Slashdot Mirror
PewCrypt Ransomware Locks Users' Files and Won't Offer a Decryption Key Until - and Unless - PewDiePie's YouTube Channel Beats T-Series To Hit 100M Subscribers (zdnet.com)
The battle between PewDiePie, currently the most subscribed channel on YouTube, and T-Series, an Indian music label, continues to have strange repercussions. In recent months, as T-Series closes in on the gap to beat PewDiePie for the crown of the most subscribers on YouTube, alleged supporters of PewDiePie, in an unusual show of love, have hacked Chromecasts and printers to persuade victims to subscribe to PewDiePie's channel. Now ZDNet reports about a second strain of ransomware that is linked to PewDiePie. From the report: A second one appeared in January, and this was actually a fully functional ransomware strain. Called PewCrypt, this ransomware was coded in Java, and it encrypted users' files in the "proper" way, with a method of recovering files at a later date. The catch --you couldn't buy a decryption key, but instead, victims had to wait until PewDiePie gained over 100 million followers before being allowed to decrypt any of the encrypted files. At the time of writing, PewDiePie had around 90 million fans, meaning any victim would be in for a long wait before they could regain access to any of their files. Making matters worse, if T-Series got to 100 million subscribers before PewDiePie, then PewCrypt would delete the user's encryption key for good, leaving users without a way to recover their data.
While the ransomware was put together as a joke, sadly, it did infect a few users, ZDNet has learned. Its author eventually realized the world of trouble he'd get into if any of those victims filed complaints with authorities, and released the ransomware's source code on GitHub, along with a command-line-based decryption tool.
While the ransomware was put together as a joke, sadly, it did infect a few users, ZDNet has learned. Its author eventually realized the world of trouble he'd get into if any of those victims filed complaints with authorities, and released the ransomware's source code on GitHub, along with a command-line-based decryption tool.
I was never a fan (not being a 13 year old girl when he broke) but somewhere along the line he pivoted to attracting the Alt-Right viewers and seemed to have gone off the deep end. Then again I was never a fan, maybe he always was like this. At any rate the fans he's attracting were already scary and that was before this and that mess in New Zealand.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
WTF is a "Pewdepie"?
I"m sure I'd better shout at kids to get off my lawn at this point....
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
Perhaps I've missed it (and it's a good chance I have as I don't follow him) but I don't recall seeing where he's spoken out about the illegal activities being done in his name (hacking, encrypting, murder, etc)
You've only scratched the surface. Armed robbery, kidnapping, counterfeiting, extortion, racketeering, stock manipulation, global financial manipulation, tanking currencies, falsifying documents, purposefully accelerating global climate change, drug dealing, redlining, gaslighting, forming destructive cults, cheating on tax returns, election manipulation, writing fraudulent yelp reviews, providing sub-prime mortgages, tearing off mattress tags, driving 1MPH over the speed limit, griefing, trolling, spawnkilling, defacing library books, writing in pen when the instructions say to use pencil...
The crimes ne'er-do-wells commit in the name of PewDiePie are extensive and astonishing.
My Other Computer Is A Data General Nova III.
9-11 couldn't have been an inside job. Have you seen the government. It is fucking chaos. I am surprise that anything gets done.
http://progressquest.com/spoltog.php?name=Son+Of+Son+Of+DarkRookie
At what point, if any, do we start holding PDP responsible for the actions of his fans?
Blame someone for the actions of others...? Should we blame Tide for the idiots that ate their Tide-pods?
Politics; n. : A religion whereby man is god.
Could be worse, they could be watching late night television
I have seen on Twitter recently that PewDiePie is "alt-right", but as is usual with anything labeled "alt-right" that is Fake News.
What the hell have you seen that would make him alt-right? I don't watch his videos much but in the few I have seen there is zero political content of any kind. He does meme reviews for crying out loud!
I am pretty sure he has irked some people, these days anyone who is mad at you for anything simply labels you "alt-right". Don't propagate slander and lies.
P.S. if you don't realize the NZ shooter simply used his name to try as a kind of trolling, you've not been paying attention to what happened there.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Not PewDiePie's fault. My kids don't watch his channel, still they are unbearable.
Right. Except that this did not come from directly PewDiePie or his "organization". Nor is it endorsed by him, as far as I know. This is apparently just some overzealous fans of his, who are jackasses. That last part of that sentence may have been redundant.
