Google can sometimes be half decent at flagging sites if someone reports it via their Safe Browsing form. I assume it’s partly automated and affected by the number of reports, so a bigger channel will have more people reporting the domain if they know to. But I’ve reported some sites just with their public form and it was flagged well within an hour. Another thing is apparently even if Safe Browsing flags a site, it doesn’t get blocked by chrome immediately unless you have “enhanced protection” on in chrome settings, which checks every site you visit against Safe Browsing, though of course that could be considered a privacy tradeoff. Otherwise with “standard protection”, I don’t think it will flag by default on chrome until you get the latest offline list updated which seems to happen within a day.
Silver lining here is that Linus putting the spotlight on this issue might ACTUALLY get us some kind of resolution to this ongoing, massive problem. The fact the Google has not been serious about doing something about this, and Antimalware services aren't doing enough to snuff out this crap, LTT could shed light on the issue that other UA-camrs have been ignored for. If something can be done, I'm grateful, just sorry for all the people that have gone through this, especially those with more to lose.
@Lurch oh no, talking about it on UA-cam has clearly been unhelpful thus far. He doesn't need a soapbox. He needs Google to take it seriously. Without a doubt in my mind, he has already contacted them and is working it out. His revenue on here is a fraction of their revenue from his channel alone. If his channel gets taken, that's a bit of money they're losing, especially since he has a good standing partnership with them, it's really not good for Google. So this might be what's needed to put the issue in their face. You can only close your eyes and cover your ears for so long, Google...
This has happened before, this has happened to Linus before. Linus has talked about this before even going as far as asking Google to fix these problems years ago. Nothing changed like nothing will change now because making money is more important to businesses than someone elses security.
The issue is that your current session allows you to just change your password without entering your old pw or any other verification or 2FA. Same with apple and icloud. You should be allowed to disable those 'convenience vulnerabilities'
THIS! There should be an OPTION in account config. to allow something like this with the secondary e-mail or something like that or different level of OPTIONS and possibilities. They want this as default? Ok, but let me have the alternative.
@@GYTCommnts Got reminded from another UA-cam video about the fact Google offers stuff like this and more, but the Google account has to have Advanced Protection on. Since LTT and Tech Quicky were brand accounts/channels, multiple Google accounts likely had access.
The company has scaled in weird ways. Despite having dozens of employees, some aspects are remnants from when there were much fewer resources. For example, they still don't have a dedicated server admin or seemingly anyone tech aware who isn't working deadlines on videos. As a result, stuff like this keeps happening. More than once Linus, the CEO, had to leave in the middle of a podcast because something in the server room was down. They lost a NAS because no one read the logs for months as multiple hard drives failed. There are probably dozens more stories like this. They're already beyond the point needing someone looking at this stuff full time; with a second building they probably need more than one person. Instead they just scatter these responsibilities around to be done by whoever, whenever they aren't filming videos and no one is really in charge of even basic administration. I wouldn't have a hard time believing that dozens of employees not only had credentials but were perpetually logged into LTT and didn't even have session management. That is, the LTT account was exposed as all these people were logged into it in Chrome browsing random BS during lunch break, waiting for videos to upload, etc. Because that's the kind of thing you do when it's just you and your buddy running a little UA-cam channel and you never change your behaviors as the business grows.
In one of the recent WAN shows, he was just talking about hiring a couple full time I.T. people so that employees like Jake or whoever didn't have try and split their time. I think he said they were starting to lack in maintenance because of that. Hindsight says he should have done that sooner unfortunately. Someone that can spend all their time doing maintenance and ongoing training can make a big difference. Our company of a couple hundred has had several instances over the years where someone fell for a phishing email and had their outlook broken into. (luckily nothing else) Especially when we were a bit smaller without full-time IT staff. Our IT staff now has us go through basic security training every few months, and it seems to have helped.
That's precisely why it makes me laugh hard when i see the "tech tips" part, like bro, you and most of your co-workers are technologically illiterate, just stop.
Didnt think cookie hijacking was still a thing specially for google accounts. I guess it doesn't take that much to spawn secret hidden browser session in the infected computer. Honestly I think it can happen to anybody.
Agreed, especially if the attacker has a zero day to get in to steal the cookie. It seems really simple and obvious that google should make you type in the password *again* to change the password!! But if they inconvenience people by locking them out, not as many people will be signed in...
im guessing this is what happened to me when i had someone bypass 2fa and silently log onto my google account in order to try and buy an advertising campaign using paypal, which i had linked to, and have now removed from my google account. i also had just started trying out googles password manager to sync passwords between devices, which means that iphone in Melbourne probably had all my passwords automatically downloaded to it. im now using a self hosted password manager and file syncing program.
LTT isn't my first stop for technical information these days, but I am always interested in what they have to say. Hope they get it all back up and running soon!
LTT is basically a news and entertainment channel. You can rely on them to keep you up to date, but for technical information on hardware you basically need to get off UA-cam unless you are looking for literal comp-sci education stuff.
Memology got hacked a few months ago and got his channel back after like a week. I was surprised they didn’t use it as an excuse to just nuke his channel.
Huh I never even noticed he got hacked, he probably makes UA-cam a decent chunk of change though so that likely would’ve played into them not shoahing him.
linus is very good about not shying away from the times that hackers and scammers got to him in order to educate everyone. He NEVER shames anyone for getting scammed or hacked but instead raises awareness so others can protect themselves.
He already talked about how his feedback was pretty much useless and that he wouldn't bother talking to UA-cam about changes before posting his opinion on them.
They can implement security measures that force the user to reenter their password and 2fa every time you enter a management area or want to commit a destructive action such as changing keys. This would immediately fix the cookie hijacking issue, they might get in but they're not authenticated.
@@gd44481 UA-cam can ask for the 2FA code every time someone tries to change the password or the 2FA method. This way if someone hacks you, you can log out on all devices and take back control of the channel.
@@gd44481 of course there's a way to fix that... lol for example make an optional setting to request password to delete videos or change channel name...
I swear Linus does everything like a private company. Lowest quality, lowest costs and highest returns. Most of his employees won't get a job anywhere else.
@@ZelenoJabko his name is Linus. He runs a Linux tech channel called Linus Tech Tips. "Just the tip" is a sexual innuendo implying just a tip of a penis. I don't know exactly what it's supposed to mean but it sounds awfully funny 😃.
@@Kapeeshy No, ITS LINUS! read the other replies in this thread. HIS NAME IS LINUS he runs a channel called Linux Tech Tips. God damn do not correct me when you need corrected.
I'm genuinely surprised that this issue hasn't been fixed yet, or at least had some kinda stop-gap put in place, like needing 2FA to change the password if you have 2FA on, or vise-versa.
Considering some of the jank in his videos showing the office space and the way they sort of half-ass and sidestep certain practical things, I'm not surprised their channel backend is apparently also very janky.
On point. Idk about profitability, but he did explain the whole thing in good detail. The video was wonderfully and ironically sponsored by Debrand lmao.
the ironic thing is since they use that same video there is no reason youtube couldnt auto block it and immediatly recognize its a hack. also surprised the fbi hasnt taken down that site.
@@MentalOutlaw They don't even block certain phrases or have any systems in place to detect mass spam. You would think a UA-cam channel would be blocked from commenting if it started commenting the same exact phrase hundreds of times.
When it comes to UA-cam comments they try to make it a bit difficult to give out contact details. But it is hilarious that the owners of reCAPTCHA are letting bots roam their website. I guess they're just trying to spend as little money as possible as long as nobody hands them a huge fine for allowing scams on their websites.
Remember when this happened to Nathaniel Bandy. Two of his channels were rather secure, but his third was tied to an old Hotmail account. He then said that the hacker didn't begin the takeover immediately, reasoning they wanted to get the passwords to the other channels.
A music creator called VectorU (90k subs?) got hacked late last year and also got the channel back after a few days. So while I'm sure Linus does get special treatment it's not like everyone who isn't huge is completely screwed.
