YouTube Hacked, Justin Bieber Videos Targeted...

In the past hour it appears YouTube has become the target of a hacker attack, specifically targeting videos of pop singer Justin Bieber.

Videos relating to the star have been hit with a redirect hack with a number of different payloads. We’ve seen one redirect to an infamous, explicit “One Man One Jar” video while another covers the screen in the words “OMG Faggot”. A Twitter search confirms that the problem is widespread. Some users are reporting seeing a banner claiming that Bieber is dead.

So, what’s causing this? Coder Richard Cunningham writes on his Posterous blog that it relates to video comments.

“It looks like they are deliberately using malformed HTML to get past YouTube’s checks for HTML sanitisation in the comments. The comment I’ve seen is using the long forgotten marquee tag and a javascript alert, though in principle it could be expanded to support XSS type flaws.”

YouTube appears to be deleting or blocking comments on many video pages. The attack comes on the same day as an apparent iTunes App Store hack came to light. We’ll update with more information as we get it.

UPDATE: Discussions on the notorious 4chan bulletin board site point to members of its community being to blame. We won’t link to the site (the link would be unlikely to last long if we did) so here’s a screenshot of one such message.

UPDATE 2:

Reports on 4chan say that YouTube has blocked the script that hackers were using:

UPDATE 3:

An update via Slashdot:

“Several hours ago, someone found an HTML injection vulnerability in YouTube’s comment system, and since then sites such as 4chan have had a field day with popular videos. The bug is triggered by placing a

Google to compete against Facebook in social media with Google Me…

I found this from the internet and i thought to post it here because i think that many people might be interested to read this…

Yesterday, Digg CEO Kevin Rose tweeted that he’d heard a “huge rumor” that Google was planning to launch a Facebook competitor called “Google Me”, sparking off a wave of speculative reports (Rose has since removed the tweet). NowAdam D’Angelo, who was Facebook’s CTO for years and is now founder of hot Q&A service Quora, is weighing in with more details. And from what he’s hearing, Google Me is indeed very real, and it’s gunning for Facebook.

D’Angelo shared his thoughts as an answer to one of the questions on Quora. Here’s his response:

Here is what I’ve pieced together from some reliable sources:
• This is not a rumor. This is a real project. There are a large number of people working on it. I am completely confident about this.
• They realized that Buzz wasn’t enough and that they need to build out a full, first-class social network. They are modeling it off of Facebook.
• Unlike previous attempts (before Buzz at least), this is a high-priority project within Google.
• They had assumed that Facebook’s growth would slow as it grew, and that Facebook wouldn’t be able to have too much leverage over them, but then it just didn’t stop, and now they are really scared.

You can read more responses to the question on the Quora thread here.

This obviously has the potential to be huge, and Facebook needs a strong competitor. But even if Google has an amazing site in the pipeline, creating the next Facebook is going to be easier said than done — nearly 500 million people already have their content stored on Facebook, and despite what Facebook has claimed about being open, I doubt they’ll make it easy for anyone to jump into the arms of a competitor. Not to mention the fact that Google has had shortcomings with its social sites like Buzz, Wave, and Orkut. This could be a very interesting battle.

Google hack hit 33 other companies

The plot thickens. According to iDefense Labs, the recent Internet attack that has so upset Google affected 33 other US tech and defence firms and is directly related to an Adobe Reader-based attack of last July.
The US flaw-hunting specialist said that the attack was an attempt to steal source code on an industrial scale and was, in many cases, probably successful. If correct, this might explain why Google has by its own normally quite restrained standards gone ballistic to the extent of threatening to quit China.
"Two independent, anonymous iDefense sources in the defense contracting and intelligence consulting community confirmed that both the source IPs and drop server of the attack correspond to a single foreign entity consisting either of agents of the Chinese state or proxies thereof," said the iDefense press statement, confirming what the world already knows.
It now turns out that Adobe itself was targeted in the latest alleged Chinese attacks, http://blogs.adobe.com/conversations/2010/01/adobe_investigates_corporat... ">as a statement on its own website explains.
"Adobe became aware on January 2, 2010 of a computer security incident involving a sophisticated, coordinated attack against corporate network systems managed by Adobe and other companies."
The note goes on to say that in Adobe's case, the attack was not successful in stealing any data.
More embarrassingly, a flaw in Adobe software has been implicated in the new attacks. iDefense has forensically linked these to last July's attacks, which involved exploiting zero-day flaws in Adobe Reader 9.1.2 and Adobe Flash Player 9 and 10 to send specially-crafted PDFs.
As well as using the same emailed PDF technique to drop Trojans, the two attacks used the same HomeLinux DynamicDNS provider, pointed to the same virtual private server host owned by US-based Linode, and had IP addresses on the same subnet within a very similar address range.
"Considering this proximity, it is possible that the two attacks are one and the same, and that the organizations targeted in the Silicon Valley attacks have been compromised since July," says iDefense.
In fact, it is also possible that exploits go back further since the flaws used in last summer's attack pre-date the known attack by some months.
Whatever the details, that China is targeting the US technology firms, the government and military is nothing new, as a Northrop Grumman report of last October made clear. It now looks as if the latest cycle of attacks could take US firms, and perhaps even the US government itself, beyond breaking point.

