How Linus Tech Tips Got Hacked

5 April 2023


Session Hijacking and deepfakes take down Linus Tech Tips

Recently, it was reported that LinusTechTips, a YouTube channel with more than 15 million Subscribers was hacked by scammer promoting a crypto scam. YouTube suspended the channel shortly after the name and logo was changed to Tesla and its logo and a livestream with a deepfake version of Elon Musk appeared.

The Cause

On the WAN show, a weekly livestream hosted by Linus and Luke (one of LMG’s employees) Linus explained what happened when he got hacked. He also alluded to the cause. According to the Verge, who can build computers, one of Linus’ team members downloaded what appeared to be “a sponsorship offer from a potential partner”. However, included in this offer also came some malware that made a copy of all user data from both of their installed browsers. This includes the YouTube session tokens.

This wasn’t attack wasn’t immediately shut down for two reasons:
  1. The bad actor, according to Linus, used a VPN to appear closer to the physical location of Linus. This stopped YouTube being able to easily detect that something was wrong. Currently it is unknown who the perpetrator was. However, Linus noticed that there was a login for Germany.
  2. Secondly, Linus was not able to kick out the bad actor from the account easily. Linus said that as there were two (Linus and the attacker) people trying to do many things to the channel at the same time it was difficult for him to log out the device. This increased the damage that was done to the channel as it prevented the attack from being stopped.

The attack is known as Session Hijacking. Session Hijacking is so dangerous as it bypasses many of the usual protections that websites have. One of these is two factor authentication. So for this attack the perpetrator doesn’t even have to know the password or have access to the two factor authentication device. This makes it appear to a webserver that you are the authenticated user.

The Aftermath

After YouTube noticed something was wrong, the channel was terminated this prevented any further damage from occurring. Some say this should have happened sooner. Moreover, when the channel was reinstated, many of the videos that were previously marked as “Private” or “Unlisted” ended up being publicly viewable. From reports, there were many videos in there including an offensive version of a Dyson sponsorship.

Luke, the one on the WAN show reported that after the hack of the YouTube channel, their other services got “slammed”. This included their forum and their video streaming site Floatplane. On this website they reported that they gained an extra 5000 subscribers during the time that the channel was down.

Write a comment: