Linus Media Group YouTube Channels Hacked

[[XC] Oj101]

I don't care. -_-
I'm pretty sure linus got his traffic for his youtube site from another highly popular techforum website a long time in the first place.
To me this just seem like well. What comes around, goes around.

Look, I don't like the guy either, BUT. He has excellent business acumen and an innate ability to make money out of a bad situation.

Some stats I found:

• 2015: 1.2 million subscribers
• 2016: 2.2 million
• 2017: 3.5 million
• 2018: 5 million
• 2019: 8 million
• 2020: 10 million
• 2022: 15 million

I tried to Google his approximate net worth and found that he recently alluded to a valuation in excess of $ 100 million. All I found was "nine figures" - anyone know anything more than that? Anyway, worst case scenario that's $ 100 million.

Show me a "highly popular tech forum" that can get you that sort of viewership?

Would I like him as a friend? I don't know. I kinda doubt it, but that's based on his online persona.
Would I like him as a business partner? Absolutely yes.

 

[mechtech]

Tech site hacked..................isn't it ironic........................

errrrrrrrr wait was it more google/youtube that was hacked??

either way tech site I guess

 

[ThrashZone]

Hi,
Some people love drama queens ltt qualifies as one his little fake retirement announcement took the drama cake award

 

[DemonicRyzen666]

Look, I don't like the guy either, BUT. He has excellent business acumen and an innate ability to make money out of a bad situation.

Some stats I found:

• 2015: 1.2 million subscribers
• 2016: 2.2 million
• 2017: 3.5 million
• 2018: 5 million
• 2019: 8 million
• 2020: 10 million
• 2022: 15 million

I tried to Google his approximate net worth and found that he recently alluded to a valuation in excess of $ 100 million. All I found was "nine figures" - anyone know anything more than that? Anyway, worst case scenario that's $ 100 million.

Show me a "highly popular tech forum" that can get you that sort of viewership?

Would I like him as a friend? I don't know. I kinda doubt it, but that's based on his online persona.
Would I like him as a business partner? Absolutely yes.

Xtremesystems.org forums had more site traffic in years before 2015.

 

[Dr. Dro]

Xtremesystems.org forums had more site traffic in years before 2015.

I don't think XS, OCN and TPU combined have the reader/viewership and outreach of LTT, but that's understandable, the forums have a comparably niche audience, more so XS than OCN and TPU. To put it bluntly we're nerds here. But Linus brings this "nerdship" in an accessible form to the normie, to people who don't know much about technology and have neither the time nor the desire to learn it.

Just yesterday I was watching a video that he made on the Apple Xserve server system, to someone like me, a system like that is rated triple-X for nerds, and I found it absolutely hilarious that while opening it, he asked for help to understand what an odd few components were, but that's where his masterstroke lies - it's not that he doesn't know what a RAID card or an embedded system controller are, but he reaches out to his coworkers/employees and asks in a manner that looks like he's genuinely asking for help, which in turn really connects with his target audience of normies while it makes us nerds laugh our royal behinds off at a dude who runs such a large media enterprise and "doesn't know" quote unquote what he has in his hands.

What makes me respect Linus is that he brings interest in the trade to people who would otherwise have missed it by not one, but several country miles. His average normie subscriber would probably never know what an Xserve was, or how it worked, even in the event that they somehow knew that Apple actually made enterprise machines and blade servers until 2010 or thereabouts. Today, when people think about Apple, they think of the iPhone, the iPad, the Apple Watch and then the MacBook, in that order, really.

 

[xorbe]

There was no 2015 tech forum with 15,000,000 members. Lol.

 

[DemonicRyzen666]

There was no 2015 tech forum with 15,000,000 members. Lol.

just because says 15 million, doesn't mean it's actually 15 million many are probably users that forgot their password or worse they could be ad bots. All forums have ahd this problem & have a way to deal with pruging the useless accounts that are inactive or varified as bot accounts.

