Linus Tech Tips Got Hacked
ฝัง
- เผยแพร่เมื่อ 20 ก.ย. 2024
- In this video I discuss how the Linus tech tips TH-cam channel, TechQuickie, and TechLinked all got taken over by a hacker and redirected to "double your crypto" scam site, I also explain how you can protect yourself from this kind of attack.
My online store is live at based.win/
₿💰💵💲Help Support the Channel by Donating Crypto💲💵💰₿
Monero
45F2bNHVcRzXVBsvZ5giyvKGAgm6LFhMsjUUVPTEtdgJJ5SNyxzSNUmFSBR5qCCWLpjiUjYMkmZoX9b3cChNjvxR7kvh436
Bitcoin
3MMKHXPQrGHEsmdHaAGD59FWhKFGeUsAxV
Ethereum
0xeA4DA3F9BAb091Eb86921CA6E41712438f4E5079
Litecoin
MBfrxLJMuw26hbVi2MjCVDFkkExz8rYvUF
Dash
Xh9PXPEy5RoLJgFDGYCDjrbXdjshMaYerz
Zcash
t1aWtU5SBpxuUWBSwDKy4gTkT2T1ZwtFvrr
Chainlink
0x0f7f21D267d2C9dbae17fd8c20012eFEA3678F14
Bitcoin Cash
qz2st00dtu9e79zrq5wshsgaxsjw299n7c69th8ryp
Etherum Classic
0xeA641e59913960f578ad39A6B4d02051A5556BfC
USD Coin
0x0B045f743A693b225630862a3464B52fefE79FdB
Subscribe to my TH-cam channel goo.gl/9U10Wz
and be sure to click that notification bell so you know when new videos are released. - วิทยาศาสตร์และเทคโนโลยี
Google can sometimes be half decent at flagging sites if someone reports it via their Safe Browsing form. I assume it’s partly automated and affected by the number of reports, so a bigger channel will have more people reporting the domain if they know to. But I’ve reported some sites just with their public form and it was flagged well within an hour.
Another thing is apparently even if Safe Browsing flags a site, it doesn’t get blocked by chrome immediately unless you have “enhanced protection” on in chrome settings, which checks every site you visit against Safe Browsing, though of course that could be considered a privacy tradeoff. Otherwise with “standard protection”, I don’t think it will flag by default on chrome until you get the latest offline list updated which seems to happen within a day.
i bet they had two dozen LTT employees doing nothing but getting that and every related site listed on every black list ever.
I have a better solution to this entire problem: grow a brain and stop believing someone’s going to give you free cash .
Linus actually mentioned your take on this on the video that he mentions the hack.
@@FuckTheState exactly.
@@pflasterstrips7254 obsessed
Silver lining here is that Linus putting the spotlight on this issue might ACTUALLY get us some kind of resolution to this ongoing, massive problem. The fact the Google has not been serious about doing something about this, and Antimalware services aren't doing enough to snuff out this crap, LTT could shed light on the issue that other TH-camrs have been ignored for. If something can be done, I'm grateful, just sorry for all the people that have gone through this, especially those with more to lose.
The issue is that your current session allows you to just change your password without entering your old pw or any other verification or 2FA. Same with apple and icloud. You should be allowed to disable those 'convenience vulnerabilities'
Are you sure? I remember always having to enter my password when modifying Google account settings.
(big lol if it's 2FA that changes things here)
@@mskiptr the kicker is, that if it's 2fa that suppresses that, they should have put a stronger check, which is asking for your 2fa code again.
THIS! There should be an OPTION in account config. to allow something like this with the secondary e-mail or something like that or different level of OPTIONS and possibilities. They want this as default? Ok, but let me have the alternative.
@@GYTCommnts Got reminded from another TH-cam video about the fact Google offers stuff like this and more, but the Google account has to have Advanced Protection on.
Since LTT and Tech Quicky were brand accounts/channels, multiple Google accounts likely had access.
@@MasicoreLord You are right! Thanks for reminding that!
The company has scaled in weird ways. Despite having dozens of employees, some aspects are remnants from when there were much fewer resources. For example, they still don't have a dedicated server admin or seemingly anyone tech aware who isn't working deadlines on videos. As a result, stuff like this keeps happening.
More than once Linus, the CEO, had to leave in the middle of a podcast because something in the server room was down. They lost a NAS because no one read the logs for months as multiple hard drives failed. There are probably dozens more stories like this.
They're already beyond the point needing someone looking at this stuff full time; with a second building they probably need more than one person. Instead they just scatter these responsibilities around to be done by whoever, whenever they aren't filming videos and no one is really in charge of even basic administration.
