Subscribe

Watch This Cat Video (or Anything on YouTube) and Get Hacked

Alexander Reed Kelly
Associate Editor
In December 2010, Alex was arrested for civil disobedience outside the White House alongside Truthdig columnist Chris Hedges, Pentagon whistle-blower Daniel Ellsberg, healthcare activist Margaret Flowers and…
Alexander Reed Kelly

When large flows of Internet traffic and information remain unencrypted, seemingly harmless activities like watching YouTube videos can allow security and intelligence agencies and well-funded private parties total access to a person’s computer.

Morgan Marquis-Boire, a senior researcher and technical adviser at the Citizen Lab at the University of Toronto’s Munk School of Global Affairs who published a new study on the topic, describes in an article in The Intercept on Friday how such hacking can happen:

Companies such as Hacking Team and FinFisher sell devices called “network injection appliances.” These are racks of physical machines deployed inside internet service providers around the world, which allow for the simple exploitation of targets. In order to do this, they inject malicious content into people’s everyday internet browsing traffic. One way that Hacking Team accomplishes this is by taking advantage of unencrypted YouTube video streams to compromise users. The Hacking Team device targets a user, waits for that user to watch a YouTube clip like the one above, and intercepts that traffic and replaces it with malicious code that gives the operator total control over the target’s computer without his or her knowledge. The machine also exploits Microsoft’s login.live.com web site in the same manner.

Read more here.

Forget Your Sadness:

— Posted by Alexander Reed Kelly.

Advertisement

Now you can personalize your Truthdig experience. To bookmark your favorite articles, please create a user profile.

Personalize your Truthdig experience. Choose authors to follow, bookmark your favorite articles and more.
Your Truthdig, your way. Access your favorite authors, articles and more.
or
or

A password will be e-mailed to you.

Statements and opinions expressed in articles and comments are those of the authors, not Truthdig. Truthdig takes no responsibility for such statements or opinions.