One of my favorite channels got Elon-hacked 3 weeks ago proably 30-50k subs. Their channel is still banned/deleted today. Not sure if they'll ever get it back. Google needs to do something about this ASAP!
A quick glance at them and I can tell their some fascist low life. Which makes that channel being restored decently impressive. I'm surprised UA-cam didn't "forget" to restore that channel. Had that happened to Second Thought, that channel would of been FUCKED. Liberals always. ALWAYS side with fascists. Yes, even social democrats. The moderates of fascism.
Honestly, this says a lot more about Google/UA-cam security then anything. My UA-cam account is so old that it was made before Google bought them, and I was pissed when they combined them and required me to use a Google account to sign in.
What expelled me from the platform for years was the Google+ comments debacle. I lost comments and other stuff to that move by Google and that's something I'm still... let's say "unhappy" about.
Speaking of shitty Gooleg bs, anyone knows what was up with youtube comments showing up user's coded names instead of the regular usernames? I was seeing that shit for over a month without knowing what the hell was going on.
Anyone and everyone can get hacked. This insanely toxic mindset of "You're a tech channel, how could you possibly get hacked?!" is seriously getting tiring. Its never been a question of "if", its always been a question of "when". Its like saying "You're a fitness trainer, how could you possibly gain any kind of fat?" or "You're a mechanic, how can your own car break down?!" Get over it. Shit happens.
My dad was a mechanic, the last thing he wanted to do after coming home was spend all day or weekend fixing our shitty cars. That said I would not go to a dentist with bad teeth.
exactly. the same thing happened to jim browning last year. he's a prominent scambaiter who hacks into scammers' computers and does all sorts of stuff with them. and his channel got hacked too. no one is safe.
Well yeah I agree that's pretty toxic and pointless. This is the second Mental Outlaw video that I genuinely disliked because of the smug and arrogant tone. We have seen countless times, time and time again that anyone and anything can get hacked, even the CIA, FBI, NSA and server companies that mostly run Linux when everyone just goes out blaming windows security. The CIA and FBI got hacked thousands of times by a single person sitting in their bedroom alone, NSA got hacked for months before anyone noticed and they are possibly the most advanced hacking agency on the planet by heaps and leagues, it's not like the CIA, FBI and NSA lack security measures and procedures, and yet they still get hacked several times a year. This is seriously getting tiring and this smug, arrogant attitude makes me heavily dislike this type of content now, especially people in the comments like "hah, this would never happen to me because I know better than everyone and I'm invincible." I mean, even if the most advanced hacking agency on the planet gets hacked, FBI, NSA, CIA, who is some pleb on youtube comments thinking he's safe?! This smug and arrogant attitude both from Kenny and the people commenting in the videos have been driving me away from Mental Outlaw videos for a while now.
Found the LTT fanboy lmao. If you have a deep knowlege and understanding of a certain system, and also publicly claim to be an expert about it, you shouldn't fall victim to extremely basic mistakes like this. Your analogies suck by the way, lmao. This situation is more akin to a competant mechanic forgetting to put oil in his car then wondering why the engine blew up. This was a complete oversight on their part.
Apparently the scammer had sent an email purporting to be a sponsorship or advertising offer to one of his employees and the pdf file in the email had contained the malware.
Totally agree with what you said in the end. A separate Linux machine makes things much more secure, and Google allowing to change password without requiring the old password is downright negligent.
Changing password and 2FA, without confirmation from either, while the session was initiated from a cookie. Hard to believe this is slipping through the cracks at a place like Google.
@@mechwarrior83 brought to you by the inventors of the Titan Security Key, which offers, quote: "Titan Security Keys are compatible with the Advanced Protection Program, Google's strongest security offering." You can't make this stuff up.
@@mechwarrior83 it's a convenience feature, and you can turn on "Advanced Account Protection" (for free) to require more stringent authentication. For example, my Google account can *only* be authenticated with a hardware token. The problem is that probably about fifteen people need to be able to access the Linus Tech Tips channel, so any proper security would create such an inconvenience in the workflow that it wouldn't seem worth it.
Isn't it a complete "architectual" failure of 2fa if you can change/reset/remove your 2fa method without actually using it for changing/resetting/removing? Seems weird.
not suprised with the session hijacking, but how the hell are they changing the password and 2fa after? even if they are already "logged in" anything that needs a password or 2fa should be inaccessible unless they got those some other way. unless there was some huge oversight from google where that could be bypassed somehow, which would be absurd.
while the malware could also add a keylogger, it would still need to annoy the user for the creds after, which would be a red flag, and make session hijacking pointless anyways
@@MentalOutlaw yeah that's pretty dumb. It's also possible the malware steals the session and uses it from your own PC to change the passwords because it's 'trusted'
It would be funny if it ends up they got hacked by downloading something from one of those fake Google ads. Linus has a strong opinion against adblockers, and an adblock could've prevented this if that was the case. On the other end, if it really was a fake ad, then Google might finally start cracking down on them, now that they got egg on their face.
Adblockers are still 3rd party apps. Unless they manually do that, which would take an unreasonable amount on time given you'd have to block google ips for it to work (not easy as they are dependent on them), I'd say for companies adblockers are bad. You can't trust some guys that aren't google, microsoft or apple with this stuff, the only reason they are alive is because of community backlash if stuff was to happen.
I would love to know which person on the staff accepted the fake sponsorship that usually leads to these hacks. They give people a sponsorship email, get him to click and get temporary access to there system without having to do two factor Authentication
7000 bucks is a lot of money but honestly it’s probably way less than they would get from hacking most other channels this big. Linus’ audience being more tech savvy means more of us would immediately recognize this scam compared to the audience from, say, a vlog channel. Plus quickly getting the redirect flagged.
It was way more than $7000, because they do not give the same address to everyone. They have a pool of say 50 addresses and give each website visitor a random one.
I personally think that isn’t a lot. Considering certain scams can scam people for thousands at once. Im pretty sure some complex social engineering went into it, but I don’t think the scammers are contempt with 7k. Though 7k could still be a lot in whatever 3rd world country they are in Edit: What Zeleno said might be true, considering they are smart enough to hack Linus.
Linus once pointed out in an interview about their old stuff, that those weird placeholder videos are videos that they had deleted, but when UA-cam recovered everything from the previous hack, they also recovered videos that had been deleted.for years. I don't know why they havent deleted them again. Many channels have previews and drafts of upcoming videos on their channels temporarily. Apperantly deleting those doesn't really make them go away.
Something LTT could look into is building custom tools that upload directly to the UA-cam channel. LTT has the software engineers to build tools to access the UA-cam API for uploading and modifying channel content. Better yet, the tools could work off a intranet site so attackers would have to hack into the network to get access. There's ways around not using the UA-cam interface and risking this kind of attack.
all those words.... it's almost like you didn't watch the video or understand what was being described. Much easier solutions were outlined in this and other videos covering this incident.
@@kwyj I mean a solution propose was basically just a more manual version of this; this proposed solution is have a hardened system for only uploaded to UA-cam. They could set up a system on their local network that does as an in between that stores the session ID and can provide further access control than yt provides. For someone like LTT automating this would be pretty useful given how much they upload
@@unclehumpy2487 there are so many ways but the easiest is a hypervisor VM that can only run a hardened browser. This would be enough to isolate them for uploading/interacting with the site. Or the same scheme with a chromebook. As a nerd, i can attest to our not being afraid to over complicate things and it's a habit we need to restrain as best we can. Simpler is _almost_ always better.
bruh "accessing the YT api for uploading and modifying channel content" isnt engineering lmao. u sound like u rly have no idea what ur talking about. tbh the solution here is simple.
I wonder if the scammers occasionally actually do pay out the victims: not only would this convince someone that it genuinely works who then might go and try it out with WAY more money, but this also would disguise victim wallet addresses with any wallets being used to tumble the crypto.
I Like your BSD idea for future me if my channel gets anywhere good in the future . Appreciate the video to spread awareness to this scam more, I hope the algorithm favours this to be seen by as many people as possible.
