Linus Tech Tips, Tech Quickie, Tech Linked channels hacked

[PointyJackalope]

As i Understood , Colton was fired?

[Ethan_Hohl]

16 hours ago, the_importer said:

 

I'm obviously talking about hacking and ransomwares. Ever since crypto emerged, hacking & ransomwares have skyrocketed. With the small percentage fraction of people who get rich out of this, crypto has proven to be more harmful than good in society and when that happens, this is when governments needs to step in.

I think it's just your subjective feeling because you probably only see bad stuff happening with it - blame the media for it. Just search the web for good things related to cryptos...

All malicious activities are skyrocketing, even those where cryptos can not be taken advantage of and this is happening since the first computervirus emerged and probably even longer. There is no way to outlaw this any further without preventing progress in this field, it is already outlawed worldwide.

I think people using or getting involved or invested in cryptos must educate themselves on this stuff and the industry must provide ways to shut all of this down fast, if something like this is happening. There are already tools that can be used to slow down the fraudulent use of cryptos. The traditional finance industry is highly regulated (Which wasn't always the case) and it is also already happening in the crypto industry.

Most people who got and get rich with cryptos were just there in the right time and this has nothing to do with scams, it's just a risk that this person has taken at the right time.

If I were you, I would just find the reason for cryptos for myself. It is not that bad as it looks in the public or 'medially forged' opinion.

[Needfuldoer]

9 minutes ago, PointyJackalope said:

As i Understood , Colton was fired?

Out of a cannon.

 

Thing is they fired him too hard, and he made a complete orbit around the Earth and landed right back at his desk.

[Kilrah]

3 minutes ago, Needfuldoer said:

Thing is they fired him too hard, and he made a complete orbit around the Earth and landed right back at his desk.

Just in time to post the video thread too.

[Jopik]

Hey there, I am the maker of filmot.com, the subtitle YouTube search which was pinged a while back by Linus on twitter. I have a lot of data from YouTube and can give you more statistics about the channel takeovers going on. I can extract channel name changes which indicate hacked/taken over channels and history. If anyone from LMG Staff wants some data, feel free to ping me. For example I can extract a list of channels which had their name changed to something with tesla in it in the last x days. For example here are the top 30 channels which had their name change to tesla in the last 10 days, ordered by subscriber count. 

|channelid               |names                                            |subcount|displayname                         |teslachangetimeutc  |
|------------------------|-------------------------------------------------|--------|------------------------------------|-----------------------|
|UCXuqSBlHAE6Xw-yeJA0Tunw|Linus Tech Tips/LinusTechTipsTemp/Tesla          |15300000|Linus Tech Tips                     |2023-03-23 10:14:56.000|
|UCC9h3H-sGrvqd2otknZntsQ|freekickerz/Tesla Live                           |8660000 |freekickerz                         |2023-03-24 00:30:19.000|
|UCkUFua6WbuKcmMDrcxRpH7A|Дюшес/Tesla Motors                               |5250000 |Дюшес                               |2023-03-18 20:51:28.000|
|UC0vBXGSyV14uvJ4hECDOl0Q|Techquickie/Tesla                                |4220000 |Techquickie                         |2023-03-23 11:40:58.000|
|UCxEcm5uB32_4Od4M7JcnHLg|ريمكس / Remix/Tesla Live                         |3430000 |ريمكس | Remix                       |2023-03-20 04:30:05.000|
|UCTOJUTLDhNbbmsPgsVzk5Tg|ChikaLutfi/Tesla Motors                          |2200000 |ChikaLutfi                          |2023-03-14 22:38:51.000|
|UCeeFfhMcJa1kjtfZAGskOCA|TechLinked/Tesla                                 |1830000 |TechLinked                          |2023-03-23 11:49:04.000|
|UCLXjWGufYisuB1dVF3C6yJQ|RealFeras - ريل فراس/Tesla Inc.                  |1510000 |RealFeras - ريل فراس                |2023-03-15 00:22:58.000|
|UCcGmncRGNXRCp8wfBrmizXw|Nathalie Victória/XRP Company/Tesla AI           |1390000 |Nathalie Victória                   |2023-03-23 14:47:06.000|
|UCPdXHv7DKjHqYK7ZOBbNNZQ|Viu Thailand/Tesla Live                          |1330000 |Viu Thailand                        |2023-03-20 16:33:38.000|
|UCX3nwNDoPxo7ZBHjkk1WLGA|AmiG Show/Tesla live                             |1240000 |AmiG Show                           |2023-03-15 02:42:25.000|
|UCUxTPRSns--l5BX2537u7Rw|서울의소리 Voice of Seoul/OpenAI/Tesla Motors         |1000000 |OpenAI                              |2023-03-17 23:54:14.000|
|UC5X4revXHAo_LpAoXHE1Fjw|Ceren Yaldız/Fortnite/Tesla AI                   |984000  |Ceren Yaldız                        |2023-03-23 05:18:38.000|
|UCHawCR-edtldV0BM3aqhiog|KIMLENG KP/Tesla                                 |803000  |KIMLENG KP                          |2023-03-23 22:16:11.000|
|UC9ee7mVZ8HvYgQ6RylughuA|Valve/Bastian Sound/Tesla AI                     |499000  |Bastian Sound                       |2023-03-23 12:12:00.000|
|UCxJ9b96BL7CPg8Cu-SACYhg|عبد الصمد الجزولي abdessamad jazouli/Tesla Inc.  |469000  |عبد الصمد الجزولي abdessamad jazouli|2023-03-21 14:24:55.000|
|UCddzUWu-wP0Aa7OP3BCSDvw|EMI Chutti/Tesla Inc.                            |403000  |EMI Chutti                          |2023-03-21 16:18:55.000|
|UCVl1oBxmvhuJ74cH-3JgGgw|JOS YT/Jos Yt/Tesla Company                      |403000  |JOS YT                              |2023-03-18 14:15:57.000|
|UCGWEuuO0sIhgzAD5sLH7-DQ|Mauricio Benoist/Tesla                           |345000  |Mauricio Benoist                    |2023-03-18 22:06:45.000|
|UClj-C8JuHqcxsUnr7NHWwBQ|What I like สิ่งที่กูชอบ/Tesla - US              |330000  |What I like สิ่งที่กูชอบ            |2023-03-20 12:27:32.000|
|UCCmlRqt6Y6Toltj7roL671g|Rommel Racp/Tesla AI                             |297000  |Rommel Racp                         |2023-03-20 08:27:46.000|
|UCAIIuuscqJf5vs1k0aMo2Ew|KAMS DESIGNER ZONE/KAM'S DESIGNER ZONE/Tesla [US]|292000  |KAMS DESIGNER ZONE                  |2023-03-18 13:34:57.000|
|UCTwl8CMQEBLEj-JIPQx6uZw|freekickerz.tv/Tesla Live                        |276000  |freekickerz.tv                      |2023-03-24 03:11:48.000|
|UCp8VFaSIMj0ZD8YE1bXgOMw|CHAPOH11/Tesla                                   |268000  |CHAPOH11                            |2023-03-23 20:32:28.000|
|UCeCpHlq7x8V1W_TfRT7xmVQ|SKS Exotics/Tesla                                |250000  |SKS Exotics                         |2023-03-22 23:48:10.000|
|UCjvxgI6CEgrQa1fZa5a5q2w|SD Tv Music/SD Tv Khortha/Tesla                  |224000  |SD Tv Music                         |2023-03-20 20:52:51.000|
|UCmNhJOnfsoipzB2Btv-EnhQ|Terenry/Tesla NFT                                |214000  |Terenry                             |2023-03-21 06:12:04.000|
|UCov9k-GvJe6siwyrpJtj3Og|ESAM/Tesla [US]                                  |193000  |ESAM                                |2023-03-17 13:07:10.000|
|UC1wiDKw_64XoLpGddZSr8_w|Fanga/Fangaedits/Tesla                           |171000  |Fangaedits                          |2023-03-20 14:33:13.000|
|UCIjAR_myQBgF5eJq_Zol7KQ|Kato Music/K A T O/Tesla US                      |150000  |Kato Music                          |2023-03-14 14:03:27.000|

 

[n0stalghia]

4 minutes ago, Needfuldoer said:

Out of a cannon.

 

 

Thing is they fired him too hard, and he made a complete orbit around the Earth and landed right back at his desk.

V was widely used in mathematic notation when talking about speed of light until the early 20th century. In 1907, the letter c became popular following Albert Einstein starting to use it, after he selected it in honor of Colton Potter, the first person to reach the speed of light after being fired by Linus Sebastian and immediately landing back at his desk after 0.13 seconds.

