The BBC’s website and iPlayer service went down on Thursday morning following a cyber attack causing widespread panic on social media
A BBC Technology journalist later posted an article on their website saying a “large web attack” had “knocked” their websites offline.
Sources within the BBC said the sites were down “thanks to what is knows as a ‘distributed denial of service’ attack”.
A National Crime Agency spokesperson said: “DDOS is a blunt form of attack which takes volume and not skill. It’s a very basic attack tool. One analogy is too many people trying to get through a revolving door at the same time so that the door gets stuck.”
Social media reaction to the trouble was swift. Many urged the BBC to get the site back up quickly and lamented how long it was taking to fix the technical trouble.
Among the Twitter users to pass comment was Stephen Fry.
Professor Tim Watson, Director of Cyber Security at the University of Warwick, said: “The BBC site will expect lots of traffic and they are a high profile target so you would expect them to have all kind of protection against a DDos attack.
“They will be used to having lots of visitors but usually people visit the site at different times and are not repeatedly asking for lots of information.
“The way a DDos attack works is by having control of thousands or millions of computers on a ‘botnet’ – so as people get their computers compromised by visiting websites or clicking on malicious links in emails, they can be remotely controlled and then coordinated to all visit a website at the same time.
“So you can have millions of computers all making repeated visits to the same page over and over again and that is how you flood a website to the point where legitimate users can’t get access.”
Professor Watson said there are a number of ways big corporations can protect against these kind of attacks but they are expensive.
One way of protecting a site is to have something called “fat pipes” – very large data cables capable of dealing with incredibly high amounts of traffic – combined with really fast computers which can filter out anything like DDos traffic and re-route legitimate traffic back to the main website.
But Professor Watson asked: “Is it a good used of licence payers’ money to have fatter pipes just on the off chance that one day someone might want to take down the BBC website with a DDos attack?”
Cyver security expert Professor Alan Woodward, from the University of Surrey, said an attack like this needs a “degree of coordination”.
He said: “I would have thought this could have been so-called hacktivists. The bbc has a large and sophisticated structure themselves and I know they have systems in place to mitigate it so it might have been slightly more than the usual DDoS attack. I cant see why a cyber criminal would do this, they do this for money, the only people who do this to make a point are hacktivists.
“You have these groups who are doing this to make a point. Nation states often have the capability to do it. The motives tend to be where you have some group like these active hacker squad, phantom squad and lizard squad who do it.”
An official BBC spokesperson said the corporation “are not discussing the causes” of the shutdown “or going into any further detail”.
The BBC’s main website is the 89th biggest in the world, according to web analytics firm Alexa, and is the seventh-ranked site in the UK.
Twitter goes into meltdown
As BBC technicians frantically attempted to work out how to get their website back up and running, Twitter users had a lot of fun as #BBCDown began trending.
The corporation apologised for the inconvenience on a number of Twitter feeds, blaming the website and its iPlayer services going down for over an hour on a “technical issue”.
It later emerged the corporation had suffered a DDoS – a distributed denial of service – attack.