How Linus Tech Tips Got Hacked & Why I Updated Incident Response Plan [YouTube Release]

Additional Resources:

Connecting With Us

• Hire Us For A Project: Hire Us – Lawrence Systems
• Tom Twitter https://twitter.com/TomLawrenceTech
• Our Web Site https://www.lawrencesystems.com/
• Our Forums https://staging-forum.lawrencesystems.com/
• Instagram https://www.instagram.com/lawrencesystems/
• Facebook Lawrence Systems | Southgate MI
• GitHub lawrencesystems (Lawrence Systems) · GitHub
• Discord lawrencesystems

Lawrence Systems Shirts and Swag

►👕 https://teespring.com/stores/lawrence-technology-services

AFFILIATES & REFERRAL LINKS

Amazon Affiliate Store
Lawrence Systems's Amazon Page

Ubiquiti Affiliate
Ubiquiti Store United States

All Of Our Affiliates that help us out and can get you discounts!
https://www.lawrencesystems.com/partners-and-affiliates/

Gear we use on Kit
Kit

Try ITProTV free of charge and get 30% off!
Learn technology and pass IT certifications with ITProTV

Use OfferCode LTSERVICES to get 10% off your order at
Tech Supply Direct - Refurbished Tech at Unbeatable Prices

Digital Ocean Offer Code
DigitalOcean | Cloud Hosting for Builders

HostiFi UniFi Cloud Hosting Service
HostiFi - UniFi Cloud Hosting

Protect you privacy with a VPN from Private Internet Access
Buy VPN with Credit Card or PayPal | Private Internet Access

Patreon
lawrencesystems | creating Tech Tutorials & Reviews | Patreon

Time Stamps
00:00 Lessons Learned from Linus Hack
00:43 Session Token Stealing
02:35 Building an Incident Response Plan
05:04 Clearing Google Session Tokens

#linustechtips #YouTube #hacking

Another case where some Linux computers or even cheap Chromebooks likely would have prevented this. And yes I do understand that Chromebook is a Linux OS.

What does a screensaver file do in a Linux world?

And was the infected computer actually running an activated license? Lots of things don’t work as expected when the OS is not activated, they do this to annoy the user to try and get them in compliance. Linus has mentioned many times how he rarely activates the computers that they are using for testing. They should probably be using EVAL versions for those computers since they are not really part of production. Might still be a licensing violation for EVAL use though, I’d have to read the license and look at the use case.

I’ve always thought it’s better to run virtual machines on laptops, using the host only to run the vms. Not sure if that would have totally helped in this case but segmenting areas of work seems a good idea, even using containers in Firefox may have been of benefit. QubesOS is on my list to inspect for a few years now.

Saying all that, I do my online banking on an old laptop used only for that purpose. Though daily I am running at least 3 virtual machines on my laptop.

This is where I find Kasm (https://kasmweb.com/) to be super useful. I’m able to open up Kasm to view the link or document and quickly see that it’s nefarious and then kill the session.