Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacker Took Over BBC Server, Tried To Sell Access On Christmas Day

Posted by samzenpus on from the you're-a-mean-one dept.

An anonymous reader writes in with this story about a hacker that took over a BBC server during the Christmas holiday. "A hacker secretly took over a computer server at the BBC, Britain's public broadcaster, and then launched a Christmas Day campaign to convince other cyber criminals to pay him for access to the system. While it is not known if the hacker found any buyers, the BBC's security team responded to the issue on Saturday and believes it has secured the site, according to a person familiar with the cleanup effort. A BBC spokesman declined to discuss the incident. 'We do not comment on security issues,' he said."

21 of 41 comments (clear)

  1. Merry Christmas ... by Anonymous Coward · · Score: 1, Interesting

    ... to me!

    These guys are getting a little smarter. Not a lot of eyes on the servers on Christmas. And a lot of card traffic at Target on Black Friday (still a great take even if would have been discovered after just one day).

    Timing is everything folks. Just when you least expect them ...

  2. Actually it was Torchwood by Anonymous Coward · · Score: 2, Funny

    But the Doctor fixed it!

  3. It would work by Anonymous Coward · · Score: 1

    People in the UK pay to see a made-for-TV Doctor Who movie in theaters.

    1. Re:It would work by Anonymous Coward · · Score: 1, Funny

      Yeah, perhaps some cyber criminal could have written and uploaded a decent script for it!

    2. Re:It would work by Anonymous Coward · · Score: 5, Insightful

      People in the UK pay to see a made-for-TV Doctor Who movie in theaters.

      People all over the world pay to see Movies in movie in theatres when they could torrent it and watch it on a crappy TV or a computer monitor.

      It's about the quality of the experience, not penny pinching. This is especially the case if you are a big enough fan of Dr Who, Star War, Avatar, The Hobbit, Aliens, Predator.... etc. going to see the movie is actually worth it and watching it on TV, particularly the first time you watch it, is spoiling the experience. I watched the Dr Who movie in 3D and to me it was worth it even though I'm not a hardcore fan.

    3. Re:It would work by isorox · · Score: 2

      People in the UK pay to see a made-for-TV Doctor Who movie in theaters.

      People all over the world pay to see Movies in movie in theatres when they could torrent it and watch it on a crappy TV or a computer monitor.

      It's about the quality of the experience, not penny pinching. This is especially the case if you are a big enough fan of Dr Who, Star War, Avatar, The Hobbit, Aliens, Predator.... etc. going to see the movie is actually worth it and watching it on TV, particularly the first time you watch it, is spoiling the experience. I watched the Dr Who movie in 3D and to me it was worth it even though I'm not a hardcore fan.

      If it wasn't ruined by 3D I could see the argument, especially when you're watching with a lot of similar minded folks.

      I went to see the Hobbit last week (2D, I'd have preferred a 2D HFR but that didn't seem to be available). After paying the £18 for two tickets, we were subjected to uncomfortable seating with about as much leg room as a real theatre, and someone actually yelling at the screen! The first 15 minutes were adverts, then another 15 minutes of trailers. And of course the "you are a criminal" statements and 1984 "report your neighbours" adverts.

      Now our normal venue (Trafford Centre) does have comfortable seating, and I've never had someone yelling "watch out for the dragon" and laughing and muttering to themselves in a cinema before, but it didn't help the "cinema experience"

      So the question is, what remains. Why would I want to watch a film at the cinema when we could instead watch it at home on the sofa with a glass of wine? Even shared experience films, like comedies, are let down by the number of screenings -- it's been 13 years since I last sat in a packed cinema.

      It's the impatience that makes me go to the cinema. It's cheaper to buy (not rent) it on blueray than to go out, and the experience is better.

    4. Re:It would work by Pieroxy · · Score: 1

      If you really are a fan of the Hobbit (the book) I strongly urge you *not* to see the 2nd movie, and if you did, you're most certainly not going to see the third - but that time it'll not be on my advice, you'll get to that conclusion all by yourself.

      What a nightmare this movie was...

      --
      Write boring code, not shiny code!
    5. Re:It would work by EzInKy · · Score: 1

      Eventually they will become like the rest of us and wait until they can view it at home. Movies are so much better when you are in total control of the volume and pause buttons. And really, would you enjoy interrupting the flick everytime someone got a phone call?

