The server has since been secured, but it was on the open market for cybercrooks last week, reports Reuters.
December 30, 2013 8:05 AM PST
A Russian hacker wasn’t exactly in the Christmas spirit when he reportedly tried to sell access to a BBC server on December 25.
Apparently first spotted by cybersecurity firm Hold Security, the recent attack hit a BBC FTP server and was conducted by a “notorious Russian hacker” known as “Hash” and “Rev0lver,” Reuters reported on Sunday. No evidence has turned up indicating that the hacker stole any actual information.
But “Hash” attempted to make a Christmas Day profit out of his exploits, according to Hold Security founder Alex Holden.
The hacker tried to sell access to the server to fellow cybercriminals, Holden told Reuters. “Hash” even showed other hackers certain information that could only be obtained by someone who controlled the server.
Holden confirmed the discovery in an e-mail sent to CNET:
We discovered the situation through our Deep Web Monitoring service.
As a part of the service to our customers, we search the Deep Web (hacker forums and other communications) for any evidence of breaches of our customers’ data. However, we often see other hacker activities like this one. In short, we saw hacker “Hash” trying to sell access to the BBC server.
As a proof, he was offering a screenshot of his access which we found to be credible. To-date we saw no evidence that he was successful in selling this access or if any other data had been taken from BBC.
Holden told CNET that he doesn’t know exactly how the hacker gained access to the server. But based on Hash’s profile, the hack may have been achieved through stolen credentials. Selling access to a compromised server is also a common tactic among hackers, according to Holden.
“When hackers get access to a high-value or at least well-known target that they are unable to monetize themselves, they turn to their community with offer to sell,” Holden explained to CNET. “The value is usually based on access level and data on the target.
For a sale like that, a proof is always required.”
The server has since been secured, a person familiar with the cleanup effort told Reuters. But the BBC itself has been mum about the matter, telling Reuters that “we do not comment on security issues.”
The FTP site was used by BBC reporters to send in stories and by advertisers to upload media files, according to BBC News.
Update, 11:24 a.m. PT: Added more information from Hold Security founder Alex Holden.