Security experts say Google cyber-attack was routine

The cyber-attack that made Google consider pulling out of China was run of the mill, say security experts.

Google revealed its move following attempts to hack Gmail accounts of human rights activists.

The search giant said analysis showed that the series of attacks originated from inside China.

"This wasn't in my opinion ground-breaking as an attack. We see this fairly regularly. said Mikko Hypponen, of security firm F-Secure.

"Most companies just never go public," he added.

"Human-rights activists are the biggest target," said Mr Hypponen. "Everyone from Freedom for Tibet to Falun Gong supporters and those involved in Liberation of Taiwan are hit."

F-Secure has been monitoring such attacks against Chinese human-rights activists since 2005.

Google has operated in China since 2006 and has now said it was no longer willing to censor results on its Chinese search engine as the government required.

China has responded to Google and said that foreign firms were welcome to trade in the nation "according to the law". The spokesman added that the net was "open" in China.

Other victims

Of the attacks, Google said only two Gmail accounts were accessed and that hackers got very limited information. This included when the account was set up and the subject line rather than content of e-mail messages.

The company said that the accounts of dozens of US, China and Europe-based users who are advocates of human rights in China had been routinely accessed by third parties.
The cyber-criminals broke in using a tactic known as "phishing" where a legitimate e-mail is sent claiming to come from someone the user knows and trusts.

Typically these e-mail messages have a booby-trapped attachment that, once opened, places malware on a computer.

Once an e-mail account is compromised, attackers can piggyback on it to get access to confidential files and systems throughout an organisation.

"The attacker really did their homework finding out first who to attack, who the key people were in the organisation and how to attack them," said Mr Hypponen.

Google has said publicly that another 20 companies were hit. Adobe is the only other company to go public with this information.

But many security experts say the figure is much higher.

"We know of at least 40 companies that were attacked. For the most part they were in the US," said Chris Day, chief security architect of IT services firm Terremark.

"This goes on all the time. Of the Fortune 100 companies, all 100 are under some sort of attack all the time."

Mr Day told the BBC a host of those targeted were technology and software companies based in Silicon Valley.

Google has revealed that finance, chemical and media firms were hit.

Blame game

Questions are now being asked about who orchestrated the attacks.

"We are not saying one way or another these attacks were state sponsored or done with the approval of the state," said David Drummond, Google's chief legal officer.

"We do know they were highly organised and we believe the attacker came from China."
The inference being drawn across the security community is that the Google attack and those on other US companies were sanctioned by government.

"Sources indicate that they believe the attack is the work of actors operating on behalf of or in the direct employ of official intelligence entities of the People's Republic of China," said iDefense Labs in an e-mail to the BBC.

iDefense also revealed that this incident resembles one that took place in July 2009 against nearly 100 IT-focused companies.

"A nation state getting into the business of hacking companies is a really big shift," said Dan Kaminsky, director of penetration at security firm IOActive.

"The question now is are we going to see a significant increase or decrease in these kinds of attacks?"

Safe and secure

Google has stressed that users have nothing to fear about the security of the information it holds.
"The fact that they have come out and are transparent about what has happened is good for user trust," said Terremark's Mr Day.

"I have seen far worse things happen and I think larger organisations, and even individuals, should take this as an object lesson that no-one is immune to these attacks."

General security advice for all users is have a strong password that is changed regularly and includes letters, numbers and symbols.

All security patches should be up-to-date and users should never open attachments unless they know the person they are being sent by and are expecting them.