I wouldn't have a hard time believing that dozens of employees not only had credentials but were perpetually logged into LTT and didn't even have session management. That is, the LTT account was exposed as all these people were logged into it in Chrome browsing random BS during lunch break, waiting for videos to upload, etc. Because that's the kind of thing you do when it's just you and your buddy running a little TH-cam channel and you never change your behaviors as the business grows.
In one of the recent WAN shows, he was just talking about hiring a couple full time I.T. people so that employees like Jake or whoever didn't have try and split their time. I think he said they were starting to lack in maintenance because of that. Hindsight says he should have done that sooner unfortunately. Someone that can spend all their time doing maintenance and ongoing training can make a big difference.
Our company of a couple hundred has had several instances over the years where someone fell for a phishing email and had their outlook broken into. (luckily nothing else) Especially when we were a bit smaller without full-time IT staff. Our IT staff now has us go through basic security training every few months, and it seems to have helped.
Linus as a tech channel is general has been lackluster, stopped following a while ago
@@mopnem ew trash
Imma say it one time, don't chastise me for it: lmg is slowing becoming a youtube bro mansion
That's precisely why it makes me laugh hard when i see the "tech tips" part, like bro, you and most of your co-workers are technologically illiterate, just stop.
>Sir, they've hit the second channel
>I know (smiles and does the soyface)
Oh sh-
Stonetoss is a Na'Vi (fan)
🥲
>Sir, they've hit the second channel
There goes neighbors having a good nights sleep.
Man xD
lol God I freaking hate his soyboy thumbnails.
Imagine giving "tech tips" while being so tech incompetent.
Memology got hacked a few months ago and got his channel back after like a week. I was surprised they didn’t use it as an excuse to just nuke his channel.
Huh yeah. You’d think that would be a “problem that solved itself” from YT’s perspective
Same thing happened to foolish baseball
Huh I never even noticed he got hacked, he probably makes TH-cam a decent chunk of change though so that likely would’ve played into them not shoahing him.
@@hansmoleman2666 he gas around 60k views on every video... TH-cam doesnt need him lol, seems like he doesnt break the tos
This is a real "hard-R" moment.
1 month of no MentalOutlaw, time to start catching up
This last week has been pretty good as far as stories go
@@MentalOutlaw word
Our guy is back 💪😎
@@MentalOutlaw more shitposts please
@@caesarxinsanium Wait for April 1st :-)
I swear Linus does everything like a private company. Lowest quality, lowest costs and highest returns. Most of his employees won't get a job anywhere else.
Didnt think cookie hijacking was still a thing specially for google accounts. I guess it doesn't take that much to spawn secret hidden browser session in the infected computer. Honestly I think it can happen to anybody.
Unfortunately. As a tech channel i am paranoid now 😮
@@ArniesTech "Tech" channel
Agreed, especially if the attacker has a zero day to get in to steal the cookie. It seems really simple and obvious that google should make you type in the password *again* to change the password!! But if they inconvenience people by locking them out, not as many people will be signed in...
@@revenevan11 if you have a cookie stealer malware it probably is already reading input
im guessing this is what happened to me when i had someone bypass 2fa and silently log onto my google account in order to try and buy an advertising campaign using paypal, which i had linked to, and have now removed from my google account.
i also had just started trying out googles password manager to sync passwords between devices, which means that iphone in Melbourne probably had all my passwords automatically downloaded to it.
im now using a self hosted password manager and file syncing program.
LTT isn't my first stop for technical information these days, but I am always interested in what they have to say. Hope they get it all back up and running soon!
Good thing it happend to linus. Hes the one most likely to make a giant wave in the YT community to force YT to finally do something.
sure buddy
They can't do anything, my mate, no one can.
He already talked about how his feedback was pretty much useless and that he wouldn't bother talking to TH-cam about changes before posting his opinion on them.
@@KoltPenny They can at least prevent someone who only has a session cookie from changing the Password and 2FA.
They can implement security measures that force the user to reenter their password and 2fa every time you enter a management area or want to commit a destructive action such as changing keys. This would immediately fix the cookie hijacking issue, they might get in but they're not authenticated.
This happened to me. It finally disappeared after I wiped my hardrive. It's 100% a malware hack. Someone downloaded something.
Where have you been?
yeah tf happened?
Where did your videos go?
@@serkandevel7828 Gone with the wind.
Tesla Tech Tips
😂😂😂
Subscribed.
linus is very good about not shying away from the times that hackers and scammers got to him in order to educate everyone. He NEVER shames anyone for getting scammed or hacked but instead raises awareness so others can protect themselves.
Which is the exact opposite of what salty Mental Outlaw is doing here right now.
Yet he shames on GNU/Linux because he used Windows for all of his life and is illiterate in GNU/Linux.
@@speedytruck He also shamed people who use ad blockers. His claimed that ad block users = pirates. Who the fuck still don't use ad blockers anyway?
