Linus Tech Tips, Tech Quickie, Tech Linked channels hacked

[cretsiah]

1 hour ago, MC273 said:

I don't usually lurk around the LTT forums, but damn. Getting hacked does suck. I'm hoping YouTube restores the channel (and any other sub-channels)

SomeOrinaryGamers does mention that YouTube doesn't have good safeguards regarding these type of events. He does mention that YouTube should implement a "lockdown mode" instead of displaying that the account was terminated as it can cause confusion.

I can already feel the LTT forum getting "DDoSed" by legitimate user traffic trying to figure out what's going on.

@Jarsky is correct. YouTube does not instantly wipe channels in case if the terminations are falsely issued. YouTube will hold on to the data for a certain amount of time (I don't know how long, specifically). Even then, filing an appeal to YouTube is like talking to a brick wall in most cases.

 

Here's hope for the LTT team to recover the account.
 

dunno bout that the last video i deleted said " THIS WILL BE PERMANENT ARE YOU SURE YOU WANT TO DO THIS? " but ok

[DERPmaster]

Does Linus get any proceeds from floatplane?  I wonder if he just got his income shot.

[Lebon14]

Just now, cretsiah said:

dunno bout that the last video i deleted said " THIS WILL BE PERMANENT ARE YOU SURE YOU WANT TO DO THIS? " but ok

they say that but that's not what happens. coz google.

[Shonk]

4 minutes ago, MrAeral said:

Damn, i knew about files like this, but i didn't knew they can autolauch themselves with the PDFs. I wonder who opened this suspicious file...

 

someone will have had to have clicked it

 

filename.jpg.scr

 

hide extensions for known file types hides the .scr so dumbo thinks its a jpg and double clicks it

its literally a year 2000 thing that people are still falling for to this day

no tech channel should ever fall for this ever

 

i know of three smaller tech channels that have fallen for this in the last two months

 

 

[DERPmaster]

google for the win with the data farming- for once- that backup might just become handy

[DAOWAce]

This is the 2nd or 3rd time this has happened, isn't it?

 

Really curious as to what was different about this one.

[gameboy3800]

My channel had the same thing happen to it in the beginning of February. after asking for the youtube help twitter page (beware of scammers and bots on there too), i got a dm from them with all the links i needed, and had my account back in less than 2 days. i had to manually un private all my videos but that only took a little bit of time.

[CaptainDarkstar42]

11 hours ago, DarkSwordsman said:

Was skimming through some of the recently re-listed videos.

Therapist: Bald Linus doesn't exist, he can't hurt you.
Bald Linus:

That's so unbelievably cursed

[DERPmaster]

I wonder why there is so much hype, where does this end, we must know...

[Saturnuria]

Hello. This is my first post here so please be kind!

 

The company I work for suffered a major cyberattack a couple of years ago. I was heavily involved from start to finish so I just wanted to offer some insight. Before I start, I’d just like to say that this is based on my own experience and could be completely different from what’s happening at LMG.

 

Although the LMG channels were compromised, we don’t necessarily know how. If it’s even possible that a computer or server within LMG was accessed to steal session cookies or compromise 2FA they would probably want to shut everything down. In my own experience, it was a clause in our cybersecurity insurance that we must engage with an accredited cybersecurity company for guidance and their advice was to turn EVERYTHING off until a plan had been established.

 

After turning everything off, we had to isolate the company’s entire network from the Internet to ensure that the threat actor no longer had any access to our infrastructure. Then we began to turn things back on, slowly, while isolating them on the network. Our insurance company mandated that we must use the cybersecurity company’s software to scan all machines for any signs of compromise, including 0-day malware. We had to do this regardless of whether or not there were any signs of compromise - and it takes a lot of time!

 

Slowly but surely we worked our way through, while also analysing logs for any indications of how we were compromised. Only when we could be relatively certain that the threat actors no longer had access to our infrastructure did we start to de-isolate the network, re-enable Internet access, and restore services.

 

I post this just to demonstrate that there could be an awful lot going on behind the scenes at LMG. It isn’t necessarily just a case of asking YouTube to restore the channels. They have to be reasonably sure of the method by which they were compromised and that the attackers do not have further access to the LMG infrastructure. Of course, it’s entirely possible - likely even - that the attackers never had access to the LMG infrastructure, but they have to be sure, especially if the are potential legalities involved.

 

If anybody’s interested, my company is a lot larger than LMG and had decent security in place - but you’re only as secure as your weakest point and we came up short. We were outsmarted.

[MartinTheActor]

So, this is actually the first time I've seen this scam in action so I actually thought it was someone in my YT account subbing me to random channels. As a result I reset the *£$& out of my google security measures. Once I'd done so I actually unsubscribed from the accounts before checking the fourms because I hadn't realised it was connected. Here's the question then...how many other users unaware of this scam will have unsubbed too? Will LTT just randomly appear back in my subscriptions again at some point in future?

