Hacker took control of BBC server, sought to sell access: Reuters
31 December 2013
A hacker secretly took over a computer server at the BBC, the UK's public broadcaster, and then started a Christmas Day campaign for convincing other cyber-criminals to pay him for access to the system.
While it was not known whether the hacker had found any buyers, the BBC's security team responded to the issue on Saturday and believed it had secured the site, Reuters quoted a person familiar with the cleanup effort as saying.
According to the report, it could not determine whether the hackers stole data or caused damage in the attack.
It was not clear how the BBC, the world's oldest and largest broadcaster, used that site, ftp.bbc.co.uk, as FTP systems are meant for managing the transfer of large data files over the internet.
Hold Security LLC, a cyber-security firm in Milwaukee that monitors underground cyber-crime forums in search of stolen information, first detected the attack.
According to the firm's founder and chief information security officer, Alex Holden, who spoke to Reuters, the firm's researchers observed a notorious Russian hacker known by the monikers "HASH" and "Rev0lver," attempting to sell access to the BBC server on 25 December.
Holden added, "HASH" tried to convince high-profile hackers that he had infiltrated the site by showing them files that could only be accessed by somebody who really controlled it. The hacker posted files that could have been accessed only by someone in control of the server in a bid to prove he had gained access to the BBC server.
It is not known, whether "HASH" found willing buyers, but it could be inferred that anyone who was willing to pay the access fee had around 72 hours for downloading all the sensitive information located on the hacked server.
Though there was no evidence of transaction between the hacker and the buyer, such transactions are always carried out clandistinely and lack of evidence did not constitute definite proof that no data had been stolen, the report said.
According to Justin Clarke, a principal consultant for the cybersecurity firm Cylance Inc, who spoke to Reuters, "HASH" was offering access to a minor server within the complex structure of BBC network, but serious criminals could be interested in buying such access in order to stage serious data heists.
He said, accessing that server established a foothold within BBC's network which might allow an attacker to pivot and gain further access to internal BBC resources.