My Channel Was Deleted Last Night.

[sladewatkins]

12 hours ago, StyleTec said:

I am not aware of the mail infrastructure at LMG, but the YARA engine can also be unsed in other setups aswell, with some overhead on how integrate the engine properly.

Judging by screenshots Linus has shared, I believe they use Google Workspace.

[YellowJersey]

"No one enters their log in info every time they visit a website"

 

Me:

[lukeis2k20]

52 minutes ago, Kilrah said:

If you click on it you'll see it directs you to the actual LTT channel.

yeah, i just looked again and i get the same now

before (when i posted) i did not get that

Edited March 24, 2023 by lukeis2k20

[Tieox]

Will the uncensored video be on Onlyfans @LinusTech

[dogwitch]

2 hours ago, bluehawk said:

 

Next up Linus creates a smart turret system for his home defense 

its just a cyber hand... that has the curse of linus ...  where it will drop something.

[CurryMantou]

I was reminded that it happened to a JRPG YouTuber I follow. Yeah it's just shocking how craven these scammers have become, and how easy the tricks they deploy are way closer than you think.

[BlueChinchillaEatingDorito]

One can only aspire to be as free as this guy walking out of the bedroom a 3AM with not even underwear. Does that mean he sleeps naked? 

[AkarinLiu]

Is Session Cookie has been hack?

[RafaelSoaresP]

34 minutes ago, BlueChinchillaEatingDorito said:

One can only aspire to be as free as this guy walking out of the bedroom a 3AM with not even underwear. Does that mean he sleeps naked? 

Linus confirmed to bone

 

[CoolJosh3k]

14 hours ago, s3r4pH said:

A VPN conceals your IP address and is a good protection if someone tries an attack.

Very few forms of attack rely on an IP address.

 

Session hijacking like Linus explained happened in this case, could not have been protected by a VPN.

 

In fact, despite how it is marketed, a VPN does very little to improve security. A real problem because it can cause an illusion of being safe, making a cyberattack more likely.

[Mark_nz]

Great to see you got the channel back and videos restored.

[JimmyJJones]

Would this happen if they were using Macintoshes?

 

I know everyone says that Macs are "easily" hacked but don't ever see that.

 

Think about it.  He clicks a link, downloads a program and runs it.  You just can't do that on a Mac.  You literally have to enter the terminal to hack you own machine to allow it.

 

You don't have a chance in hell of doing that on an iPad.

 

But people always complain about closed ecosystems.  And Linus made fun of a feature which makes sure this stuff doesn't happen.  He made fun of having to literally drag the program icon to the application folder.  But that feature, which Linus made fun of, would have saved his channels.

 

If Linus can prove me wrong and have a special episode showing how this exact thing can happen to Macs, point it out,  I'd love to see it.

[Arika]

20 minutes ago, JimmyJJones said:

Would this happen if they were using Macintoshes?

Yes. it's unrelated to the OS.

[Irukandji]

If I was youtuber. I would been using qubes os. Or limit who has access to the accounts .

[matthewcantswim]

quick little insider tip from somebody who has had first hand experience speaking with and interacting with these bad actors who indulge in cryptocurrency scams: a lot of the channels hacked tend to be old youtube channels either claimed via "gaia link" or just from breaching the email connected to the channel through social engineering or data breaches.

[matthewcantswim]

Just now, matthewcantswim said:

quick little insider tip from somebody who has had first hand experience speaking with and interacting with these bad actors who indulge in cryptocurrency scams: a lot of the channels hacked tend to be old youtube channels either claimed via "gaia link" or just from breaching the email connected to the channel through social engineering or data breaches.

oh and also there are multiple forums ran by and accessed by a bunch of russians who are the main actors, lmfao

[Adrian Stephenson]

More clean-up work is needed at LTT. The scammers still have links on some videos.

