BBC computer server 'was controlled' by Russian hacker

BBC The exploit was reportedly offered for sale on Christmas Day

Related Stories

A Russian hacker took control of a BBC computer server and attempted to sell access to it to other cybercriminals, according to reports.

US firm Hold Security told Reuters and the Financial Times that it had spotted the hacker advertising the exploit on a black market forum last week.

It said it was not clear whether the attacker secured a sale before the broadcaster reacted.

A BBC spokesman said: "We do not comment on security issues."

The server was allegedly compromised via the file-transfer site

The corporation had previously listed a log-on and password for the service on its news website in 2002 to allow the public to upload video and audio messages marking the anniversary of the 9/11 attacks.

BBC reporters had also historically used the server as a way to send in their own material.

More recently the facility has been used to allow advertisers to send in media files for use on the BBC Worldwide Channels.

'Jumping off point'

According to Milwaukee-based Hold Security, the hacker used the pseudonyms "Hash" and "Rev0lver", and publicised the vulnerability on 25 December.

The firm said the attacker provided copies of files that supposedly could only be accessed by someone controlling the site as "proof" that the exploit worked.

"The only other information that I can offer is that the hacker was offering a screenshot proving that he had administrative access to the BBC server," said Alex Holden, chief information security officer at Hold Security.

"It was solid technically convincing evidence."

One expert said cyber-criminals have been known to use such breaches as a way to compromise wider systems.

"If a security hole has been identified in the underlying server and it has not been patched then the FTP [file transfer protocol] facilities can be exposed," said Prof Alan Woodward from the University of Surrey's Department of Computing.

"This could mean, for example, that files containing sensitive information could be downloaded.

"However, the bigger worry is that FTP servers are connected to the remainder of the network and often have easy access to other servers to facilitate internal file transfers, which is how a hacker can then use this as a jumping off point to explore other servers on the network."

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories


Features & Analysis

  • French luxury Tea House, Mariage Freres display of tea pots Tea for tu

    France falls back in love with tea - but don't expect a British cuppa

  • Woman in swimming pool Green stuff

    The element that makes a familiar smell when mixed with urine

  • People take part in an egg-cracking contest in the village of Mokrin, 120km (75 miles) north of Belgrade, Serbia on 20 April 2014In pictures

    Images from around the world as Christians mark Easter Sunday

  • Female model's bottom in leopard skin trousers as she walks up the catwalkBum deal

    Why budget buttock ops can be bad for your health

BBC Future


Road designs that trick our minds

Subconscious signs used for safer driving


  • An aerial shot shows the Olympic Stadium, which is closed for repair works on its roof, in Rio de Janeiro March 28, 2014.Extra Time Watch

    Will Rio be ready in time to host the Olympics in 2016? The IOC president gives his verdict

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.