I was a victim of that cookie hack yeaaaaars ago before it became popular to do it. Ever since I've gotten a lot more careful about downloading things, especially stuff sent by less tech-savvy friends. You can be the most careful person alive but if only just one of your friends is naive, they're gonna get to you too, through them.
@Lurch thats just it, even bootloaders arent safe though. i mean obviously i think there are like 3 pieces of malware or something that actually load themselves in the bios secureboot files and have a happy day downloading and running everything again after a fresh install of everyones favourite windows.
@@Sup3rman1c That's a much more difficult attack, and not really how that works anyway. This was a classic malware attack. Could have been keylogging, screen capping, anything, but this one stole the tokens.
@@dontaskiwasbored2008 How does it work then? I wasn't saying this particular attack spoken of in the video is that exact attack, I'm saying anyone can get pwnd and most people do get pwnd at least once and in their lives. A worst case scenario (not including the damage getting pwnd can do irl), your motherboard can literally turn to e-waste.
This is honestly entirely UA-cams fault. For all channels above a certain subscriber count, maybe 100k, there should be an option to have a manual verification, done by an actual human being at UA-cam where they call the number linked to your account (that cannot be changed by you, only by UA-cam with identity verification) for every major change made to the channel, such as a video upload, delete, name change, etc. that way it is literally impossible for stuff like this to happen without the number being compromised.
No need manual, just put password and or 2FA authentication for everything which can make people lose access to their account. For example, change password need old password and or 2FA every time, removing 2FA need old password and or old 2FA or removal code, etc. Google do this randomly for changing password and removing 2FA is beyond stupid.
You are absolutely fooling yourself if you think they're going to take the time to call you every single time you upload to make sure things are okay. lmao
In this case, someone ran a malicious software on their machine. How is anything safe from that? Would other authentication methods be safe from it, like JWT? I doubt it. Cookies and Local Storage can’t do shit if people start running malicious programs on their machine. The malicious software could just disable browser security features like CORS and then you’re f’ed.
Unfortunately cookies are literally the only thing that can keep you logged in. It's not just for tracking purposes, it's literally the only technical solution for session control. If you didn't use cookies, the website would literally forget you're logged in the very next time you load a page from it. Cookies are the very thing that keeps you logged in the session. Without cookies, logging into accounts wouldn't really be possible.
If you're talking about Jim Browning, it was a combination of coincidence and an initial email from Google's own domain. The rest of the scam should've been easy to spot due to poor grammar and the absurdity of the instructions, but at least it was a good learning opportunity for Jim and the audience.
Also I remember that UA-cam basically deletes nothing ever. People who have had their channel restored had stuff that was "deleted" reappear. So even if they changed policy on how they use it, plenty of old videos are still stored
@@PMARC14 I'd assume that more illegal stuff like live leak kind of things and child exploitation and violation would be used as evidence against someone given UA-cam works in that way but for the off chance they make a special case for these videos and delete them entirely. Has UA-cam videos inside UA-cam's database ever been used as a way to prosecute criminals before?
1:10 Linus has talked in the past about how they use UA-cam as a backup in case they use the local video files if necessary. So that is actually likely the case.
What I've read about this hack of UA-cam creators is that the malware is sometime distributed through a "sponsor proposal", with a infected pdf We don't know if it's the case here though...
@@dustinp8355 haha not here I think According to this video (in french sorry) ua-cam.com/video/zK2_FjKKgpM/v-deo.html at about 6 min : The hackers send emails to the UA-camr and discuss with him so that with time he start to trust them And after that, they send a "demo" version of the game they want to push to the viewer (which is malware ofc), or a pdf (they don't explain how, I suppose it can be some kind of macros in the file or some shit like that)
To be fair, LTT isn't a tech security channel. So expecting them to be impervious to malware attacks, is sort of like the phrase. "Hey, you know computers right? Can you fix my TV?". Hell, even a few big tech security youtubers have been hacked. 'Jim Browning' springs to mind. The lesson here really should be, that hacking can happen to all of us. Vigilance is extremely important when connected to the Web. But it is no guarantee. Likewise technical solutions are only as good as the company/developers that have developed them. So some times you might want to sacrifice convenience for safety. Anyone who have worked in a multi-user environment knows, how best practices or even company rules, are often skiped in favor of productivity. And that it will be infeasible to have all employees be security savy. So the more employees you have, the harder it becomes to keep your system safe. But yes. A big company and a juicy target, like LMG, should probably invest a bit more time and money into preventing this from happening again.
I'm actually interested in statistics of victims from Linus audience who will eventually fall to this scam, kinda curious if consuming mediocre (in a good way) tech content raise situational awareness Edit: well, 7000$ is a good number
their content isnt necessarily security based. They are hardware channel. And 7k for a channel that gets 1 million views over course of 8 hours isnt a lot.
pretty sure that the average audience of linus is mature and knowleadgeable enough to understand that somthing off happened...im pretty sure those money come from random people
@@thegoblinwholaughs1137 you failed to take in consideration that the link hd a short life since it was flagged by google and cloudflare quite fast, so had no external interference happened we could be talking millions here....
You would think UA-cam/Google would’ve implemented some algorithms to detect when a high profile channel suddenly changes its password, 2fa, channel name among other things and starts live streaming. Those are all huge red flags. And should’ve automatically locked the account.
Actually, it isn't nearly as much of a red flag as you're making it out to be. Channels change their names to reflect temporary promotions all the time, and a livestream at the same time is just effective PR. What Google needs to do is make "Advanced Account Protection" more obvious to their business customers, I'm pretty sure that having that option enabled in the Google account setting for their channels would have prevented the session hijacking attack, and it certainly would have prevented the password change.
This same hack has happened to 4 channels I’ve been subscribed to. All of them recovered faster than Linus, including much smaller channels (sub 200k). It’s strange that UA-cam has not restored their channel to a previous state.
They should give everyone with full access to the channels account (probably just a few people) a live Linux USB with encrypted persistent storage. Something exactly like Tails just without Tor. Then only use it for uploading & accessing the Google account. For transferring files from the editors computers use a SD card as it has a smaller attack surface than USB. Maybe even give these computers their own VLAN for good measure.
I find that perfectly shows that even if you are an expert in the field that you are not protected from making one little mistake and loose everything.
I can't believe any real living human being falls for scams like this. Especially on a tech-focused channel, you'd think that audience would know better.
I'm still pissed that google hasn't fixed the issue where you don't need password and 2fa to change password. To be honest business/creator account should have option to password check even if you edit, add or remove videos.
I remember that whenever you try to change a sensitive setting on a youtube account, you get asked to write your password again. I can't see how they bypassed that.
Another big tech security compromised by convenience design, just like with the iPhone security incident story recently: once you've logged in there is no more protective mechanisms from completelly taking over the account and changing the ownership.
Bro this scam has been running for at least 7 weeks, I've been reporting every channel since it started and it didn't stop spawning. The only thing I managed to take was the api key for his chat client ( chat support on the site) since he left it exposed, but this was like a month and a half. It's so surprising how after all those channels taken by this guy, no body cared.
No doubt there's gonna be an extensive breakdown of this incident on LTT coming up. It'll be interesting to find out exactly what happened (i.e., who fucked up and how).
The people who sent money probably were not ltt fans since the livestream was only using the channel size to increase the likelyhood of it appearing on people's start page
Vitalik Buterin as well, together with the guys from Bankless, which are ironically some of the nicest guys on the web. More sad than funny to be honest.
@@jpunyedvideorestorations9347 _"It's because he was on a SNL skit dressed as Shiba Inu"_ No, it's because he's arguably the most influential person on this planet.
Linus uses a central mainframe that he spends over $100k a year constantly upgrading because he stores uncompressed RED footage on it for some reason. It allows multiple people to edit the same or different videos at the same time. But it’s an all eggs in one basket ordeal. I’m willing to bet that’s what got the malware, and now every computer on the network is vulnerable, since it’s also a 10 gigabit home network storage.
