BBC Hijacks 22,000 PCs In Botnet Demonstration 457
An anonymous reader writes "'[The BBC] managed to acquire its own low-value botnet — the name given to a network of hijacked computers — after visiting chatrooms on the internet. The programme did not access any personal information on the infected PCs. If this exercise had been done with criminal intent it would be breaking the law. But our purpose was to demonstrate botnets' collective power when in the hands of criminals.' The BBC performed a controlled DDoS attack, 'then ordered its slave PCs to bombard its target site with requests for access to make it inaccessible.'"
Breaking the law (Score:5, Interesting)
If this exercise had been done with criminal intent it would be breaking the law.
Ok, so, I don't know much about the laws, but it is illegal, isn't it?
They paid hackers (Score:2, Interesting)
Just wait until a botnet DDOS's Click's website.
I'm sure some were in the US (Score:2, Interesting)
if you go randomly grab 22,000 computers for your botnet, it's far more likely than not that some would be in the US. Even if they only targeted BBC registered users or something (didn't read TFA), there'd still be overseas users and such, some in the US. Not that I'm an expert, but I don't think they could reliably get computers from only inside GB.
Skewed views of the law (Score:5, Interesting)
Re:Illegal and unethical to boot! (Score:1, Interesting)
But never mind me...all you people on the righteous indignation bandwagon just mod me troll already and be done with it. Grab your pitchforks! Burn down the BBC! They're breaking the law!
Re:I'm sure some were in the US (Score:2, Interesting)
Re:why use botnet (Score:5, Interesting)
I find it amazing that something this dubious was allowed to get all the way to airing without someone at the BBC having a hissy fit. Perhaps they have received legal advice that said it was legit?
As an aside, if I had wanted to submit my page to Slashdot is there a way I could of done it that (assuming it got published) wouldn't result in my host wishing a painful death upon me? I didn't change it partly because it's a short write up and partly for that reason.
Re:Now this... (Score:5, Interesting)
It's not that simple, accessing someones computer itself is a crime under the Computer Misuse Act. Modifying data is another crime but I think the BBC can safely argue that they didn't have 'requisite intent':
I have written a longer analysis of the Computer Misuse Act and how it relates to the BBC Click Botnet [john-graham.me.uk] if you are interested. Please note IANAL and I don't mean in the kinkeh sex sense either.
Re:Breaking the law (Score:3, Interesting)
The BBC Already did it (Score:1, Interesting)
Beat The Burglar [imdb.com]
Re:Now this... (Score:5, Interesting)
I hope you took time to explain to them that Windows Defender is not a firewall. If you want a firewall then Windows....erm, Firewall might be more appropriate, funnily enough.
I've been running Windows XP malware-free for over 2 years thanks to Windows Firewall, Windows Defender and LUA accounts [msdn.com]. Do your friends a favour and set them up properly. Free them from third-party AV hell.
Re:Breaking the law (Score:3, Interesting)
Yes, this is illegal. There was an embarrassing attempt to cover their asses with the following:
There's no question of mens rea - they knew exactly what they were doing, whether or not they thought it was a crime - while actus reus is satisfied if they undertook the crime. The crime in this case was gaining unauthorised access to personal computers. "Criminal intent" doesn't come into it - they deliberately did something which is a criminal act.
However, they won't get prosecuted. This has nothing to do with "ties to the guv'mint", and everything to do with journalistic licence. They exposed criminal activity without effecting any damage to property or reputation, and in doing so helped to inform and protect not only the several thousand people directly involved, but a whole nation of news-reading, tech-ignoring proles.
This is exactly what investigative journalism is about. While technically they broke the law, there is a fine history of decades of case-law precedent where journalists went undercover and got involved in criminal practices purely in an effort to expose and prevent it in future.
There's no way in hell the CPS (the body responsible for prosecuting criminal cases) would touch this. Flimsy though it may be, journalistic integrity is afforded impressive leniency in British culture and law, provided it is seen to be of public benefit.
Re:Now this... (Score:3, Interesting)
Ditto. Vista's much derided UAC actually makes running Windows securely much easier too, it's actually the best part about Vista and I'm disappointed that MS is sacrificing security for ease of use in Win7. MS needs to stand firm against apps that bring up UAC prompts during normal operation whilst streamlining the UI to make the prompts more descriptive and eliminate multiple UAC prompts during certain operations.
To paraphrase, those who sacrifice security for ease of use deserve neither.
Re:why use botnet (Score:5, Interesting)
I suppose that the BBC views themselves as a branch of the British government. Yes, I know that it is supposedly an "independent" organization, but it is fully-funded by taxpayers in the UK.
Then again, would many people consider a similar investigation by the U.S. Department of Defense or Department of Justice to be legit?
Real monetary damages can be calculated here as well, as depreciation value and CPU time... not to mention access to network resoruces are certainly not "free" for the taking. Furthermore, technician time spent to remove these bot program, scanner software required to find this stuff.... removing this software is likely to be the more expensive part.
Assuming â100 per computer that was infected (a rather low estimate), that would be around â200,000 that this reporter has potentially set up his company for liability damages.
Re:Breaking the law (Score:5, Interesting)
1. Nobody comes to arrest you. Why the hell would the police get involved? You'll get increasingly strongly-worded letters and then, eventually, a court summons.
2. What if you don't pay your gas/credit-card/porn-subscription bill? Same story. Does that mean NPower/Barclays/shemaleswithdiseasedsheep.com is affiliated with the government?
3. I said they were autonomous, not completely independent and uninvolved. This means they can follow that charter in whatever way they see fit.
Know what? I'm tired of discussing this point. The Beeb's history and reputation speaks for itself. If you have a serious point then please make it, and then show me a more effective alternative. Insofar as it's possible, the Beeb is as I've described.
Re:why use botnet (Score:3, Interesting)
Evidence of actual crime is being published by the BBC. It is illegal to use computing resources owned by other people without their permission.
Illegal. That means it's a crime.
I completely accept that there's minimal harm to any given individual. This does not make it legal.
I don't want punitive damages. I don't really care about punishment of any tangible form. I do want prosecution and the full process of the law.