Jump to content

Dean Doherty hacked

Powerpeasant
By Powerpeasant
in General Discussion
 Share
Go to solution Solved by Spotty,

It appears the channel has been suspended by YouTube.

 

This has been a common problem on YouTube for a few years now. Even Linus Tech Tips channels were hijacked a little over a year ago. Recently an Australian news channel was hijacked. It happens quite often.

 

Typically what happens is attack actors pose as potential sponsors and send the creator malware, often disguised as a pdf file for a sponsorship contract or product information. When opened the malware infects the PC and steals the session tokens for any websites they are logged in to. Those session tokens allow the attackers to login as the user bypassing passwords and MFA. If the creator was logged in to their YouTube account when infected or any time after being infected they will use those session tokens to hijack the channel and use it to impersonate a famous person or channel (ie. Elon Musk). The channel will then be used to run scams, often by running live streams of prerecorded videos promoting some form of cryptocurrency scam. 

 

The creator should immediately quarantine any suspected infected computers (unplug them). From a known clean device they should attempt to reset their account password and contact YouTube support. They should also reset passwords to any other accounts that may have been logged in on that PC - including apps like discord, Steam, etc. Resetting the password on an account invalidates the session tokens kicking anybody else out of the account. 

 

Some tips for creators to help avoid falling victim to this: 

  • Scrutinise any files you receive. A virus scan is a good start but may not be sufficient.
  • Adjust windows explorer settings to display file extensions. Check that the file extension matches what it should be (a pdf file will not be .exe or .scr). 
  • Enforce policy settings on systems preventing potentially dangerous file types from running without administrator permission. 
  • Validate the sender is who they claim to be. Don't download files from untrusted contacts.
  • If you have multiple employees, limit who has access to managing the channel. Make employees aware of this scam and other common scams, malware, and phishing tactics.
  • Ensure general security practices such as using unique passwords and multi factor authentication. Set up strong account recovery options.

 

YouTube is well aware of these types of scams and really should be doing more to prevent them. First change YouTube should make is requiring login for validation before making any significant changes to a channel such as changing the channel name or bulk deleting videos. With YouTube's content ID system and algorithms they use for content classification I find it difficult to believe they can't automatically identify these prerecorded cryptocurrency streams and immediately kill them. Even suspending live stream ability for x hours after changing a channel name would go a long way to help prevent this. Plenty of things YouTube could be doing but aren't.

Posted

Dean Doherty is a youtuber that repairs power tools and shares alot of that experience trough his videos. It is really good information to repair your own tool if need be.

Ha have been hacked recently and is asking for help. I am not well versed in this kind of stuff but maybe some other people here is ❤️

Second youtube channel: deandohertygreaser

Instagram: deandohertygreaser
A reddit post about it: r/ireland

Link to comment
https://linustechtips.com/topic/1576731-dean-doherty-hacked/
Share on other sites
Link to post
Share on other sites
Posted

He needs to get in contact with YouTube, not random forum users. There's nothing we can do about it.

 

Personally, posts like this feel like ads more than anything

Remember to either quote or @mention others, so they are notified of your reply

Link to comment
https://linustechtips.com/topic/1576731-dean-doherty-hacked/#findComment-16467498
Share on other sites
Link to post
Share on other sites
Posted (edited)
  • Solution

It appears the channel has been suspended by YouTube.

 

This has been a common problem on YouTube for a few years now. Even Linus Tech Tips channels were hijacked a little over a year ago. Recently an Australian news channel was hijacked. It happens quite often.

 

Typically what happens is attack actors pose as potential sponsors and send the creator malware, often disguised as a pdf file for a sponsorship contract or product information. When opened the malware infects the PC and steals the session tokens for any websites they are logged in to. Those session tokens allow the attackers to login as the user bypassing passwords and MFA. If the creator was logged in to their YouTube account when infected or any time after being infected they will use those session tokens to hijack the channel and use it to impersonate a famous person or channel (ie. Elon Musk). The channel will then be used to run scams, often by running live streams of prerecorded videos promoting some form of cryptocurrency scam. 

 

The creator should immediately quarantine any suspected infected computers (unplug them). From a known clean device they should attempt to reset their account password and contact YouTube support. They should also reset passwords to any other accounts that may have been logged in on that PC - including apps like discord, Steam, etc. Resetting the password on an account invalidates the session tokens kicking anybody else out of the account. 

 

Some tips for creators to help avoid falling victim to this: 

  • Scrutinise any files you receive. A virus scan is a good start but may not be sufficient.
  • Adjust windows explorer settings to display file extensions. Check that the file extension matches what it should be (a pdf file will not be .exe or .scr). 
  • Enforce policy settings on systems preventing potentially dangerous file types from running without administrator permission. 
  • Validate the sender is who they claim to be. Don't download files from untrusted contacts.
  • If you have multiple employees, limit who has access to managing the channel. Make employees aware of this scam and other common scams, malware, and phishing tactics.
  • Ensure general security practices such as using unique passwords and multi factor authentication. Set up strong account recovery options.

 

YouTube is well aware of these types of scams and really should be doing more to prevent them. First change YouTube should make is requiring login for validation before making any significant changes to a channel such as changing the channel name or bulk deleting videos. With YouTube's content ID system and algorithms they use for content classification I find it difficult to believe they can't automatically identify these prerecorded cryptocurrency streams and immediately kill them. Even suspending live stream ability for x hours after changing a channel name would go a long way to help prevent this. Plenty of things YouTube could be doing but aren't.

Edited by Spotty
Added tips to avoid it

CPU: Intel i7 6700k  | Motherboard: Gigabyte Z170x Gaming 5 | RAM: 2x16GB 3000MHz Corsair Vengeance LPX | GPU: Gigabyte Aorus GTX 1080ti | PSU: Corsair RM750x (2018) | Case: BeQuiet SilentBase 800 | Cooler: Arctic Freezer 34 eSports | SSD: Samsung 970 Evo 500GB + Samsung 840 500GB + Crucial MX500 2TB | Monitor: Acer Predator XB271HU + Samsung BX2450

Link to comment
https://linustechtips.com/topic/1576731-dean-doherty-hacked/#findComment-16467571
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing General Discussion

×