affected by the number of reports, so a bigger channel will have more people reporting the domain if they know to. But I’ve reported some sites just with their public form and it was flagged well within an hour.
Another thing is apparently even if Safe Browsing flags a site, it doesn’t get blocked by chrome immediately unless you have “enhanced protection” on in chrome settings, which checks every site you visit against Safe Browsing, though of course that could be considered a privacy tradeoff. Otherwise with “standard protection”, I don’t think it will flag by default on chrome until you get the latest offline list updated which seems to happen within a day.
i bet they had two dozen LTT employees doing nothing but getting that and every related site listed on every black list ever.
I have a better solution to this entire problem: grow a brain and stop believing someone’s going to give you free cash .
Linus actually mentioned your take on this on the video that he mentions the hack.
@@FuckTheState exactly.
@@pflasterstrips7254 obsessed
Silver lining here is that Linus putting the spotlight on this issue might ACTUALLY get us some kind of resolution to this ongoing, massive problem. The fact the Google has not been serious about doing something about this, and Antimalware services aren't doing enough to snuff out this crap, LTT could shed light on the issue that other RUclipsrs have been ignored for. If something can be done, I'm grateful, just sorry for all the people that have gone through this, especially those with more to lose.
@Lurch oh no, talking about it on RUclips has clearly been unhelpful thus far. He doesn't need a soapbox. He needs Google to take it seriously. Without a doubt in my mind, he has already contacted them and is working it out. His revenue on here is a fraction of their revenue from his channel alone. If his channel gets taken, that's a bit of money they're losing, especially since he has a good standing partnership with them, it's really not good for Google.
So this might be what's needed to put the issue in their face. You can only close your eyes and cover your ears for so long, Google...
This has happened before, this has happened to Linus before.
Linus has talked about this before even going as far as asking Google to fix these problems years ago.
Nothing changed like nothing will change now because making money is more important to businesses than someone elses security.
@Lurch Google is not responsible for his computers getting infected
@@codingsafari providing a session token via a cookie is authentication.
That's not a good thing. We want this shithole to sink, and for khantent kreators to go elsewhere (pref Odysee, where you can discuss the JQ).
The company has scaled in weird ways. Despite having dozens of employees, some aspects are remnants from when there were much fewer resources. For example, they still don't have a dedicated server admin or seemingly anyone tech aware who isn't working deadlines on videos. As a result, stuff like this keeps happening.
More than once Linus, the CEO, had to leave in the middle of a podcast because something in the server room was down. They lost a NAS because no one read the logs for months as multiple hard drives failed. There are probably dozens more stories like this.
They're already beyond the point needing someone looking at this stuff full time; with a second building they probably need more than one person. Instead they just scatter these responsibilities around to be done by whoever, whenever they aren't filming videos and no one is really in charge of even basic administration.
I wouldn't have a hard time believing that dozens of employees not only had credentials but were perpetually logged into LTT and didn't even have session management. That is, the LTT account was exposed as all these people were logged into it in Chrome browsing random BS during lunch break, waiting for videos to upload, etc. Because that's the kind of thing you do when it's just you and your buddy running a little RUclips channel and you never change your behaviors as the business grows.
In one of the recent WAN shows, he was just talking about hiring a couple full time I.T. people so that employees like Jake or whoever didn't have try and split their time. I think he said they were starting to lack in maintenance because of that. Hindsight says he should have done that sooner unfortunately. Someone that can spend all their time doing maintenance and ongoing training can make a big difference.
Our company of a couple hundred has had several instances over the years where someone fell for a phishing email and had their outlook broken into. (luckily nothing else) Especially when we were a bit smaller without full-time IT staff. Our IT staff now has us go through basic security training every few months, and it seems to have helped.
Linus as a tech channel is general has been lackluster, stopped following a while ago
@@mopnem ew trash
Imma say it one time, don't chastise me for it: lmg is slowing becoming a youtube bro mansion
That's precisely why it makes me laugh hard when i see the "tech tips" part, like bro, you and most of your co-workers are technologically illiterate, just stop.
The issue is that your current session allows you to just change your password without entering your old pw or any other verification or 2FA. Same with apple and icloud. You should be allowed to disable those 'convenience vulnerabilities'
Are you sure? I remember always having to enter my password when modifying Google account settings.
(big lol if it's 2FA that changes things here)
@@mskiptr the kicker is, that if it's 2fa that suppresses that, they should have put a stronger check, which is asking for your 2fa code again.