 

[AhmadMZ99]

youtube or google doesn't take a real action about these hackers, since years every time i saw a youtube channel is been hacked by crypto scammers, all they did is suspend the channel if they lucky may restore even the old videos, but they didn't track them down these hackers in first place

 

[trparky]

Oh wow, the restoration is a real clusterfuck and I'm not talking about a new kind of candy bar.

EDIT
It seems that I caught the channel in the middle of what had to be a very janky status because it looks like all of his recent content has been restored. I scrolled down to some content from a year ago and it was there, comments and all. Now, of course my question now is, did the content have to be re-uploaded or did YouTube pull the raw video files from past server snapshots thus we're looking at the original videos as they were from on the servers before all of this garbage happened and thus the same exact video quality as it was before? Or did YouTube have to manually re-upload everything and restore the comments from the SQL databases and thus we're looking at video that's been through the post-upload process twice over?

 

[N/A]

Ah there back. Doesn't matter exactly how but they've rolled back to previous state, and no subscribers were lost. Yay.

 

[trparky]

I still question if the videos are bit-for-bit the same. Because we all know that once you upload the video to YouTube, what you get back isn't the original quality. Even their so-called 4K isn't actually 4K after compression.

 

[[XC] Oj101]

Xtremesystems.org forums had more site traffic in years before 2015.

I was very active on XS during its heyday. I also had contact with a lot of the members off of the forums. I can tell you four things:

• XS never had the traction/traffic to get a channel to the size of LTT. At peak they probably had around 100k members.
• Most of the old XOC members no longer have much interest in IT. These are guys that were in their 30s-40s nearly two decades ago. Do you think that 50-60 year olds are LTT's market?
• LTT started long after XS had started to die
• As someone who has been on XS since 2005 and still, 18 years later, occasionally pop in and post in the staff section, I have never seen Linus on the forums. If he was ever there, he was never very active and most certainly didn't have some large following

I did a bit more digging and it seems his initial followers came from a defunct channel called NCIX Tech Tips, which he himself grew from nothing while working at NCIX.

just because says 15 million, doesn't mean it's actually 15 million many are probably users that forgot their password or worse they could be ad bots. All forums have ahd this problem & have a way to deal with pruging the useless accounts that are inactive or varified as bot accounts.

Why are you so salty? Is it jealousy that he's more successful that half this forum combined?

Oh wow, the restoration is a real clusterfuck and I'm not talking about a new kind of candy bar.

EDIT
It seems that I caught the channel in the middle of what had to be a very janky status because it looks like all of his recent content has been restored. I scrolled down to some content from a year ago and it was there, comments and all. Now, of course my question now is, did the content have to be re-uploaded or did YouTube pull the raw video files from past server snapshots thus we're looking at the original videos as they were from on the servers before all of this garbage happened and thus the same exact video quality as it was before? Or did YouTube have to manually re-upload everything and restore the comments from the SQL databases and thus we're looking at video that's been through the post-upload process twice over?

I'm 99.999% certain that it's a bit-perfect match for the original files because they ARE the original files. Deleting a video is almost certainly nothing more than changing a flag in the DB and leaving the file there but inaccessible for x number of days/months/years/forever.

I don't know the inner workings of YouTube, but even something as simple as forums will often only give staff permission to soft delete posts which remain visible but greyed out to certain staff members and can be recovered at any stage. I admin'd a few vBulletin forums and as admin I had the option to hard or soft delete posts, while moderators didn't even know there was a choice and their deletes were soft deletes by default. Some forum systems don't even allow the primary admin to hard delete posts.

Data should NEVER be deleted (unless it's to eg comply with GDPR or the SA equivalent POPIA, and even then the invoices with the personal info have to legally be kept for 7 years) and often CANNOT be deleted. My accounting software, for example, doesn't have the ability to delete invoices, credit notes, stock items, customers or suppliers and the database is encrypted to stop you from doing it by force.

It takes one staff member going rogue, social engineering leading to a password leak or password sharing across sites or one of several other possibilities to cause irreparable damage.