@@speedytruck Well, ne is not a Torvalds, he is just a Linus XD
@@Henry-sv3wv You don’t need to be Torvalds to admit you don’t know what you’re doing.
I can't believe YT didn't fix this cookie shit yet... I've seen numbers and numbers of creators get hacked
There is no way to 'fix' it
Not very smart, are you?
@@gd44481 TH-cam can ask for the 2FA code every time someone tries to change the password or the 2FA method. This way if someone hacks you, you can log out on all devices and take back control of the channel.
Almost every other site asks for old password to change the password to a new one.
@@gd44481 of course there's a way to fix that... lol
for example make an optional setting to request password to delete videos or change channel name...
You’d think Linus fans who are smart enough to assemble a gaming pc won’t send their cryptos to a hacker’s scam site.
He dropped his security. Bound to happen.
Could you please elaborate? Most of us don't watch 7rannytechtips regularly
@@bravefastrabbit770 linus has reputation of dropping things, mostly **expensive** things
@@BooleanDev it's a joke because "dropped"
@@feschber LOL that went over my head. Guess thats what i get for multitasking
@@feschber Thanks. lmao now it's funny
The most funny thing is Linus will probably make this topic his most profitable video in a long while when the channel is restored.
On point. Idk about profitability, but he did explain the whole thing in good detail. The video was wonderfully and ironically sponsored by Debrand lmao.
Considering they ran ZFS servers as core infrastructure for years without scrubbing, I wouldn't be surprised if they used TH-cam as a backup repo lol
IIRC didn't they literally admit to doing this in one of their streams? They delete old videos off their server and keep them on TH-cam.
Yes and no. It does act as an archive for videos. But they do have full 321 backups.
Considering some of the jank in his videos showing the office space and the way they sort of half-ass and sidestep certain practical things, I'm not surprised their channel backend is apparently also very janky.
@@TheLegendaryHacker certified bruh moment
ZFS sucks.
the fact he was anti linux or mac for so long demands the question why he wasn’t hacked sooner.
"Just the tip" -Linus
Linux
@@ZelenoJabko his name is Linus. He runs a Linux tech channel called Linus Tech Tips.
"Just the tip" is a sexual innuendo implying just a tip of a penis.
I don't know exactly what it's supposed to mean but it sounds awfully funny 😃.
@@MathewRenfro r/whoosh
@@MathewRenfro linux
@@Kapeeshy No, ITS LINUS! read the other replies in this thread. HIS NAME IS LINUS he runs a channel called Linux Tech Tips. God damn do not correct me when you need corrected.
What gets me is that its so easy to prevent this hack. Just require someone to log in (again) before they can livestream or private all videos.
Anyone and everyone can get hacked. This insanely toxic mindset of "You're a tech channel, how could you possibly get hacked?!" is seriously getting tiring. Its never been a question of "if", its always been a question of "when". Its like saying "You're a fitness trainer, how could you possibly gain any kind of fat?" or "You're a mechanic, how can your own car break down?!"
Get over it. Shit happens.
My dad was a mechanic, the last thing he wanted to do after coming home was spend all day or weekend fixing our shitty cars. That said I would not go to a dentist with bad teeth.
*anyone that is braindead enough to download random executables
exactly. the same thing happened to jim browning last year. he's a prominent scambaiter who hacks into scammers' computers and does all sorts of stuff with them. and his channel got hacked too. no one is safe.
Well yeah I agree that's pretty toxic and pointless. This is the second Mental Outlaw video that I genuinely disliked because of the smug and arrogant tone. We have seen countless times, time and time again that anyone and anything can get hacked, even the CIA, FBI, NSA and server companies that mostly run Linux when everyone just goes out blaming windows security.
The CIA and FBI got hacked thousands of times by a single person sitting in their bedroom alone, NSA got hacked for months before anyone noticed and they are possibly the most advanced hacking agency on the planet by heaps and leagues, it's not like the CIA, FBI and NSA lack security measures and procedures, and yet they still get hacked several times a year. This is seriously getting tiring and this smug, arrogant attitude makes me heavily dislike this type of content now, especially people in the comments like "hah, this would never happen to me because I know better than everyone and I'm invincible." I mean, even if the most advanced hacking agency on the planet gets hacked, FBI, NSA, CIA, who is some pleb on youtube comments thinking he's safe?! This smug and arrogant attitude both from Kenny and the people commenting in the videos have been driving me away from Mental Outlaw videos for a while now.
Found the LTT fanboy lmao. If you have a deep knowlege and understanding of a certain system, and also publicly claim to be an expert about it, you shouldn't fall victim to extremely basic mistakes like this.
Your analogies suck by the way, lmao. This situation is more akin to a competant mechanic forgetting to put oil in his car then wondering why the engine blew up. This was a complete oversight on their part.