What's actually scary is that Google can essentially decide which site is trustworthy or not in a second, blocking every normal user completely from visiting. Obviously to prevent scam like this it's not a bad thing. But they could block any website like this if they wanted to.
It seems google doesn't verify when removing a TFA device or change password. No confirmation of Yubikey or even email link. I've seen this happen to someone else who had no 2FA configured
It happened every time Metallica published a new single in the last 4 months and it is really bad because people there aren't that tech savy and might not realise it immediately
I was up early this morning and saw the live stream boot up. I've seen a lot of UA-camrs get hit with this same hack in the last few months. Whatever exploit they are using to get the cookies, it must be a fairly common program that UA-camrs usually use that has hidden malware that no one has figured out yet.
im all up for 4chan shenanigans as some of it does seem funny... but this is the first or these hacks are the first that literaly annoy me as they pick literaly everyone all over the place as long as the subs base is huge enough.. but sadly they also picked on some of the realy smaller channels i follow so its just annoying and all this for what?? so one might scam that one poor soul that still falls for these elon will double your bitcoin crap... its just sad at this point. And for as long as this has been going on continuosly... one might even suspect some of the higher ups know what is going on with these random take me nowhere hacks that probably all that do, is annoy people and make hackers like a couple of 10 euros max... How does one upgrade society to 2.0??
There's an even worse bit about the Google session hack: many sites use Google to login, such as Reddit, Ebay, and many, many others. So if the login info could be gotten, then all those sites may be at risk. Maybe I'm just scared of something that can't happen, but just the thought of that convenience being used against us is very terrifying.
True. Google is an advert company pretending to be a tech company. Didn't they disband their autonomous driving team? Of if they did, it would not surprise me. Googling it. Ah, they cut back but didn't disband it: "Google parent Alphabet Inc’s (NASDAQ: GOOGL) (NASDAQ: GOOG) self-driving startup Waymo slashed dozens of jobs as its parent cuts spending and sharpens its focus on artificial intelligence". As I say, they're an advert company more than a tech company. The tech is just for publicity, not unlike what Musk does.
15:04 RIGHT! Just what I commented earlier! There should absolutely be protections in place on ANY account so you can NOT change the password just by being logged in. That seems pretty standard to me to require the old password or an emailed reset link to change the password. The fact Google does not work like this surprises me.
Google can sometimes be half decent at flagging sites if someone reports it via their Safe Browsing form. I assume it’s partly automated and affected by the number of reports, so a bigger channel will have more people reporting the domain if they know to. But I’ve reported some sites just with their public form and it was flagged well within an hour.
Another thing is apparently even if Safe Browsing flags a site, it doesn’t get blocked by chrome immediately unless you have “enhanced protection” on in chrome settings, which checks every site you visit against Safe Browsing, though of course that could be considered a privacy tradeoff. Otherwise with “standard protection”, I don’t think it will flag by default on chrome until you get the latest offline list updated which seems to happen within a day.
i bet they had two dozen LTT employees doing nothing but getting that and every related site listed on every black list ever.
I have a better solution to this entire problem: grow a brain and stop believing someone’s going to give you free cash .
Linus actually mentioned your take on this on the video that he mentions the hack.
@@FuckTheState exactly.
@@pflasterstrips7254 obsessed
Silver lining here is that Linus putting the spotlight on this issue might ACTUALLY get us some kind of resolution to this ongoing, massive problem. The fact the Google has not been serious about doing something about this, and Antimalware services aren't doing enough to snuff out this crap, LTT could shed light on the issue that other UA-camrs have been ignored for. If something can be done, I'm grateful, just sorry for all the people that have gone through this, especially those with more to lose.
@Lurch oh no, talking about it on UA-cam has clearly been unhelpful thus far. He doesn't need a soapbox. He needs Google to take it seriously. Without a doubt in my mind, he has already contacted them and is working it out. His revenue on here is a fraction of their revenue from his channel alone. If his channel gets taken, that's a bit of money they're losing, especially since he has a good standing partnership with them, it's really not good for Google.
So this might be what's needed to put the issue in their face. You can only close your eyes and cover your ears for so long, Google...
This has happened before, this has happened to Linus before.
Linus has talked about this before even going as far as asking Google to fix these problems years ago.
Nothing changed like nothing will change now because making money is more important to businesses than someone elses security.
@Lurch Google is not responsible for his computers getting infected
@@codingsafari providing a session token via a cookie is authentication.
That's not a good thing. We want this shithole to sink, and for khantent kreators to go elsewhere (pref Odysee, where you can discuss the JQ).
The issue is that your current session allows you to just change your password without entering your old pw or any other verification or 2FA. Same with apple and icloud. You should be allowed to disable those 'convenience vulnerabilities'
Are you sure? I remember always having to enter my password when modifying Google account settings.
(big lol if it's 2FA that changes things here)
@@mskiptr the kicker is, that if it's 2fa that suppresses that, they should have put a stronger check, which is asking for your 2fa code again.
THIS! There should be an OPTION in account config. to allow something like this with the secondary e-mail or something like that or different level of OPTIONS and possibilities. They want this as default? Ok, but let me have the alternative.
@@GYTCommnts Got reminded from another UA-cam video about the fact Google offers stuff like this and more, but the Google account has to have Advanced Protection on.
Since LTT and Tech Quicky were brand accounts/channels, multiple Google accounts likely had access.
@@MasicoreLord You are right! Thanks for reminding that!
The company has scaled in weird ways. Despite having dozens of employees, some aspects are remnants from when there were much fewer resources. For example, they still don't have a dedicated server admin or seemingly anyone tech aware who isn't working deadlines on videos. As a result, stuff like this keeps happening.
More than once Linus, the CEO, had to leave in the middle of a podcast because something in the server room was down. They lost a NAS because no one read the logs for months as multiple hard drives failed. There are probably dozens more stories like this.
They're already beyond the point needing someone looking at this stuff full time; with a second building they probably need more than one person. Instead they just scatter these responsibilities around to be done by whoever, whenever they aren't filming videos and no one is really in charge of even basic administration.
I wouldn't have a hard time believing that dozens of employees not only had credentials but were perpetually logged into LTT and didn't even have session management. That is, the LTT account was exposed as all these people were logged into it in Chrome browsing random BS during lunch break, waiting for videos to upload, etc. Because that's the kind of thing you do when it's just you and your buddy running a little UA-cam channel and you never change your behaviors as the business grows.
In one of the recent WAN shows, he was just talking about hiring a couple full time I.T. people so that employees like Jake or whoever didn't have try and split their time. I think he said they were starting to lack in maintenance because of that. Hindsight says he should have done that sooner unfortunately. Someone that can spend all their time doing maintenance and ongoing training can make a big difference.
Our company of a couple hundred has had several instances over the years where someone fell for a phishing email and had their outlook broken into. (luckily nothing else) Especially when we were a bit smaller without full-time IT staff. Our IT staff now has us go through basic security training every few months, and it seems to have helped.
Linus as a tech channel is general has been lackluster, stopped following a while ago
@@mopnem ew trash
Imma say it one time, don't chastise me for it: lmg is slowing becoming a youtube bro mansion
That's precisely why it makes me laugh hard when i see the "tech tips" part, like bro, you and most of your co-workers are technologically illiterate, just stop.
Didnt think cookie hijacking was still a thing specially for google accounts. I guess it doesn't take that much to spawn secret hidden browser session in the infected computer. Honestly I think it can happen to anybody.
Unfortunately. As a tech channel i am paranoid now 😮
@@ArniesTech "Tech" channel
Agreed, especially if the attacker has a zero day to get in to steal the cookie. It seems really simple and obvious that google should make you type in the password *again* to change the password!! But if they inconvenience people by locking them out, not as many people will be signed in...
@@revenevan11 if you have a cookie stealer malware it probably is already reading input
im guessing this is what happened to me when i had someone bypass 2fa and silently log onto my google account in order to try and buy an advertising campaign using paypal, which i had linked to, and have now removed from my google account.
i also had just started trying out googles password manager to sync passwords between devices, which means that iphone in Melbourne probably had all my passwords automatically downloaded to it.
im now using a self hosted password manager and file syncing program.
