WEBVTT 00:00:00.000 --> 00:00:04.480 If you're a regular viewer, you probably know we got hacked recently with the tech 00:00:04.480 --> 00:00:09.840 quickie videos you know and love replaced by everyone's favorite streams operated by crypto 00:00:09.840 --> 00:00:15.280 scammers. Oh boy. Over on our sister channel Linus Tech Tips, we have a video detailing exactly 00:00:15.280 --> 00:00:20.400 what happened, but the upshot is that a compromised email attachment stole session tokens from a 00:00:20.400 --> 00:00:25.040 computer here at the office, basically the part of a web browser cookie that tells a website that 00:00:25.120 --> 00:00:30.240 you're logged in. Cookie theft often allows an attacker to access accounts without knowing the 00:00:30.240 --> 00:00:36.080 password and it's become a relatively common way for YouTubers to get hacked. But why is it so easy? 00:00:36.080 --> 00:00:40.880 Before we dive into the answer, we'd like to thank fellow YouTuber Theo Joe for his thoughts on the 00:00:40.880 --> 00:00:45.600 situation. Go and check out his channel when you're done watching this. The reason why so many 00:00:45.600 --> 00:00:51.200 YouTubers have gotten hacked recently boils down to a trade-off between convenience and security. 00:00:51.200 --> 00:00:55.520 You see, YouTube along with basically any other website that requires you to log in 00:00:55.520 --> 00:01:02.000 can ask you for your credentials at any time, but it's how often they decide to do this or not 00:01:02.000 --> 00:01:06.960 do this. That can mean the difference between you staying safe and getting hacked. Here's what I 00:01:06.960 --> 00:01:12.320 mean. Although it would be extremely annoying for YouTube to ask us for our password every time we 00:01:12.320 --> 00:01:18.000 try to do something simple like upload a video or change a thumbnail, it might behoove YouTube to 00:01:18.000 --> 00:01:23.680 ask for passwords when making a major modification such as, I don't know, changing the name of the 00:01:23.680 --> 00:01:29.600 channel, which Google doesn't do consistently. Another potential red flag that YouTube could 00:01:29.600 --> 00:01:35.200 pay attention to is when the IP address of the logged in computer changes. Although there are 00:01:35.200 --> 00:01:40.560 totally innocent reasons for this to happen, such as taking your laptop on a trip or logging in to 00:01:40.560 --> 00:01:46.720 a VPN or your ISP just reassigning you a new one, it could also be because an attacker has stolen 00:01:46.720 --> 00:01:51.360 your cookie and is now logged in from elsewhere. But it doesn't appear that Google consistently 00:01:51.360 --> 00:01:56.240 asks you for your password again in this situation either. These are fairly simple precautions, 00:01:56.240 --> 00:02:01.520 so it's a bit of a mystery why Google doesn't already pick them. But if we had to guess, 00:02:01.520 --> 00:02:05.440 which we'll be doing since YouTube didn't get back to us when we reached out for comment, 00:02:05.440 --> 00:02:10.080 it's likely to cut down on how often creators are asked to punch in their credentials, 00:02:10.080 --> 00:02:15.520 which can be annoying. But even if you agree that YouTube has struck the right balance between 00:02:15.520 --> 00:02:21.280 security and usability, there are still more ways they can prevent these attacks after the 00:02:21.280 --> 00:02:26.560 hacker has gotten the password. Strengthening two-factor authentication should also be high 00:02:26.560 --> 00:02:30.480 on Google's list of security priorities. Although YouTube and other Google services 00:02:30.480 --> 00:02:37.280 obviously support 2FA already, you aren't asked to re-verify on your two-factor device on a computer 00:02:37.280 --> 00:02:42.480 you're already logged into, meaning that if a rogue file attachment contains a keylogger, 00:02:42.480 --> 00:02:46.880 the attacker can just re-enter your password onto your stolen session with a good chance 00:02:46.880 --> 00:02:52.400 they won't be asked for that second factor that only you have. It's like having a guard dog that's 00:02:52.400 --> 00:02:59.200 just sleeping on the job. What do guard dogs dream of? To be fair to Google, they do have 00:02:59.200 --> 00:03:04.560 a more advanced tool called Context Aware Access for enterprise users that allows the 00:03:04.560 --> 00:03:09.520 whitelisting of only certain IP addresses which prevents a faraway attacker from logging in 00:03:09.520 --> 00:03:14.880 even if they have all your credentials. But the problem is that only specific Google apps such 00:03:14.880 --> 00:03:20.640 as Drive and Gmail support it. You can't lock down an entire account that way, so it does nothing 00:03:20.640 --> 00:03:25.200 for YouTubers trying to protect against a hack. And speaking of locking down accounts, perhaps the 00:03:25.200 --> 00:03:30.720 biggest elephant in the room is that regardless of what security measures YouTube offers, Google 00:03:30.720 --> 00:03:36.240 doesn't seem to be proactive with how they respond when channels are hacked, instead relying on the 00:03:36.240 --> 00:03:42.320 creators themselves to notify them of a problem. This is even true if you have millions of subscribers 00:03:42.320 --> 00:03:47.920 and you think as big as Google is, they'd have some kind of algorithm to detect when major channels 00:03:47.920 --> 00:03:53.920 might be compromised. Of course, we do recognize that Google has a tough job deciding how to strike 00:03:53.920 --> 00:03:59.040 that balance between usability and security, and our reps at YouTube have been good to us. 00:03:59.040 --> 00:04:03.840 But there's always room for improvement, including with our security practices here at LMG. Hopefully 00:04:03.840 --> 00:04:08.240 this video has shed some light on why these attacks are happening with more frequency, and we also 00:04:08.240 --> 00:04:14.320 hope this is the last time this channel is used as a conduit for crypto scams. We've all lived through 00:04:14.320 --> 00:04:17.440 enough of those already. Yeah, that's awesome. So thanks for watching guys. If you liked this 00:04:17.440 --> 00:04:22.240 video, hit like, hit subscribe, and hit us up in the comment section with your ideas for topics 00:04:22.240 --> 00:04:25.920 that we should cover in the future. We were hacked!