Discussion: why popular video hosting is increasingly deleting content with hacking guides

YouTube developers have changed the policies of the service and block videos dedicated to exploits of digital services. We discuss the reaction of the IT community and tell us who suffered.

/ Unsplash / Nahel Abdul Hadi

Updated YouTube Policy

University professors, IT employees, and enthusiasts often try on the role of white hats. They find vulnerabilities in data transfer protocols, applications and other IT products to warn specialists and users about the dangers.

Thousands of hacking guides dedicated to various exploits can be found on video hosting sites. But such videos are either purely entertaining in nature, or are released after the developers of the vulnerable system have made a “gap”. Therefore, it is almost impossible to use such hacker guides for personal gain. However, YouTube has ceased to share this point of view – this year video hosting added a new item to the rules of the service.

It explicitly prohibits publishing content dedicated to hacking protocols and applications, phishing and bypass mechanisms for digital security systems.

Who hurt

In July, video hosting blocked several videos from the Null Byte channel. Its author – engineer Kody Kinzie (Kody Kinzie), founder of the hacker group "white hats" Hacker Interchange, which includes student volunteers. The Cyber ​​Arms Lab video series, due to which the channel received a strike, is devoted to IT system vulnerabilities and data protection methods. According to Cody, he recorded his videos exclusively for educational purposes: to inform the IT community about cyber dangers, to train professionals and beginners.

A couple of fresh materials from our blog on Habré:

  • Telecom digest: on the construction of networks of operators, Internet protocols and information security
  • Which countries have the “slowest” Internet and who corrects the situation in hard-to-reach regions

On Cody's Twitter Page notedbecause of the strike on the channel, I didn’t upload a video on how to start fireworks using Wi-Fi.

Video Hosting Reaction

Shortly after the incident, a YouTube spokeswoman explained to The Verge that blocking content on the Null Byte channel was a mistake. He explained the incident by the human factor and the large number of videos that are viewed by company employees. He also noted that the goal of the new item added to YouTube’s policies is to clarify the existing requirements for channel owners. In general, videos with hacking guides were deleted before the Null Byte incident. At the same time, the company representative emphasized that the site considers some “dangerous content” (to which hacker manuals belong) acceptable if it pursues educational goals or has artistic value.

But the criteria for which hacker videos are considered “educational” were not disclosed on YouTube. Therefore, the incident may well recur. In October, Cody announced that only shortened versions of Cyber ​​Arms Lab commercials would be released on Null Byte. Full entries are only available on the Null Byte website. According to the author, this is the only way to move on.

Community Opinion

Tim Erlin, vice president of Tripwire, an IT solutions company, said YouTube’s administration’s intentions are meritorious, but ultimately it will hinder the free flow of information among cybersecurity professionals. He believes that, on the contrary, it is necessary to talk more about hacker methods and phishing in order to prepare people and complicate the work of attackers. At the same time, you need to block the content that describes the practical methods of hacking specific organizations. His point was held by Cody Kinsey. He says that it will be more difficult for information security experts to transfer their knowledge to a wide audience.

/ Unsplash / Paul Siewert

British IT security expert Marcus Hutchins, who stopped the distribution of the WannaCry ransomware in 2017, is convinced that training hacker videos on YouTube are useful. And they attract young professionals to the information security industry.

Also, IB experts question the expertise of YouTube employees who make decisions about blocking video recordings. Chris Abou-Chabke, the founder of Black Hat Ethical Hacking, says people who have no experience in information security are responsible for removing content. They are not able to distinguish educational hacking from non-instructional. An automated algorithm, this task, too, is not yet possible. Chris was in this situation personally – in 2015, YouTube deleted two of his videos demonstrating the principles of DDoS attacks.

It is hoped that in the future, intelligent video hosting algorithms will become smart enough to distinguish one video from another and exclude the human factor. The owner of the DemmSec channel, Dale Ruane, says that until this time it’s better not to include provocative tags like “how to hack neighboring Wi-Fi” in the video title.

What we write about in the VAS Experts corporate blog:

  • DDOS and 5G: thicker “pipe” – more problems
  • Botnet spam through routers: what you need to know
  • Firewall or DPI – security tools for various purposes

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *