Linus Tech Tips, Tech Quickie, Tech Linked channels hacked

[LightJack05]

Any news on the attack vector and the spread of the infection yet? Did it spread to other platforms/Did anything else get compromised?

[Eluminary]

4 minutes ago, SkillTim said:

Do 15M subs know that?

Those of which that are fans of the wan show yes

[Alex T88]

1 minute ago, nightsfire said:

i wonder who is going to be liable for people that got scammed? i mean i see LTT getting sued over this.

Why would LTT be sued? They got hacked ! The scam, wasn't even done in their name. The channel's name was changed to Tesla or what they called it.

[A_Button117]

3 minutes ago, Fullmental said:

Now we're talking. If anyone is equipped to put pressure on Google over their security practices, it's a 15M sub tech YT channel that just got hacked.

Haven't they tried to get YouTube to do something before? I can't remember if they actually succeeded or not. If Google was ever going to listen, now is the time. 

[Fullmental]

1 minute ago, LightJack05 said:

Any news on the attack vector and the spread of the infection yet? Did it spread to other platforms/Did anything else get compromised?

I would expect any info from LTT to take weeks before they're ready to share specifics, minimum. If the vulnerability is particularly severe, they may not reveal anything until after it's been fixed.

[nightsfire]

1 minute ago, TheTripleDeuce said:

lol wut?

well i am sure people fell for scam, LTT is a big platform for both techies and non techies, and rely on legit honest info from LTT so i am sure some people fell for scam sadly but since it is linus's platform he could be facing suits sadly

[LaroTayoGaming]

41 minutes ago, LinusTech said:

Thanks for the concern everyone. We are still in recovery mode over here and working with YouTube to get everything restored. Will hopefully have a video (or at least an update on WAN Show) to share with you all ASAP, but we want to make sure we get the details right since smaller channels may rely on our experience to help harden their own security.

The tesla hack happens with a lot of YouTubers. Hopefully YouTube resolves the issue (which in most cases, cookie jacking) as much as possible.

 

Not gonna lie, Password, email and 2FA auth changes needs to be enforced by default as always to not get changed by bots.

 

Also, I wanna recommend the whole ThioJoe video on how RedLine stealers work.

 

 

[Fullmental]

Just now, A_Button117 said:

Haven't they tried to get YouTube to do something before? I can't remember if they actually succeeded or not. If Google was ever going to listen, now is the time. 

Well, Youtube's live interface comes to mind, but then again that took YEARS to improve and they STILL have issues with super chats...so YMMV?

[Atomic Shrimp]

5 hours ago, Needfuldoer said:

That's actually a clever move by the hackers. If they deleted videos, then existing embeds and links would break. That would raise suspicion. Unlisted videos can still be linked to and embedded, so it's not as noticeable. I highly doubt they're doing it this way out of benevolence.

Most likely the account they have hijacked only has 'Editor' rights to the channel, not 'Owner' - Editor accounts can upload, amend stuff, change video status etc, but cannot delete videos

[CoolJosh3k]

19 minutes ago, Alexbruvv said:

Hacking is just an example of cybercrime. By definition, hacking is just gaining unauthorised access to some computer system. Finding someone's password on a sticky note and using it is hacking. 

While how the use of the word has changed, there is no replacement word for when we talk of what real, actual hacking is. Sure everyone could technically call the most simplest of unauthorised computer access “hacking” now days, the defining difference is if it involved understanding the system and writing code specifically for the purpose of gaining said unauthorised access.

 

I expect as time goes on, the original meaning will be overwhelming obscured, but if we at least know the origins we will be much better informed.

[nightsfire]

3 minutes ago, Alex T88 said:

Why would LTT be sued? They got hacked ! The scam, wasn't even done in their name. The channel's name was changed to Tesla or what they called it.

but that is not the end users fault that LTT got hacked that is on google and LTT. and linus has become a BIG voice in tech so this could also really hurt him and his reputation. but i am sure it will all be blammed on google and stuff and not one of his staff or even him clicking some where or doing something they are not suppose to.

[Alexbruvv]

1 minute ago, CoolJosh3k said:

While how the use of the word has changed, there is no replacement word for when we talk of what real, actual hacking is. Sure everyone could technically call the most simplest of unauthorised computer access “hacking” now days, the defining difference is if it involved understanding the system and writing code specifically for the purpose of gaining said unauthorised access.

 

I expect as time goes on, the original meaning will be overwhelming obscured, but if we at least know the origins we will be much better informed.

It's an interesting point.

 

Suppose you have an individual who writes a piece of malware for research purposes, and another individual uses the malware for malicious purposes - without the creator's knowledge. Who is the hacker?

 

I'm splitting hairs at this point, but it's an interesting conversation I think.