THIS! There should be an OPTION in account config. to allow something like this with the secondary e-mail or something like that or different level of OPTIONS and possibilities. They want this as default? Ok, but let me have the alternative.
@@GYTCommnts Got reminded from another RUclips video about the fact Google offers stuff like this and more, but the Google account has to have Advanced Protection on.
Since LTT and Tech Quicky were brand accounts/channels, multiple Google accounts likely had access.
@@MasicoreLord You are right! Thanks for reminding that!
1 month of no MentalOutlaw, time to start catching up
This last week has been pretty good as far as stories go
@@MentalOutlaw word
Our guy is back 💪😎
@@MentalOutlaw more shitposts please
@@caesarxinsanium4008 Wait for April 1st :-)
This is a real "hard-R" moment.
linus is very good about not shying away from the times that hackers and scammers got to him in order to educate everyone. He NEVER shames anyone for getting scammed or hacked but instead raises awareness so others can protect themselves.
Which is the exact opposite of what salty Mental Outlaw is doing here right now.
Yet he shames on GNU/Linux because he used Windows for all of his life and is illiterate in GNU/Linux.
@@speedytruck He also shamed people who use ad blockers. His claimed that ad block users = pirates. Who the fuck still don't use ad blockers anyway?
@@speedytruck Well, ne is not a Torvalds, he is just a Linus XD
@@Henry-sv3wv You don’t need to be Torvalds to admit you don’t know what you’re doing.
Good thing it happend to linus. Hes the one most likely to make a giant wave in the YT community to force YT to finally do something.
sure buddy
They can't do anything, my mate, no one can.
He already talked about how his feedback was pretty much useless and that he wouldn't bother talking to RUclips about changes before posting his opinion on them.
@@KoltPenny They can at least prevent someone who only has a session cookie from changing the Password and 2FA.
They can implement security measures that force the user to reenter their password and 2fa every time you enter a management area or want to commit a destructive action such as changing keys. This would immediately fix the cookie hijacking issue, they might get in but they're not authenticated.
Tesla Tech Tips
😂😂😂
Subscribed.
LTT isn't my first stop for technical information these days, but I am always interested in what they have to say. Hope they get it all back up and running soon!
Recommend thech channels
LTT is basically a news and entertainment channel. You can rely on them to keep you up to date, but for technical information on hardware you basically need to get off RUclips unless you are looking for literal comp-sci education stuff.
Linus mentioned your video on LAN show. Dang you got in fast.
haha we all came to let him know that Linus mentioned him briefly on WAN show giving props for covering it quickly.
>Sir, they've hit the second channel
>I know (smiles and does the soyface)
Oh sh-
Stonetoss is a Na'Vi (fan)
🥲
>Sir, they've hit the second channel
There goes neighbors having a good nights sleep.
Man xD
lol God I freaking hate his soyboy thumbnails.
Didnt think cookie hijacking was still a thing specially for google accounts. I guess it doesn't take that much to spawn secret hidden browser session in the infected computer. Honestly I think it can happen to anybody.
Unfortunately. As a tech channel i am paranoid now 😮
@@ArniesTech "Tech" channel
Agreed, especially if the attacker has a zero day to get in to steal the cookie. It seems really simple and obvious that google should make you type in the password *again* to change the password!! But if they inconvenience people by locking them out, not as many people will be signed in...
@@revenevan11 if you have a cookie stealer malware it probably is already reading input
im guessing this is what happened to me when i had someone bypass 2fa and silently log onto my google account in order to try and buy an advertising campaign using paypal, which i had linked to, and have now removed from my google account.
i also had just started trying out googles password manager to sync passwords between devices, which means that iphone in Melbourne probably had all my passwords automatically downloaded to it.
im now using a self hosted password manager and file syncing program.
I'm genuinely surprised that this issue hasn't been fixed yet, or at least had some kinda stop-gap put in place, like needing 2FA to change the password if you have 2FA on, or vise-versa.
It exists but is limited to Google's advanced protection program for some reason
The most funny thing is Linus will probably make this topic his most profitable video in a long while when the channel is restored.
On point. Idk about profitability, but he did explain the whole thing in good detail. The video was wonderfully and ironically sponsored by Debrand lmao.
Memology got hacked a few months ago and got his channel back after like a week. I was surprised they didn’t use it as an excuse to just nuke his channel.
Huh yeah. You’d think that would be a “problem that solved itself” from YT’s perspective
Same thing happened to foolish baseball
Huh I never even noticed he got hacked, he probably makes RUclips a decent chunk of change though so that likely would’ve played into them not shoahing him.
