The BBC has made an odd move recently by buying/seeding a botnet of 22,000 computers under the guise of investigative journalism.
They claim it’s not illegal as they caused no harm and only sent spam to e-mail accounts used by themselves. Technically I think it’s still breaking the law under the Computer Misuse Act but most likely nothing would happen as they caused no damage or losses (According to lawyer Struan Robertson BBC did violate the act).
Software used to control thousands of home computers has been acquired online by the BBC as part of an investigation into global cyber crime.
The technology programme Click has demonstrated just how at risk PCs are of being taken over by hackers. Almost 22,000 computers made up Click’s network of hijacked machines, which has now been disabled.
The BBC has now warned users that their PCs are infected, and advised them on how to make their systems more secure. Click managed to acquire its own low-value botnet – the name given to a network of hijacked computers – after visiting chatrooms on the internet.
The programme did not access any personal information on the infected PCs. If this exercise had been done with criminal intent it would be breaking the law.
The whole thing has created quite a furor in the computer security scene, with people debating the legality and ethics involved.
Which was probably what the BBC wanted in the first place, the more people talk about it the better right?
SMH even claim the whole thing back-fired.
By prior agreement, Click launched a Distributed Denial of Service (DDoS) attack on a backup site owned by security company Prevx. Click then ordered its slave PCs to bombard its target site with requests for access to make it inaccessible.
Amazingly, it took only 60 machines to overload the site’s bandwidth. DDoS attacks are used by extortionists who threaten to knock a site offline unless a hefty ransom is paid. Jacques Erasmus from Prevx said that high-traffic websites with big revenues are a “massive target” for this kind of attack.
“Cyber criminals are getting into contact with websites and threatening them with DDoS attacks. “The loss of trade is very substantial so a lot of these websites just pay-up to avoid it,” he explained.
But well pushing the boundaries, that’s what investigative journalism is about right? We’ve had enough programs about pimps, triads and drugs – why not some about cybercrime and the underbelly on the Internet.
I hope I manage to view the show, it sounds like it’ll be interesting (even if ethically questionable).
But well aren’t all the best things on that thin grey line?