A well-known Russian hacker recently gained access to one of the BBC’s servers prior to Christmas Day and tried to sell access to it on an underground forum according to cyber security firm Hold Security LLC. The company, which monitors black market forums for such activity, said the site that was compromised was a file transfer protocol at ftp.bbc.co.uk.
The person responsible for the security breach, who goes by the online moniker “HASH” and “Rev0lver,” posted images of files that only someone with access to the server would have. Compromised server access is a hot commodity on underground forums as it grants the buyer the opportunity to further compromise the target. They can also be used to set up command-and-control centers for botnets and run spam campaigns, just to name a few activities.
The security firm said they were unable to determine if anyone purchased access to the site or other stolen data from the hack. Either way, it is definitely a notch in someone’s belt according to Alex Holden, founder and chief information security officer at Hold Security.
A spokesperson for the BBC told Reuters they don’t comment on security issues although a person familiar with the cleanup said they believe the site has since been secured. That doesn’t necessarily mean they are out of the woods just yet, however.
Cylance Inc. consultant Justin Clarke noted the compromised server establishes a foothold within BBC’s network. This could allow the attacker to ultimately gain further access to internal BBC resources.