@@hansmoleman2666 he gas around 60k views on every video... RUclips doesnt need him lol, seems like he doesnt break the tos
I can't believe YT didn't fix this cookie shit yet... I've seen numbers and numbers of creators get hacked
There is no way to 'fix' it
Not very smart, are you?
@@gd44481 RUclips can ask for the 2FA code every time someone tries to change the password or the 2FA method. This way if someone hacks you, you can log out on all devices and take back control of the channel.
Almost every other site asks for old password to change the password to a new one.
@@gd44481 of course there's a way to fix that... lol
for example make an optional setting to request password to delete videos or change channel name...
You’d think Linus fans who are smart enough to assemble a gaming pc won’t send their cryptos to a hacker’s scam site.
This happened to me. It finally disappeared after I wiped my hardrive. It's 100% a malware hack. Someone downloaded something.
Where have you been?
yeah tf happened?
Where did your videos go?
@@serkandevel7828 Gone with the wind.
the ironic thing is since they use that same video there is no reason youtube couldnt auto block it and immediatly recognize its a hack. also surprised the fbi hasnt taken down that site.
They don't even block the crypto comment spam which happens more frequently and would be easier to block.
the other thing is that theres a really good chance it's being streamed from the same IP
@@MentalOutlaw They don't even block certain phrases or have any systems in place to detect mass spam. You would think a RUclips channel would be blocked from commenting if it started commenting the same exact phrase hundreds of times.
When it comes to RUclips comments they try to make it a bit difficult to give out contact details. But it is hilarious that the owners of reCAPTCHA are letting bots roam their website. I guess they're just trying to spend as little money as possible as long as nobody hands them a huge fine for allowing scams on their websites.
RUclips can automatically shadow ban comments for "hate speech" but can't block simple scam comments? Color me surprised
"Just the tip" -Linus
Linux
@@ZelenoJabko his name is Linus. He runs a Linux tech channel called Linus Tech Tips.
"Just the tip" is a sexual innuendo implying just a tip of a penis.
I don't know exactly what it's supposed to mean but it sounds awfully funny 😃.
@@MathewRenfro r/whoosh
@@MathewRenfro linux
@@Kapeeshy No, ITS LINUS! read the other replies in this thread. HIS NAME IS LINUS he runs a channel called Linux Tech Tips. God damn do not correct me when you need corrected.
Remember when this happened to Nathaniel Bandy.
Two of his channels were rather secure, but his third was tied to an old Hotmail account. He then said that the hacker didn't begin the takeover immediately, reasoning they wanted to get the passwords to the other channels.
What gets me is that its so easy to prevent this hack. Just require someone to log in (again) before they can livestream or private all videos.
Considering they ran ZFS servers as core infrastructure for years without scrubbing, I wouldn't be surprised if they used RUclips as a backup repo lol
IIRC didn't they literally admit to doing this in one of their streams? They delete old videos off their server and keep them on RUclips.
Yes and no. It does act as an archive for videos. But they do have full 321 backups.
Considering some of the jank in his videos showing the office space and the way they sort of half-ass and sidestep certain practical things, I'm not surprised their channel backend is apparently also very janky.
@@TheLegendaryHacker certified bruh moment
ZFS sucks.
He dropped his security. Bound to happen.
Could you please elaborate? Most of us don't watch 7rannytechtips regularly
@@bravefastrabbit770 linus has reputation of dropping things, mostly **expensive** things
@@BooleanDev it's a joke because "dropped"
@@feschber LOL that went over my head. Guess thats what i get for multitasking
@@feschber Thanks. lmao now it's funny
Linus once pointed out in an interview about their old stuff, that those weird placeholder videos are videos that they had deleted, but when RUclips recovered everything from the previous hack, they also recovered videos that had been deleted.for years. I don't know why they havent deleted them again.
Many channels have previews and drafts of upcoming videos on their channels temporarily. Apperantly deleting those doesn't really make them go away.
It would be funny if it ends up they got hacked by downloading something from one of those fake Google ads. Linus has a strong opinion against adblockers, and an adblock could've prevented this if that was the case. On the other end, if it really was a fake ad, then Google might finally start cracking down on them, now that they got egg on their face.
Adblockers are still 3rd party apps. Unless they manually do that, which would take an unreasonable amount on time given you'd have to block google ips for it to work (not easy as they are dependent on them), I'd say for companies adblockers are bad. You can't trust some guys that aren't google, microsoft or apple with this stuff, the only reason they are alive is because of community backlash if stuff was to happen.
