TV Derana YouTube channel was hijacked on 29 August, 2021

On 29th August 2021, Tv Derana YouTube channel was hacked or rather hijacked to live-stream a cryptocurrency scam. 

What really happened?

On 29th August 2021, Tv Derana YouTube channel was hacked or rather hijacked to live-stream a cryptocurrency scam. Within the span of a few hours hacker was able to change the login details, recovery email and phone no of this channel without triggering the 2-factor authentication and kicking off all the access that Derana had. Then they started deleting all the YouTube videos and began to livestream a cryptocurrency scam for 3.07M subscribers. After 5 hours, thanks to YouTube’s 24×7 support Derana recovered the YouTube channel. This channel is a YouTube partner account, which means it has direct access to YouTube’s support. However, Derana had to take down the channel for a few hours until clearing the policy violations raised during that cryptocurrency scam.

TV Derana YouTube channel was hijacked on 29 August, 2021

What caused this incident?

The hacker exploited a vulnerability in one of the remote access software that Derana staff used and gained access to a PC which already login to the TV Derana YouTube channel. This had enabled the hijackers to change the account’s login details as well as recovery emails and phone numbers without triggering the Two-Factor Authentication.

Also, we can commonly consider that lack of outdated security practices, lack of regular security audits, poor password management and lack of employee training on cybersecurity caused this incident. 

Is this an isolated incident?

This was not a single occurrence. Many other YouTubers, including musicians Hakeem Prime and Alok Official, as well as JKK Entertainment, a channel with over 30 million subscribers, had previously reported their channels being hacked for a cryptocurrency live stream in recent days.

This has occurred before on YouTube. The previous year, hackers gained control of multiple well-known YouTube channels in the same manner. Live-streamed clips featuring popular personalities such as Elon Musk and Jack Dorsey were later updated by changing the channel names and incorporating trending keywords to enhance the streams’ visibility. Similar to the content on Derana’s channel, the video featured requests for viewers to donate a specific cryptocurrency with a unique link included in the description. According to reports, hackers earned up to $10,000 from just two hours of live streaming. The amount the attackers got away with this time is unknown.

The incident is also similar to another attack on Twitter in the same year, where prominent accounts like Bill Gates, Jeff Bezos, and Elon Musk were exploited to promote a bitcoin scam using an internal Twitter tool.

How to prevent these incidents?

  • Implement VPN for secure remote access.
  • Conducting comprehensive cybersecurity audits.
  • Keeping software and antivirus protections up to date.
  • Monitor accounts for unusual activity.
  • Enable access control and permissions.
  • Keep incident response plans.
  • Multi-factor authentication.
  • Proper employee training.

Nevertheless, this is just one component of the overall situation. Events such as the Derana hack point to a broader issue concerning Sri Lanka’s online presence and the overall approach to cybersecurity. It is concerning that a high-profile mainstream media entity’s YouTube channel with over 3 million subscribers could be easily hijacked. On the other hand, Sri Lanka’s history of cybersecurity performances is not the greatest.

The extent of Sri Lanka’s focus on cybersecurity still remains uncertain, resulting in costly consequences, especially during a pandemic and an increasing number of related scams. Prevention is considered more effective than cure, especially in the realm of cybersecurity.