Slashdot Mirror

← Back to Stories (view on slashdot.org)

BBC Hijacks 22,000 PCs In Botnet Demonstration

Posted by CmdrTaco on from the yeah-demo-that-please-sure dept.

An anonymous reader writes "'[The BBC] managed to acquire its own low-value botnet — the name given to a network of hijacked computers — after visiting chatrooms on the internet. The programme did not access any personal information on the infected PCs. If this exercise had been done with criminal intent it would be breaking the law. But our purpose was to demonstrate botnets' collective power when in the hands of criminals.' The BBC performed a controlled DDoS attack, 'then ordered its slave PCs to bombard its target site with requests for access to make it inaccessible.'"

14 of 457 comments (clear)

  1. It gets better by blowdart · · Score: 5, Insightful

    Controlling machines without permission? Against the computer misuse act.

    They used the botnet to spam two email accounts, one at gmail and one at hotmail. That's against the computer misuse act.

    And they changed the wallpaper on the machines on the botnet. Against the computer misuse act.

    Their "justification" doesn't fly; not having criminal intent is not a defence against the law.

    1. Re:It gets better by PhilHibbs · · Score: 4, Insightful

      Controlling machines without permission? Against the computer misuse act.

      Correct.

      They used the botnet to spam two email accounts, one at gmail and one at hotmail. That's against the computer misuse act.

      Not if it's their own hotmail and gmail accounts or if they have permission, I can spam myself if I want to, and you could spam me as well if I gave you permission.

      Their "justification" doesn't fly; not having criminal intent is not a defence against the law.

      Journalists have a high degree of freedom in this respect, there are plenty of cases of journalists smuggling guns past airport or other border security as a demonstration.

    2. Re:It gets better by Spatial · · Score: 4, Insightful

      I'd be more interested in hearing about whether you think it was the right thing to do or not, instead of shouting "You broke the rules!" like a child in a schoolyard. If they didn't do any harm it isn't very important that they broke the law. Follow the spirit, not the letter.

      Reading the article tells me: They disabled the botnet and told the computer owners afterward, and they advised them on how to secure their gear in future. They performed a DDoS on a site, but with prior agreement from the owner.

      That's thousands of people who probably learned a valuable lesson. Better to learn that way than to have their credit card details stolen, or their bandwidth used in a malicious DDoS. Given the incredible amount of PCs that are compromised in general, this would seem inevitable without some education to prevent it.

      Of course you can make a good argument that it was unethical to invade their PCs, but don't just dismiss the benefits of this out of hand. It's boring, and not really insightful at all.

  2. Not against the law??? by RingDev · · Score: 5, Insightful

    If this exercise had been done with criminal intent it would be breaking the law.

    So if I install software on your machine that you paid for, consume the bandwidth that you are paying for, burn extra electricity that is paid for by you, all with out ever even letting you know about it, so long as I'm doing it for finding a cure for cancer, it's perfectly legal?

    What if I use that bot net to distribute the load of rendering animated gaping anal gay midget porn movies? It's not a crime to render animated gaping anal gay midget porn movies, so I have no criminal intent, so it must be legal, right?

    -Rick

    --
    "Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
  3. Agreed. Mod parent up. by mmell · · Score: 5, Insightful

    I've been on the bad side of this one - a lack of criminal intent does not mitigate or extenuate criminal action. Their guilt is quite plain (having been admitted, even published by the BBC itself). Now, their lack of criminal intent does have a bearing on sentencing. Inasmuch as the BBC did not wilfully cause damage or fiscal loss to anybody (except, potentially, themselves?), the sentence should be something on the light side, perhaps even suspended; but the matter of their guilt is simple black-letter law.

  4. Illegal and unethical to boot! by unsupported · · Score: 4, Insightful

    This is both highly illegal and unethical. Illegal in that they accessed the PCs without the owners permission, they sent spam, and changed the settings on the computer.

    Unethical even if their motive was not to do criminal intent.

    It is like creating a "white worm" to patch servers from an unpatched vulnerability.

    --
    Yopu for you?
  5. Re:Breaking the law by PhilHibbs · · Score: 4, Insightful

    No, it's more like if your door is already busted wide open and burglars are coming in and out, and a reporter wanders in.

  6. Re:Breaking the law by unlametheweak · · Score: 4, Insightful

    Regardless of intent it is illegal.

    Isn't the BBC "owned" by the government of Britain ("a quasi-autonomous statutory corporation as a public service broadcaster and is run by the BBC Trust; it is, per its charter, supposed to "be free from both political and commercial influence and answer only to its viewers and listeners", Ref: http://en.wikipedia.org/wiki/Bbc)? If so it would appear that they are immune from the law because, as contemporary history demonstrates, "intent", when the government is involved is never criminal in nature, but rather for the good of mankind.

  7. Don't focus on the legality by Reality+Master+201 · · Score: 5, Insightful

    Everyone's going on about how it's actually illegal and the intent doesn't matter (I don't know either way - it is Britain and maybe things work differently there).

    What about the fact that some guys from the BBC were able to gain control of 20k infected machines on the web just for the purposes of doing a story? To me, the implications of that are far worse than any possible criminality.

  8. Re:Now this... by sakdoctor · · Score: 5, Insightful

    Then get some security.

    No unlocked car or house door analogy is even slightly useful in this case.

    Computer security by law is worse than security by obscurity, or security by Symantec product.

  9. Re:Breaking the law by Opportunist · · Score: 5, Insightful

    It's ok to tell him to get the f.. out. But most people, to return the analogy to the PC, don't even care that someone is standing there, in the middle of their living room, making unsolicited phone calls from your landline, telling everyone about your tv watching habits or even stuffing your jacket pockets with leaflets. As long as they don't trash the place, most people don't care that someone is standing there, coming and going as they please, leaving the window open for any burglar that wants to come in.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  10. Re:Breaking the law by Opportunist · · Score: 4, Insightful

    ...and you complaining about the reporter who told you that burglars are coming and going, because he made you look stupid. Instead of thanking him and asking him how to get rid of the burglars. Or at least cursing him and asking him how to get rid of them.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  11. Re:Breaking the law by tygerstripes · · Score: 4, Insightful

    NO!!!

    Your quote diametrically refutes your posit! It is funded by the public and given a mandate of political neutrality and autonomy by that charter. That charter was issued by the government many years ago and has been essentially sacrosanct since then. The BBC is "owned" by the people, more so than the government is.

    Contemporary History, with regards to the BBC, demonstrates that they have managed to maintain that detachment and impartiality - even to the detriment of the ruling government - on many occasions. It's out of keeping with the increasingly totalitarian character of UK government, I know, but somehow the Beeb seems to be just-about maintaining its function. Whether that will continue indefinitely is anybody's guess, but for god's sake, give them credit where it's due for now...

    --
    Meta will eat itself
  12. Unbelievable by ppentz · · Score: 5, Insightful

    Ugh, I can't stand the attitude here. Botnets are a HUGE problem. People need to know if their PCs are hijacked and they need to be fixed. If my PC is hijacked, I want to know about it. Now. When someone's PC is used in a DDOS attack, isn't that illegal activity? I've always heard that ignorance of the law is not an excuse, so if someone is not aware their PC is being used illegally, their PC is still being used for illegal purposes ... should they be held accountable? If there is an activity that is *questionably* legal but can potentially help with the Botnet problem, I'm all for it.