@@RikyyThePootisSlayer No
Funnily enough, they were compromised via a request for advertising, not from advertising.
Still not nearly as embarrassing as that cybersecurity youtuber who fell for a phishing email.
Who? Lmao
However unfortunate that is, it's a good reminder that we're all human and can make mistakes.
If you're talking about Jim Browning, it was a combination of coincidence and an initial email from Google's own domain. The rest of the scam should've been easy to spot due to poor grammar and the absurdity of the instructions, but at least it was a good learning opportunity for Jim and the audience.
@@Slavolko I thought he was referring to David Bombal
@@Slavolko the indian scammer scammer?
It was not just $7000. They cycle addresses, not everyone gets the same one.
Great advice totally going to take those tips for my future endeavors with my business partner on our upcoming channel project this summer 🌞
You were absolutely on the ball. His session manager was hacked because some employee downloaded a malware
not suprised with the session hijacking, but how the hell are they changing the password and 2fa after?
even if they are already "logged in" anything that needs a password or 2fa should be inaccessible unless they got those some other way.
unless there was some huge oversight from google where that could be bypassed somehow, which would be absurd.
while the malware could also add a keylogger, it would still need to annoy the user for the creds after, which would be a red flag, and make session hijacking pointless anyways
it's a flaw with Google's design, sometimes changing your password or 2 factor device does require authentication, sometimes it doesn't.
@@MentalOutlaw what a great idea
@@MentalOutlaw That's a massive flaw holly
@@MentalOutlaw yeah that's pretty dumb. It's also possible the malware steals the session and uses it from your own PC to change the passwords because it's 'trusted'
Memeology101, an absolutely based channel, still got his channel back after this hack happened to him even though RUclips probably doesn't like him.
Tis better to be made a fool than to be made a martyr
why wouldnt youtube like him
A quick glance at them and I can tell their some fascist low life.
Which makes that channel being restored decently impressive. I'm surprised RUclips didn't "forget" to restore that channel.
Had that happened to Second Thought, that channel would of been FUCKED.
Liberals always. ALWAYS side with fascists. Yes, even social democrats. The moderates of fascism.
@@purpleey Cause he's based and he's called youtube out before for trying to create an industry plant.
@@UBvtuber whats an industry plant
I Like your BSD idea for future me if my channel gets anywhere good in the future .
Appreciate the video to spread awareness to this scam more, I hope the algorithm favours this to be seen by as many people as possible.
Great video, great advice, that unfortunately probably won't get followed, and this type of thing will probably continue to keep happening.
A music creator called VectorU (90k subs?) got hacked late last year and also got the channel back after a few days. So while I'm sure Linus does get special treatment it's not like everyone who isn't huge is completely screwed.
Fire Emblem content Creator Mekkah got his also back after a few days. Big channels will have it way was though
90k is big
@@TheTastefulThickness 1% territory big.
@@TheTastefulThickness
Not even "everyone in the bubble knows you" big. MAYBE "enough for an income" big.
@@Alias_Anybody anyway... what i said.
Totally agree with what you said in the end. A separate Linux machine makes things much more secure, and Google allowing to change password without requiring the old password is downright negligent.
Changing password and 2FA, without confirmation from either, while the session was initiated from a cookie.
Hard to believe this is slipping through the cracks at a place like Google.
A separate Linus machine
@@mechwarrior83 brought to you by the inventors of the Titan Security Key, which offers, quote: "Titan Security Keys are compatible with the Advanced Protection Program, Google's strongest security offering."
You can't make this stuff up.
@@mechwarrior83 it feels intentional.
@@mechwarrior83 it's a convenience feature, and you can turn on "Advanced Account Protection" (for free) to require more stringent authentication. For example, my Google account can *only* be authenticated with a hardware token.
The problem is that probably about fifteen people need to be able to access the Linus Tech Tips channel, so any proper security would create such an inconvenience in the workflow that it wouldn't seem worth it.
the fact he was anti linux or mac for so long demands the question why he wasn’t hacked sooner.
This is honestly entirely RUclipss fault. For all channels above a certain subscriber count, maybe 100k, there should be an option to have a manual verification, done by an actual human being at RUclips where they call the number linked to your account (that cannot be changed by you, only by RUclips with identity verification) for every major change made to the channel, such as a video upload, delete, name change, etc. that way it is literally impossible for stuff like this to happen without the number being compromised.