      --
      Time is what keeps everything from happening all at once.
    6. Re:It would work by Bigbutt · · Score: 1

      Yea, I saw the first one and was quite disappointed by the movie. I don't mind trimming bits to speed up movies. Books are quite long and can take days to read (or more for the slower readers or readers with less time to read) but adding extra bits and especially the wrong bits had me pretty unhappy with the experience.

      [John]

      --
      Shit better not happen!
    7. Re:It would work by dougisfunny · · Score: 1

      Well a children's bedtime story should have slapstick shouldn't it?

      --
      This is not the funny you're looking for.
    8. Re:It would work by isorox · · Score: 1

      Well a children's bedtime story should have slapstick shouldn't it?

      Yes, and it should not be treated like scripture either. Deviating from the letter of the plot when you film the book is not tantamount to heresy ;-)

      Yes, but surfing two dwarves heads looked more ridiculous than surfing a shield. It was bad as the Crouching Tiger Hidden Dragon and really pulled you out of the film.

    9. Re:It would work by cheater512 · · Score: 1

      That is only true if you aren't smart enough to figure out how much the experience costs.

      Hint: An awful lot less than the cost of a year's worth of regular movie viewing.

      My cheap home theatre setup can make the couch shake, my TV is perfectly adequate for my needs and I can watch it with people I want, not random strangers making noise, talking, phones, etc.... I always get the best seat in the house and I can hit pause whenever I need to.

    10. Re:It would work by isorox · · Score: 1

      Yeah, perhaps some cyber criminal could have written and uploaded a decent script for it!

      Day of the doctor - the November 50th special with tennant, was generally acknowledged to be great. As was the Paul McGann night of the doctor YouTube clip.

      The Christmas regeneration episode - time of the doctor, was really confusing.

  4. Christmas Invasion by jeffmflanagan · · Score: 4, Funny

    The BBC has plenty of experience with Christmas invasions. I expect a police-box was involved in dealing with the problem.

  5. I love that dog by wonkey_monkey · · Score: 1

    It's Hacker time!

    --
    systemd is Roko's Basilisk.
  6. U HAVE TREAD UPON MY DOMAIN... by OcabJ · · Score: 2

    So did Acid Burn kick Crash Override out of the system?

  7. It should be 3D HFR with Dolby Atmos at that price by Joe_Dragon · · Score: 1

    It should be 3D HFR with Dolby Atmos at that price.

  8. Re:Really missed his chance by isorox · · Score: 3, Informative

    If he'd sold early access to the Doctor Who Christmas special to Americans, he would've made a fortune.

    He broke into an outside ftp server, presumably in a DMZ, that's used for transferring files to and from outside companies.

    I'd love to know the details of the breakin, was it an exploit in the previous FTP software?

    Currently it's running
    220 ProFTPD 1.3.3g Server (ftp.bbc.co.uk) [212.58.252.93]

    But has several more ports open to random people on the intarweb (rsync, really?)

    21/tcp open ftp
    22/tcp open ssh
    80/tcp open http
    443/tcp open https
    444/tcp open snpp
    873/tcp open rsync

  9. I told you so... by DogsRevolution · · Score: 1

    Some kid was really upset they couldn't get Family Guy on BBC iPlayer. Santa takes this stuff pretty seriously I say.

  10. Re:Really missed his chance by dwater · · Score: 1

    Yes, I'm curious too.

    --
    Max.
  11. Re:Really missed his chance by isorox · · Score: 1

    I'm curious why you seem to have a problem with them running rsync, while you don't seem to have the same (and more) problems with the FTP server.

    Why do you think rsync would be a problem?

    FTP obviously has its faults, but it is a known, standard way of sharing files with other companies. It's highly likely that a company pushing files to the BBC will send them via FTP, and vice versa (The BBC did a deal with Signiant to handle some external file transfers, but obviously sharing material with some companies will still need an open and common standard like FTP)

    I'd be very surprised that any company that is happy to use rsync would be unable to use rsync over ssh. I'm unsure why you'd want to use rsync to transfer a couple of files either, rather than scp.

    It's most likely that rsync is used in this case to keep multiple servers synced from a master, in which case blocking access at a firewall level should be happening.

    The fewer services exposed to the public, the fewer lines of attack.