BBC
Wikimedia commons

The British Broadcasting Corporation was reportedly hacked on Christmas day by a Russian cyber criminal who tried to sell the server's access to other hackers on an underground forum.

The hacker, known by an online alias "HASH" or "Rev0lver", broke into the BBC via an ftp server used for uploading large files, and posted a screenshot of the server files on the forum as a proof of hacking the site, and then reportedly set it up for sale.

The BBC's security team secured the site on 28 December.

"Hash" did not specify any price for access into the server, while it is not known if he had found any buyers for the data.

"We do not comment on security issues," a BBC spokesman told Reuters.

Hold Security LLC, a cybersecurity firm in Wisconsin, US, which monitors underground forums for stolen information, was the first to identify the hack.

Justin Clarke, a consultant for cyber-security firm Cylance Inc, told Reuters that the threat of a compromised server is not limited to data theft, but that this may "allow an attacker to pivot and gain further access to internal BBC resources".

"We often see high-profile companies like the BBC getting breached. Larger companies are targeted more because hackers can easily monetise their gains," said Alex Holden, founder of Hold Security.

"Theoretically speaking, a hacker who is able to manipulate or fabricate a news story may crash financial markets, make millions, and cause billions in losses," he added.

When Syrian hackers broke into the Associated Press account in April this year, they faked a story about an attack on the White House, which led the US stock market to crash by 143 points in seconds, according to The Guardian.

Hacked access can be used to create command-and-control-centres for cyber-crime operations such as spam and phishing attacks around the web.

"It's definitely a notch in someone's belt," Holden told Reuters.

Media Companies Targeted

Media companies have repeatedly been targeted by hackers in the past.

Reuters's Twitter account was compromised in July, when links to images of political cartoons supporting Syrian President Bashar al-Assad were tweeted from its server.

The Syrian Electronic Army (SEA) has also hacked other high-profile organisations such as The Washington Post, The Onion, the Associated Press Twitter account, The New York Times and Twitter, according to Mashable.

Last year, the NYT reported that Chinese hackers had phished employees' passwords in sustained cyber attacks over a course of four months.

In 2012, the BBC server was compromised by an attack from Iran, which reportedly affected its Persian service.