#IWantMoreSpamPlease
Isn't that the official hashtag for Hawaii?
https://www.thehawaiiplan.com/why-do-hawaiians-love-spam/
Donald Trump, on a crusade to make Nixon look respectable
Blaming pewdiepie for killings is the same retardation Jack Thompson was doing trying to blame GTA and other games for school shooters. People are responsible for their own actions.
Unfortunately, nobody has managed to figure that out. h
At what point, if any, do we start holding PDP responsible for the actions of his fans?
So if I state that I am your biggest fan, you'll take the fall with the authorities for anything bad I do?
Sweet! I've always wanted a willing scapegoat. I should go make a naughty todo list...
This seems to be a point of contention, but the Israeli government is not the final end all, be all of Jewishness. I'll remind everybody of Trump's "Good people on both sides" comment and that he cut back on enforcement of anti-Hate and anti-Domestic Terrorism. He didn't do that for the sake of the Muslims.
The right does not support Jews or Israel, _Evangelicals_ support Israel because their reading of their holy books is that Jesus will take them to paradise when all the Jews are brought to Israel. Evangelicals aren't really right wing, but they will vote for the GOP because the GOP will let them do what they want as long as they vote for their tax cuts in return. Before the GOP figured this out the Evangelicals were buddy buddy with the left wing because they were working class people who wanted better pay, educations for their kids, safe work environments and clean air. They traded that in for concessions on social issues (Abortion, Israel, Prayer in Schools, etc). This kind of wedge issue creation is how American politics (and politics in General) work.
The "right" generally accepts all comers as long as you're willing to sign on for weak regulation, low taxes and few worker protections. This is why Fascists end up on the right here in America (instead of being ostracized by both left and right as the nut jobs they are). The same goes for Racists and literal Nazis. The American right will let anyone into their tent as long as you support their economic platform of low taxes and weak worker protection.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
has certain social responsibilities (note: social responsibilities, not legal ones). One of those is fostering a discourse and an environment that is overall a net positive.
I haven't watched PDP, but he's had a mess of nasty controversies around racial themes. Ones he was pretty obviously doing on purpose because, as the saying goes, there's no such thing as bad publicity. And he was right. The backlashes have all blow over and he's kept the dough rolling in. But at a cost. That cost is normalizing a certain form of behavior. When it's out in the open like that and nobody's getting censored (that's censored in the social sense, not the legal/governmental sense) it because acceptable.
That's sort of the problem. It's the old "boil a frog" analogy. Yeah, you can't really boil a frog, but it's easy to convince folks you can because it's a relatable thing for humans. The idea that you can get accustom to something awful or even deadly.
We've got too many examples of horrifying things being normalized bit by bit to ignore this. The world at large should call PDP on his racist bullshit whether he means it or not and send him packing. He's not starting an honest discussion of racial issues. He's just a rancid troll winding angry kids up and sending them off.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
right here
For those who don't want to be bothered watching the video (or can't stand Cult of Dusty, which I can't really blame you for), PDP had a large number of alt-right personalities he was following and after the New Zealand shooter he emptied his followers list.
PDP may or may not actually believe any of the things the alt-right does. But he absolutely uses the movement and it's fans to his advantage. The controversial things he's done have almost exclusively appealed to the alt-right.
Like a lot of YouTubers he's figured out that the alt-right is a powerful engine for increasing views and ad revenue. But feeding off that isn't a one way street. He's normalizing and legitimizing the worst aspects of that community. And not just him. Other YouTubers like Sargon of Arkad, JonTron and Ben Shapiro are doing the same. Go look up some videos from Contrapoints, Three Arrows and hbomberguy on the subject. They're far better than anything I could type.
There's an entire engine on YouTube, Twitter and Facebook dedicated to exploiting angry, bitter, jobless young men for ad revenue and Pateron donations. I'm bloody sick of it. It's dangerous as fuck. Eventually a real demagogue will come along and organize them into brown shirts.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
He's a Youtube star who is famous for being an empty-headed asshole.
And by 'star', I mean a racist, talentless hack, similar to Kim Kardashian or Paris Hilton.
And by 'famous', I mean that some people within the dysfunctional 'community' known as Youtube recognize his name.
And by 'community', I mean a group of losers who clicked a button with his name by it.
Just cruising through this digital world at 33 1/3 rpm...
Let’s not forget the New Zealand shooter promoted the asshole.