[BigDrD]

Hey Linus,

 

Glad to know you were able to take back your channels! Well done! Now it is time for the lessons learned. Simple advise for you to create a security strategy for your organization (if you don't have it already :-))

 

1. Identify the crown jewels of Linus Tech Tips (where the most valuable data resides)

2. Segment your network (probably by function? Accounting, Engineering, Editing, etc,, etc,) 

3. Strongly protect, either via security hardware (preferred) or software, the identified crown jewels in step 1

4. Limit the number of people who can access the channel/s

5. Install SMB size EDRs, Log Management, Alert/Monitoring, etc., and either create a security department to manage those, or hire a Third Party to do the job

6. Create a Security Incident Response process as a way to have a detailed guide on what to do in these cases

7. Security awareness, as you mentioned in your video, learning the basics could enhance the identification of phishing mails, and other social engineering strategies.

8. Create/Register Linus Group for quarterly or twice a year phishing exercises

9. Practice, practice and practice will create the memory muscle required 

 

Any strategy (internally or externally managed) will give you some degree of peace of mind.

 

Regards,

 

 

[CoolJosh3k]

3 hours ago, Adrian Stephenson said:

More clean-up work is needed at LTT. The scammers still have links on some videos.

Clearly YouTube can’t even restore things properly.

 

[CoolJosh3k]

5 hours ago, Arika S said:

Yes. it's unrelated to the OS.

The malware used to perform the attack is made for Windows. The vast majority of it will be.

 

Linux, Mac or other platforms would be much safer to manage accounts from.

[tkdrob]

Long life session tokens create security issues especially for high risk groups like Linus Media Group. Any session should be short lived and require some form of authentication to continue use or make critical changes. I wonder if some sort of proxy can be done with Content Manager or something else to only have cookies that are only relevant to Content Manager or the proxy with no google relevant cookies stored on the end user browser. The real google cookies would be used by the proxy, safe from enemy hands. I use Traefik for Google SSO for my personal applications and am looking into Authelia but I don't think either can be used to manage the actual google cookies with any sort of ease of use. This is just an idea but not that easy to do in practice.

 

Employee training is critical. Periodic phishing exercises are common at my employer's. Tools such as Proofpoint are great at filtering potentially bad emails. It sits between the outside and the domain and provides a daily digest of blocked emails that have a score between 1 and 99. A score of 100 is determined to be bad for sure and never notifies the user. A score of 0 means it was sent to the user. This can all be managed in an admin console to see which emails were sent to the user and which were quarantined. There are also malware isolation tools that initially block downloads from either attachments or URLs. Users can then click exit to continue forward. This is great for accidental clicking and to make users think twice about going forward.

The best practice for every employee is to contact the sender from another channel like phone or IM to confirm if they indeed sent this to them. That thwarts attacks like this. Just like when the Bank calls you for your SSN. Hang up and call them back.

[fulminemizzega]

I think you have shown one more time how this is an amazing company to work for and how a good business owner should think and treat their employees. When I saw your tweet I was puzzled seeing old videos in the cannel's homepage, then I realized that a new video talking about what happened would be available soon and that something to be learned was going to be in it.

Thank you.

[Bitter]

Maybe instead of getting emails with attachments for sponsorships they should setup a portal through which offers are submitted in text with only specific attachment types allowed. Content submitted to the portal can be opened in a computer or VM that's a sandbox and not logged into any accounts. Create a new position 'intake administrator' who's job it is to double check that things being passed onto the less technically savvy members of the team are clean.

Then lockdown incoming emails to strip or reject attachments to the marketing team. It'll make things slightly more annoying but it would entirely bypass this method of attack in the future or any copy-cat attempts which are going to be coming now.

 

I do wonder if maybe something like my old PFsense box which had virus scanning on the fly for all incoming/outgoing traffic might have picked up on something like this?

[Vishera]

[Bitter]

18 minutes ago, Vishera said:

 

Can someone tweet that @ him?