Sophos Cloud Optix
Sesame Street had its YouTube channel hacked on Sunday, and its highly popular child-friendly videos of muppets like Kermit the frog and the Big Bird replaced with something far less savoury: Hard core porn movies.
What would Bert and Ernie say? The truth of the matter is that the channel is regularly visited by young children, and parents trust that the page will be safe for them to view.
The NSFW content was available for all the world to see for approximately 20 minutes, before the channel was suspended for “repeated or severe violations of our Community Guidelines.”
You have to wonder what was going through the mind of whoever hacked Sesame Street’s YouTube page.
Aside from uploading pornographic videos, the hackers also changed the Sesame Street’s channel profile on YouTube:
WHO DOESN'T LOVE PORN KIDS? RIGHT! EVERYONE LOVES IT! IM MREDXWX AND MY PARTNER MRSUICIDER91 ARE HERE TO BRING YOU MANY NICE CONTENT! PLEASE DON'T LET SESAME STREET TO GET THIS ACCOUNT BACK KIDS 🙁 PLEASE...LET ME AND MRSUICIDER91 HAVE IT AND WE GONNA MAKE ALL THE AMERICA HAPPY!
Now, if it really was YouTube user “MrEdxwx” who hacked the Sesame Street account you would have to suggest he go back to his first day at school, because it would be remarkably silly to leave a message telling the world that he was the perpetrator.
“MrEdxwx” is clearly feeling the heat, however, as he has decided to upload a video denying any involvement in the hack.
Precisely how Sesame Street’s YouTube channel got hacked is presently a mystery – but it’s natural to assume that they were sloppy with their password security.
the date is wrong…must be time travellers
Or you are just in a different time zone?
During two hours of every day, there is technically three days. I believe this occurs in roughly 16 hours, wherein, around the globe, it will be the 19th, the 18th and the 17th of October at the same time.
I guess I shouldn't use "cookiemonster" as my password anymore?
This highlights the need of having a strong password. My guess is that they probably used a weak password. A complex password consisting of both alphanumeric characters and symbols is recommended, and the minimum length should be at least 8 characters. Hacks like this will continue to happen unless users wise up and take security seriously.
Having strong passwords does not need to increase security. I dare to state that stronger passwords might even decrease security, since they are harder to remember (I have 100+ passwords for various different sites/logons/etc) and they will be written down somewhere on a piece of paper. If you would use a password safe, then the security of all your logons is reduced to the security of that password safe.
use rules like i do…(mostly heh, i still foget em sometimes and dont trust using keypass etc..need a challenge response device really imho) ..rules like, change word into letters and numbers (altho my pet peeve is that some GOVT and bloody official sites wont let you use complicated p/w, and some of these sites are security/etc based ones!)…
i.e …the word 'faster' , try, lowecase f, then number 4 for 'a' then '$' for 's' and then mix it with normal letters (e, and t), and end with something like an uppercase "R' , and a good rule it to use some symbols like tildes,~, dashes –' etc on the end…sequence is easy, if ya look at it …..take word, lowercase first letter, number for second, symbol matching the letter for third,normal letters lowercase,UPPERCASE the end, and make a habit of using one or two symbols on the end. if you stick to these, (you may have to mod a little if it asks for a long character p/w , but yeah…it works and you can usually rem passwords if you always stick to it. thats not my ruleset btw heh, not far from, but i aint gonna tell mine 😛 –
http://xkcd.com/936/
Doesn't help if they were phished, or if they used the same password elsewhere on the net.
correct and we've all done it….usually i get a sequence of words and do the above ive written up there..so faster could turn to slower, then deadslow, then notmoving..etc etc, ….just dont change em when youve been up for two long heh 🙂
http://xkcd.com/538/
Having a strong password is important but a 8 character password is not much better that a 6 or 7. I like 15+ character passwords. These passwords take a much longer time to hack. Also there are a lot of security programs designed to encrypt and store your password so even if you get hacked it is much harder to get the passwords.
Nah.. They probenly used hacked the account with hacking software.
But a hacking software can hack a password with 5 letters in roughly 3 minutes. More than 7 Will take roughly hours.
Every time anouther digit is add the time the software will take roughly ranges the possibilities by 24-1000.
The software will have to go through every single password possiblity.
Imagine that with and 100 digit password.
🙂
Sesame Street’s YouTube channel is popular — but it is used to promote:
http://www.sesamestreet.org/
…which, given this hack, might be a good thing to mention at the end of your post.
