BBC is Latest Victim of Cybercrime

A Russian hacker secretly took over a computer server at the British Broadcasting Corporation (BBC) before Christmas and attempted to sell access to it to other cybercriminals, according to reports.

The BBC’s security team believes it managed to secure the site on 28 December. It had been broken into via a server usually used for uploading large files. According to Reuters the hacker, known online as ‘HASH’ or ‘Rev0lver’, offered proof that he had broken in by posting a screenshot of the server and its files on an underground forum where he was trying to sell access on Christmas Day.

US firm Hold Security told Reuters and the
Financial Times
that it had spotted the hacker advertising the exploit on a black market forum last week. It added that it was not clear whether the attacker secured a sale before the broadcaster reacted.

“The only other information that I can offer is that the hacker was offering a screenshot proving that he had administrative access to the BBC server,” said Alex Holden, Hold’s founder and chief information security officer.

“It was solid technically convincing evidence.

“Generally speaking, we often see high-profile companies like the BBC getting breached. Unfortunately, larger companies are targeted more because hackers can easily monetise their gains.”

Holden added that the hacker didn’t specify a price for access, but the value of infiltrating the BBC server was less than that of hacking credit card details. “I doubt that the BBC stored 40m credit cards but they have something as valuable,” he said. “Theoretically speaking, a hacker who is able to manipulate or fabricate a news story may crash financial markets, make millions, and cause billions in losses.”

Both the BBC and other media groups have regularly been targeted by the Syrian Electronic Army, which supports Syrian president, Bashar al-Assad, and other hacker activist groups that deface websites and take over Twitter accounts. In January the
New York Times
reported that it had been repeatedly attacked over four months by Chinese hackers who obtained employees’ passwords.

Syrian hackers managed to break into the Associated Press account in April and faked a story about an attack on the White House, causing the US stock market to drop by 143 points in seconds.


Related reading