Linus mentioned your video on LAN show. Dang you got in fast.
haha we all came to let him know that Linus mentioned him briefly on WAN show giving props for covering it quickly.
the ironic thing is since they use that same video there is no reason youtube couldnt auto block it and immediatly recognize its a hack. also surprised the fbi hasnt taken down that site.
They don't even block the crypto comment spam which happens more frequently and would be easier to block.
the other thing is that theres a really good chance it's being streamed from the same IP
@@MentalOutlaw They don't even block certain phrases or have any systems in place to detect mass spam. You would think a TH-cam channel would be blocked from commenting if it started commenting the same exact phrase hundreds of times.
When it comes to TH-cam comments they try to make it a bit difficult to give out contact details. But it is hilarious that the owners of reCAPTCHA are letting bots roam their website. I guess they're just trying to spend as little money as possible as long as nobody hands them a huge fine for allowing scams on their websites.
TH-cam can automatically shadow ban comments for "hate speech" but can't block simple scam comments? Color me surprised
Linus once pointed out in an interview about their old stuff, that those weird placeholder videos are videos that they had deleted, but when TH-cam recovered everything from the previous hack, they also recovered videos that had been deleted.for years. I don't know why they havent deleted them again.
Many channels have previews and drafts of upcoming videos on their channels temporarily. Apperantly deleting those doesn't really make them go away.
Still not nearly as embarrassing as that cybersecurity youtuber who fell for a phishing email.
Who? Lmao
However unfortunate that is, it's a good reminder that we're all human and can make mistakes.
If you're talking about Jim Browning, it was a combination of coincidence and an initial email from Google's own domain. The rest of the scam should've been easy to spot due to poor grammar and the absurdity of the instructions, but at least it was a good learning opportunity for Jim and the audience.
@@Slavolko I thought he was referring to David Bombal
@@Slavolko the indian scammer scammer?
This is honestly entirely TH-cams fault. For all channels above a certain subscriber count, maybe 100k, there should be an option to have a manual verification, done by an actual human being at TH-cam where they call the number linked to your account (that cannot be changed by you, only by TH-cam with identity verification) for every major change made to the channel, such as a video upload, delete, name change, etc. that way it is literally impossible for stuff like this to happen without the number being compromised.
not suprised with the session hijacking, but how the hell are they changing the password and 2fa after?
even if they are already "logged in" anything that needs a password or 2fa should be inaccessible unless they got those some other way.
unless there was some huge oversight from google where that could be bypassed somehow, which would be absurd.
while the malware could also add a keylogger, it would still need to annoy the user for the creds after, which would be a red flag, and make session hijacking pointless anyways
it's a flaw with Google's design, sometimes changing your password or 2 factor device does require authentication, sometimes it doesn't.
@@MentalOutlaw what a great idea
@@MentalOutlaw That's a massive flaw holly
@@MentalOutlaw yeah that's pretty dumb. It's also possible the malware steals the session and uses it from your own PC to change the passwords because it's 'trusted'
I'm genuinely surprised that this issue hasn't been fixed yet, or at least had some kinda stop-gap put in place, like needing 2FA to change the password if you have 2FA on, or vise-versa.
It exists but is limited to Google's advanced protection program for some reason
It was not just $7000. They cycle addresses, not everyone gets the same one.
Remember when this happened to Nathaniel Bandy.
Two of his channels were rather secure, but his third was tied to an old Hotmail account. He then said that the hacker didn't begin the takeover immediately, reasoning they wanted to get the passwords to the other channels.
Memeology101, an absolutely based channel, still got his channel back after this hack happened to him even though TH-cam probably doesn't like him.
Tis better to be made a fool than to be made a martyr
why wouldnt youtube like him
A quick glance at them and I can tell their some fascist low life.
Which makes that channel being restored decently impressive. I'm surprised TH-cam didn't "forget" to restore that channel.
Had that happened to Second Thought, that channel would of been FUCKED.
Liberals always. ALWAYS side with fascists. Yes, even social democrats. The moderates of fascism.
@@purpleey Cause he's based and he's called youtube out before for trying to create an industry plant.
@@UBvtuber whats an industry plant
One of my favorite channels got Elon-hacked 3 weeks ago proably 30-50k subs. Their channel is still banned/deleted today. Not sure if they'll ever get it back. Google needs to do something about this ASAP!
A music creator called VectorU (90k subs?) got hacked late last year and also got the channel back after a few days. So while I'm sure Linus does get special treatment it's not like everyone who isn't huge is completely screwed.
Fire Emblem content Creator Mekkah got his also back after a few days. Big channels will have it way was though
90k is big
@@TheTastefulThickness 1% territory big.
@@TheTastefulThickness
Not even "everyone in the bubble knows you" big. MAYBE "enough for an income" big.
@@Alias_Anybody anyway... what i said.