This is a real "hard-R" moment.
1 month of no MentalOutlaw, time to start catching up
This last week has been pretty good as far as stories go
@@MentalOutlaw word
Our guy is back 💪😎
@@MentalOutlaw more shitposts please
@@caesarxinsanium Wait for April 1st :-)
LTT isn't my first stop for technical information these days, but I am always interested in what they have to say. Hope they get it all back up and running soon!
Recommend thech channels
LTT is basically a news and entertainment channel. You can rely on them to keep you up to date, but for technical information on hardware you basically need to get off UA-cam unless you are looking for literal comp-sci education stuff.
Memology got hacked a few months ago and got his channel back after like a week. I was surprised they didn’t use it as an excuse to just nuke his channel.
Huh yeah. You’d think that would be a “problem that solved itself” from YT’s perspective
Same thing happened to foolish baseball
Huh I never even noticed he got hacked, he probably makes UA-cam a decent chunk of change though so that likely would’ve played into them not shoahing him.
@@hansmoleman2666 he gas around 60k views on every video... UA-cam doesnt need him lol, seems like he doesnt break the tos
linus is very good about not shying away from the times that hackers and scammers got to him in order to educate everyone. He NEVER shames anyone for getting scammed or hacked but instead raises awareness so others can protect themselves.
Which is the exact opposite of what salty Mental Outlaw is doing here right now.
Yet he shames on GNU/Linux because he used Windows for all of his life and is illiterate in GNU/Linux.
@@speedytruck He also shamed people who use ad blockers. His claimed that ad block users = pirates. Who the fuck still don't use ad blockers anyway?
@@speedytruck Well, ne is not a Torvalds, he is just a Linus XD
@@Henry-sv3wv You don’t need to be Torvalds to admit you don’t know what you’re doing.
Good thing it happend to linus. Hes the one most likely to make a giant wave in the YT community to force YT to finally do something.
sure buddy
They can't do anything, my mate, no one can.
He already talked about how his feedback was pretty much useless and that he wouldn't bother talking to UA-cam about changes before posting his opinion on them.
@@KoltPenny They can at least prevent someone who only has a session cookie from changing the Password and 2FA.
They can implement security measures that force the user to reenter their password and 2fa every time you enter a management area or want to commit a destructive action such as changing keys. This would immediately fix the cookie hijacking issue, they might get in but they're not authenticated.
What gets me is that its so easy to prevent this hack. Just require someone to log in (again) before they can livestream or private all videos.
>Sir, they've hit the second channel
>I know (smiles and does the soyface)
Oh sh-
Stonetoss is a Na'Vi (fan)
🥲
>Sir, they've hit the second channel
There goes neighbors having a good nights sleep.
Man xD
lol God I freaking hate his soyboy thumbnails.
Congrats on the shoutout from the WAN Show! (1:30:00)
Tesla Tech Tips
😂😂😂
Subscribed.
Imagine giving "tech tips" while being so tech incompetent.
I can't believe YT didn't fix this cookie shit yet... I've seen numbers and numbers of creators get hacked
There is no way to 'fix' it
Not very smart, are you?
@@gd44481 UA-cam can ask for the 2FA code every time someone tries to change the password or the 2FA method. This way if someone hacks you, you can log out on all devices and take back control of the channel.
Almost every other site asks for old password to change the password to a new one.
@@gd44481 of course there's a way to fix that... lol
for example make an optional setting to request password to delete videos or change channel name...
I swear Linus does everything like a private company. Lowest quality, lowest costs and highest returns. Most of his employees won't get a job anywhere else.
"Just the tip" -Linus
Linux
@@ZelenoJabko his name is Linus. He runs a Linux tech channel called Linus Tech Tips.
"Just the tip" is a sexual innuendo implying just a tip of a penis.
I don't know exactly what it's supposed to mean but it sounds awfully funny 😃.
@@MathewRenfro r/whoosh
@@MathewRenfro linux
@@Kapeeshy No, ITS LINUS! read the other replies in this thread. HIS NAME IS LINUS he runs a channel called Linux Tech Tips. God damn do not correct me when you need corrected.
I'm genuinely surprised that this issue hasn't been fixed yet, or at least had some kinda stop-gap put in place, like needing 2FA to change the password if you have 2FA on, or vise-versa.
It exists but is limited to Google's advanced protection program for some reason
Considering they ran ZFS servers as core infrastructure for years without scrubbing, I wouldn't be surprised if they used UA-cam as a backup repo lol
IIRC didn't they literally admit to doing this in one of their streams? They delete old videos off their server and keep them on UA-cam.
Yes and no. It does act as an archive for videos. But they do have full 321 backups.
Considering some of the jank in his videos showing the office space and the way they sort of half-ass and sidestep certain practical things, I'm not surprised their channel backend is apparently also very janky.
@@TheLegendaryHacker certified bruh moment
ZFS sucks.
The most funny thing is Linus will probably make this topic his most profitable video in a long while when the channel is restored.
On point. Idk about profitability, but he did explain the whole thing in good detail. The video was wonderfully and ironically sponsored by Debrand lmao.
the ironic thing is since they use that same video there is no reason youtube couldnt auto block it and immediatly recognize its a hack. also surprised the fbi hasnt taken down that site.
They don't even block the crypto comment spam which happens more frequently and would be easier to block.
the other thing is that theres a really good chance it's being streamed from the same IP
@@MentalOutlaw They don't even block certain phrases or have any systems in place to detect mass spam. You would think a UA-cam channel would be blocked from commenting if it started commenting the same exact phrase hundreds of times.
When it comes to UA-cam comments they try to make it a bit difficult to give out contact details. But it is hilarious that the owners of reCAPTCHA are letting bots roam their website. I guess they're just trying to spend as little money as possible as long as nobody hands them a huge fine for allowing scams on their websites.
UA-cam can automatically shadow ban comments for "hate speech" but can't block simple scam comments? Color me surprised
Remember when this happened to Nathaniel Bandy.
Two of his channels were rather secure, but his third was tied to an old Hotmail account. He then said that the hacker didn't begin the takeover immediately, reasoning they wanted to get the passwords to the other channels.
It was not just $7000. They cycle addresses, not everyone gets the same one.
Linus mentioned your video on LAN show. Dang you got in fast.
haha we all came to let him know that Linus mentioned him briefly on WAN show giving props for covering it quickly.
A music creator called VectorU (90k subs?) got hacked late last year and also got the channel back after a few days. So while I'm sure Linus does get special treatment it's not like everyone who isn't huge is completely screwed.
Fire Emblem content Creator Mekkah got his also back after a few days. Big channels will have it way was though
90k is big
@@TheTastefulThickness
Not even "everyone in the bubble knows you" big. MAYBE "enough for an income" big.
@@Alias_Anybody anyway... what i said.
Heh I was there for BOTH of those channels getting hacked
One of my favorite channels got Elon-hacked 3 weeks ago proably 30-50k subs. Their channel is still banned/deleted today. Not sure if they'll ever get it back. Google needs to do something about this ASAP!
Memeology101, an absolutely based channel, still got his channel back after this hack happened to him even though UA-cam probably doesn't like him.
Tis better to be made a fool than to be made a martyr
why wouldnt youtube like him
A quick glance at them and I can tell their some fascist low life.
Which makes that channel being restored decently impressive. I'm surprised UA-cam didn't "forget" to restore that channel.
Had that happened to Second Thought, that channel would of been FUCKED.
Liberals always. ALWAYS side with fascists. Yes, even social democrats. The moderates of fascism.
@@purpleey Cause he's based and he's called youtube out before for trying to create an industry plant.
@@UBvtuber whats an industry plant
Honestly, this says a lot more about Google/UA-cam security then anything.
My UA-cam account is so old that it was made before Google bought them, and I was pissed when they combined them and required me to use a Google account to sign in.
Same, mine's so old it used to have a /user/ address instead of /channel/.