[LogicalDrm]

4 hours ago, WickedLightning08 said:

This thread should be locked. There is enough discussion done about this topic

There being too much discussion is never reason for thread locks. As long as discussion stays relevant to topic and within our rules, we are keeping this open. This thead still has 5700 pages of discussion to be had before it catches Car thread.

 

3 hours ago, Dutch_Master said:

WAN show? On YT? How? I'm not on FP, and given the recent influx I doubt they can handle that as we've seen several messages about not being able to sub there. Hopefully they can use an existing channel, but we'll have to see. Given my timezone I won't watch live anyway, hopefully they'll link it from the forums?

3 hours ago, Dutch_Master said:

@TylerD321I know about those platforms but don't touch them. Period.

 

The WAN is archived to Facebook openly besides FP, Spotify, Youtube. Plus various podcast players. So, if you are picky, its on you, not on them.

 

E: It amuses me how needy people are. The attack happened during early-morning hours Pacific. Linus addressed it on his personal Twitter. Using Floatplane to write bit longer was easy solution, Floatplane consists the most devoted fans after all. All the comments on "why it took so long, why paywall" are really odd. First order of business is to minimize damage and recover from it. Yes, there was collateral damage to some people who were subscribed. But most likely these people also wouldn't had used Twitter or other such media to find alerts on what was happening anyway.

Edited March 24, 2023 by LogicalDrm

[Dracarris]

1 hour ago, Taf the Ghost said:

Though the most disturbing result in all of this: apparently Linus sleeps in the nude.

yeah, plus he has cameras all over his private home, indoors, to record the nude 24/7.. I'd say, a little suspicious

[Dutch_Master]

9 minutes ago, LogicalDrm said:

So, if you are picky, its on you, not on them.

Yeah, I'm picky. I don't like "selling" (all of) my personal details to countless commercial entities* w/o getting a penny myself, just to have "access" to content I can do without.

 

However, now that LTT is back online, I'll just watch tomorrow on LTT as I always do, as I won't be up in the middle of the night when WAN show goes live in BC

 

*I may make an exception for FP, but my CC balance tells me I shouldn't, right now. I was tempted earlier this year, but budget is tight for the foreseeable future too.

[RoseLuck462]

Welcome back!!!!!!

[Helpful Tech Witch]

1 hour ago, Blqckqut said:

then just dont private

? The hackers deleted everything off the channel before yt temp banned it

[Spotty]

1 hour ago, Jopik said:

Hey there, I am the maker of filmot.com, the subtitle YouTube search which was pinged a while back by Linus on twitter. I have a lot of data from YouTube and can give you more statistics about the channel takeovers going on. I can extract channel name changes which indicate hacked/taken over channels and history. If anyone from LMG Staff wants some data, feel free to ping me. For example I can extract a list of channels which had their name changed to something with tesla in it in the last x days. For example here are the top 30 channels which had their name change to tesla in the last 10 days, ordered by subscriber count. 

I'm not sure if this is something they'll be interested in but there's a pretty good chance they will miss this comment amongst the thousands of other replies. Try reaching out directly either by sending LinusTech a DM on the forum or contacting the business email address on the Youtube page.

[imkatz]

Heya. Even though, thankfully, LTT, Techquickie and TechLinked have been restored, there is something weird..

When searching up Techquickie, the Tesla PFP that the hacker set is still there.

I suppose this is just some cache glitch on Youtube's end, or maybe, my browser is being weird. Just wanted to share.

[Kilrah]

7 minutes ago, imkatz said:

Heya. Even though, thankfully, LTT, Techquickie and TechLinked have been restored, there is something weird..

When searching up Techquickie, the Tesla PFP that the hacker set is still there.

I suppose this is just some cache glitch on Youtube's end, or maybe, my browser is being weird. Just wanted to share.

If you click on it it's the right one on the channel itself, so yeah, caching. 

[imkatz]

Just now, Kilrah said:

If you click on it it's the right one on the channel itself, so yeah, caching. 

Yep. Guess there's nothing more to it, thanks for the confirmation.

[Ornatex]

I did see your latest video, but just wanted to ask, don't you have antivirus in all the systems which stops malwares and viruses?
Like I have Norton in my system, it quickly asks if something needs to be given permission to send and receive data. I think it also automatically blocks viruses and malwares.

