Jump to content

@LinusTech Twitter Account Hacked

SuperBailey
Go to solution Solved by LinusTech,

On June 28, 2016 the Linus Media Group domain registrar account was compromised.

 

The exact methodology of the "hack" won't be disclosed for obvious reasons, but I can assure you that despite any claims to the contrary, the appropriate safeguards were in place on our side, and as I type this Yvonne is having a very heated phone discussion with the 3rd party responsible for the breach.

 

Anyway, the thing most of you are probably wondering about right now is what this means for your forum account or personal information, and the answer is very simple:

 

NOTHING.

 

The "hacker" simply changed the DNS settings in the dashboard and did not at any time have access to the linustechtips.com server. Any claims of a database dump are categorically false.

 

The compromised accounts - including Twitter - have been restored.

 

I hope this clears things up.

 

Linus

34 minutes ago, MellowCream said:

http://prntscr.com/bme2qb

 

So, is this true?

 

If they had access to the administration panel of the site, why wouldn't they change or hack the site? They just changed the DNS on the domain.

 

 

They had access to the administration panel of the registrar, not the site (imagine the registrar is like the post office, they keep tabs on who and where every one is). 

27 minutes ago, givingtnt said:

it depends, with hostinger if you find my password you have acess to

the ftp

theip

the database

the EVERYTHING


its good cus its free

but it has disadvantages.

It is not like that in this case. 

27 minutes ago, MellowCream said:

I'm aware this is what Linus says, however, Poodle says otherwise. 

He can say what he likes, if he'd like to provide some proof I would happily take him seriously. 

18 minutes ago, givingtnt said:

I think we have the right to know whatever compagnie is too lazy to protect a compagnie as big as lmg.

how about us ?

The issue is that Linus may not legally be able to tell you about that company. he may have a contract with an NDA protecting them, or maybe he's planning to take legal action against them, whatever the case is, if he doesn't or can't tell you, I think we should respect it, because I'm sure he has reasons. 

 

17 minutes ago, burnttoastnice said:

Thank you.

I am literally cringing at the amount of people here who don't understand the difference between hashing and encryption, claiming a hash can be cracked (which is true to some extent for md5 but requires excessive effort and computing power).

 

Rainbow tables != Cracking a hash (#inb4shutdown)

Sadly to the general public it's a differentiation without a difference. It's sometimes hard to balance the discussion of something so technical knowing that many people reading would not have the background to understand the minutiae of the topic.  

15" MBP TB

AMD 5800X | Gigabyte Aorus Master | EVGA 2060 KO Ultra | Define 7 || Blade Server: Intel 3570k | GD65 | Corsair C70 | 13TB

Link to comment
Share on other sites

Link to post
Share on other sites

1 minute ago, rm -rf said:

Why do you doubt they'd be in a contract?

sorry I misswrote

 

I ment a contract that prevents them of talking about a company in the events of a problem occuring

 

unless cloudfare pays them, but thats undisclosed and afaik @LinusTech said he doesn't like to do those things

~New~  BoomBerryPi project !  ~New~


new build log : http://linustechtips.com/main/topic/533392-build-log-the-scrap-simulator-x/?p=7078757 (5 screen flight sim for 620$ CAD)LTT Web Challenge is back ! go here  :  http://linustechtips.com/main/topic/448184-ltt-web-challenge-3-v21/#entry601004

Link to comment
Share on other sites

Link to post
Share on other sites

6 minutes ago, burnttoastnice said:
  Reveal hidden contents

I think it's cloudflare.svg

 

Linus Media Group isn't apart of the CloudFlare partner program, though they may be a client.

1474409643.6492558

Link to comment
Share on other sites

Link to post
Share on other sites

1 minute ago, rm -rf said:

Linus Media Group isn't apart of the CloudFlare partner program, though they may be a client.

Error 502 used to be frequent around here back on the old forums. Peeped it again when the site went down, so they're my first guess. But Blade mentioned a registrar and someone else mentioned the Linustechtips.com domain for sale in another thread so I think it's safe to say that Yvonne is having a go at ******y

Speedtests

WiFi - 7ms, 22Mb down, 10Mb up

Ethernet - 6ms, 47.5Mb down, 9.7Mb up

 

Rigs

Spoiler

 Type            Desktop

 OS              Windows 10 Pro

 CPU             i5-4430S

 RAM             8GB CORSAIR XMS3 (2x4gb)

 Cooler          LC Power LC-CC-97 65W

 Motherboard     ASUS H81M-PLUS

 GPU             GeForce GTX 1060

 Storage         120GB Sandisk SSD (boot), 750GB Seagate 2.5" (storage), 500GB Seagate 2.5" SSHD (cache)

 

Spoiler

Type            Server

OS              Ubuntu 14.04 LTS

CPU             Core 2 Duo E6320

RAM             2GB Non-ECC

Motherboard     ASUS P5VD2-MX SE

Storage         RAID 1: 250GB WD Blue and Seagate Barracuda

Uses            Webserver, NAS, Mediaserver, Database Server

 

Quotes of Fame

On 8/27/2015 at 10:09 AM, Drixen said:

Linus is light years ahead a lot of other YouTubers, he isn't just an average YouTuber.. he's legitimately, legit.

