BBC servers taken over by Russian hacker
30th Dec 2013 | 17:00
"No comment" says BBC
A hacker from Russia secretly took over a computer server at the BBC before Christmas and tried to sell access to it to other hackers, according to reports.
A security team at the BBC believes it managed to secure the site on Saturday 28 December, which had been breached via a server usually used for uploading large files.
Reuters new agency said that the hacker, known online as "HASH", offered proof that he was the culprit by posting a screenshot of the server and its files on an underground forum.
Alex Holden, founder of Hold Security, a cybersecurity company in Milwaukee, said the hacker didn't specify a price for others to gain access. "I doubt that the BBC has stored 40m credit cards, but they have something as valuable," he said.
"Theoretically speaking, a hacker who is able to manipulate or fabricate a news story may crash financial markets, make millions and cause billions in losses."
In April Syrian hackers broke into the Assciated Press accounts in April and faked stories about attacks on the White House. The US stock market dropped by 143 points in seconds.
It's unclear whether the hacker found any buyers or took any data, but being able to sell such access can be used by hackers as a bargaining chip to get control of other, more important servers.
"We do not comment on security issues," a BBC spokesman told Reuters.
The attack was carried out against ftp.bbc.co.uk, a computer server that manages file uploads and downloads from the BBC. Holden spotted the hacker trying to sell access.
Getting access can be a first step to taking control of a server and using it either to store stolen files and data, or to create a "command centre" for large networks of compromised PCs which in turn are used for spam and phishing attacks around the web.