[Kilrah]

3 minutes ago, Ornatex said:

I did see your latest video, but just wanted to ask, don't you have antivirus in all the systems which stops malwares and viruses?
Like I have Norton in my system, it quickly asks if something needs to be given permission to send and receive data. I think it also automatically blocks viruses and malwares.

They do but no such solution is 100% reliable, and the malevolent actors obviously continually do their best to circumvent detection. 

[mrg9999]

I may have missed it i all the noise, and I apologize.

Was LTT using a hardware key to authenticate, like a Yubikey?

Do they allow content admins to login from arbitrary addresses or a single server that is used for that and that alone?

[Kilrah]

3 minutes ago, mrg9999 said:

I may have missed it i all the noise, and I apologize.

Was LTT using a hardware key to authenticate, like a Yubikey?

Do they allow content admins to login from arbitrary addresses or a single server that is used for that and that alone?

Watch the video, cookie stealing using malware, and given how Google currently works (and hopefully changes in the future) stealing the cookie entirely bypasses everything, if you have it you're already logged in so no need to log in again.

[imkatz]

4 minutes ago, mrg9999 said:

I may have missed it i all the noise, and I apologize.

Was LTT using a hardware key to authenticate, like a Yubikey?

Do they allow content admins to login from arbitrary addresses or a single server that is used for that and that alone?

From what Linus said in his video, they have multiple people that are managers on the channel, and one of them, which opened the malware got pwned and they did all of the things from there. The main channel account probably does have a Yubikey auth key, but I can't confirm, as I'm definitely not Linus.

[Uttamattamakin]

1 hour ago, mrg9999 said:

I may have missed it i all the noise, and I apologize.

Was LTT using a hardware key to authenticate, like a Yubikey?

Do they allow content admins to login from arbitrary addresses or a single server that is used for that and that alone?

I don't think so and I think they should keep exactly what security measures they use close to their vest.   Fewer little doors to their vault would be a way to ensure there is less chance of an issue like this.  Out of 100 people or so only 4-5 should have that kind of access.  At most 4-5 top top people. 

At least the system they use to manage their channels should be able to restrict access of anyone outside that circle of 4-5 people to the bare minimum. 

[leadeater]

43 minutes ago, Uttamattamakin said:

I don't think so and I think they should keep exactly what security measures they use close to their vest.   Fewer little doors to their vault would be a way to ensure there is less chance of an issue like this.  Out of 100 people or so only 4-5 should have that kind of access.  At most 4-5 top top people. 

At least the system they use to manage their channels should be able to restrict access of anyone outside that circle of 4-5 people to the bare minimum. 

The problem with security is you can only utilize measures that the platform offers, and YouTube is substandard in this regard. Their MFA implementation is flawed, their abnormal activity detection and prevention is non-existent, fine grained access controls basically do not exist. Also due to those previous factors it would go a long way to have a break glass suspend and block channel/account entirely button if you have access still (like Linus did) and the only way back in is through YouTube support, activating this also notifies YouTube support automatically. Doing this should invalidate all current sessions, invalidate all authentication cookies, terminate any live streams.

 

The problem isn't actually restricting it down to a few trusted people, the problem is the inability to give people only the necessary permissions to do specific tasks and nothing else. If you have a responsibility to upload videos to the channel then that is the only permission set you should be granted. Publishing a video to the public should be a separate permission set, unpublishing, deleting, renaming etc etc etc.

 

Being secretive about security measures is not strictly necessary so long as whatever it is you are using, talking platform/service, actually has good security implementations in place. If your security completely breaks down because some key piece of information slips out then you never had any security to begin with, you had luck.

[Issac Zachary]

Great video on how this all happened!

I learned a lot. Now I understand why there are people who prefer to delete all their cookies after every session.

 

Can we call this the "cookie monster attack?"

[japers]

Some tool has scraped the YouTube URLs when all the videos were un-privated and it included a few hundred unlisted personal videos

 

 

 

If any of the mods can reach out to someone directly to let Linus know, thats probably wise.

[hazeyez]

Anyone have an idea of what malware it was? Could have been "AgentTesla." I wish LTT shared the file hash or even the file for security researchers. @LinusTech John Hammond commented on your YT video, he'd like a copy of the file for research. It'd be a cool collab for you two.