(I was watching Elvis Costello and Elmo with my pre-schooler yesterday…)
I'm thinking it was a fan or, most likely, previous fan of "MrEdxwx" who did this.
Instead of blaming sloppy passwords, perhaps they got sloppy with the email upload option as well..
I think it was someone looking to discredit MrEdWx. Seems very sick and twisted to replace children's content with adult content, but this concept isn't a new one. Anybody who has seen the movie "Fight Club" will recognise the idea, in some form.
Also, Kermit the frog IS a muppet, not part of Sesame Street.
I'm pretty sure that Kermit made appearances on Sesame Street too.
Wikipedia agrees with you Graham.
heh sure did ..demise of the muppet show as well sucked so much heh..altho there is some great new ones out heh, muppetshow on fb for ref 🙂
Kermit, was one of the original puppets on Sesame Street along with Miss Piggy.
"parents trust that the page will be safe for them to view."
That's the first and biggest mistake, putting trust in anything online, expecting something to be 100% safe 100% of the time, is just a recipe for disappointment and 100% impossible.
I love how the BBC's coverage makes you sound like a perv who can't find porn elsewhere Graham:
"Security blogger Graham Cluley grabbed several screenshots of the offending content before it was removed."
For years everyone thought Bert and Ernie were a couple, wonder if they made an apperance?
This may be symptomatic of something larger. A few weeks back, I experienced a drive-by download that may have been YouTube related. I logged into YT and in the "suggested" links/ subscription updates section, I noticed links to a singer's page I subscribe to. One pointed to her YT channel. The 2nd pointed to her Fb page. I right clicked into different tabs. As soon as both updated with what seemed the proper Page Titles, I got a ZA alert that some unknown .exe was trying to acces the internet, I disallowed it, but it was too late!
A bogus dialog about RAM running low, HD running low and advising to do a scan appeared. I F4'ed out, to no avail. I Had to use a bootCD to remove any suspicious files that I found.
I'm not sure if the drive-by was initiated at the singer's site, Fb page or if it came from YT. I fear, though, my YT acct may have been hacked. I haven't tried to sign in again since, I've been doing research into whether there was a hack which brought me to this blog.
There may be some kind of concerted effort to hack YT going on. Has anyone else found evidence that this may be happening?
I feel bad on the youtuber who said to have do e it. Sounds like something /b/ would do
I'm sorry, but have we become distracted here.
Forgetting about security issues, the problem here is that there are individuals / groups out there who think it is "fun" to pervert what is deemed to be "safe" by a wide selection of the population.
They may be trying to prove some kind of point, but why should targeting the most vulnerable of individuals in our society be any excuse for any kind of action that crosses this line.
They are sick and should be vilified, end of.
one good reason to keep kids away from Yo uTube. It took them 22 minutes to remove the content. Why can't youtube enforce password complexity? I am hoping that the parents of the Kids that watch these videos sue Seasme Street and YouTube.
If you cannot provide safe content, you must be taken off, fined e.t.c.
I believe that you are going at this the wrong way. Consider just how many users are on YT and the number of videos they upload; the YT staff has no chance of screening every single video that is uploaded, so they have to rely on community feedback.
Now consider the probability that a user flags a video just because they disagree with the content, although it is not in violation of the law nor YT guidelines/acceptable use – this means that the video has to be flagged by several people before it is worth an investigation by YT staff.
Consider also that there is probably only a certain percentage of the users who will actually flag a video.
Rather than leaving their kids alone with a computer and then suing YT or keeping the kids from using YT all together, I think that parents should be together with their kids so that they can provide guidance.
I am 21 years old and I grew up with divorced parents (they separated when I was around 4 years old). Most of my childhood, I'd spend one week at my mothers place and the next week at my fathers place. When I was about 6 or 7 years old, my parents got computers.
My mother had a PC with no internet in a room without a door, and I was allowed to play my games and use MS Paint on it. My father had a PC with internet and that PC was located in the living room. He would browse the internet together with me. Some times, he'd start a game for me, and then he'd sit down in the couch to read the newspaper or watch TV, keeping an eye on what I was doing on the computer.
At my fathers workplace, I was allowed to borrow one of his colleagues computers. It was an open office landscape, and the computer I was using was placed in such a manner that my father could see "my" monitor from where he was sitting. My father would open the browser for me and go to a site with browser-based games and puzzles for kids.
It was first at the age of 12 that I got a computer of my own, which I had in my room at my mothers place, and it was not connected to the internet until I was 14 years old.
Ahhh, internet tom foolery… gives a whole new definition to the term Cookie Monster.