This Guy Could Have Deleted Everything on YouTube, but He Resisted

Kamil Hismatullin, a Russian hacker and security tinkerer, briefly had the ability to delete everything on YouTube.Here he shows how..........
Read More

Login to rate this video.

You can place this video on your website by inserting the (X)HTML code below:

Options:
pixels
pixels
Embed code:
<iframe src="https://www.snotr.com/embed/15128" width="400" height="330" frameborder="0"></iframe>

You can email this video to your friends by entering their addresses below:

Your information:
Recipients:

add Add another recipient

Human verification:

People who liked this video also liked

AtmosFear freefall tower at Liseberg Gothenburg in Sweden
I Can't Taste Anything
1087 Days in Just 15 Minutes - Growing Plant Time Lapse COMPILATION
Colored balls elevator. Particle fluid. Music. Molecular Script. Video 4K
2019 Tasmanian Tiger Photo
Budgie Balancing Trick

Comments

18 comments posted so far. Login to add a comment.

Expand all comments

Picture of Gringo_el_Diablo45 achievements

0 1. Gringo_el_Diablo commented 9 years ago

That's one hell of a way to do it for the lulz .pretty sure he'd be the only one laughing too
Picture of etplayer35 achievements

+22 2. etplayer commented 9 years ago

Ok this is kind of a misleading title, he figured out a way to delete everything on youtube, *one video at a time*. Even if he had been able to clone himself 1000 times over, and was running 24/7, he'd still never delete everything on youtube. The brief makes it sound like he could have just gone "click" and youtube would have been sans all videos.
Picture of dave919145 achievements

+6 3. dave9191 commented 9 years ago

#2 The technique is very easy to automate and run at thousands of requests per second. But it would still take a rather long time to find and delete every public video like this.
Picture of BrahmaBull44 achievements

+3 4. BrahmaBull commented 9 years ago

So google gave him $5000 for not deleting Bieber videos. Imagine if he had just set up an account where people could donate to make him delete them. He could have made so much more money that way.
Picture of tiggfigg29 achievements

-3 5. tiggfigg commented 9 years ago

Congratulations u deleted ur own video. So Hacker Much Wow.
Picture of genja28 achievements

+3 6. genja commented 9 years ago

maybe he could have written some fancy script, who knows ;)
Picture of PownMeister27 achievements

+4 7. PownMeister commented 9 years ago

#2 Scripts......
Picture of jrin228 achievements

+1 8. jrin2 commented 9 years ago

misleading for sure
Picture of s1nn0cence53 achievements

-1 9. s1nn0cence commented 9 years ago

Also, IT people correct me if I'm wrong, but he just REMOVED (as in removed access to it by everyone else but him) the video, not DELETED it ; therefore it's still in google/youtube's servers somewhere.
Picture of curator35 achievements

+3 10. curator commented 9 years ago

#2 You think he would have done it manually?
Automation is the word.
Picture of Cyrille47 achievements

+1 11. Cyrille commented 9 years ago

#2 Ever heard of "large scale DOS attack" ?
From what we can see, this can be easily scripted. With a few thousand computers and some spare time, a lot of videos could have been deleted very quickly. For example, 1000 computers, 1 request per second per computer, that's 3.6 millions video deleted in one hour. And these are small numbers, you can easily get your hand on more than 1000 computers and do more than 1 request per second. Of course, there are security routines to prevent this, but with a bit of luck...
Picture of archis51 achievements

+3 12. archis commented 9 years ago

#2
Still epic if you could delete gangam style.
Picture of Guss44 achievements

0 13. Guss commented 9 years ago

an Hacker on apple computer ? (look at the apple on the top left)

It is no longer what it was
Picture of dzonivoker31 achievements

+2 14. dzonivoker commented 9 years ago

tl;dr

He deleted his own video in the hard way.


At the right browser you can see that he is logged in chrome as "kamil". Then, in the right browser he uses email that starts with kamil....@gmail.com, in antoher words, his email. Don't get confused with avatar on the left browser, Google allows many YouTube accounts with same email address, but one email address owns them all and have rights to do everything whith any of them.

So, in the left browser he finds the session token. Look at session token as secret pass phrase for every users action (request). Every user has different session token, and in this case he uses his own. Then, he uses the Postman, a tool for testing REST API's (I'm using it every day), and he sends required request payload for deleting the video. In another words, as I said, he deleted his own video in the hard way :D
Picture of Cyrille47 achievements

0 15. Cyrille commented 9 years ago

#14 Indeed, in his left browser he is logged with a different email address that *might* give him rights to do everything, like deleting the video. But his left browser still says that he can't access the video because it is private. It's quite strange to allow someone to delete a video but not to read it.
Picture of Kenuty31 achievements

0 16. Kenuty commented 9 years ago

Title is misleading, the video was misleading also
I was not impressed at all since he took the long way instead of hitting DELETE on his video dashboard.
He should stick to facebook.
Picture of sux2bu67 achievements

+2 17. sux2bu commented 9 years ago

Google must have been impressed since they paid Kamil $5000 for finding the vulnerability. (i)
Picture of czk4 achievements

0 18. czk commented 9 years ago

LOOOL
In short this guy has posted his own video then he makes it private not using the youtube GUI but the API.