No need manual, just put password and or 2FA authentication for everything which can make people lose access to their account. For example, change password need old password and or 2FA every time, removing 2FA need old password and or old 2FA or removal code, etc. Google do this randomly for changing password and removing 2FA is beyond stupid.
You are absolutely fooling yourself if you think they're going to take the time to call you every single time you upload to make sure things are okay. lmao
Naive
Anyone and everyone can get hacked. This insanely toxic mindset of "You're a tech channel, how could you possibly get hacked?!" is seriously getting tiring. Its never been a question of "if", its always been a question of "when". Its like saying "You're a fitness trainer, how could you possibly gain any kind of fat?" or "You're a mechanic, how can your own car break down?!"
Get over it. Shit happens.
My dad was a mechanic, the last thing he wanted to do after coming home was spend all day or weekend fixing our shitty cars. That said I would not go to a dentist with bad teeth.
*anyone that is braindead enough to download random executables
exactly. the same thing happened to jim browning last year. he's a prominent scambaiter who hacks into scammers' computers and does all sorts of stuff with them. and his channel got hacked too. no one is safe.
Well yeah I agree that's pretty toxic and pointless. This is the second Mental Outlaw video that I genuinely disliked because of the smug and arrogant tone. We have seen countless times, time and time again that anyone and anything can get hacked, even the CIA, FBI, NSA and server companies that mostly run Linux when everyone just goes out blaming windows security.
The CIA and FBI got hacked thousands of times by a single person sitting in their bedroom alone, NSA got hacked for months before anyone noticed and they are possibly the most advanced hacking agency on the planet by heaps and leagues, it's not like the CIA, FBI and NSA lack security measures and procedures, and yet they still get hacked several times a year. This is seriously getting tiring and this smug, arrogant attitude makes me heavily dislike this type of content now, especially people in the comments like "hah, this would never happen to me because I know better than everyone and I'm invincible." I mean, even if the most advanced hacking agency on the planet gets hacked, FBI, NSA, CIA, who is some pleb on youtube comments thinking he's safe?! This smug and arrogant attitude both from Kenny and the people commenting in the videos have been driving me away from Mental Outlaw videos for a while now.
Found the LTT fanboy lmao. If you have a deep knowlege and understanding of a certain system, and also publicly claim to be an expert about it, you shouldn't fall victim to extremely basic mistakes like this.
Your analogies suck by the way, lmao. This situation is more akin to a competant mechanic forgetting to put oil in his car then wondering why the engine blew up. This was a complete oversight on their part.
Between this and the recent "hard R" thing, Linus is having a rough month lol. Thanks for explaining how this hack works, was always curious how they just got around the 2FA so easy.
Huh Linus said the n word??
Pepole actually believe he said the hard r?
@@Bryce_C. No, he apparently didn't know that "hard r" meant what it means. He thought it meant r*tard... give it a quick search on youtube, its a really awkward and funny clip from the live show.
Like Demi Demi said: "tough time never lasts. Only tough people lasts. Lbrghlbrghmbl." 😅
@@facksmasheen why you censor "retard"?
Apparently the scammer had sent an email purporting to be a sponsorship or advertising offer to one of his employees and the pdf file in the email had contained the malware.
It was an .scr file with a double extension file name. The woman who opened it saw it as file.pdf.scr
Happened to me last year after i lost internet and had to connect to a public network, was insane to me at the time that 2 factor didn't help at all luckily twitch helped me out after 4 weeks, alot more careful now but thanks for explaining how it happens in a bit more depth, people really should be more careful, it changes your profile to a tesla logo and plays random elon interviews, nothing more shocking then being told "hey, you're live?" when you're not
I was wondering why their videos were clogging up my notifications. That literally just happened this morning, so you got this video out hella quick!
i've actually seen channels with like 200K subs hacked like this and getting their channel back
I think it also happened to DJ Ware with like 25k subs
I find that perfectly shows that even if you are an expert in the field that you are not protected from making one little mistake and loose everything.
Congrats on the shoutout from the WAN Show! (1:30:00)
I would love to know which person on the staff accepted the fake sponsorship that usually leads to these hacks. They give people a sponsorship email, get him to click and get temporary access to there system without having to do two factor Authentication
their*
@smacktard Yvonne? I would suspect a new hire or maybe a transfer from another dept.
7000 bucks is a lot of money but honestly it’s probably way less than they would get from hacking most other channels this big.
