As many of you already know, because it has been published in almost all types of media, the YouTuber and streamer's channel Ibai was hacked. A channel with 10M subscribers.
It has not been the only one, but it has been one of the most representative in the Spanish-speaking world.
Once the channel was hacked, all the videos were made private and they put one on a loop of an “alleged” live broadcast of Elon Musk.
So much so, that the channel also changed the name and logo, giving it the appearance of the official Tesla channel.
What subscribers found was a new uploaded video notification, as always, and they went to see what it was about. And they were surprised by that “false” direct from Elon.
The fraud.
Yes friends, because all of this is not a Ramsonware type attack that asks you for a ransom to recover the channel, which they could, it is a scam for the subscribers of that channel.
As?
Well, very easy, while you are watching the video, you have a section in which they ask you for money to invest, this investment is also in cryptocurrencies. And they “promise” you revaluations that are little more than dreamlike.
And there the circle closes, the subscribers (normally very young people) see that a live from someone very important and with a lot of influence is uploaded on their trusted channel, and they also ask you for an investment with a false promise with the digital currency of trendy fashion.
It has everything, so that a few hundred unsuspecting people fall and you know, hundreds here, hundreds there making “investments” of 2-10$ or Euros on average…. Do the math.
The hacking.
But hey, we are not going to limit ourselves to just telling what happened, we are going to give it context within our little world.
First, you have to think that streamers are people who already have a powerful team behind them. Whether they are editors, layout designers, cartoonists, designers, scriptwriters... Nothing to envy of a classic TV program.
Therefore, there are quite a few people who have access to the channel account.
The classic phishing attack continues to be the most effective, emails for promos with private companies (advertising), events, etc., etc. And there are not a few emails that are received, those in charge of this have to discern between the offers they want to make or not, in addition to their subsequent negotiations as well as attempting those that are fraudulent. And all this, in general, without being prepared or having training. Let us also remember that these types of attacks are becoming more sophisticated, thanks to AIs.
Another huge attack vector is pirated software. Yes, the most emerging channels that still do not generate enough income pirate video design and editing suits. With which any given malware can sneak in, let's also remember that normally to install this type of software, you have to disable your defenses.
And worst of all, for the level they are at, there is free software (Davinci Resolve) that is more than enough for their needs, but requires learning to use.
And a more sophisticated one, which was probably used for large channels, is Session Hijacking.
Do you know that thing that happens when you access your services and you don't have to log in? Well, it is precisely about getting hold of that cookie that allows this type of login. Furthermore, this becomes worse if the account is shared with more users. Do you remember the people who worked on these types of channels? That's where the shots go, plus a little phishing... And the magic is done.
What about MFA?
Well, if your cookie is stolen, there is no MFA that works because your device is valid, so it will not ask you for it. Is not worth it.
Solutions:
- Reduce the attack surface, that is, the number of people who have access.
- Remove automatic access.
- And get a security key, an example, it doesn't matter if they steal your cookie, if they take your MFA, if they don't have the physical key that will be requested when you connect... You won't be able to access it, at least for now.
Conclusions:
The more we are exposed on networks, the more we need to secure our environment. These types of professionals should already be considering hiring some type of service or specialized personnel. They continue to be targets in this digital sea.
English 
Spanish