I wouldn't be even slightly surprised if videos deleted from YouTube 10+ years ago are still there, just with their indexes removed from the DB.

 

[robot zombie]

Any big youtube channel could be phished by someone specifically targeting them. And there are definitely those out there that want to try and take large channels. Why, I don't really get. I just don't know what you'd do with one that would go on to produce value, other than maybe finding another fool to sell it to But I mean... if they can just find people working on the channel and convince them to give up the credentials, it's over then and there.

It's the same vulnerability many poorly structured corporations suffer from, and why different parts of a company can sometimes be borderline no-contact in terms of confidentiality between them - that's about blocking channels for your people being compromised by con ops targeting entities like them, or getting involved in internal embezzlement. It's why you at a minimum stage out personnel access to different things, put them on different layers. Youtube does not provide a way to structure access to the channel. It's treated more like a personal account. Many people likely access the channel in the process of just managing different aspects of it. And again, it's not like there's any sort of access heirarchy options for running a youtube channel. It's not like you can give credentials that say, exclusively grant a thumbnail editor the ability to upload the thumbnails they create for each video. Anyone who does anything on the channel, needs full access to it to do anything at all. This becomes more of a problem as staff grows - communication fog/latency comes into effect and you wind up with more people further towards the outskirts with deep access, who are more liklely to be phished into providing to a bad actor. What would be obvious to someone working closer to the center, easily goes missed by someone with far less involvement. Though in in truth, any one of the people accessing the channel as part of their job has the ability to give up access to the wrong person via deception. It's really a pretty big vulnerability to have.

Another thing that could stop this on youtube's end, is 2FA after performing too many actions in a short time, or before trying to perform any big actions on the channel. Stuff like this might stop happening almost completely if they did that.

 

[[XC] Oj101]

Another thing that could stop this on youtube's end, is 2FA after performing too many actions in a short time, or before trying to perform any big actions on the channel. Stuff like this might stop happening almost completely if they did that.

That part doesn't help if you can disable 2FA without needing to pass a 2FA check :/

 

[progste]

He got his channel back and this is how it happened.

 

[Chrispy_]

Ransomware hackers really dialled it up to eleven when the invasion of Ukraine started.

I'd fought off two major incursions prior to 2022, and I've dealt with 3 more incidents (all basically halted with minimal data exfil and backups restored) in the last year. In all five cases, the groups were Russian.

 

[Chomiq]

He got his channel back and this is how it happened.

This dude has kids and walks butt ass naked around the house at night?

I'm having Deja Vu watching this video, hasn't the same thing happened to GN?

 

[progste]

This dude has kids and walks butt ass naked around the house at night?

I'm having Deja Vu watching this video, hasn't the same thing happened to GN?

I've seen it happen to at least 2 other channels I follow, guess youtube's access tokens are just easy to exploit.

 

[WonkoTheSaneUK]

I wonder if he's lost assorted password manager sponsorships over this, or will they clamour to sponsor him for "Don't be like me, get $OFTWARE!" videos?

 

[unwind-protect]

What happened to Xtremesystems.org, anyway?

 

[crlogic]

I tried to Google his approximate net worth and found that he recently alluded to a valuation in excess of $ 100 million. All I found was "nine figures" - anyone know anything more than that? Anyway, worst case scenario that's $ 100 million.

He recently said the offer was less than $300,000,000 as well on The WAN Show

 

[DemonicRyzen666]

What happened to Xtremesystems.org, anyway?

what do you mean by what happened?
it's still there?

 

[chrcoluk]

A great majority of his subscribers knew him from back in the days he used to work for NCIX - A Canadian retailer. Linus was like the face of the company. He did the main bulk of all their social media stuff for them, especially when it came to youtube.

The owner of NCIX basically ran the company into the ground and a lot of staff got let go of. Im not sure if Linus was let go of or resigned (I think he resigned) but he ended up leaving the company and starting up a YT channel as a placeholder so people would know where to find him.

