The episode was reported by Reuters on Sunday. It had been discovered by Hold Security, described by Reuters as "a cybersecurity firm in Milwaukee that monitors underground cyber-crime forums in search of stolen information." It was Hold Security, together with Brian Krebs, that discovered the stolen files stashed on the internet that exposed the recent massive 150 million password theft from Adobe.
On 25 December, Hold Security noticed the Russian hacker attempting to sell access to the BBC server in the underground forums. It has found no evidence that he was successful, nor that anything was stolen. However, noting the time gap between the offer of sale and the apparent time of regaining control, Voice of Russia points out that "anyone who was willing to pay the access fee had around 72 hours to download all the sensitive information located on the hacked server." It adds that lack of a visible purchaser is not surprising since such transactions are always secretive.
The BBC would certainly be a prized scalp for any hacker. Apart from the kudos of hacking the world's best known broadcaster and news service, it would likely attract the interest of the same groups responsible for hacking some of the major US media companies such as the New York Times and the Washington Post – generally thought to be from China.
The Guardian quotes Alex Holden, founder of Hold Security, commenting on the incident. The value of being able to get into a BBC server is not the same as hacking credit card details. "I doubt that the BBC stored 40m credit cards, but they have something as valuable," he said, referencing the recent Target breach. The value comes from the potential to be able to pivot from that server onto other servers deeper and more critical within the network. "Theoretically speaking, a hacker who is able to manipulate or fabricate a news story may crash financial markets, make millions, and cause billions in losses.
While there is currently no evidence to suggest anything more than a successful breach of an obscure FTP server, followed by an unsuccessful attempt to sell that breach, this interpretation assumes no time lag between the breach and the attempted sale. At the moment we do not know when the breach actually occurred nor whether any unknown third parties have already made use of the Russian's access. The BBC will undoubtedly be checking its entire network for any sign of hackers having pivoted off that hacked FTP server into other parts of its network.