What expelled me from the platform for years was the Google+ comments debacle. I lost comments and other stuff to that move by Google and that's something I'm still... let's say "unhappy" about.
Speaking of shitty Gooleg bs, anyone knows what was up with youtube comments showing up user's coded names instead of the regular usernames? I was seeing that shit for over a month without knowing what the hell was going on.
Yeah, I still have those double YT channels binded in a single Google account 😂
No it doesn't. This wasn't a Google security issue.
Anyone and everyone can get hacked. This insanely toxic mindset of "You're a tech channel, how could you possibly get hacked?!" is seriously getting tiring. Its never been a question of "if", its always been a question of "when". Its like saying "You're a fitness trainer, how could you possibly gain any kind of fat?" or "You're a mechanic, how can your own car break down?!"
Get over it. Shit happens.
My dad was a mechanic, the last thing he wanted to do after coming home was spend all day or weekend fixing our shitty cars. That said I would not go to a dentist with bad teeth.
*anyone that is braindead enough to download random executables
exactly. the same thing happened to jim browning last year. he's a prominent scambaiter who hacks into scammers' computers and does all sorts of stuff with them. and his channel got hacked too. no one is safe.
Well yeah I agree that's pretty toxic and pointless. This is the second Mental Outlaw video that I genuinely disliked because of the smug and arrogant tone. We have seen countless times, time and time again that anyone and anything can get hacked, even the CIA, FBI, NSA and server companies that mostly run Linux when everyone just goes out blaming windows security.
The CIA and FBI got hacked thousands of times by a single person sitting in their bedroom alone, NSA got hacked for months before anyone noticed and they are possibly the most advanced hacking agency on the planet by heaps and leagues, it's not like the CIA, FBI and NSA lack security measures and procedures, and yet they still get hacked several times a year. This is seriously getting tiring and this smug, arrogant attitude makes me heavily dislike this type of content now, especially people in the comments like "hah, this would never happen to me because I know better than everyone and I'm invincible." I mean, even if the most advanced hacking agency on the planet gets hacked, FBI, NSA, CIA, who is some pleb on youtube comments thinking he's safe?! This smug and arrogant attitude both from Kenny and the people commenting in the videos have been driving me away from Mental Outlaw videos for a while now.
Found the LTT fanboy lmao. If you have a deep knowlege and understanding of a certain system, and also publicly claim to be an expert about it, you shouldn't fall victim to extremely basic mistakes like this.
Your analogies suck by the way, lmao. This situation is more akin to a competant mechanic forgetting to put oil in his car then wondering why the engine blew up. This was a complete oversight on their part.
Apparently the scammer had sent an email purporting to be a sponsorship or advertising offer to one of his employees and the pdf file in the email had contained the malware.
It was an .scr file with a double extension file name. The woman who opened it saw it as file.pdf.scr
Totally agree with what you said in the end. A separate Linux machine makes things much more secure, and Google allowing to change password without requiring the old password is downright negligent.
Changing password and 2FA, without confirmation from either, while the session was initiated from a cookie.
Hard to believe this is slipping through the cracks at a place like Google.
A separate Linus machine
@@mechwarrior83 brought to you by the inventors of the Titan Security Key, which offers, quote: "Titan Security Keys are compatible with the Advanced Protection Program, Google's strongest security offering."
You can't make this stuff up.
@@mechwarrior83 it feels intentional.
@@mechwarrior83 it's a convenience feature, and you can turn on "Advanced Account Protection" (for free) to require more stringent authentication. For example, my Google account can *only* be authenticated with a hardware token.
The problem is that probably about fifteen people need to be able to access the Linus Tech Tips channel, so any proper security would create such an inconvenience in the workflow that it wouldn't seem worth it.
Isn't it a complete "architectual" failure of 2fa if you can change/reset/remove your 2fa method without actually using it for changing/resetting/removing? Seems weird.
not suprised with the session hijacking, but how the hell are they changing the password and 2fa after?
even if they are already "logged in" anything that needs a password or 2fa should be inaccessible unless they got those some other way.
unless there was some huge oversight from google where that could be bypassed somehow, which would be absurd.
while the malware could also add a keylogger, it would still need to annoy the user for the creds after, which would be a red flag, and make session hijacking pointless anyways
it's a flaw with Google's design, sometimes changing your password or 2 factor device does require authentication, sometimes it doesn't.
@@MentalOutlaw what a great idea
@@MentalOutlaw That's a massive flaw holly
@@MentalOutlaw yeah that's pretty dumb. It's also possible the malware steals the session and uses it from your own PC to change the passwords because it's 'trusted'
It would be funny if it ends up they got hacked by downloading something from one of those fake Google ads. Linus has a strong opinion against adblockers, and an adblock could've prevented this if that was the case. On the other end, if it really was a fake ad, then Google might finally start cracking down on them, now that they got egg on their face.
Adblockers are still 3rd party apps. Unless they manually do that, which would take an unreasonable amount on time given you'd have to block google ips for it to work (not easy as they are dependent on them), I'd say for companies adblockers are bad. You can't trust some guys that aren't google, microsoft or apple with this stuff, the only reason they are alive is because of community backlash if stuff was to happen.
@@RikyyThePootisSlayer No
Funnily enough, they were compromised via a request for advertising, not from advertising.
I would love to know which person on the staff accepted the fake sponsorship that usually leads to these hacks. They give people a sponsorship email, get him to click and get temporary access to there system without having to do two factor Authentication
their*
@smacktard Yvonne? I would suspect a new hire or maybe a transfer from another dept.
This happened to me. It finally disappeared after I wiped my hardrive. It's 100% a malware hack. Someone downloaded something.
Where have you been?
yeah tf happened?
Where did your videos go?
@@serkandevel7828 Gone with the wind.
7000 bucks is a lot of money but honestly it’s probably way less than they would get from hacking most other channels this big.
Linus’ audience being more tech savvy means more of us would immediately recognize this scam compared to the audience from, say, a vlog channel. Plus quickly getting the redirect flagged.
They probably caused more in damage than they got from the scam. I imagine this screwed up filming and a bunch of other plans.
It was way more than $7000, because they do not give the same address to everyone. They have a pool of say 50 addresses and give each website visitor a random one.
I personally think that isn’t a lot. Considering certain scams can scam people for thousands at once.
Im pretty sure some complex social engineering went into it, but I don’t think the scammers are contempt with 7k. Though 7k could still be a lot in whatever 3rd world country they are in
Edit: What Zeleno said might be true, considering they are smart enough to hack Linus.
@@plaushvar How else could he have made money from this hack tho
This is probably the best option he had to make it profitable
@@deleteduser72 There's some Indian squatting on the dirt floor of his shack making that much from a scam phone call.
Linus once pointed out in an interview about their old stuff, that those weird placeholder videos are videos that they had deleted, but when UA-cam recovered everything from the previous hack, they also recovered videos that had been deleted.for years. I don't know why they havent deleted them again.
Many channels have previews and drafts of upcoming videos on their channels temporarily. Apperantly deleting those doesn't really make them go away.
He dropped his security. Bound to happen.
Could you please elaborate? Most of us don't watch 7rannytechtips regularly
@@bravefastrabbit770 linus has reputation of dropping things, mostly **expensive** things
@@BooleanDev it's a joke because "dropped"
@@feschber LOL that went over my head. Guess thats what i get for multitasking
@@feschber Thanks. lmao now it's funny
Something LTT could look into is building custom tools that upload directly to the UA-cam channel. LTT has the software engineers to build tools to access the UA-cam API for uploading and modifying channel content. Better yet, the tools could work off a intranet site so attackers would have to hack into the network to get access. There's ways around not using the UA-cam interface and risking this kind of attack.
all those words.... it's almost like you didn't watch the video or understand what was being described. Much easier solutions were outlined in this and other videos covering this incident.
Or they could just take this as a sign. Log out for good.
