Mon, 29 Sep 2025

Mon, 29 Sep 2025 'You'll never need to work again': Criminals offer reporter money to hack BBC

Reporter Joe Tidy was offered money if he would help cyber criminals access BBC systems.
A cyber correspondent recently received an unsolicited message on the encrypted chat app Signal from someone claiming to be part of a ransomware-as-a-service operation called Medusa. The person, who identified themselves as "Syn", offered the correspondent 15% of any potential ransom payment if they provided access to their work laptop at the BBC. The correspondent was told that Syn's team could demand tens of millions in ransom from the BBC and estimated that the correspondent would be in line for a substantial payday. They also claimed to have successfully hacked several other organizations, including a UK healthcare company and a US emergency services provider, by striking deals with insiders. To test the authenticity of the offer, the correspondent asked Syn to provide proof, but they instead sent a link to Medusa's darknet address and invited them to contact them through a secure messaging service. The correspondent decided to stall for time and eventually reached out to the BBC's information security experts for advice. However, before the correspondent could do so, Syn's team began bombarding their phone with two-factor authentication notifications as part of a hacker technique known as MFA bombing. This was done to trick the correspondent into accepting the login requests or resetting their password, which would have given the hackers immediate access to the BBC accounts. The correspondent eventually disconnected from the BBC system as a precaution and contacted the information security team, who agreed to lock out the correspondent's account. When confronted about the issue, Syn claimed that they were "testing" the BBC login page and apologized for any inconvenience caused. After several days of inactivity, Syn deleted their Signal account and disappeared. The correspondent was eventually reinstated to the BBC system with added protections to their account, but not before gaining a chilling insight into the tactics used by cyber criminals and the risks that organizations face from insider threats.
  >>

Terms of Use | Privacy Policy | Manage Cookies+ | Ad Choices | Accessibility & CC | About | Newsletters | Transcripts
Business News Top © 2024-2025