Linus’ audience being more tech savvy means more of us would immediately recognize this scam compared to the audience from, say, a vlog channel. Plus quickly getting the redirect flagged.
They probably caused more in damage than they got from the scam. I imagine this screwed up filming and a bunch of other plans.
It was way more than $7000, because they do not give the same address to everyone. They have a pool of say 50 addresses and give each website visitor a random one.
I personally think that isn’t a lot. Considering certain scams can scam people for thousands at once.
Im pretty sure some complex social engineering went into it, but I don’t think the scammers are contempt with 7k. Though 7k could still be a lot in whatever 3rd world country they are in
Edit: What Zeleno said might be true, considering they are smart enough to hack Linus.
@@plaush7401 How else could he have made money from this hack tho
This is probably the best option he had to make it profitable
@@deleteduser72 There's some Indian squatting on the dirt floor of his shack making that much from a scam phone call.
What's actually scary is that Google can essentially decide which site is trustworthy or not in a second, blocking every normal user completely from visiting. Obviously to prevent scam like this it's not a bad thing. But they could block any website like this if they wanted to.
Thanks, learned some extras from your personal knowledge base!
I was a victim of that cookie hack yeaaaaars ago before it became popular to do it.
Ever since I've gotten a lot more careful about downloading things, especially stuff sent by less tech-savvy friends.
You can be the most careful person alive but if only just one of your friends is naive, they're gonna get to you too, through them.
Just sandbox everything duh
@Lurch thats just it, even bootloaders arent safe though. i mean obviously i think there are like 3 pieces of malware or something that actually load themselves in the bios secureboot files and have a happy day downloading and running everything again after a fresh install of everyones favourite windows.
@@Sup3rman1c That's a much more difficult attack, and not really how that works anyway. This was a classic malware attack. Could have been keylogging, screen capping, anything, but this one stole the tokens.
You can 100% have idiot friends and still be safe.
@@dontaskiwasbored2008 How does it work then? I wasn't saying this particular attack spoken of in the video is that exact attack, I'm saying anyone can get pwnd and most people do get pwnd at least once and in their lives. A worst case scenario (not including the damage getting pwnd can do irl), your motherboard can literally turn to e-waste.
What I've read about this hack of RUclips creators is that the malware is sometime distributed through a "sponsor proposal", with a infected pdf
We don't know if it's the case here though...
The good old .pdf.exe
@@dustinp8355 haha not here I think
According to this video (in french sorry) ruclips.net/video/zK2_FjKKgpM/видео.html at about 6 min :
The hackers send emails to the RUclipsr and discuss with him so that with time he start to trust them
And after that, they send a "demo" version of the game they want to push to the viewer (which is malware ofc), or a pdf (they don't explain how, I suppose it can be some kind of macros in the file or some shit like that)
Now paranoid about my sponsors 😮😮😮😅
See Paul Hibbert's video on his hack.
@@lurch1539 There's no option in youtube, you need to be logged in into Gmail to use your youtube account
I wonder if the scammers occasionally actually do pay out the victims: not only would this convince someone that it genuinely works who then might go and try it out with WAY more money, but this also would disguise victim wallet addresses with any wallets being used to tumble the crypto.
This same hack has happened to 4 channels I’ve been subscribed to. All of them recovered faster than Linus, including much smaller channels (sub 200k). It’s strange that RUclips has not restored their channel to a previous state.
I'm actually interested in statistics of victims from Linus audience who will eventually fall to this scam, kinda curious if consuming mediocre (in a good way) tech content raise situational awareness
Edit: well, 7000$ is a good number
their content isnt necessarily security based. They are hardware channel. And 7k for a channel that gets 1 million views over course of 8 hours isnt a lot.
Could have ransomed it for 10 times as much at least
@@primethread the scam links the livestreams link to when a channel gets hacked by these groups
pretty sure that the average audience of linus is mature and knowleadgeable enough to understand that somthing off happened...im pretty sure those money come from random people
@@thegoblinwholaughs1137 you failed to take in consideration that the link hd a short life since it was flagged by google and cloudflare quite fast, so had no external interference happened we could be talking millions here....
I've seen this happen to over a dozen channels just in the past few months. Really turning into an epidemic now.
I am paranoid now 😮
@@ArniesTech yeah consider joining the Amish
Sounds like RUclips is complicit
Google not requiring a password to change the password shows you just how seriously they take security, which is to say, not seriously at all.
