Exclusive: Hacker took over BBC server, tried to 'sell' access on Christmas Day

BOSTON Sun Dec 29, 2013 9:42am EST

A man enters BBC New Broadcasting House in London November 11, 2012. REUTERS/Luke MacGregor

A man enters BBC New Broadcasting House in London November 11, 2012.

Credit: Reuters/Luke MacGregor

BOSTON (Reuters) - A hacker secretly took over a computer server at the BBC, Britain's public broadcaster, and then launched a Christmas Day campaign to convince other cyber criminals to pay him for access to the system.

While it is not known if the hacker found any buyers, the BBC's security team responded to the issue on Saturday and believes it has secured the site, according to a person familiar with the cleanup effort.

A BBC spokesman declined to discuss the incident. "We do not comment on security issues," he said.

Reuters could not determine whether the hackers stole data or caused any damage in the attack, which compromised a server that manages an obscure password-protected website.

It was not clear how the BBC, the world's oldest and largest broadcaster, uses that site, ftp.bbc.co.uk, though ftp systems are typically used to manage the transfer of large data files over the Internet.

The attack was first identified by Hold Security LLC, a cybersecurity firm in Milwaukee that monitors underground cyber-crime forums in search of stolen information.

The firm's researchers observed a notorious Russian hacker known by the monikers "HASH" and "Rev0lver," attempting to sell access to the BBC server on December 25, the company's founder and chief information security officer, Alex Holden, told Reuters.

"HASH" sought to convince high-profile hackers that he had infiltrated the site by showing them files that could only be accessed by somebody who really controlled it, Holden said.

So far Hold Security researchers have found no evidence the conversations led to a deal or that data was stolen from the BBC, Holden said.

It is common for hackers to buy and sell access to compromised servers on underground forums.

Buyers view the access as a commodity that grants them the chance to further penetrate the victim organization. They can also use compromised servers to set up command-and-control centers for cyber-crime operations known as botnets, run spam campaigns or launch denial of service attacks to knock websites off line.

The BBC offer stands out because the media company is such a high-profile organization, Holden said. "It's definitely a notch in someone's belt."

BBC has some 23,000 staff and is funded largely by license fees paid by every British household with a television.

Justin Clarke, a principal consultant for the cybersecurity firm Cylance Inc, said that while "HASH" was only offering access to an obscure ftp server, some buyers might see it as a stepping stone to more prized assets within the BBC.

"Accessing that server establishes a foothold within BBC's network which may allow an attacker to pivot and gain further access to internal BBC resources," he said.

Media companies, including the BBC, have repeatedly been targeted by the Syrian Electronic Army, which supports Syrian President Bashar al-Assad, and other hacker activist groups that deface websites and take over Twitter accounts.

Last January the New York Times reported that it had been repeatedly attacked over four months by Chinese hackers who obtained employees' passwords.

(Additional reporting by Belinda Goldsmith in London and Mark Hosenball in Washington; Editing by Ross Colvin and Eric Beech)

We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Comments (10)
dd606 wrote:
Ed Snowden must be outraged by these sorts of efforts. After all… He’s the world’s super hero of cyber privacy issues. I’m sure he’s working diligently to try and uncover who’s behind this. I mean, it’s not like he’s just some nut who sold out his country for attention or anything.

Dec 29, 2013 1:35pm EST  --  Report as abuse
@dd606 – And your proof that Snowden was paid to do what he did is where???

I bet you think Paul Revere was a traitor too.

Dec 29, 2013 4:03pm EST  --  Report as abuse
paintcan wrote:
@dd606- Snowden put more on the line leaking the overpriced boondoggle of a scam called the NSA than any of you faux “patriots”.

I hope the country busts out with more like him soon and completely tears the rotten edifice to the ground starting at the top. If it sends the developed world and high tech back 200 years it might be refreshing. In the 18th century – all one had to worry about was what the servants might overhear. That usually was only a problem for the wealthy. Now it seems to affect everyone and yet they are encouraged to adopt even more high tech methods to use cashless currency, paperless records, and impersonal, personal exchanges. It almost takes the human out of human interaction. It’s almost the “eyes of god” gone digital. And the worst part is the “records” are subject to alteration like they were an hallucination. I just lost another comment this morning that had run for a week and no one ever says why having to do with the fact that the NSA has to know what is passing between lines, all of them, or there is no reason to take so many cell phone numbers into it’s records. Tech savvy is a threat now, in as much as those who are not are at the mercy of those who are. It almost makes normal literacy obsolete. That’s not a good thing.

The access to the information is gigantic, but the quality and reliability may be going way down. The more sophisticated and reliable sites still seem to charge and don’t seem to engage the vast multitudes. I don’t like to pay much for computer related activities because it is more a form of entertainment and I try not to risk serious matters, like bills, with it.

The high tech addicted can worry about being terrorized by meteor showers as they dream of building old sock smelling cans in space and breath recycled air and drink their own recycled piss in space stations and leave the green acres to us low tech peasants. But once up there they might have a difficult time getting visas to return and they could become prison colonies for social Darwinists or the first undetected meteor or another colony blows them all away as seriously sub zero human Popsicles. Warfare is a modern industry and they are somehow not going to be engaging in that too?

Don’t you feel just a little abused – just a bit? I’m trying to quit smoking but quitting the PC is gong to be even harder. The local paper is going to look like kid’s stuff now. I do all electronic transfer of information, TV, radio, phone etc. through it now for one bill.

Otherwise it seems like humanity can look forward to decades of therapeutic? War lite and all the surveillance you never really know about till dooms day, and probably not then either. And none of that surveillance has to guarantee it works at all and as a taxpayer, or consumer, you still get billed for it all. Can accountants trust their records any more either?

Maybe I’ve been living in New Hampshire too long? Some people I have met want to go to barter and hate banks. But they forget, with barter can also come physical slavery. Hell, with any economic system one can find physical slavery. There are always those who can never barter enough to eat. A stable currency is fine with me.

Of course one can always unplug at night like I do to save energy and stop odd squeaks and squalls I heard once in the middle of the night coming from the speakers even while the PVC was off. I have also started the computer in the morning to find all sorts of odd changes and losses that could be due to all sorts of reasons that I can’t afford to find out about. It just isn’t worth the bother. It is obvious the PC is a two way street. If you can get updates from Microsoft or Apple you can get other things besides. I suppose it’s a new form of social (networking) disease?

This is tongue in cheek but the tongue is starting to wear a hole in it too. If I were really tech savvy, it’d have a miniature camera on the tip to watch it from the inside out. The NSA can provide the bug and we can watch it together.

Dec 29, 2013 4:33pm EST  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.