It would be funny if it ends up they got hacked by downloading something from one of those fake Google ads. Linus has a strong opinion against adblockers, and an adblock could've prevented this if that was the case. On the other end, if it really was a fake ad, then Google might finally start cracking down on them, now that they got egg on their face.
Adblockers are still 3rd party apps. Unless they manually do that, which would take an unreasonable amount on time given you'd have to block google ips for it to work (not easy as they are dependent on them), I'd say for companies adblockers are bad. You can't trust some guys that aren't google, microsoft or apple with this stuff, the only reason they are alive is because of community backlash if stuff was to happen.
@@RikyyThePootisSlayer No
Funnily enough, they were compromised via a request for advertising, not from advertising.
Totally agree with what you said in the end. A separate Linux machine makes things much more secure, and Google allowing to change password without requiring the old password is downright negligent.
Changing password and 2FA, without confirmation from either, while the session was initiated from a cookie.
Hard to believe this is slipping through the cracks at a place like Google.
A separate Linus machine
@@mechwarrior83 brought to you by the inventors of the Titan Security Key, which offers, quote: "Titan Security Keys are compatible with the Advanced Protection Program, Google's strongest security offering."
You can't make this stuff up.
@@mechwarrior83 it feels intentional.
@@mechwarrior83 it's a convenience feature, and you can turn on "Advanced Account Protection" (for free) to require more stringent authentication. For example, my Google account can *only* be authenticated with a hardware token.
The problem is that probably about fifteen people need to be able to access the Linus Tech Tips channel, so any proper security would create such an inconvenience in the workflow that it wouldn't seem worth it.
Google not requiring a password to change the password shows you just how seriously they take security, which is to say, not seriously at all.
True. Google is an advert company pretending to be a tech company. Didn't they disband their autonomous driving team? Of if they did, it would not surprise me. Googling it. Ah, they cut back but didn't disband it: "Google parent Alphabet Inc’s (NASDAQ: GOOGL) (NASDAQ: GOOG) self-driving startup Waymo slashed dozens of jobs as its parent cuts spending and sharpens its focus on artificial intelligence". As I say, they're an advert company more than a tech company. The tech is just for publicity, not unlike what Musk does.
Between this and the recent "hard R" thing, Linus is having a rough month lol. Thanks for explaining how this hack works, was always curious how they just got around the 2FA so easy.
Huh Linus said the n word??
Pepole actually believe he said the hard r?
@@Bryce_C. No, he apparently didn't know that "hard r" meant what it means. He thought it meant r*tard... give it a quick search on youtube, its a really awkward and funny clip from the live show.
Like Demi Demi said: "tough time never lasts. Only tough people lasts. Lbrghlbrghmbl." 😅
@@facksmasheen why you censor "retard"?
You would think TH-cam/Google would’ve implemented some algorithms to detect when a high profile channel suddenly changes its password, 2fa, channel name among other things and starts live streaming. Those are all huge red flags. And should’ve automatically locked the account.
Actually, it isn't nearly as much of a red flag as you're making it out to be. Channels change their names to reflect temporary promotions all the time, and a livestream at the same time is just effective PR. What Google needs to do is make "Advanced Account Protection" more obvious to their business customers, I'm pretty sure that having that option enabled in the Google account setting for their channels would have prevented the session hijacking attack, and it certainly would have prevented the password change.
7000 bucks is a lot of money but honestly it’s probably way less than they would get from hacking most other channels this big.
Linus’ audience being more tech savvy means more of us would immediately recognize this scam compared to the audience from, say, a vlog channel. Plus quickly getting the redirect flagged.
They probably caused more in damage than they got from the scam. I imagine this screwed up filming and a bunch of other plans.
It was way more than $7000, because they do not give the same address to everyone. They have a pool of say 50 addresses and give each website visitor a random one.
I personally think that isn’t a lot. Considering certain scams can scam people for thousands at once.
Im pretty sure some complex social engineering went into it, but I don’t think the scammers are contempt with 7k. Though 7k could still be a lot in whatever 3rd world country they are in
Edit: What Zeleno said might be true, considering they are smart enough to hack Linus.
@@plaush7401 How else could he have made money from this hack tho
This is probably the best option he had to make it profitable
@@deleteduser72 There's some Indian squatting on the dirt floor of his shack making that much from a scam phone call.
Apparently the scammer had sent an email purporting to be a sponsorship or advertising offer to one of his employees and the pdf file in the email had contained the malware.
It was an .scr file with a double extension file name. The woman who opened it saw it as file.pdf.scr
I would love to know which person on the staff accepted the fake sponsorship that usually leads to these hacks. They give people a sponsorship email, get him to click and get temporary access to there system without having to do two factor Authentication
their*
@smacktard Yvonne? I would suspect a new hire or maybe a transfer from another dept.
Honestly, this says a lot more about Google/TH-cam security then anything.
