Criminals Offer Reporter Money to Hack Bbc

Posted3 months agoActive3 months ago

fork-bomber

33 points

10 comments

bbc.co.ukTechstory

calmnegative

Debate

20/100

CybersecurityHackingJournalism

Key topics

Cybersecurity

Hacking

Journalism

A reporter was offered money by criminals to hack into the BBC's systems, and shared their experience, sparking discussion on cybersecurity and the tactics used by hackers.

Snapshot generated from the HN discussion

Discussion Activity

Light discussion

First comment

Peak period

6-9h

Avg / period

1.4

Key moments

01Story posted
Sep 29, 2025 at 1:52 AM EDT
3 months ago
Step 01
02First comment
Sep 29, 2025 at 3:10 AM EDT
1h after posting
Step 02
03Peak activity
3 comments in 6-9h
Hottest window of the conversation
Step 03
04Latest activity
Sep 30, 2025 at 12:29 PM EDT
3 months ago
Step 04

Generating AI Summary...

Analyzing up to 500 comments to identify key contributors and discussion patterns

Discussion (10 comments)

Showing 10 comments

dybber

3 months ago

2 replies

> They then sent a complicated jumble of computer code and asked me to run it as a command on my work laptop and report back what it said. They wanted to know what internal IT access I had to start planning their next steps once inside.

He should share that script for companies to protect themselves.

> As I held my phone in my hands, the screen filled with a new request every minute or so.

> I knew exactly what this was - a hacker technique known as MFA bombing. Attackers bombard a victim with these pop ups by attempting to reset a password or login from an unusual device.

> Eventually the victim presses accept either by mistake or to make the pop-ups go away. This is famously how Uber was hacked in 2022.

Authenticator apps should not give notifications, users must open them manually. In Denmark the government have followed this security practice for the authentication app MitID. In the beginning there was a lot of complaints, but now we know that is just how it works.

mpeg

3 months ago

1 reply

Or they could balance usability with security and do some sort of throttling at least, there’s no reason to DoS the user with notifications

chrisjj

3 months ago

2 replies

There was no DoS here.

mpeg

3 months ago

1 reply

I know, I wasn't talking literally, but in spirit that's what MFA bombing is – they flood your phone with notifications until you approve one, either accidentally or our of the mental fatigue of having a ton of notifications come in.

chrisjj

3 months ago

1 reply

That's different in spirit. No denial at all. In fact this action needs to avoid denying service in order to succeed.

lesuorac

3 months ago

1 reply

It's denying you from using your phone if a notification constantly pops up.

chrisjj

3 months ago

1 reply

But it doesn't. The screenshot shows avg. only one each 5 min. That is not denying use of phone.

mpeg

3 months ago

A notification even every few minutes is extremely stressful, and would cause most people to either put their phone in airplane mode (therefore, denying normal use) or accepting the login

But I don't really know why we're arguing over semantics, you understood what I meant.

more_corn

3 months ago

User can’t use their phone for fear of accidentally touching accept as it scrolls by in notifications.

tehwebguy

3 months ago

> Authenticator apps should not give notifications, users must open them manually.

Agreed, the constant “Are you trying to log in / reset your password?” notifs Google send me are concerning because I’m afraid I’ll accidentally tap “Yes / Allow”!

View full discussion on Hacker News

ID: 45410685Type: storyLast synced: 11/20/2025, 3:47:06 PM

Want the full context?

Jump to the original sources

Read the primary article or dive into the live Hacker News thread when you're ready.

Open link View on HN