
A BBC journalist has revealed how a cybercriminal gang offered to give him access to his laptop in exchange for a staggering sum of money.
The message, received on the Signal app, promised journalist Joe Tidy "15% of any bounty payment" while later increasing the offer to 25%.
"We're not sure how much the BBC pays you, but what would happen if you got 25% of the final negotiations, while we got 1% of the BBC's total income? You would never have to work again."
The gang, which introduced itself as "Medusa" and communicated through an intermediary called "Syn", argued that it would hack into BBC systems, demand ransom in bitcoin from the companies and split the money with insider collaborators.
"They sent a link to the Medusa recruitment page on an exclusive cybercrime forum, urging me to start the process of securing 0.5 bitcoin (about $55,000) in an escrow agreement. In fact, they guaranteed me this money at least after I provided my login details," the journalist says.
"We're not bluffing or joking - we have no media intentions, we're all about money and nothing but money and one of our top managers wanted me to contact you."
The author provoked contact by requesting login credentials and execution commands, even sending code that the journalist was supposed to execute on the work device.
After consulting with his editorial team and cybersecurity, the journalist decided to use the opportunity to investigate the group's tactics, but in the meantime he became the target of an MFA bombing attack, a mass mailing of verification requests to phones intended to force the accidental acceptance of authorizations. As a precaution, his account was completely disconnected from the BBC network.
I called the BBC's information security team and as a precaution we agreed to completely disconnect me from the BBC. No email, no intranet, no internal tools, no privileges.
The surprisingly calm message from the hackers came later that evening.
"The team apologizes. We were testing your BBC login page and we're very sorry if this caused you any problems."
The experience highlighted the dangers of “inside” attacks and the importance of cooperation with security teams. Criminals use darknet platforms and deposit offers to convince victims.
In the aforementioned case, the conversations ended without finalization when the crime contact deleted his Signal account and disappeared.
" We eventually returned to the BBC system, albeit with additional protection for my account. And with the additional experience of being on the inside of an insider threat attack."
"A shocking look at the ever-evolving tactics of cybercriminals, and one that has highlighted a whole area of risk for organizations that I didn't really appreciate until I was on the other side of the danger myself ," the journalist concludes.
Lini një Përgjigje