Linus Tech Tips, Tech Quickie, Tech Linked channels hacked

[DanOnTheSpiral]

I just got a Floatplane AD on YouTube with Linus saying saying the channel is hacked put FP is still up, they work fast. 

[Dutch_Master]

@TylerD321I know about those platforms but don't touch them. Period. However, it now appears LMG has their LTT channel back and it seems in good order:

 

https://www.youtube.com/@LinusTechTips

 

So it looks like we're back to normal. Well, except for the staff who now are working overtime to check everything is OK and prevent another attack, cause you can count on these scammers to keep it up on their side, LMG is way too enticing to let it go!

[noob69]

2 minutes ago, DanOnTheSpiral said:

I just got a Floatplane AD on YouTube with Linus saying saying the channel is hacked put FP is still up, they work fast. 

Is there a way to find the original uploaded video of an ad? Can anyone link it?

[BaidDSB]

anyone wanna discuss what was said in the FP video on Framework?

[Winterlight]

Why Google not do anything with 2FA that would make impossible bypass it with just stealing cookies? It clearly show that 2FA have massive exploit that should be fixed. It's not first time than someone bypass 2FA with stealing cookies.

[n0stalghia]

8 hours ago, BondiBlue said:

It's pinned to the top of this page. There's a large box with the entire post from Floatplane. 

Aaaaah OK, thanks for the information!

[Barrettloganj13]

Someone could have downloaded a virus on their device and it has spread. MAKE SURE YOU HAVE ANTIVIRUS SOFTWARE INSTALLED. ANY SYSTEM AND SOFTWARE IS UP TO DATE OR THIS CAN HAPPEN.

[Pierre Dabrunst]

Hello there LMG and related parties.

 

I saw that you got hacked a while ago when I was gonna watch some YouTube and noticed that I did not see any of the LTT videos on my feed. Tried searching for the channel but it did not come up, only that the channel was hacked.

 

It was VERY sad to see it happen.

It's amazing to see the channel get restored so quickly.  Really good effort from the LMG Team, Google and YouTube.
Lets hope it does not happen again! The content you guys produce is amazing and I hope that you will keep up the awesome work!

I think I speak for the entire community when I say this:
Thank you guys for such amazing content over the years and we all wish you the very best and wishes for many more years of content to come!

 

Best regards, Pierre and the LTT community members!

[Blqckqut]

linus channel is back, this truly is a moment in history

[Blqckqut]

@Spotty when will the channel links come back on the right side of the site?

[VirusDumb]

The Yt algorithm is dank

[Arca Ege]

17 hours ago, LinusTech said:

Thanks for the concern everyone. We are still in recovery mode over here and working with YouTube to get everything restored. Will hopefully have a video (or at least an update on WAN Show) to share with you all ASAP, but we want to make sure we get the details right since smaller channels may rely on our experience to help harden their own security.

They're back!

[gamebrigada]

As a CISO with experience in this kind of stuff, I'd love to offer my services free of charge on figuring out the how, and the how to prevent this from happening in the future. KnowBe4 should be the first thing on your list.

[Kilrah]

 

[Needfuldoer]

20 minutes ago, Kilrah said:

 

Can you make this the new pinned comment for the hack megathread, or add it to a new top-banner announcement?

Edited March 24, 2023 by Needfuldoer
Apparently you can! Thanks! Hopefully this video won't get good-faith spammed on the forum now...

[ricardo248]

13 minutes ago, gamebrigada said:

As a CISO with experience in this kind of stuff, I'd love to offer my services free of charge on figuring out the how, and the how to prevent this from happening in the future. KnowBe4 should be the first thing on your list.

Social engineering can never be 100% secure, the only way is to have a good plan of recovery and minimize admin access as much as possible. Security awareness training is always good also

[Blqckqut]

5 hours ago, MartyS said:

Looks like all they need is some automated way of removing the crypto scam line from all the video descriptions, the original descriptions are all there, the crypto scam link was just added to the top of each one.

 

Hope they don't have to manually make all the private videos private again, that will take so many hour of work.

then just dont private

[n0stalghia]

10 hours ago, n0stalghia said:

Verge is reporting a common vector of attacks by fake sponsors sending fake sponsor videos for YouTubers to use, which turns out to be malware. They are citing YouTube as the source for this information. Mind you, they are reporting this as a general thing that happens, not claiming that this is what happened to LMG.

