RiskFinancial CrimeBBC is Latest Victim of Cybercrime

BBC is Latest Victim of Cybercrime

A Russian hacker secretly took over a computer server at the British Broadcasting Corporation (BBC) before Christmas and attempted to sell access to it to other cybercriminals, according to reports.

The BBC’s security team believes it managed to secure the site on 28 December. It had been broken into via a server usually used for uploading large files. According to Reuters the hacker, known online as ‘HASH’ or ‘Rev0lver’, offered proof that he had broken in by posting a screenshot of the server and its files on an underground forum where he was trying to sell access on Christmas Day.

US firm Hold Security told Reuters and the
Financial Times
that it had spotted the hacker advertising the exploit on a black market forum last week. It added that it was not clear whether the attacker secured a sale before the broadcaster reacted.

“The only other information that I can offer is that the hacker was offering a screenshot proving that he had administrative access to the BBC server,” said Alex Holden, Hold’s founder and chief information security officer.

“It was solid technically convincing evidence.

“Generally speaking, we often see high-profile companies like the BBC getting breached. Unfortunately, larger companies are targeted more because hackers can easily monetise their gains.”

Holden added that the hacker didn’t specify a price for access, but the value of infiltrating the BBC server was less than that of hacking credit card details. “I doubt that the BBC stored 40m credit cards but they have something as valuable,” he said. “Theoretically speaking, a hacker who is able to manipulate or fabricate a news story may crash financial markets, make millions, and cause billions in losses.”

Both the BBC and other media groups have regularly been targeted by the Syrian Electronic Army, which supports Syrian president, Bashar al-Assad, and other hacker activist groups that deface websites and take over Twitter accounts. In January the
New York Times
reported that it had been repeatedly attacked over four months by Chinese hackers who obtained employees’ passwords.

Syrian hackers managed to break into the Associated Press account in April and faked a story about an attack on the White House, causing the US stock market to drop by 143 points in seconds.

Related Articles

Why working in silos is a killer when battling financial crimes

Cyber Security & Fraud Why working in silos is a killer when battling financial crimes

4m Andrew Simpson
PSD2: dull name, but seismic effect

Clearing & Settlement PSD2: dull name, but seismic effect

6m Alex Kwiatkowski
Staying one step ahead: PSD2 and the future of fraud

Financial Crime Staying one step ahead: PSD2 and the future of fraud

6m Seth Ruden
8 predictions for treasury in 2018

Financial Crime 8 predictions for treasury in 2018

7m Bob Stark
FDIC sues 9 European banks over Libor

Banking FDIC sues 9 European banks over Libor

11m Victoria Beckett
Appreciating supply chain cyber risk

Cyber Security & Fraud Appreciating supply chain cyber risk

11m Peregrine Storrs-Fox
The death of the password: biometric banking

Automation The death of the password: biometric banking

11m Paul Sheldon Foote
The insecurity of fraud victims in the fight against cyber-assailants

Bank Relationships The insecurity of fraud victims in the fight against cyber-assailants

11m Keiron Dalton