[Eluminary]

3 minutes ago, nightsfire said:

well i am sure people fell for scam, LTT is a big platform for both techies and non techies, and rely on legit honest info from LTT so i am sure some people fell for scam sadly but since it is linus's platform he could be facing suits sadly

There have been a few posts already of people watching the Bitcoin wallets of the scammers it seems less than 50 people fell for it.  Quite low numbers for how large the channels they were scamming with 

[Fullmental]

12 minutes ago, nightsfire said:

well i am sure people fell for scam, LTT is a big platform for both techies and non techies, and rely on legit honest info from LTT so i am sure some people fell for scam sadly but since it is linus's platform he could be facing suits sadly

The platform is Youtube/Alphabet's, and they are not being sued for any of their previous incidents. In fact, they are protected under US law from being responsible for such user-submitted content as long as they make a reasonable attempt to self-moderate, which they do. You don't want that to change, either...Look up Gonzalez v. Google and read up on Section 230 if you want to learn about how one such aspect of internet platform liability currently works, and how the current threat of a repeal might affect a large volume of sites and social media platforms.

[Alex T88]

7 minutes ago, nightsfire said:

well i am sure people fell for scam, LTT is a big platform for both techies and non techies, and rely on legit honest info from LTT so i am sure some people fell for scam sadly but since it is linus's platform he could be facing suits sadly

He could be facing anything. That doesn’t make him liable or culpable. Himself and his company are victims themselves. The only ones culpable and liable are the hackers. For example, is Amazon liable and culpable for the scams others pull in their name?! I think not !

[imreloadin]

Imagine how much this would have screwed them if this happened during a major CPU or GPU launch and they couldn't post videos about it and missed deadlines.

[Flc0]

We all have 1 word in ours minds:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

F*** what now!?

[Drazil100]

3 minutes ago, nightsfire said:

well i am sure people fell for scam, LTT is a big platform for both techies and non techies, and rely on legit honest info from LTT so i am sure some people fell for scam sadly but since it is linus's platform he could be facing suits sadly

That's not how it works. LMG is a victim in this case. For them to be considered responsible there would need to be proof that they intentionally and knowingly gave the hackers account access and even if that proof did somehow surface the employee who did it would likely be the one who would face legal consiquences, not LMG.

[CoolJosh3k]

12 minutes ago, OliTheBear said:

What many don't realise is that for Google you should really enable Advanced Protection to mandate physical tokens https://landing.google.com/advancedprotection/ 

 

Worse still, this is the only way to force Google to validate your 2FA token when you want to do critical things like, e.g. change a password, turn off 2FA etc. Why isn't this enabled by default?!?!

 

If any good comes of this is maybe Linus and team get more content out there on security practices to try and prevent this happening to others in the future... or put pressure on Google to improve their practices...

Valve actually made that mistake years ago. I reported to them them a RAT hijacking could remove 2FA and all sorts of stuff without ever needing to authenticate. Valve fixed it really fast and thanked me with a sort of consolation compensation. A long story for sure.

[nightsfire]

1 minute ago, Alex T88 said:

He could be facing anything. That doesn’t make him liable or culpable. Himself and his company are victims themselves. The only ones culpable and liable are hackers. For example, is Amazon liable and culpable for the scams others pull in their name. I think not !

this is a very valid point but it will be interesting to see how it progresses. google is protected and did everything in their power per say to stop it after they knew about it but linus on the other hand can be accountable for it look at FTX and tom Brady or anyone else that's currently being sued for FTX b.s. you can sue anyone for anything in this world it will be interesting to see it unfold

[nightsfire]

1 minute ago, Drazil100 said:

That's not how it works. LMG is a victim in this case. For them to be considered responsible there would need to be proof that they intentionally and knowingly gave the hackers account access and even if that proof did somehow surface the employee who did it would likely be the one who would face legal consiquences, not LMG.

crying victim does not change the fact company's are hacked all the time and become victim and still have to settle with the user base that is affected by them being hacked. this is part of being a company.

[TheTripleDeuce]

13 minutes ago, LightJack05 said:

Any news on the attack vector and the spread of the infection yet? Did it spread to other platforms/Did anything else get compromised?

it appears to have just been a youtube specific "hack". there is a general script they perform to take over youtube channels (jim browning posted it)

[TheTripleDeuce]

12 minutes ago, nightsfire said:

well i am sure people fell for scam, LTT is a big platform for both techies and non techies, and rely on legit honest info from LTT so i am sure some people fell for scam sadly but since it is linus's platform he could be facing suits sadly

nah bro thats not how this works LOL especially since the channel was renamed when hacked

[Alex T88]

1 minute ago, nightsfire said:

this is a very valid point but it will be interesting to see how it progresses. google is protected and did everything in their power per say to stop it after they knew about it but linus on the other hand can be accountable for it look at FTX and tom Brady or anyone else that's currently being sued for FTX b.s. you can sue anyone for anything in this world it will be interesting to see it unfold

Yes, I agree ! You can sue anyone, even for ridiculous reasons. But that doesn't make the person or the entity that is being sued to be held accountable. It would be really bad if something like this were to happen. It would set an extremely dangerous precedent. Fairly certain that LTT will be safe. Which is only natural. Unfortunately, the harm has already been done, to their channels and their audience and of course, themselves as human beings. Really hope they get back on track with minimum damage done and whoever was behind this stunt will be brought to justice asap.

[guiohme]

woke up to this.. took me a second to realize what was going on:( hopefully this will be resolved soon
 

(This video is no longer accessible, because the Youtube account was closed)