It's been confirmed by Linus that this was indeed the vector of attack.

[Mr.Prevo]

yeah, but all the company everybody and Linus and family had to be in so much stress I cant even imagine, and the fallout IF somebody was so not wise enough and clicked the links for the crypto and got infected or scammed I cant imagine what is now going in LMG like in management , since they have not even posted one thread or video, shorts about this, at leas I cant find any, and what is going on there what is the dmg and if they will be alright , but still cudos to management on LMG and YT channels to resolve this within 24h .

Cant wait for that WAN show too .

All well and hope you restore and be back up in the "machine" back for not loose so much money.

I go and buy a shirt and water bottle just for support, even with one two days they had to lose so much money, and they got 100ppl to feed . 

Hope they didn´t lose any sensitive internal information  don´t know if they would inform on that and even if they know, to be hacked in such massive was not one but all channels can point to that they had some kind of malware internally for long time and the perpetrators planned this for some time and how long how deep were they in the systems. 

God nobody is safe in this day/age from this however good big  and good security you have in place, one human error to click on link form legit looking sponsor email and its in the system . 

I read on megathread and on other articles it seems to come from china? or that´s misinformation? 

I suggest anyone that can and wanted to buy something from LTTstore now is the time, mof me its CPU Tshirt and that new sweet Wbottle , i have only the OG big one  

Ciao , all the best 

[Flangvik]

Good response and insight from Linus! Go for regular awareness training, tabletop exercises, and a few social engineering tests throughout the year.

Once a baseline is established, one should also push for more extensive testing, such as an adversarial attack simulation. Might be some good content for the channel as well "Why we now pay hackers to hack us".

 

Happy to see the channel back up

[RSguideMaker]

8 minutes ago, Mr.Prevo said:

yeah, but all the company everybody and Linus and family had to be in so much stress I cant even imagine, and the fallout IF somebody was so not wise enough and clicked the links for the crypto and got infected or scammed I cant imagine what is now going in LMG like in management , since they have not even posted one thread or video, shorts about this, at leas I cant find any, and what is going on there what is the dmg and if they will be alright , but still cudos to management on LMG and YT channels to resolve this within 24h .

Cant wait for that WAN show too .

All well and hope you restore and be back up in the "machine" back for not loose so much money.

I go and buy a shirt and water bottle just for support, even with one two days they had to lose so much money, and they got 100ppl to feed . 

Hope they didn´t lose any sensitive internal information  don´t know if they would inform on that and even if they know, to be hacked in such massive was not one but all channels can point to that they had some kind of malware internally for long time and the perpetrators planned this for some time and how long how deep were they in the systems. 

God nobody is safe in this day/age from this however good big  and good security you have in place, one human error to click on link form legit looking sponsor email and its in the system . 

I read on megathread and on other articles it seems to come from china? or that´s misinformation? 

I suggest anyone that can and wanted to buy something from LTTstore now is the time, mof me its CPU Tshirt and that new sweet Wbottle , i have only the OG big one  

Ciao , all the best 

They posted a follow up video around 30 minutes ago, and a video went up on floatplane yesterday mid-crisis - 

 

[Taf the Ghost]

As much as we call this "social engineering", maybe "business engineering" makes more sense?  For anyone that doesn't watch the full video that just went up, it was in malware loaded PDF from what was likely a well laid out sponsor opportunity offer email. Hopefully there isn't a full Redline or other root kit on the system. Because you start to get into issues of large scale compromises. LMG might actually be lucky if it was only a "smash and grab" approach grabbing credentials. 

 

Upper Echelon Gaming had a video on someone trying to hit him with a much more serious malware package, but generally the same approach. I do feel for the Sales staff got hit at LMG. PDFs fail on their own regularly enough that few would actually think twice about it not working.

 

Though the most disturbing result in all of this: apparently Linus sleeps in the nude.

[bezza...]

i mean google and youtube could be seen as to be the cause. this has been happening to so many people they need to figure out how to stop it

[hash02]

Tech blog, CVS entry, payload, version of software affected etc ?
This could be super useful to help others protect against, not to mention that it's wild that a "pdf" can still do such damage in 2023. 

[UID0]

Not sure this has been answered anyone else - but has the malware been shared somewhere with the infosec community? I know a lot of people who'd like to pull it apart, so any and all relevant IOCs can be shared.