@@kwyj I mean a solution propose was basically just a more manual version of this; this proposed solution is have a hardened system for only uploaded to UA-cam. They could set up a system on their local network that does as an in between that stores the session ID and can provide further access control than yt provides. For someone like LTT automating this would be pretty useful given how much they upload
@@unclehumpy2487 there are so many ways but the easiest is a hypervisor VM that can only run a hardened browser. This would be enough to isolate them for uploading/interacting with the site.
Or the same scheme with a chromebook.
As a nerd, i can attest to our not being afraid to over complicate things and it's a habit we need to restrain as best we can.
Simpler is _almost_ always better.
bruh "accessing the YT api for uploading and modifying channel content" isnt engineering lmao. u sound like u rly have no idea what ur talking about. tbh the solution here is simple.
i've actually seen channels with like 200K subs hacked like this and getting their channel back
I think it also happened to DJ Ware with like 25k subs
I wonder if having a Security Key for 2FA would prevent this.
I've seen this happen to over a dozen channels just in the past few months. Really turning into an epidemic now.
I am paranoid now 😮
Sounds like UA-cam is complicit
I wonder if the scammers occasionally actually do pay out the victims: not only would this convince someone that it genuinely works who then might go and try it out with WAY more money, but this also would disguise victim wallet addresses with any wallets being used to tumble the crypto.
I was wondering why their videos were clogging up my notifications. That literally just happened this morning, so you got this video out hella quick!
I Like your BSD idea for future me if my channel gets anywhere good in the future .
Appreciate the video to spread awareness to this scam more, I hope the algorithm favours this to be seen by as many people as possible.
I was a victim of that cookie hack yeaaaaars ago before it became popular to do it.
Ever since I've gotten a lot more careful about downloading things, especially stuff sent by less tech-savvy friends.
You can be the most careful person alive but if only just one of your friends is naive, they're gonna get to you too, through them.
Just sandbox everything duh
@Lurch thats just it, even bootloaders arent safe though. i mean obviously i think there are like 3 pieces of malware or something that actually load themselves in the bios secureboot files and have a happy day downloading and running everything again after a fresh install of everyones favourite windows.
@@Sup3rman1c That's a much more difficult attack, and not really how that works anyway. This was a classic malware attack. Could have been keylogging, screen capping, anything, but this one stole the tokens.
You can 100% have idiot friends and still be safe.
@@dontaskiwasbored2008 How does it work then? I wasn't saying this particular attack spoken of in the video is that exact attack, I'm saying anyone can get pwnd and most people do get pwnd at least once and in their lives. A worst case scenario (not including the damage getting pwnd can do irl), your motherboard can literally turn to e-waste.
This is honestly entirely UA-cams fault. For all channels above a certain subscriber count, maybe 100k, there should be an option to have a manual verification, done by an actual human being at UA-cam where they call the number linked to your account (that cannot be changed by you, only by UA-cam with identity verification) for every major change made to the channel, such as a video upload, delete, name change, etc. that way it is literally impossible for stuff like this to happen without the number being compromised.
No need manual, just put password and or 2FA authentication for everything which can make people lose access to their account. For example, change password need old password and or 2FA every time, removing 2FA need old password and or old 2FA or removal code, etc. Google do this randomly for changing password and removing 2FA is beyond stupid.
You are absolutely fooling yourself if you think they're going to take the time to call you every single time you upload to make sure things are okay. lmao
Naive
Cookies is such a vulnerable to hackers system, but it will never go away. Because you are the product.
Google trackers make it easier for hackers in my opinion. They don't care about safety.
Setting up cookies with php is very fun
In this case, someone ran a malicious software on their machine. How is anything safe from that? Would other authentication methods be safe from it, like JWT? I doubt it. Cookies and Local Storage can’t do shit if people start running malicious programs on their machine. The malicious software could just disable browser security features like CORS and then you’re f’ed.
Sadly...
Unfortunately cookies are literally the only thing that can keep you logged in. It's not just for tracking purposes, it's literally the only technical solution for session control. If you didn't use cookies, the website would literally forget you're logged in the very next time you load a page from it. Cookies are the very thing that keeps you logged in the session. Without cookies, logging into accounts wouldn't really be possible.
"Log off. That cookie shit makes me nervous."
Still not nearly as embarrassing as that cybersecurity youtuber who fell for a phishing email.
Who? Lmao
However unfortunate that is, it's a good reminder that we're all human and can make mistakes.
If you're talking about Jim Browning, it was a combination of coincidence and an initial email from Google's own domain. The rest of the scam should've been easy to spot due to poor grammar and the absurdity of the instructions, but at least it was a good learning opportunity for Jim and the audience.
@@Slavolko I thought he was referring to David Bombal
@@Slavolko the indian scammer scammer?
You were absolutely on the ball. His session manager was hacked because some employee downloaded a malware
They were using youtube as a kind of backup. Linus talked about it that it ain't ideal but its nice to have all the videos in one more place
Also I remember that UA-cam basically deletes nothing ever. People who have had their channel restored had stuff that was "deleted" reappear. So even if they changed policy on how they use it, plenty of old videos are still stored
@@PMARC14 I'd assume that more illegal stuff like live leak kind of things and child exploitation and violation would be used as evidence against someone given UA-cam works in that way but for the off chance they make a special case for these videos and delete them entirely.
Has UA-cam videos inside UA-cam's database ever been used as a way to prosecute criminals before?
I hear people keep gb,s of porn vids set on private.
@@pudznerath6532 nothing is private when you use some ones server use peer tube
@@pudznerath6532 Not even private, you can set that stuff on unlisted and it can stay up as long as its not public
1:10 Linus has talked in the past about how they use UA-cam as a backup in case they use the local video files if necessary. So that is actually likely the case.
What I've read about this hack of UA-cam creators is that the malware is sometime distributed through a "sponsor proposal", with a infected pdf
We don't know if it's the case here though...
The good old .pdf.exe
@@dustinp8355 haha not here I think
According to this video (in french sorry) ua-cam.com/video/zK2_FjKKgpM/v-deo.html at about 6 min :
The hackers send emails to the UA-camr and discuss with him so that with time he start to trust them
And after that, they send a "demo" version of the game they want to push to the viewer (which is malware ofc), or a pdf (they don't explain how, I suppose it can be some kind of macros in the file or some shit like that)
Now paranoid about my sponsors 😮😮😮😅
See Paul Hibbert's video on his hack.
@@lurch1539 There's no option in youtube, you need to be logged in into Gmail to use your youtube account
To be fair, LTT isn't a tech security channel. So expecting them to be impervious to malware attacks, is sort of like the phrase. "Hey, you know computers right? Can you fix my TV?".
Hell, even a few big tech security youtubers have been hacked. 'Jim Browning' springs to mind.
The lesson here really should be, that hacking can happen to all of us. Vigilance is extremely important when connected to the Web. But it is no guarantee. Likewise technical solutions are only as good as the company/developers that have developed them. So some times you might want to sacrifice convenience for safety.
Anyone who have worked in a multi-user environment knows, how best practices or even company rules, are often skiped in favor of productivity. And that it will be infeasible to have all employees be security savy. So the more employees you have, the harder it becomes to keep your system safe.
But yes. A big company and a juicy target, like LMG, should probably invest a bit more time and money into preventing this from happening again.
I'm actually interested in statistics of victims from Linus audience who will eventually fall to this scam, kinda curious if consuming mediocre (in a good way) tech content raise situational awareness
Edit: well, 7000$ is a good number
their content isnt necessarily security based. They are hardware channel. And 7k for a channel that gets 1 million views over course of 8 hours isnt a lot.
Could have ransomed it for 10 times as much at least
@@primethread the scam links the livestreams link to when a channel gets hacked by these groups
pretty sure that the average audience of linus is mature and knowleadgeable enough to understand that somthing off happened...im pretty sure those money come from random people
@@thegoblinwholaughs1137 you failed to take in consideration that the link hd a short life since it was flagged by google and cloudflare quite fast, so had no external interference happened we could be talking millions here....
You would think UA-cam/Google would’ve implemented some algorithms to detect when a high profile channel suddenly changes its password, 2fa, channel name among other things and starts live streaming. Those are all huge red flags. And should’ve automatically locked the account.