My TH-cam account is so old that it was made before Google bought them, and I was pissed when they combined them and required me to use a Google account to sign in.
Same, mine's so old it used to have a /user/ address instead of /channel/.
What expelled me from the platform for years was the Google+ comments debacle. I lost comments and other stuff to that move by Google and that's something I'm still... let's say "unhappy" about.
Speaking of shitty Gooleg bs, anyone knows what was up with youtube comments showing up user's coded names instead of the regular usernames? I was seeing that shit for over a month without knowing what the hell was going on.
Yeah, I still have those double YT channels binded in a single Google account 😂
No it doesn't. This wasn't a Google security issue.
What I've read about this hack of TH-cam creators is that the malware is sometime distributed through a "sponsor proposal", with a infected pdf
We don't know if it's the case here though...
The good old .pdf.exe
@@dustinp8355 haha not here I think
According to this video (in french sorry) th-cam.com/video/zK2_FjKKgpM/w-d-xo.html at about 6 min :
The hackers send emails to the TH-camr and discuss with him so that with time he start to trust them
And after that, they send a "demo" version of the game they want to push to the viewer (which is malware ofc), or a pdf (they don't explain how, I suppose it can be some kind of macros in the file or some shit like that)
Now paranoid about my sponsors 😮😮😮😅
See Paul Hibbert's video on his hack.
@@lurch1539 There's no option in youtube, you need to be logged in into Gmail to use your youtube account
Congrats on the shoutout from the WAN Show! (1:30:00)
i've actually seen channels with like 200K subs hacked like this and getting their channel back
I think it also happened to DJ Ware with like 25k subs
I am legitimately blown away by the fact that people fall for the double your money scam. Its the most low effort and obvious scam.
Love him or hate him Linus has been dedicated to his work for the better part of two decades. Maybe he makes mistakes, maybe he shills for shitty sponsores, but in the end he provides quality benchmarks, covers most of the new gear and has made computer science and computer building more accessible to a broader audience.
This man and his team are the MVPs and the right thing to do is to allow them to recover and not try to stir up shit from the unaired footage.
Nah, he sucks compared to Gamers Nexus
I remain ambivalent about him
Just because you're committed to something doesn't automatically make you a good guy lmao.
@@robokid20001 and what makes him a bad guy then, according to you?
I disagree with a lot of his opinions on a lot of different things, but the videos are fun
Google has not fixed and not cared about this problem for years. That seems representative of how much they care about their creators. There is a long history of not protecting creators from copyright abuse and other things.
I was wondering why their videos were clogging up my notifications. That literally just happened this morning, so you got this video out hella quick!
No doubt there's gonna be an extensive breakdown of this incident on LTT coming up. It'll be interesting to find out exactly what happened (i.e., who fucked up and how).
Wouldn't it be funny if it was Coulton 😂
I've seen this happen to over a dozen channels just in the past few months. Really turning into an epidemic now.
I am paranoid now 😮
@@ArniesTech yeah consider joining the Amish
Sounds like TH-cam is complicit
You were absolutely on the ball. His session manager was hacked because some employee downloaded a malware
I'm actually interested in statistics of victims from Linus audience who will eventually fall to this scam, kinda curious if consuming mediocre (in a good way) tech content raise situational awareness
Edit: well, 7000$ is a good number
their content isnt necessarily security based. They are hardware channel. And 7k for a channel that gets 1 million views over course of 8 hours isnt a lot.
Could have ransomed it for 10 times as much at least
@@primethread the scam links the livestreams link to when a channel gets hacked by these groups
pretty sure that the average audience of linus is mature and knowleadgeable enough to understand that somthing off happened...im pretty sure those money come from random people
@@thegoblinwholaughs1137 you failed to take in consideration that the link hd a short life since it was flagged by google and cloudflare quite fast, so had no external interference happened we could be talking millions here....
Something LTT could look into is building custom tools that upload directly to the TH-cam channel. LTT has the software engineers to build tools to access the TH-cam API for uploading and modifying channel content. Better yet, the tools could work off a intranet site so attackers would have to hack into the network to get access. There's ways around not using the TH-cam interface and risking this kind of attack.
all those words.... it's almost like you didn't watch the video or understand what was being described. Much easier solutions were outlined in this and other videos covering this incident.
Or they could just take this as a sign. Log out for good.
@@tehKap0w I mean a solution propose was basically just a more manual version of this; this proposed solution is have a hardened system for only uploaded to TH-cam. They could set up a system on their local network that does as an in between that stores the session ID and can provide further access control than yt provides. For someone like LTT automating this would be pretty useful given how much they upload
@@unclehumpy2487 there are so many ways but the easiest is a hypervisor VM that can only run a hardened browser. This would be enough to isolate them for uploading/interacting with the site.
Or the same scheme with a chromebook.
