Man in the middle attacks, the YouTube - Tesla Fiasco

Kiran Vangaveti
June 8, 2023

Recently, the YouTube channel of influencial Indian comedian Tanmay Bhat was hacked. His channel had over 44 lakh subscribers, and the hackers altered the name of the channel to "Tesla Corp" and deleted the videos listed there. Bhat informed of the incident on his Twitter account, stating that even his two-factor authentication was breached. He asked for help from Google and YouTube, saying he needs urgent assistance.

Overview of YouTube Hacking Trends

Hackers have found a new way to further their personal agendas by targeting popular YouTube influencers. This trend seriously threatens brands and individuals relying on these platforms for communication and content dissemination. Influencers, with their broad reach and youthful audience, have unknowingly become a platform for malicious actors to advance their agendas, whether it be through brand associations or ideological motivations.

Possible Groups Involved in the Trend

While there is no definitive evidence pointing to any one particular group, there is a possibility that avid supporters or opponents of Tesla may be involved. Caution must be exercised when jumping to conclusions without concrete evidence.

Given the growing influence of social media influencers, it is not surprising that hackers are capitalizing on their large audiences to spread their messages. The infiltration of YouTube channels gives these hackers access to a dedicated audience that can be easily swayed towards their preferred ideology or political message.

Modus Operandi of Hackers

The modus operandi of these hackers is simple, and often starts with a phishing campaign, using emails that mimic legitimate services. Once the creator clicks on the download link, they are redirected to a malware-infected landing site instead of the genuine product.

Man-in-the-Middle (MiTM) Attack Explained

Cyber attackers well-versed in technology can bypass two-factor authentication without the need for login credentials. One such method is a man-in-the-middle (MiTM) attack, where a third-party intercepts the communication between two connected systems. MiTM attacks, like social engineering, rely on deception to extract valuable information from victims. In a MiTM attack, a malware program steals user session cookies instead of directly requesting the two-factor authentication code. Session cookies contain user data and track online activities, and the attacker can easily bypass 2FA by hijacking these cookies.

Phishing Websites and How Cybercriminals use them

Cybercriminals often utilize phishing websites to execute MiTM attacks. By impersonating trustworthy sources, attackers trick unsuspecting users into authenticating themselves via an attached link. The phishing site steals sensitive data like passwords, personal information, or less-secure second factors. This data can then be used to launch further attacks.

Steps Influencers Can Take to Increase Their Security Strategies

Hence, Increasingly, influencers need to prioritise their cybersecurity strategies. One important step is to receive training on information security to prevent attacks in the future and maintain basic sanity around authentication and login activities.

The Need for Government Authorities and Social Media Giants to Collaborate Closely on Rapid Response Protocols and Regulations

Given the potential consequences of account takeovers, such as spreading false propaganda on a large scale, government authorities and social media giants must collaborate closely. Rapid response protocols and agreed-upon regulations must be established to address these issues effectively.