Actually, it isn't nearly as much of a red flag as you're making it out to be. Channels change their names to reflect temporary promotions all the time, and a livestream at the same time is just effective PR. What Google needs to do is make "Advanced Account Protection" more obvious to their business customers, I'm pretty sure that having that option enabled in the Google account setting for their channels would have prevented the session hijacking attack, and it certainly would have prevented the password change.
This is just sad to see, really. Because thanks to his input i was able to get my hands on the best gear for my work.
LTT inspired me to start my own channel
This same hack has happened to 4 channels I’ve been subscribed to. All of them recovered faster than Linus, including much smaller channels (sub 200k). It’s strange that UA-cam has not restored their channel to a previous state.
Does Google not tie session tokens to IP addresses? 😕
Checked this myself, No.
It seems no, had used my UA-cam with a Ukranian IP and no problem
They should give everyone with full access to the channels account (probably just a few people) a live Linux USB with encrypted persistent storage. Something exactly like Tails just without Tor.
Then only use it for uploading & accessing the Google account. For transferring files from the editors computers use a SD card as it has a smaller attack surface than USB. Maybe even give these computers their own VLAN for good measure.
They qoute tweeted that tweet the main joking about *THIS* being their greatest tech fail.
I find that perfectly shows that even if you are an expert in the field that you are not protected from making one little mistake and loose everything.
I love your vids and commentary, brother! Your subtle humor and focus on privacy are great.
His sarcasm is delicious 😅
@@ArniesTech yess
Ironic, google has 2 factor authentication, but you can change the password without 2 factor authentication… what an oversight
the idea of an elon musk stream just appearing on your channel one day is hilarious
I can't believe any real living human being falls for scams like this. Especially on a tech-focused channel, you'd think that audience would know better.
I'm still pissed that google hasn't fixed the issue where you don't need password and 2fa to change password. To be honest business/creator account should have option to password check even if you edit, add or remove videos.
I remember that whenever you try to change a sensitive setting on a youtube account, you get asked to write your password again. I can't see how they bypassed that.
Mental Outlaw, would you ever do a podcast?
I could spend hours listening to you talking about hacks and other IT related things.
That would be amazing. I'm in!
Another big tech security compromised by convenience design, just like with the iPhone security incident story recently: once you've logged in there is no more protective mechanisms from completelly taking over the account and changing the ownership.
Ah the classic "double your money" Runescape scam
Bro this scam has been running for at least 7 weeks, I've been reporting every channel since it started and it didn't stop spawning.
The only thing I managed to take was the api key for his chat client ( chat support on the site) since he left it exposed, but this was like a month and a half.
It's so surprising how after all those channels taken by this guy, no body cared.
Password changes should always prompt for password. Weak, Google.
No doubt there's gonna be an extensive breakdown of this incident on LTT coming up. It'll be interesting to find out exactly what happened (i.e., who fucked up and how).
Wouldn't it be funny if it was Coulton 😂
I don't post videos, but if this happened to me I think I'd just quit the internet.
Had such a thing happen to an older account of mine some years ago. It was devastating. 😢
The people who sent money probably were not ltt fans since the livestream was only using the channel size to increase the likelyhood of it appearing on people's start page
I love that Elon is now synonymous with crypto scams.
Vitalik Buterin as well, together with the guys from Bankless, which are ironically some of the nicest guys on the web. More sad than funny to be honest.
Elon is a fraud himself, so that suits him well.
It's because he was on a SNL skit dressed as Shiba Inu, can idiots stop relating one to the other? He's a crypto hater like Trump or Tucker Carlson
@@jpunyedvideorestorations9347 _"It's because he was on a SNL skit dressed as Shiba Inu"_
No, it's because he's arguably the most influential person on this planet.
Linus uses a central mainframe that he spends over $100k a year constantly upgrading because he stores uncompressed RED footage on it for some reason. It allows multiple people to edit the same or different videos at the same time. But it’s an all eggs in one basket ordeal. I’m willing to bet that’s what got the malware, and now every computer on the network is vulnerable, since it’s also a 10 gigabit home network storage.
They could've made so much more money if they made the crypto scam related to the LTT channel instead of that Dorsey and Musk stream.
What's actually scary is that Google can essentially decide which site is trustworthy or not in a second, blocking every normal user completely from visiting. Obviously to prevent scam like this it's not a bad thing. But they could block any website like this if they wanted to.
eTeknix was hacked with a live scam and their channel and videos were restored, so it's good to see that "smaller" channels get taken care of
It seems google doesn't verify when removing a TFA device or change password. No confirmation of Yubikey or even email link. I've seen this happen to someone else who had no 2FA configured
You’d think Linus fans who are smart enough to assemble a gaming pc won’t send their cryptos to a hacker’s scam site.
It was revealed on WAN show that LMG devices are not allowed to have adblockers. Possibly related ????
1. session cookies are limited to ip address.
2. you cannot change your password without the original password.
Thought it seemed insane that not even )eewgle themselves follow NIST guidelines, and as expected: "To continue, first verify that it's you"
1. False
2. True
@@TheActualDP I'm pretty sure numba wan is implementable.. unless you're dealing with dynamic ips
Maybe the whole device was taken over and this wasn't just a session hijack?
Someone got phished, like most hacks happen these days. One of their employees opened a PDF they shouldn't have.
It happened every time Metallica published a new single in the last 4 months and it is really bad because people there aren't that tech savy and might not realise it immediately
Yeah I noticed those too. Really despicable
Can't even find the channel anymore, wow
I was up early this morning and saw the live stream boot up. I've seen a lot of UA-camrs get hit with this same hack in the last few months. Whatever exploit they are using to get the cookies, it must be a fairly common program that UA-camrs usually use that has hidden malware that no one has figured out yet.
I've heard that they likely pretend to be company's looking to do sponsorships.
im all up for 4chan shenanigans as some of it does seem funny... but this is the first or these hacks are the first that literaly annoy me as they pick literaly everyone all over the place as long as the subs base is huge enough.. but sadly they also picked on some of the realy smaller channels i follow so its just annoying and all this for what?? so one might scam that one poor soul that still falls for these elon will double your bitcoin crap... its just sad at this point.
And for as long as this has been going on continuosly... one might even suspect some of the higher ups know what is going on with these random take me nowhere hacks that probably all that do, is annoy people and make hackers like a couple of 10 euros max...
How does one upgrade society to 2.0??
There's an even worse bit about the Google session hack: many sites use Google to login, such as Reddit, Ebay, and many, many others. So if the login info could be gotten, then all those sites may be at risk.
Maybe I'm just scared of something that can't happen, but just the thought of that convenience being used against us is very terrifying.
Google not requiring a password to change the password shows you just how seriously they take security, which is to say, not seriously at all.
True. Google is an advert company pretending to be a tech company. Didn't they disband their autonomous driving team? Of if they did, it would not surprise me. Googling it. Ah, they cut back but didn't disband it: "Google parent Alphabet Inc’s (NASDAQ: GOOGL) (NASDAQ: GOOG) self-driving startup Waymo slashed dozens of jobs as its parent cuts spending and sharpens its focus on artificial intelligence". As I say, they're an advert company more than a tech company. The tech is just for publicity, not unlike what Musk does.
I wonder if that was caused by the RCE that Outlook had recently and LMG uses MS Teams, so they probably use Outlook for emails as well
I saw this in the morning and had no idea it was LTT that got hit :(
15:04 RIGHT! Just what I commented earlier! There should absolutely be protections in place on ANY account so you can NOT change the password just by being logged in. That seems pretty standard to me to require the old password or an emailed reset link to change the password. The fact Google does not work like this surprises me.
Waiting for the Linus tech tips “How we got our UA-cam channel taken over”
The title would probably be more exaggerated with weird capitalization and punctuation.
Raccoons need HUGS
Banks should be liable to recall scammed money. At the end of a chain of transfers is a bank transferring money to a new unproven account.