In what at first seemed to be a teen hackers hack attack, Russian cyber criminals have made a criminal assault on the British Broadcasting Corporation. A Russian cyber criminal calling himself both “Hash” and “Revolver” was advertising access to the UK’s public service broadcaster on Christmas Day. According to the Financial Times, Hold Security, an American cyber security company with ties to intelligence communities around the world, announced the Russians had managed to gain access to the site ftp.bbc.co.uk. More recent attempts to access this site were not possible in the aftermath of this reported incident. What is clear, however, is that ftp-type systems are usually used for the transfer of huge amounts of data over the Internet.
The BBC is only the latest organization to be attacked in a similar manner. During 2013, both the Associated Press and the New York Times were attacked and temporarily taken down by hackers that the Washington Post theorized were from the Chinese government. Additionally, the Syrian Electronic Army, supporters of Syrian president Bashar al-Assad, has attacked both The Financial Times and The Wall Street Journal.
Clearly very much publicly embarrassed, the BBC has refused to comment, but what’s very obvious is that the ‘attack’ was actually more of a sort of reconnaissance probe in order to prove that the hackers could take down the news website at will, access their data, re-edit or eviscerate news, or indeed run amuck in many other vital areas of the BBC’s substantial infrastructure. Hold Security thinks it’s a bit of macho posturing from one of the scores of brilliant hackers within the massive worldwide Russian criminal organization Voor ve Zakonye.
“Most likely it is potentially a notch on someone’s belt in the hacker community,” one of their security experts said anonymously. “It is such a high-profile site. Maybe it will give them exposure through a media stunt or quite possibly allow a criminal enterprise to send out spam or malicious attacks from a legitimate server.”
No doubt, the BBC’s sophisticated infrastructure surely employs security boffins of their own well capable of altering credential access to their sites. The more immediate difficulty will be to create a damage inventory to assess the harm that has already been done. Such attacks focus attention on the growth of a black market in passwords and vulnerabilities that give untrained criminals who lack the usual basic computer skills to purchase a sort of fundamental access into cyber crime. Just as access to spy gear and lock-picking instrumentation is child’s play on the Internet, so, it seems, is the easy availability of purchasing passwords. According to Hold Security, there were no particular prices requested for access credentials, but what bad-boy Revolver referred to as ‘exploits’ were part of a price menu that rose from US$200 up to US$3,000.
Indeed, in a world where protection of intellectual property becomes more and more tenuous, the fear for members of the general public who do anything that might be classified as ‘cultural’ or ‘creative’ artisanship is that they, too, will be targeted. The computer age may have empowered anybody with access, but simultaneously spawned a new kind of everyman criminal, too. Such is the democracy of technology! Perhaps we all ought to collectively worry less about cyber wars and hacker malice than a more immediate personal threat of vindictive criminal hackers gaining easy access to our intellectual property and confidential material of any kind.