Hacker Took Over BBC Server, Tried To Sell Access On Christmas Day

An anonymous reader writes in with this story about a hacker that took over a BBC server during the Christmas holiday. "A hacker secretly took over a computer server at the BBC, Britain's public broadcaster, and then launched a Christmas Day campaign to convince other cyber criminals to pay him for access to the system. While it is not known if the hacker found any buyers, the BBC's security team responded to the issue on Saturday and believes it has secured the site, according to a person familiar with the cleanup effort. A BBC spokesman declined to discuss the incident. 'We do not comment on security issues,' he said."

Re:Really missed his chance

[isorox]

If he'd sold early access to the Doctor Who Christmas special to Americans, he would've made a fortune.

He broke into an outside ftp server, presumably in a DMZ, that's used for transferring files to and from outside companies.

I'd love to know the details of the breakin, was it an exploit in the previous FTP software?

Currently it's running
220 ProFTPD 1.3.3g Server (ftp.bbc.co.uk) [212.58.252.93]

But has several more ports open to random people on the intarweb (rsync, really?)

21/tcp open ftp
22/tcp open ssh
80/tcp open http
443/tcp open https
444/tcp open snpp
873/tcp open rsync