On Christmas Day, a Russian hacker known as “HASH” or “Rev0lver” launched a campaign to sell access to BBC.
BBC Attacked On Christmas Day
It is unknown whether or not the hacker sold anything to cyber-criminals. The price set for access is also unknown. However, the hacker offered proof of his access to the server according to Alex Holden, chief information security officer at Hold Security.
“The hacker was offering a screenshot proving that he had administrative access to the BBC server,” said Holden.
Until the site was back in the right hands on December 28, other cyber-criminals were bidding on access to the site. The hacker posted his plan in an underground forum, expecting to sell access on Christmas Day when millions of people would be using the site. He/she accessed the server through the file-transfer site ftp.bbc.co.uk. Ftp sites are used to transfer large files. Professor Alan Woodward from the University of Surrey’s Department of Computing explained that the hack might be a bigger deal than it seems.
“If a security hole has been identified in the underlying server and it has not been patched, then the FTP facilities can be exposed. This could mean that files containing sensitive information could be downloaded,” Prof Woodward said.
He also said that hacking into the BBC server be “a jumping off point to explore other servers on the network.” Historically, criminals have used servers to access wider systems.
Although the BBC does not contain credit card details, it still has valuable information. Reporters use the server to send in material; users use it to upload video and audio messages; for instance, the corporation had previously allowed users to log on and send in messages for the anniversary of the 9/11 attacks. Additionally, advertisers send media files that air on the BBC Worldwide Channels.
Hacking into servers as large as the BBC can lead to networks creating spamming and phishing attacks online. If that were to happen, credit card details and the exploitation of videos would be the least of our worries. If someone were to have control of the BBC server, he/she could fabricate news stories causing the financial market to crash. This happened when Syrian hackers got ahold of the Associated Press account and faked a story about an attack on the White House.
As of now, everything is back up and running. To our knowledge, nothing was stolen or exploited from the server. BBC spokesmen would not comment on the issue of their security.