1
00:00:00,000 --> 00:00:04,480
If you're a regular viewer, you probably know we got hacked recently with the tech

2
00:00:04,480 --> 00:00:09,840
quickie videos you know and love replaced by everyone's favorite streams operated by crypto

3
00:00:09,840 --> 00:00:15,280
scammers. Oh boy. Over on our sister channel Linus Tech Tips, we have a video detailing exactly

4
00:00:15,280 --> 00:00:20,400
what happened, but the upshot is that a compromised email attachment stole session tokens from a

5
00:00:20,400 --> 00:00:25,040
computer here at the office, basically the part of a web browser cookie that tells a website that

6
00:00:25,120 --> 00:00:30,240
you're logged in. Cookie theft often allows an attacker to access accounts without knowing the

7
00:00:30,240 --> 00:00:36,080
password and it's become a relatively common way for YouTubers to get hacked. But why is it so easy?

8
00:00:36,080 --> 00:00:40,880
Before we dive into the answer, we'd like to thank fellow YouTuber Theo Joe for his thoughts on the

9
00:00:40,880 --> 00:00:45,600
situation. Go and check out his channel when you're done watching this. The reason why so many

10
00:00:45,600 --> 00:00:51,200
YouTubers have gotten hacked recently boils down to a trade-off between convenience and security.

11
00:00:51,200 --> 00:00:55,520
You see, YouTube along with basically any other website that requires you to log in

12
00:00:55,520 --> 00:01:02,000
can ask you for your credentials at any time, but it's how often they decide to do this or not

13
00:01:02,000 --> 00:01:06,960
do this. That can mean the difference between you staying safe and getting hacked. Here's what I

14
00:01:06,960 --> 00:01:12,320
mean. Although it would be extremely annoying for YouTube to ask us for our password every time we

15
00:01:12,320 --> 00:01:18,000
try to do something simple like upload a video or change a thumbnail, it might behoove YouTube to

16
00:01:18,000 --> 00:01:23,680
ask for passwords when making a major modification such as, I don't know, changing the name of the

17
00:01:23,680 --> 00:01:29,600
channel, which Google doesn't do consistently. Another potential red flag that YouTube could

18
00:01:29,600 --> 00:01:35,200
pay attention to is when the IP address of the logged in computer changes. Although there are

19
00:01:35,200 --> 00:01:40,560
totally innocent reasons for this to happen, such as taking your laptop on a trip or logging in to

20
00:01:40,560 --> 00:01:46,720
a VPN or your ISP just reassigning you a new one, it could also be because an attacker has stolen

21
00:01:46,720 --> 00:01:51,360
your cookie and is now logged in from elsewhere. But it doesn't appear that Google consistently

22
00:01:51,360 --> 00:01:56,240
asks you for your password again in this situation either. These are fairly simple precautions,

23
00:01:56,240 --> 00:02:01,520
so it's a bit of a mystery why Google doesn't already pick them. But if we had to guess,

24
00:02:01,520 --> 00:02:05,440
which we'll be doing since YouTube didn't get back to us when we reached out for comment,

25
00:02:05,440 --> 00:02:10,080
it's likely to cut down on how often creators are asked to punch in their credentials,

26
00:02:10,080 --> 00:02:15,520
which can be annoying. But even if you agree that YouTube has struck the right balance between

27
00:02:15,520 --> 00:02:21,280
security and usability, there are still more ways they can prevent these attacks after the

28
00:02:21,280 --> 00:02:26,560
hacker has gotten the password. Strengthening two-factor authentication should also be high

29
00:02:26,560 --> 00:02:30,480
on Google's list of security priorities. Although YouTube and other Google services

30
00:02:30,480 --> 00:02:37,280
obviously support 2FA already, you aren't asked to re-verify on your two-factor device on a computer

31
00:02:37,280 --> 00:02:42,480
you're already logged into, meaning that if a rogue file attachment contains a keylogger,

32
00:02:42,480 --> 00:02:46,880
the attacker can just re-enter your password onto your stolen session with a good chance

33
00:02:46,880 --> 00:02:52,400
they won't be asked for that second factor that only you have. It's like having a guard dog that's

34
00:02:52,400 --> 00:02:59,200
just sleeping on the job. What do guard dogs dream of? To be fair to Google, they do have

35
00:02:59,200 --> 00:03:04,560
a more advanced tool called Context Aware Access for enterprise users that allows the

36
00:03:04,560 --> 00:03:09,520
whitelisting of only certain IP addresses which prevents a faraway attacker from logging in

37
00:03:09,520 --> 00:03:14,880
even if they have all your credentials. But the problem is that only specific Google apps such

38
00:03:14,880 --> 00:03:20,640
as Drive and Gmail support it. You can't lock down an entire account that way, so it does nothing

39
00:03:20,640 --> 00:03:25,200
for YouTubers trying to protect against a hack. And speaking of locking down accounts, perhaps the

40
00:03:25,200 --> 00:03:30,720
biggest elephant in the room is that regardless of what security measures YouTube offers, Google

41
00:03:30,720 --> 00:03:36,240
doesn't seem to be proactive with how they respond when channels are hacked, instead relying on the

42
00:03:36,240 --> 00:03:42,320
creators themselves to notify them of a problem. This is even true if you have millions of subscribers

43
00:03:42,320 --> 00:03:47,920
and you think as big as Google is, they'd have some kind of algorithm to detect when major channels

44
00:03:47,920 --> 00:03:53,920
might be compromised. Of course, we do recognize that Google has a tough job deciding how to strike

45
00:03:53,920 --> 00:03:59,040
that balance between usability and security, and our reps at YouTube have been good to us.

46
00:03:59,040 --> 00:04:03,840
But there's always room for improvement, including with our security practices here at LMG. Hopefully

47
00:04:03,840 --> 00:04:08,240
this video has shed some light on why these attacks are happening with more frequency, and we also

48
00:04:08,240 --> 00:04:14,320
hope this is the last time this channel is used as a conduit for crypto scams. We've all lived through

49
00:04:14,320 --> 00:04:17,440
enough of those already. Yeah, that's awesome. So thanks for watching guys. If you liked this

50
00:04:17,440 --> 00:04:22,240
video, hit like, hit subscribe, and hit us up in the comment section with your ideas for topics

51
00:04:22,240 --> 00:04:25,920
that we should cover in the future. We were hacked!