On 10/11/2015 at 11:36 AM, Geralt said:

When something is worth doing, it's worth overdoing.

On 6/22/2016 at 10:05 AM, trag1c said:

It's completely blown out of proportion. Also if you're the least bit worried about data gathering then you should go live in a cave a 1000Km from the nearest establishment simply because every device and every entity gathers information these days. In the current era privacy is just fallacy and nothing more.

 

Link to comment
Share on other sites

Link to post
Share on other sites

6 minutes ago, burnttoastnice said:

Error 502 used to be frequent around here back on the old forums. Peeped it again when the site went down, so they're my first guess. But Blade mentioned a registrar and someone else mentioned the Linustechtips.com domain for sale in another thread so I think it's safe to say that Yvonne is having a go at ******y

Their Who.Is information confirms that their registrar is ******y, and that they are using CloudFlare.

1474409643.6492558

Link to comment
Share on other sites

Link to post
Share on other sites

1 hour ago, Aytex said:

im starting to think keemstar is behind all of these

 

1 hour ago, Aytex said:

No, i'm starting to speculate he hired poodle/lizard

 

The more I look at the available evidence, the more I have to agree with you.

 

Keemstar is most definitely using Poodle to punish anyone who so much as mentions his name in a negative light on youtube.

My PC:- Codename: DarthStorm | Corsair Carbide Spec-03 | Asus Z170-E Skylake | i7 6700k | Thermaltake Water 3.0 Cooler | 32Gb Corsair Vengence 3000MHz | GeForce GTX 970 Strix | 480Gb Sandisk Ultra II + 4Tb WD Blue | 750w Corsair Builder Series CX750M

Link to comment
Share on other sites

Link to post
Share on other sites

4 minutes ago, ScootsMcgoots said:

So...what exactly did they post from his twitter account? 

Hardly anything, and it appears to be gone now.

Solve your own audio issues  |  First Steps with RPi 3  |  Humidity & Condensation  |  Sleep & Hibernation  |  Overclocking RAM  |  Making Backups  |  Displays  |  4K / 8K / 16K / etc.  |  Do I need 80+ Platinum?

If you can read this you're using the wrong theme.  You can change it at the bottom.

Link to comment
Share on other sites

Link to post
Share on other sites

1 hour ago, ScootsMcgoots said:

So...what exactly did they post from his twitter account? 

Changed his profile picture to a person eating pizza while the person was wearing a google shirt. Made a few awful jokes like "What if someone's name was TechTips and the end Had Techtips." And he said he hacked the account and he posted a link for his twitter.

Tech enthusiast and CS Student

 

 

 

 

 

Link to comment
Share on other sites

Link to post
Share on other sites

1 hour ago, ScootsMcgoots said:

He sounds like a cringey  kid who  wants attention. 

Yeah. Later on after the LinusTechTips forum went down he said he was going to sell the Forums Database which was false. Just for attention. 

Tech enthusiast and CS Student

 

 

 

 

 

Link to comment
Share on other sites

Link to post
Share on other sites

2 hours ago, Blade of Grass said:

 

Sadly to the general public it's a differentiation without a difference. It's sometimes hard to balance the discussion of something so technical knowing that many people reading would not have the background to understand the minutiae of the topic.  

An attempt at a tl;dr of (cryptographic) hashing vs encryption. I'm mainly just going to stick to theory since real life always makes things a bit messier.

 

(Cryptographic) Hashing: You want to take some arbitrary data and map it to a fixed-size output in a way that is computationally infeasible to reverse the computation no matter the circumstances. One common use for hashing is authentication. For example, with passwords and user authentication, if you've got a user trying to login to your service, you don't really care what their password is. You just care that they enter the same thing every time. You have no intention of "unhashing" to figure out what the original information was. So, you only store their hashed password in your database. Then, every time they login, you rehash and check that the hash matches.

 

Encryption: You want to take some arbitrary data and encode it to some other arbitrary data in a way that is feasible to reverse *if* you happen to know some kind of secret. That secret could be an AES key or RSA private key or, well, there are a good amount of cryptographic schemes. Anyway, encryption is used between two parties that would like to communicate securely.

 

To tie it together in a small example: Say you want to buy something on onlinestore.com. Hashing plays a role in authenticating you to let you login, and encryption plays a role in transmitting sensitive information that needs to be decoded like your payment information.


