The Russian hacker known to cyber security firms and hackers as “HASH” and alternately “Rev0lver” gained access to a BBC server sometime prior to or on Dec. 25, Hold Security LLC has told Reuters. The hacker placed access to the server up for sale that day. It is not known whether a sale was made.
The BBC says the server has now been secured, according to an anonymous BBC security team source cited by Reuters. The server was located at ftp.bbc.co.uk. The “FTP” indicates a file transfer protocol (FTP) system. Such systems are usually used to send large files over the Internet.
Also not confirmed was whether any other portion of the BBC’s data infrastructure was compromised. Access to the FTP server could potentially act as an entry point for entities who wish to further infiltrate more of the infrastructure. Possible motives would include the ability to steal data or transmit messages of the infiltrator’s own choosing.
Hold Security LLC discovered the sale offering because it routinely monitors underground hacking forums. Such forums sometimes act as a marketplace for stolen and hacked access. The BBC would be a “notch in someone’s belt”, said the firm’s founder Alex Holden.