Dreams and Digital Dangers: Linus Tech Tips' Cybersecurity Lesson

Last night, I had a vivid dream that occurred because of recent thoughts of slight concern for perhaps being too reliant on Google’s cloud services.

The dream starts with me entering the back door on a red bus, an April evening in Oslo. Just like a movie scene, I slightly notice a stereotypical hacker girl sitting focused on a beefy laptop as I walk by. I find a standing location in the middle of the bus. Beside me hangs a poster for a cybersecurity convention that is happening next week. Interested, I scan the QR code at the bottom of the page as it wants to direct me to https://cyber.secconf.com/oslo-2023. After some navigating I find the downloadable pdf of the event program. I look out of the bus window while the files takes a while to load. The roster looks solid, so I sign up for the convention.
As the bus arrives at the next bus station, I open my messaging app to forward the link to a few friends. I’m instead met with tens of demanding outgoing messages that look like I could’ve written them… Panic ensues. I look towards the empty seat where the hacker girl was sitting, have I been hacked?!

Just a month ago a vastly different situation had recently unfolded for the popular YouTuber Linus Tech Tips. The common denominator of the stories is that the hackers used a similar hacking technique and were able to bypass two - factor authentication and act fully on behalf of the victim. With the growing threat of cyber attacks and deep fake technology, it's crucial for us to understand how this happened, learn from it, and explore ways to protect ourselves and our digital identity.

The renowned YouTube tech channel Linus Tech Tips fell victim to a cyber attack in March 2023. The hackers renamed the channels to Tesla and streamed fraudulent crypto content with Elon Musk as an unauthorized host. The incident lasted until YouTube and Linus himself intervened, regaining control of their channels. This breach exposed the vulnerability of even the most successful channels and the need for better security measures on the platform.

The attackers sent a seemingly legitimate business offer email to Linus Media Group. After exchanging emails, the hackers attached a malicious file disguised as a PDF. Unfortunately, a staff member clicked on the file, unknowingly giving hackers access to the channels. The hackers exploited locally stored session tokens, cookies, and passwords, bypassing two - factor authentication and other protective measures.

To avoid such errors, Linus and anyone else concerned about their digital security could have implemented the following best security practices:
- Verify the legitimacy of the sender's email address by checking for inconsistencies or unusual elements. For example, a suspicious email might have a similar domain name to a trusted source but with subtle differences like extra letters or misspellings.
- Assess the content of the email for red flags, such as unexpected attachments, urgent requests, or generic greetings that don't address you personally.
- Be cautious when opening attachments, especially from unfamiliar sources. Before downloading or opening a file, hover over the link to see the actual URL and ensure it matches the expected file type or source.

There are two aspects of the story we'd like to emphasize. The first is how to prevent unauthorized access to your Google account or other personal information. The second aspect is the potential risks and implications if hackers manage to access your data, such as creating deep fakes and misusing your digital identity. Just piping the last 10 messages from any conversation and a carefully crafted prompt, most Large Language Models (LLM’s) can easily continue the conversation while simultaneously steering it towards an attacker’s agenda. Protecting Your Digital Identity: As text as a medium has recently gotten incredibly easy to fake, multimodal communication will inherently have a higher degree of trust. For the hacker to fake voice and video in real conversation. Their systems and acting all need to be sufficiently advanced and coordinated in order to trick the human brain. To safeguard your digital identity and prevent falling victim to cyberattacks and deep fake impersonation, consider these steps:

- Establish a protocol with your close contacts to ensure your identity cannot be easily impersonated. Use multimodal communication methods for confirming important decisions.

- Have code words or rotating questions during important meetings to verify the identity of participants.

- Keep your digital footprint minimal by only sharing necessary information online and being cautious with the data you store on various platforms.

- Look for ways to minimize the impact if a single breach occurs.

- Eat all cookies after baking them or when visiting unfamiliar links on your devices.

- Be aware of the growing threat posed by quantum computing, which could crack all commonly used encryption techniques.

Linus Tech Tips being hacked serves as a reminder that even tech savvy people fall victim to cyber attacks. By staying informed, adopting better security practices, and understanding the potential implications of emerging technologies like deep fakes, we can minimize the risks associated with these attacks. Remember, as individuals without a big YouTube channel or a team handling hundreds of emails daily, we are still vulnerable. Stay safe, stay vigilant and sweet dreams!