Even shorter:

(Cryptographic) Hashing: Not used for communication. Used for authentication/data integrity/etc

Encryption: Used for communication.

 

Again, the reality is a bit more gray and certainly more complicated in implementation, but I think this is a decent compromise between information and brevity.

 

Edit: Wanted to clarify I'm talking specifically about cryptographic hashing, not general hashing. Also found out password hashing is typically done server side, not client side.

Link to comment
Share on other sites

Link to post
Share on other sites

I'm glad Linus is back! This hacking needs to stop, like for real. It's getting insane... >:(

PC Specs:

CPU: AMD Ryzen 9 5900X | Motherboard: MSI MPG B550 Gaming Edge WIFI | RAM: G.SKILL RIPJAWS 32GB (4x8GB) DDR4-3200MHz CL16 | GPU: XFX 6700XT 12GB | Case: Deepcool Matrexx 70 | Storage: XPG Gammix Gen3x4 M.2 (NVMe) 256GB - ADATA SU 740 SSD 500GB - T-FORCE Vulcan 2.5" SSD 500GB - Mushkin Enhanced Source 2.5" 500GB SSD - Gigabyte Aorus 2TB NVMe Gen 4  | PSU: Enermax Triathlor Semi-Modular ECO 800w 80 PLUS Bronze | Display: MSI Optix MAG27OVC 144Hz | Cooling: Scythe Mugen 5 Rev.B | OS: Windows 11 Home | Steam Deck 

 

PC Peripherals: 

Mouse: G502 Hero & Razer Basilisk HyperSpeed Wireless | Keyboard: Ducky One Mini 65% | Mousepad: Techsource Topo Black | DAC: Schitt Fulla 2 & SYBA USB DAC | Headset: Alienware AW510H & Astro A40 TR | Speakers: Logitech Z323 

Link to comment
Share on other sites

Link to post
Share on other sites

1 minute ago, Deon7Dust said:

I'm glad Linus is back! This hacking needs to stop, like for real. It's getting insane... >:(

Assuming the individuals do everything they can to take advantage of the security options offered by companies (2 factor, unique passwords, etc.) (which Linus always does afaik) that responsibility falls on the companies like Google, Apple, Twitter, etc. (not saying those specifically need work or were involved, just listing for example).  There will always be hackers ant attempts to break things.  That isn't going to stop.

Solve your own audio issues  |  First Steps with RPi 3  |  Humidity & Condensation  |  Sleep & Hibernation  |  Overclocking RAM  |  Making Backups  |  Displays  |  4K / 8K / 16K / etc.  |  Do I need 80+ Platinum?

If you can read this you're using the wrong theme.  You can change it at the bottom.

Link to comment
Share on other sites

Link to post
Share on other sites

42 minutes ago, ScootsMcgoots said:

So...what exactly did they post from his twitter account? 

Just that fact that poodlecorp had hacked LinusTech

 

27 minutes ago, ScootsMcgoots said:

One funny/ weird thing is I've noticed a ton of new accounts popping up named after youtubers  IE;  pewdiepie, markiplier, etc...

What do you mean?

1474409643.6492558

Link to comment
Share on other sites

Link to post
Share on other sites

4 minutes ago, Ryan_Vickers said:

Assuming the individuals do everything they can to take advantage of the security options offered by companies (2 factor, unique passwords, etc.) (which Linus always does afaik) that responsibility falls on the companies like Google, Apple, Twitter, etc. (not saying those specifically need work or were involved, just listing for example).  There will always be hackers ant attempts to break things.  That isn't going to stop.

Yes, it's a shame. You are never safe...

PC Specs:

CPU: AMD Ryzen 9 5900X | Motherboard: MSI MPG B550 Gaming Edge WIFI | RAM: G.SKILL RIPJAWS 32GB (4x8GB) DDR4-3200MHz CL16 | GPU: XFX 6700XT 12GB | Case: Deepcool Matrexx 70 | Storage: XPG Gammix Gen3x4 M.2 (NVMe) 256GB - ADATA SU 740 SSD 500GB - T-FORCE Vulcan 2.5" SSD 500GB - Mushkin Enhanced Source 2.5" 500GB SSD - Gigabyte Aorus 2TB NVMe Gen 4  | PSU: Enermax Triathlor Semi-Modular ECO 800w 80 PLUS Bronze | Display: MSI Optix MAG27OVC 144Hz | Cooling: Scythe Mugen 5 Rev.B | OS: Windows 11 Home | Steam Deck 

 

PC Peripherals: 

Mouse: G502 Hero & Razer Basilisk HyperSpeed Wireless | Keyboard: Ducky One Mini 65% | Mousepad: Techsource Topo Black | DAC: Schitt Fulla 2 & SYBA USB DAC | Headset: Alienware AW510H & Astro A40 TR | Speakers: Logitech Z323 

Link to comment
Share on other sites

Link to post
Share on other sites

2 minutes ago, rm -rf said:

What do you mean?