'Cause here's the thing, I get they created floatplane and the LLT forums for exactly this eventuality. Being honest though, floatplane I found to be so poor quality lacking even a basic (official) app for roku and fire TV that I just stopped paying for it. It wasn't until checking twitter that I saw this mess and came to the forums. And I can see how many subscribers and regular viewers are in the same position as me (not coming to the forums regularly, not aware of this kind of scam).

[SilverbloodZero]

looks like its getting settled out from lukes message in discord hope we get the channel back soon and in time for WAN show

[DERPmaster]

Just now, SilverbloodZero said:

looks like its getting settled out from lukes message in discord hope we get the channel back soon and in time for WAN show

explain please

[Drazil100]

16 minutes ago, Shonk said:

 Calling it now they wernt hacked

 

It will go along of lines of ltt got an e-mail saying they wanted to advertise with them

prices will have been negotiated and agreed

then 3rd party sends a pile of paperwork for ltt to look through

in that paperwork is a .scr.jpg (an scr is an exe)

 

boom all linus base are belong to hacker

 

love to hear which dumbo opened it and why they have hide extensions for known file types enabled on said pc

grade a rooky move on the part of ltt internet 101 from 1999

What's your definition of "hacked"? Everything you described sounds EXACTLY like getting hacked. 

[SignedAdam]

I hope the Linus Tech Tips Team can sort this out soon so we all can get back up to date on the latest news from the YouTube channels 

 

Wishing you all luck

[TacoSenpai]

Should we panic?  Ok everyone panic and burn everything down

 

 

I do actually hope everything will be ok.  

[MrAeral]

7 minutes ago, TacoSenpai said:

Should we panic?  Ok everyone panic and burn everything down

 

 

I do actually hope everything will be ok.  

Yeah, we must panic for sure. A whole day or two without Linus videos. I will not make it through...

[randy123]

I'm very curious to know how this happened. I await the video

[Legitsu]

likely some youtube zer0day thats going around

ho hum nothing to see here channel will be re-instated shortly

 

 

[Drazil100]

1 minute ago, Shonk said:

let's agree to disagree

 

 

You never answered my question though. How do YOU define hacked. I am genuinely curious. At what point does it go from some idiot running a trojan to hacking?

(not trying to pick an argument. Just trying to understand your perspective)

[Legitsu]

Just now, Drazil100 said:

You never answered my question though. How do YOU define hacked. I am genuinely curious. At what point does it go from some idiot running a trojan to hacking?

(not trying to pick an argument. Just trying to understand your perspective)

why are you idiots aruging about semantics

neither of you know anything about 'hacking' 

shutup lol 

[Shonk]

Just now, Drazil100 said:

You never answered my question though. How do YOU define hacked. I am genuinely curious. At what point does it go from some idiot running a trojan to hacking?

(not trying to pick an argument. Just trying to understand your perspective)

You are hacked when there is zero involvment from a person at your end

im sure linus will agree with this stance

dumbo running a trojan from an unsolicited e-mail isnt being hacked its just dumbo not understanding how the internet works

 

[TheGeekno72]

2 minutes ago, Shonk said:

You are hacked when there is zero involvment from a person at your end

im sure linus will agree with this stance

dumbo running a trojan from an unsolicited e-mail isnt being hacked its just dumbo not understanding how the internet works

 

I disagree with this, phishing is a hacking method

[Uttamattamakin]

6 minutes ago, Drazil100 said:

Hacking is anything that involves gaining unauthorized / illegal access to a computer, network, or account. The method by which they get access doesn't matter as long as the access to the account is unauthorized.

I agree.  Hacking is a broad term for gaining unauthorized access to a computer system the method is not relevant to if it was a hack or not. Sitting in front of a computer and gaining the password by finding it written under the keyboard is hacking. 

As long as someone who is not supposed to uses it to gain access. 

That's hacking.  So is spear phfising to get the password or compromising a browser cookie to change the password or ....blackmailing the person until they give you access. It's all hacking.   A lot of coders call what they do hacking because that makes it sound cool and sexy. 

[Mustahsin10]

My speculation is that hackers accessed their cookies by using some sort of malware and bypassed the 2FA altogether. This is not impossible as LMG gets tons of emails from sponsors/collaborators and some of the sponsor's email might have been compromised earlier or hackers impersonated as legit entity and sent malicious attachment or link or sample product. After accessing the cookies through malware, they can log in from anywhere and can change the 2FA to physical USB which only hackers have access to, instead of original 2FA method set by LMG.

And bypassing of 2FA is Google's fault. Recently some tech channels got hack by this same method and they were frustrated by the situation. According to them, Google indeed has some advanced protection against it but somehow most of the YouTube creators don't know about it. 

Hope LMG recover from the hack quickly and expect the details on this hack.