As a nerd, i can attest to our not being afraid to over complicate things and it's a habit we need to restrain as best we can.
Simpler is _almost_ always better.
bruh "accessing the YT api for uploading and modifying channel content" isnt engineering lmao. u sound like u rly have no idea what ur talking about. tbh the solution here is simple.
Ah the classic "double your money" Runescape scam
Linus uses a central mainframe that he spends over $100k a year constantly upgrading because he stores uncompressed RED footage on it for some reason. It allows multiple people to edit the same or different videos at the same time. But it’s an all eggs in one basket ordeal. I’m willing to bet that’s what got the malware, and now every computer on the network is vulnerable, since it’s also a 10 gigabit home network storage.
I was a victim of that cookie hack yeaaaaars ago before it became popular to do it.
Ever since I've gotten a lot more careful about downloading things, especially stuff sent by less tech-savvy friends.
You can be the most careful person alive but if only just one of your friends is naive, they're gonna get to you too, through them.
Just sandbox everything duh
@Lurch thats just it, even bootloaders arent safe though. i mean obviously i think there are like 3 pieces of malware or something that actually load themselves in the bios secureboot files and have a happy day downloading and running everything again after a fresh install of everyones favourite windows.
@@Sup3rman1c That's a much more difficult attack, and not really how that works anyway. This was a classic malware attack. Could have been keylogging, screen capping, anything, but this one stole the tokens.
You can 100% have idiot friends and still be safe.
@@dontaskiwasbored2008 How does it work then? I wasn't saying this particular attack spoken of in the video is that exact attack, I'm saying anyone can get pwnd and most people do get pwnd at least once and in their lives. A worst case scenario (not including the damage getting pwnd can do irl), your motherboard can literally turn to e-waste.
What's actually scary is that Google can essentially decide which site is trustworthy or not in a second, blocking every normal user completely from visiting. Obviously to prevent scam like this it's not a bad thing. But they could block any website like this if they wanted to.
Password changes should always prompt for password. Weak, Google.
Another big tech security compromised by convenience design, just like with the iPhone security incident story recently: once you've logged in there is no more protective mechanisms from completelly taking over the account and changing the ownership.
I love that Elon is now synonymous with crypto scams.
Vitalik Buterin as well, together with the guys from Bankless, which are ironically some of the nicest guys on the web. More sad than funny to be honest.
Elon is a fraud himself, so that suits him well.
It's because he was on a SNL skit dressed as Shiba Inu, can idiots stop relating one to the other? He's a crypto hater like Trump or Tucker Carlson
@@jpunyedvideorestorations9347 _"It's because he was on a SNL skit dressed as Shiba Inu"_
No, it's because he's arguably the most influential person on this planet.
I wonder if the scammers occasionally actually do pay out the victims: not only would this convince someone that it genuinely works who then might go and try it out with WAY more money, but this also would disguise victim wallet addresses with any wallets being used to tumble the crypto.
I can't believe any real living human being falls for scams like this. Especially on a tech-focused channel, you'd think that audience would know better.
They were using youtube as a kind of backup. Linus talked about it that it ain't ideal but its nice to have all the videos in one more place
Also I remember that TH-cam basically deletes nothing ever. People who have had their channel restored had stuff that was "deleted" reappear. So even if they changed policy on how they use it, plenty of old videos are still stored
@@PMARC14 I'd assume that more illegal stuff like live leak kind of things and child exploitation and violation would be used as evidence against someone given TH-cam works in that way but for the off chance they make a special case for these videos and delete them entirely.
Has TH-cam videos inside TH-cam's database ever been used as a way to prosecute criminals before?
I hear people keep gb,s of porn vids set on private.
@@pudznerath6532 nothing is private when you use some ones server use peer tube
@@pudznerath6532 Not even private, you can set that stuff on unlisted and it can stay up as long as its not public
the average website has better security already and somehow Google has been even worse.
convenience over security
They qoute tweeted that tweet the main joking about *THIS* being their greatest tech fail.
To me this just shows that malware can hit anyone, even if you think you're doing all the right things. So always be careful.
the idea of an elon musk stream just appearing on your channel one day is hilarious
The people who sent money probably were not ltt fans since the livestream was only using the channel size to increase the likelyhood of it appearing on people's start page
I'm still pissed that google hasn't fixed the issue where you don't need password and 2fa to change password. To be honest business/creator account should have option to password check even if you edit, add or remove videos.
"Log off. That cookie shit makes me nervous."
I don't post videos, but if this happened to me I think I'd just quit the internet.
Had such a thing happen to an older account of mine some years ago. It was devastating. 😢
I wonder if having a Security Key for 2FA would prevent this.
Does Google not tie session tokens to IP addresses? 😕
Checked this myself, No.
It seems no, had used my TH-cam with a Ukranian IP and no problem
Bro this scam has been running for at least 7 weeks, I've been reporting every channel since it started and it didn't stop spawning.