True. Google is an advert company pretending to be a tech company. Didn't they disband their autonomous driving team? Of if they did, it would not surprise me. Googling it. Ah, they cut back but didn't disband it: "Google parent Alphabet Inc’s (NASDAQ: GOOGL) (NASDAQ: GOOG) self-driving startup Waymo slashed dozens of jobs as its parent cuts spending and sharpens its focus on artificial intelligence". As I say, they're an advert company more than a tech company. The tech is just for publicity, not unlike what Musk does.
Honestly, this says a lot more about Google/RUclips security then anything.
My RUclips account is so old that it was made before Google bought them, and I was pissed when they combined them and required me to use a Google account to sign in.
Same, mine's so old it used to have a /user/ address instead of /channel/.
What expelled me from the platform for years was the Google+ comments debacle. I lost comments and other stuff to that move by Google and that's something I'm still... let's say "unhappy" about.
Speaking of shitty Gooleg bs, anyone knows what was up with youtube comments showing up user's coded names instead of the regular usernames? I was seeing that shit for over a month without knowing what the hell was going on.
Yeah, I still have those double YT channels binded in a single Google account 😂
No it doesn't. This wasn't a Google security issue.
I love your vids and commentary, brother! Your subtle humor and focus on privacy are great.
His sarcasm is delicious 😅
@@ArniesTech yess
Ah the classic "double your money" Runescape scam
One of my favorite channels got Elon-hacked 3 weeks ago proably 30-50k subs. Their channel is still banned/deleted today. Not sure if they'll ever get it back. Google needs to do something about this ASAP!
I love how the picture appears every time Linus is mentioned.
I love that Elon is now synonymous with crypto scams.
Vitalik Buterin as well, together with the guys from Bankless, which are ironically some of the nicest guys on the web. More sad than funny to be honest.
Elon is a fraud himself, so that suits him well.
It's because he was on a SNL skit dressed as Shiba Inu, can idiots stop relating one to the other? He's a crypto hater like Trump or Tucker Carlson
@@jpunyedvideorestorations9347 _"It's because he was on a SNL skit dressed as Shiba Inu"_
No, it's because he's arguably the most influential person on this planet.
Love him or hate him Linus has been dedicated to his work for the better part of two decades. Maybe he makes mistakes, maybe he shills for shitty sponsores, but in the end he provides quality benchmarks, covers most of the new gear and has made computer science and computer building more accessible to a broader audience.
This man and his team are the MVPs and the right thing to do is to allow them to recover and not try to stir up shit from the unaired footage.
Nah, he sucks compared to Gamers Nexus
I remain ambivalent about him
Just because you're committed to something doesn't automatically make you a good guy lmao.
@@robokid20001 and what makes him a bad guy then, according to you?
I disagree with a lot of his opinions on a lot of different things, but the videos are fun
Another big tech security compromised by convenience design, just like with the iPhone security incident story recently: once you've logged in there is no more protective mechanisms from completelly taking over the account and changing the ownership.
No doubt there's gonna be an extensive breakdown of this incident on LTT coming up. It'll be interesting to find out exactly what happened (i.e., who fucked up and how).
Wouldn't it be funny if it was Coulton 😂
They were using youtube as a kind of backup. Linus talked about it that it ain't ideal but its nice to have all the videos in one more place
Also I remember that RUclips basically deletes nothing ever. People who have had their channel restored had stuff that was "deleted" reappear. So even if they changed policy on how they use it, plenty of old videos are still stored
@@PMARC14 I'd assume that more illegal stuff like live leak kind of things and child exploitation and violation would be used as evidence against someone given RUclips works in that way but for the off chance they make a special case for these videos and delete them entirely.
Has RUclips videos inside RUclips's database ever been used as a way to prosecute criminals before?
I hear people keep gb,s of porn vids set on private.
@@pudznerath6532 nothing is private when you use some ones server use peer tube
@@pudznerath6532 Not even private, you can set that stuff on unlisted and it can stay up as long as its not public
This is just sad to see, really. Because thanks to his input i was able to get my hands on the best gear for my work.
LTT inspired me to start my own channel
I actually posted about this on my community page a while back. Caught me off guard that they'd fall for a sponsor scam.
You would think RUclips/Google would’ve implemented some algorithms to detect when a high profile channel suddenly changes its password, 2fa, channel name among other things and starts live streaming. Those are all huge red flags. And should’ve automatically locked the account.
Actually, it isn't nearly as much of a red flag as you're making it out to be. Channels change their names to reflect temporary promotions all the time, and a livestream at the same time is just effective PR. What Google needs to do is make "Advanced Account Protection" more obvious to their business customers, I'm pretty sure that having that option enabled in the Google account setting for their channels would have prevented the session hijacking attack, and it certainly would have prevented the password change.
