In a recent incident involving cyber crime, BBC cyber correspondent Joe Tidy received an unexpected proposal from a criminal group. The individual, identified as “Syndicate,” contacted Tidy via the encrypted messaging app Signal in July, offering him a share of any ransom payment if he allowed access to his work laptop for a hacking operation targeting BBC systems.
The proposal entailed that Tidy would provide his login credentials to Syndicate, who claimed they would use this access to infiltrate the BBC, steal data, and demand a ransom in Bitcoin. The hacker even suggested escalating the offer to 25% of the ransom based on the BBC’s revenue, which Syndicate estimated could lead to demands in the tens of millions.
Reports from Brazil highlighted the risks associated with insider threats, as an IT worker there was arrested for selling login information, resulting in financial losses for victims. Inspired by this context, Tidy engaged in the conversation with Syndicate to understand how such schemes operate. During their exchange, Syndicate portrayed himself as an insider for a cyber criminal group named Medusa, which operates a ransomware-as-a-service platform for hacking organizations.
Cybersecurity firm CheckPoint suggests that Medusa’s operations are primarily based outside of Russia, avoiding targets within its own borders. Syndicate claimed the group had successfully executed similar plans with other organizations this year. Tidy remained skeptical and requested proof of their legitimacy, receiving a link to Medusa’s darknet site.
During the discussions, Syndicate would periodically inquire about Tidy’s potential participation, hinting at significant financial gain. They also attempted to provoke urgency and stressed the necessity for Tidy to comply quickly. Ultimately, Tidy decided to contact the BBC’s security team, leading to precautionary measures that included disconnecting him from internal systems.
Later, Tidy experienced a technique known as MFA bombing—a strategy used by hackers to overwhelm victims with login requests—making his phone nearly unusable. Following security protocols, he was disconnected from all BBC systems until the situation was resolved. The criminal contact eventually ceased communication, but Tidy’s experience serves as a stark reminder of the growing insider threat in cybersecurity.
Source: https://www.bbc.com/news/articles/c3w5n903447o?at_medium=RSS&at_campaign=rss