Sigh, /. is dead. It's like none of the posters even looked at the code.
For anyone who's interested, the encryption used here is very poor. He leaves the mode and padding unspecified for both the asymmetric (RSA) and symmetric (AES) encryption operations. That causes the provider defaults to be used. In the case of the RSA step that's not terrible, since every provider I'm aware of uses PKCS#1 v1.5 padding. This isn't great, since PKCS#1 v1.5 is vulnerable to an adaptive chosen ciphertext attack, but in this usage that doesn't really matter.
The bigger problem is that AES typically defaults to ECB mode. Using ECB means that any repeated 16-byte blocks of plaintext will encrypt to identical 16-byte blocks of ciphertext. This can often expose enough structure to allow the file contents to be partially recovered. It's particularly bad in this case since the same key is used to encrypt all of the files. If AES were in any way vulnerable to brute force, this would almost certainly provide many "cribs" (known plaintext/ciphertext pairs) which could be used to discover the key and decrypt everything else. AES-256 is not, however, vulnerable to brute force, and won't be until computers are made of something other than matter and occupy something other than space (anyone catch the reference?).
Overall, I suppose the chosen encryption was adequate to the task, but it was very sloppy.
Do you think he'd accept a pull request to fix it up?
The minimum required changes are small. I'd use "RSA/ECB/OAEPWithSHA-256AndMGF1Padding" for the RSA operation, just because, and "AES/GCM/NoPadding" for the AES op. It would also be necessary to get the IV (let the provider generate it) and prepend it to each encrypted file. The files would be 28 bytes larger (12 for IV, 16 for tag), but secure.
Also, I'd process files in chunks rather than reading a whole file into memory and then encrypting and writing it back out. It could then handle files of any size. His code just skips any files larger than 20 MB. That's actually the biggest flaw in the implementation; given file sizes today, lots of stuff would just be skipped. All of my RAW photos would be safe, for example. The JPEGs would get encrypted, but who cares about them?
Oh, one more problem: Most systems these days don't overwrite in place, so the plaintext file will be left on the drive, available for recovery. Granted that recovery is not trivial, but still, the data will be there. Fixing this would require doing something like filling the drive with garbage files, forcing the drive to overwrite all free blocks. Overwriting multiple times might be a good idea, too, though that's probably not necessary. Some systems offer free space shredding as a feature; on those that could be used to ensure destruction of the plaintext.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
He did that because the shitheads that follow people like Cult of Dusty were sending PewDiePie's follows death threats, so PewDiePie replaced his list with a single link to K-Pop band BTS as a half joke, half attempt to sic millions of teenage fangirls onto said shitheads.
Before this, PewDiePie also followed plenty of people who are not right wing, including Laci Green, Boogie2988, James Charles, and the aforementioned BTS. It's almost like he was using Twitter to follow interesting people regardless of whether or not he agreed with them, just like everyone else.
Rob
the crown of largest number of subscribers on Youtube is not worth being advertised by a mass murdering gunman during a live stream of a shooting" and ask Youtube to either remove any mention of number of subscribers from his public facing account.
The entire subscriber count between PDP and TSeries is a meme and is about what YouTube is and whether it is more for corporations or for people like how it started out. People that don't even care about PDP subscribe to him just because of that. Hell, even Blizzard comedy fanfic is jumping on because as they say "As the whole event has been happening, I thought it was pretty cool how so many of us have came together for a common cause, for the YouTube community; For creators not corporations. " T-Series is a polished corporation with corporate money backing. PDP is just some dude with a camera.
The NZ terrorist understood meme culture, the internet, and the media and knew that name dropping PDP would cause people to point the finger at him to fan the flames of the culture war to start a civil war in the US.
What is good enough for you to denounce a tragedy in your name?
Is this? This?
on their ties to White Supremacy and Neo-Nazis. The Alt-Right has been using dog whistles to cosy up with those two groups since day 1 without taking any flack to speak of. It's both dangerous and disingenuous to allow that to go on.
What I'm saying is this: The Alt-Right are not your friends. They're a friendly face on the same Authoritarian arm of the right wing that's been around since the 20s. They exist specifically to legitimize and normalize something that was rightly recognized as horrific post WWII and the Civil Rights movement.
Now, you can find pages and pages of posts, documents and hours of video of their leadership talking about this, but you have to plow through a lot of crap to get to it. In the old days we had professional journalists doing that work. Nowadays it's YouTubers.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/