January 17, 2014 No Comments-
There are lots of websites reporting that the “BBC’s servers were taken over by a Russian hacker”, but will this have any affect on us, the home computer users?
According to the cyber-security group Hold Security, a Russian hacker gained access to one of the BBC’s computers in December, and has been attempting to sell the exploit to anyone who might be interested.
What got hacked, and how badly?
The criminal found a way to access one of the BBC’s “FTP” – file transfer protocol – computers. On smaller websites, FTP is often used to upload files to be displayed on a website. For example, a local coffee shop might use FTP to upload photos onto a webpage to promote a new event at the venue.
When the FTP of a small website is compromised, hackers will typically upload computer viruses to the site, which will then download onto innocent people’s computers whenever they visit that webpage.
It’s an easy way for criminals to spread their infections, but it only really affects small websites. Bigger companies or businesses that do a lot of editing of large files (both apply to the BBC), typically use FTP in a different way – one with less direct consequences if hacked.
The BBC was using FTP to allow other people to send it large files. Its FTP was protected by a username and password, so before it was hacked, only people with the correct login details would have been able to send a file to the company.
At the time of the hack, the British broadcaster was using its FTP to allow advertisers to drop large video files onto their computers, therefore the compromise did not directly affect any of the services any home user would use.
However, that doesn’t mean the attack couldn’t have had nasty consequences.
The hacker could have uploaded files that contained malware, which would mean that when someone at the BBC opened the infected file, their computer would be attacked. This allows the virus to jump between the FTP computer and the BBC employee’s computer, and could cause all kinds of chaos.
The hacker’s other option would be to use this gap in the BBC’s security as a launchpad to try to expose more sensitive information from inside the BBC network. Whether he was successful or not would depend on how secure the networks surrounding the FTP were, but it’s always easier to hack a system once you’ve got a foot inside the door.
The BBC security team has since fixed the issue, but it just goes to show that every website could have security issues. The best way to protect yourself is to ensure that your system is fully protected.
Norman Safeground Blogs Archive