Password changes should always prompt for password. Weak, Google.
I remember that whenever you try to change a sensitive setting on a youtube account, you get asked to write your password again. I can't see how they bypassed that.
1:10 Linus has talked in the past about how they use RUclips as a backup in case they use the local video files if necessary. So that is actually likely the case.
the idea of an elon musk stream just appearing on your channel one day is hilarious
Best thumbnail!
their last tweet before ltt channel got hacked fits so well with this situation
I am legitimately blown away by the fact that people fall for the double your money scam. Its the most low effort and obvious scam.
Mental Outlaw, would you ever do a podcast?
I could spend hours listening to you talking about hacks and other IT related things.
That would be amazing. I'm in!
I don't post videos, but if this happened to me I think I'd just quit the internet.
Had such a thing happen to an older account of mine some years ago. It was devastating. 😢
great content man. Really like this style of video from you
The cost in reputation far outweighs the financial loss.
I'm still pissed that google hasn't fixed the issue where you don't need password and 2fa to change password. To be honest business/creator account should have option to password check even if you edit, add or remove videos.
They qoute tweeted that tweet the main joking about *THIS* being their greatest tech fail.
i still cant fathom how anybody can fall for this type of scam
Thanks for going on about this hours and hours of unreleased content without linking it. It seems to be gone now and I'd assume whoever put it up privated it in the time since this video. Searching video titles by upload date and none of them are showing.
I'm so old I remember when it was good practice to not accept a password update without some form of authenticating the user requesting the update. And not just an existing session. Yes it's a bit annoying, but far less than getting locked out of a hijacked account.
Yepp. We get annoyed so quickly. But only when its too late we realize how important it was 😢
Press F to pay respects for the hard R
I wonder if that was caused by the RCE that Outlook had recently and LMG uses MS Teams, so they probably use Outlook for emails as well
One way to prevent this kind of issue is to setup firewall rules to block all traffic to and from sites other than RUclips on dedicated PCs in the office used to access RUclips
C'mon we all know kenny's channel was hacked and replaced by deepfake cooking recomendation machine.
Finally it's here:
eTeknix was hacked with a live scam and their channel and videos were restored, so it's good to see that "smaller" channels get taken care of
I saw this happen live and also got to see some unreleased shit which was cool. Hopefully they get their channel back.
Something LTT could look into is building custom tools that upload directly to the RUclips channel. LTT has the software engineers to build tools to access the RUclips API for uploading and modifying channel content. Better yet, the tools could work off a intranet site so attackers would have to hack into the network to get access. There's ways around not using the RUclips interface and risking this kind of attack.
all those words.... it's almost like you didn't watch the video or understand what was being described. Much easier solutions were outlined in this and other videos covering this incident.
Or they could just take this as a sign. Log out for good.
@@tehKap0w I mean a solution propose was basically just a more manual version of this; this proposed solution is have a hardened system for only uploaded to RUclips. They could set up a system on their local network that does as an in between that stores the session ID and can provide further access control than yt provides. For someone like LTT automating this would be pretty useful given how much they upload
@@unclehumpy2487 there are so many ways but the easiest is a hypervisor VM that can only run a hardened browser. This would be enough to isolate them for uploading/interacting with the site.
Or the same scheme with a chromebook.
As a nerd, i can attest to our not being afraid to over complicate things and it's a habit we need to restrain as best we can.
Simpler is _almost_ always better.
bruh "accessing the YT api for uploading and modifying channel content" isnt engineering lmao. u sound like u rly have no idea what ur talking about. tbh the solution here is simple.
Does Google not tie session tokens to IP addresses? 😕
Checked this myself, No.
It seems no, had used my RUclips with a Ukranian IP and no problem
1. session cookies are limited to ip address.
2. you cannot change your password without the original password.
Thought it seemed insane that not even )eewgle themselves follow NIST guidelines, and as expected: "To continue, first verify that it's you"
1. False
2. True
@@TheActualDP I'm pretty sure numba wan is implementable.. unless you're dealing with dynamic ips
Maybe the whole device was taken over and this wasn't just a session hijack?
He will monetize this hack so hard 🤣
I still can't belive people fall for these scams.
Waiting for the Linus tech tips “How we got our RUclips channel taken over”
The title would probably be more exaggerated with weird capitalization and punctuation.
Raccoons need HUGS