NCIX carried on being driven into the ground by its owner and Linus approached him to see if he could buy out the brand name or the company since the owner didnt seem to care anyway and linus had long been considered the face of NCIX with all the videos he did for the business. Owner wasnt interested in selling up so NCIX went bankrupt and Linus started up what became Linus Media Group and eventually Floatplane with a lot of ex-NCIX staff

I think Linus offered to buy the company off the owner at least on two or three separate occasions to save it from bankruptcy.

One thing that Linus did talk about in his video addressing his history at NCIX was that the owner maybe didnt seem to understand the social media side of the business and certain service related things like offering same day delivery if you were located within 5miles of a branch of NCIX that their competitors were offering.

They would hire their own staff to deliver stuff to your door if you couldn't wait for the regular delivery service.... Linus did push the idea across to the owner but owner wasnt interested in doing anything. Nothing was done and this is how they started losing a lot of business and eventually bankrupt.

The original owner either wanted to get out of the business completely or it maybe it was more of a tax write off for him if the business went down completely. I never understood why he didnt sell to Linus.

I understand that people might not like Linus but there are worse people out there that deserve that ire more than a guy who doesnt look or sound over 15 talking tech to you and constantly dropping $1000-3000 pieces of hardware on the floor and off desks.

Edited to add more context and easier reading

Interesting so kind of like Paul and his friend who became popular working for newegg, then they moved to their own channels.

I find newegg videos boring now, and even unsubscribed, so I think its unfair to say Linus only was successful because NCIX gave him the platform.

 

[ThrashZone]

Hi,
I wouldn't put it past ltt to fake the hack just for more traffic lol
Anyone think he wasn't mining with all that hardware

 

[chrcoluk]

He got his channel back and this is how it happened.

Ok so the session was hijacked, this is interesting.

For those who dont know chrome (and all of its forks including ungoogled-chromium) there is a security mechanism which I assumed was designed to prevent this.

I discovered it when trying to migrate my browser configuration from one windows install to another, in the old days you could simply copy over your profile folder. Job done. But now if you do that when the browser launches in the new install, it will wipe cookies, saved passwords, extension data and some other data, its a new security measure. The configuration is only valid for that specific windows install, it validates against a unique key thats generated on windows installation. The new official way of migrating a configuration is via online synchronisation which I hate. Google have also been taking down extensions to aid with this, specifically one's that can make a backup of your cookies and then import them again on a new browser setup.

However over recent years a bunch of new developer orientated features have been added to chrome and its forks (firefox has had to adopt them as well to stay relevant). These are related to session storage, authentication storage, temporary cache's and so forth. Traditionally we had a temporary internet cache folder, which was controllable by the operator of the browser, you could configure the path, the size and even disable it altogether. This is currently been phased out. Its also been made hidden in modern browsers as developers didnt like users tinkering. Cookies is similar, they can be controlled within the browser, and many extensions control them also for privacy focused users. These are also been phased out. Developers have long not liked that they had to deal with unstable browser environments, what I mean by unstable in that the operator of the browser was able to change to a non default configuration which is a problem for a web developer. The solution to this by google (and this worked in their own interest as well as a advertising company) is to implement a new storage mechanism within the browser, a sort of reset, so communities had to start all over again by learning about it, and this mechanism would not be configurable by the operator at least by simple means. As an example browsers now have something called LocalStorage. Since the browser operator cant reconfigure it, then the web developer knows they can reliably use it, the operator cannot even restrict the storage space it consumes, its all controlled by the developers of the browser and web developers. There is also service workers, a sort of mechanism allowing websites to act like a service in your browser even after you close the tab, and SessionStorage the replacement for cookies. The critics of these features argued they are a security disaster waiting to happen as well as an invasion on privacy.

Since chrome already protects sessions managed via cookies via windows ID, my assumption is either the attacker's mimicked the windows ID (I am not convinced its that easy as I tried to do this when migrating my browser on a windows reinstall and it still got blocked), or they exploited one of the new mechanisms which are likely more exploitable.

I do agree with Linus's concerns over 2FA.