- The BBC journalist was targeted by hackers offering ransom benefits
- The gang presented itself with links to addresses and Darknet forums
- MFA bombings transformed online negotiations into an invasive and disturbing confrontation
The concept of a threat of initiates within cybersecurity is often discussed in abstract terms, a theoretical vulnerability that organizations are experiencing exists but rarely confronted directly.
But this abstract risk has become a tangible reality for the BBC Cyber Joe Tidy correspondent when it was unexpectedly proposed by an individual called Syn, who claimed to represent the group of Medusa ransomware.
The unlined contact, initiated on the signal of the encrypted messaging application, presented a simple but criminal proposal – so that Tidy gives access to internal BBC systems in exchange for a percentage of a future payment of the ransom.
The proposal and the appeal of lucrative gains
After consulting main editorial figures, Tridy has committed to the individual to understand the mechanics of the proposal.
Syn described a process where the journalist would put his connection identification information, allowing the gang to infiltrate the BBC network, deploy malware and extort the company.
The financial argument was aggressively degenerated, Syn suggesting that the correspondent could receive 25% of a ransom calculated as a percentage of the total turnover of the BBC.
To establish credibility, Syn provided a link to the Darknet address of Medusa and underlined the presumed previous successes.
He appointed a British health care company and an American emergency service provider as examples of offers where initiate transactions had supposed to be facilitated.
After several days of conversation, Tidy’s attempt to block time to consult internal security experts caused a radical change in criminals.
The previously conversational syn has become impatient, demanding an immediate action and trying to put pressure on storage with taunts with taunts on a future life on a beach.
This verbal pressure quickly turned into a direct technological assault because the Tidy phone was suddenly flooded with a two-factory authentication pop-up dam.
This technique is known as the MFA bombing, where the connection attackers connection, hoping that the victim will accidentally approve of one and transformed the situation of distant negotiations into a disturbing direct confrontation.
The BBC had to completely disconnect the storage of all BBC systems as a precaution.
The subsequent communication of criminals was strangely apologetic, but they argued that the initial agreement was available.
“The team apologizes. We are tesing your BBC connection page and we are extremely sorry if that caused you problems,” they said.
The incident ended with the hackers who finally deleted their account after no other response.
While Tidy did not have high -level access that criminals wrongly assumed that he had, the episode served as a scary case study, as cybercriminals now use a mixture of financial incentives and aggressive technical coercion to pursue their objectives.
Organizations should therefore deal with such meetings with skepticism and ensure that staff can quickly report unusual approaches.
