How Linus Tech Tips Got Hacked & Why I Updated Incident Response Plan [YouTube Release]

Additional Resources:

Connecting With Us

Lawrence Systems Shirts and Swag



Amazon Affiliate Store
:shopping_cart: Lawrence Systems's Amazon Page

Ubiquiti Affiliate
:shopping_cart: Ubiquiti Store USA – Ubiquiti Inc.

All Of Our Affiliates that help us out and can get you discounts!
:shopping_cart: Affiliates We Love - Lawrence Technology Services

Gear we use on Kit
:shopping_cart: Kit

Try ITProTV free of charge and get 30% off!
:shopping_cart: Learn technology and pass IT certifications with ITProTV

Use OfferCode LTSERVICES to get 10% off your order at
:shopping_cart: Tech Supply Direct - Refurbished Tech at Unbeatable Prices

Digital Ocean Offer Code
:shopping_cart: DigitalOcean | The Cloud for Builders

HostiFi UniFi Cloud Hosting Service
:shopping_cart: HostiFi - UniFi Cloud Hosting

Protect you privacy with a VPN from Private Internet Access
:shopping_cart: Buy VPN with Credit Card or PayPal | Private Internet Access


:stopwatch: Time Stamps :stopwatch:
00:00 :arrow_forward: Lessons Learned from Linus Hack
00:43 :arrow_forward: Session Token Stealing
02:35 :arrow_forward: Building an Incident Response Plan
05:04 :arrow_forward: Clearing Google Session Tokens

#linustechtips #YouTube #hacking

Another case where some Linux computers or even cheap Chromebooks likely would have prevented this. And yes I do understand that Chromebook is a Linux OS.

What does a screensaver file do in a Linux world?

And was the infected computer actually running an activated license? Lots of things don’t work as expected when the OS is not activated, they do this to annoy the user to try and get them in compliance. Linus has mentioned many times how he rarely activates the computers that they are using for testing. They should probably be using EVAL versions for those computers since they are not really part of production. Might still be a licensing violation for EVAL use though, I’d have to read the license and look at the use case.

I’ve always thought it’s better to run virtual machines on laptops, using the host only to run the vms. Not sure if that would have totally helped in this case but segmenting areas of work seems a good idea, even using containers in Firefox may have been of benefit. QubesOS is on my list to inspect for a few years now.

Saying all that, I do my online banking on an old laptop used only for that purpose. Though daily I am running at least 3 virtual machines on my laptop.

This is where I find Kasm ( to be super useful. I’m able to open up Kasm to view the link or document and quickly see that it’s nefarious and then kill the session.

1 Like