A US firm Hold Security has become aware of a BBC server that was being auctioned off on a black market forum recently.
The story was first broadcasted on Reuters and the Financial Times but the details on whether the sale was completed are very sketchy. BBC publicly posted the user name and password for their file transfer site ftp.bbc.co.uk. The site was created in the early 2000′s as an outlet for people to post videos and audio messages from the horrific 9/11 attacks. Through the public site the hacker under the pseudonyms “Hash” and “Rev0lver” found access to a BBC’s private server.
The discovery was made by Hold Security after it was publicized on December 25. To prove that his exploit was valid the Russian hacker provided copies of files that supposedly could only be accessed by someone controlling the site.
What does this mean for BBC? Well the illegal access can lead to additional problems for the media outlet according to Prof Alan Woodward from the University of Surrey’s Department of Computing. “However, the bigger worry is that FTP servers are connected to the remainder of the network and often have easy access to other servers to facilitate internal file transfers, which is how a hacker can then use this as a jumping off point to explore other servers on the network.”
A BBC spokeswomen has reached out on this matter: “We do not comment on security issues.”