The only thing I managed to take was the api key for his chat client ( chat support on the site) since he left it exposed, but this was like a month and a half.
It's so surprising how after all those channels taken by this guy, no body cared.
I love your vids and commentary, brother! Your subtle humor and focus on privacy are great.
His sarcasm is delicious 😅
@@ArniesTech yess
It's worth mentioning that google offers something called advanced protection program, which could prevent this situation. It requires user to have two hardware 2FA key though, but if your livelihood or even entire company relies on your Google account, it seems like a fine investment.
Yep very stupid by LTT not to use hardware 2fa
@@whirled_peas AFAIK they do. But it is possible they had that option not enabled.
This is just sad to see, really. Because thanks to his input i was able to get my hands on the best gear for my work.
LTT inspired me to start my own channel
This same hack has happened to 4 channels I’ve been subscribed to. All of them recovered faster than Linus, including much smaller channels (sub 200k). It’s strange that TH-cam has not restored their channel to a previous state.
Best thumbnail!
I love how the scam sites are always done with the most utterly terrible broken engrish and yet users fall for it.
"Instruction for participate",
1. session cookies are limited to ip address.
2. you cannot change your password without the original password.
Thought it seemed insane that not even )eewgle themselves follow NIST guidelines, and as expected: "To continue, first verify that it's you"
1. False
2. True
@@TheActualDP I'm pretty sure numba wan is implementable.. unless you're dealing with dynamic ips
Maybe the whole device was taken over and this wasn't just a session hijack?
The fact that people even fell for this is more surprising than the channel being hacked.
Human stupidity is truly infinite.
C'mon we all know kenny's channel was hacked and replaced by deepfake cooking recomendation machine.
Finally it's here:
Someone got phished, like most hacks happen these days. One of their employees opened a PDF they shouldn't have.
Press F to pay respects for the hard R
1:10 Linus has talked in the past about how they use TH-cam as a backup in case they use the local video files if necessary. So that is actually likely the case.
How will Canucks, Asian women lovers, hoodie dealers, and screw driver repairmen ever recover?
Why is one cookie even allowed to be used via multiple devices? Whenever a new device logs in, it's given a different cookie anyways. Google fingerprints your device, might as well use it for some good.
Mental Outlaw, would you ever do a podcast?
I could spend hours listening to you talking about hacks and other IT related things.
That would be amazing. I'm in!
They should give everyone with full access to the channels account (probably just a few people) a live Linux USB with encrypted persistent storage. Something exactly like Tails just without Tor.
Then only use it for uploading & accessing the Google account. For transferring files from the editors computers use a SD card as it has a smaller attack surface than USB. Maybe even give these computers their own VLAN for good measure.
To be fair. That LMG got hacked like this isn't too surprising. They have clearly shown both on the WAN show and in numerous behind the scenes videos that both Linus himself and a fair few other people at the office are logged into the youtube accounts, mainly for uploading and responding to comments and such.
To a large degree, they should segregate the channel logins away from regular workstations. Such that an attack like this becomes harder to pull off.
However. TH-cam can also improve.
Like having it require one to enter in the password when one wants to upload or change video information. (just like a lot of OSes asks one for the admin password when doing more advanced stuff.) The hacker would have the session cookie, but not the password, so uploading/changing content would become impossible. Same for deleting. Greatly reducing the attack vector.
However, even just allowing a hacker to comment can be dangerous to be fair. And why any serious channel of decent size should segregate away their logins onto a dedicated system. Even a VM would be a step in the right direction.
In regards to a wild session cookie out in the hands of hackers. This would be rather easy for Google to spot. Since the session cookie would change IP address back and forth. A red flag, especially if the new address isn't in an established location. So someone lugging their phone/laptop between office and home day to day wouldn't be asked about it more than once. But the hacker logging in from a new IP would be asked to authenticate themselves using the password before they can do anything. (however removing some of the comfort of session cookies, but honestly, session cookies are dangerous in that regard. They are a bit too easy to steal as far as maleware goes.)
Yepp, If I Ran such a multi million dollar Channel I would make double triple and quadruple sure to separate sensitive stuff. 😮🙏
I find that perfectly shows that even if you are an expert in the field that you are not protected from making one little mistake and loose everything.
They could've made so much more money if they made the crypto scam related to the LTT channel instead of that Dorsey and Musk stream.
Didn't they talk about putting Luke into charge of security a few weeks ago on WAN show? including getting rid of LastPass?
100 employees means 100 points of entry.
Also the financial damage they caused in a day is much greater than the money earned through scams. Meaning that the overall economy loses.
Waiting for the Linus tech tips “How we got our TH-cam channel taken over”
The title would probably be more exaggerated with weird capitalization and punctuation.
Raccoons need HUGS