Nothing to see here, move along... :ph34r:

Solve your own audio issues  |  First Steps with RPi 3  |  Humidity & Condensation  |  Sleep & Hibernation  |  Overclocking RAM  |  Making Backups  |  Displays  |  4K / 8K / 16K / etc.  |  Do I need 80+ Platinum?

If you can read this you're using the wrong theme.  You can change it at the bottom.

Link to comment
Share on other sites

Link to post
Share on other sites

1 minute ago, Ryan_Vickers said:

Nothing to see here, move along... :ph34r:

That was in reference to their comment, not the base idea of the thread.

1474409643.6492558

Link to comment
Share on other sites

Link to post
Share on other sites

5 minutes ago, rm -rf said:

That was in reference to their comment, not the base idea of the thread.

Yes, well those should be a fleeting occurrence, let's say :P

Solve your own audio issues  |  First Steps with RPi 3  |  Humidity & Condensation  |  Sleep & Hibernation  |  Overclocking RAM  |  Making Backups  |  Displays  |  4K / 8K / 16K / etc.  |  Do I need 80+ Platinum?

If you can read this you're using the wrong theme.  You can change it at the bottom.

Link to comment
Share on other sites

Link to post
Share on other sites

2 minutes ago, Ryan_Vickers said:

Yes, well those should be a fleeting occurrence, let's say :P

Pardon?

1474409643.6492558

Link to comment
Share on other sites

Link to post
Share on other sites

1 minute ago, rm -rf said:

Pardon?

 

26 minutes ago, ScootsMcgoots said:

One funny/ weird thing is I've noticed a ton of new accounts popping up named after youtubers  IE;  pewdiepie, markiplier, etc...

 

I can say with virtual certainty that those are not related to the recent "hack" in any way, and should be coming to and end soon.

Solve your own audio issues  |  First Steps with RPi 3  |  Humidity & Condensation  |  Sleep & Hibernation  |  Overclocking RAM  |  Making Backups  |  Displays  |  4K / 8K / 16K / etc.  |  Do I need 80+ Platinum?

If you can read this you're using the wrong theme.  You can change it at the bottom.

Link to comment
Share on other sites

Link to post
Share on other sites

Quote

 Yvonne is having a very heated phone discussion with the 3rd party responsible for the breach

"give a man a zero-day and he'll have access for a day; teach a man to phish and he'll have access for life..."

Ultimate XP gaming system build log coming soon!  Q8200 // 8GB DDR2 // Asus P5E Deluxe X48 // Asus 4870 DARK KNIGHT X-Fire // Supreme FX sound // BFG Ageia PhysX PCI Co-Processor // AX 860x with Silverstone extensions 

Link to comment
Share on other sites

Link to post
Share on other sites

Scarce just created a video that includes the Linus hacked story, though pronounces the name wrong xD.

I've linked to 4:33 where it is. Some of his comments are so infuriating.

 

1474409643.6492558

Link to comment
Share on other sites

Link to post
Share on other sites

8 minutes ago, rm -rf said:

Scarce just created a video that includes the Linus hacked story, though pronounces the name wrong xD.

I've linked to 4:33 where it is. Some of his comments are so infuriating.

 

Well think "Linux"  Some people say lyn-ux, some say lie-nux, since the creator's name (Linus Torvalds) can be (mis?)interpreted like that too :D 

 

And as for the moral of the story, well, actually I can't and won't say because:

Quote

The exact methodology of the "hack" won't be disclosed for obvious reasons

 

Solve your own audio issues  |  First Steps with RPi 3  |  Humidity & Condensation  |  Sleep & Hibernation  |  Overclocking RAM  |  Making Backups  |  Displays  |  4K / 8K / 16K / etc.  |  Do I need 80+ Platinum?

If you can read this you're using the wrong theme.  You can change it at the bottom.

Link to comment
Share on other sites

Link to post
Share on other sites

All the security in the world doesn't mean anything if they hack/social engineer your registrar and control your MX records.

-KuJoe

Link to comment
Share on other sites

Link to post
Share on other sites

3 hours ago, Stuff_ said:

For the sake of security, forum passwords are stored in a nice cryptographically secure manner, yeah? 

Nah plain .rtf files with no security /s

 

Nah pretty sure the server that this forum runs on is a Linux based system or maybe even a "special snowflake" OSes like something based off BSD or Solaris.

a Moo Floof connoisseur and curator.

:x@handymanshandle x @pinksnowbirdie || Jake x Brendan :x
Youtube Audio Normalization
 

 

 

Link to comment
Share on other sites

Link to post
Share on other sites

Guest
This topic is now closed to further replies.


×