By now, most Sri Lankans on the internet would have already seen the countless Facebook posts, tweets and YouTube commentaries about the TV Derana hack fiasco. In case you missed it: the TV Derana YouTube channel was hacked on 29 August, or rather hijacked, to live-stream a cryptocurrency scam. Within the span of a few hours, the channel displayed the cryptocurrency stream and nothing else. The channel was even renamed to “Crypto News” — at which point copycat accounts and commentary videos already started showing up to take Derana’s place.  

TV Derana YouTube channel after its attackers renamed the channel and live-streamed the crypto feed

The YouTube channel has now been restored and Derana has regained control. The channel is a YouTube partner account, which means it has direct access to YouTube’s priority support 24×7 — hence the overnight restoration. “We would’ve been able to recover it sooner but due to the timing of the incident and the fact that our partner managers are at the Google Singapore office, things were a little bit more arduous,” General Manager of  Digital Media at Derana, Janeeth Rodrigo, told Roar Media.

Rodrigo explained that the attackers exploited a vulnerability in one of the remote access software and gained access to a PC with pre-existing access to the TV Derana YouTube channel. This had enabled the hijackers to change the account’s login details as well as recovery emails and phone numbers without triggering the Two-Factor…

Read more…