It’s been a banner year for the hacking of major media sites, and it’s not over just yet: this morning the BBC reported that a Russian hacker had briefly controlled one of its servers and was offering entry (for a fee) in black market forums on Christmas day.
According to Reuters, Milwaukee cybersecurity firm Hold Security LLC was first to run across the underground holiday sale, set up by an infamous operative who goes by the handles “HASH” and “Rev0lver.” HASH compromised the relatively obscure file-sharing site ftp.bbc.co.uk and posted private documents that proved he had cracked the news broadcaster’s defenses.
Even if that server was of little apparent value, Hold Security and other experts agreed, it could give cybercriminals the proverbial foot in the door needed for a wider data breach. Still, there was no indication that anyone had taken HASH up on the deal, or so much as discussed its terms. The BBC said it secured the site as of Saturday and isn’t commenting further.
In March, the BBC had several of its Twitter accounts hacked by the Syrian Electronic Army, and another cyberattack that month seemed design to disrupt the BBC Persian Service—afterward, suspicion was focused on the government of Iran.
Alex Holden, Hold Security’s founder, remarked that this latest exploit was a success for the hacker whether money traded hands or not: “It's definitely a notch in someone's belt,” he said.