Slashdot Mirror

← Back to Stories (view on slashdot.org)

BBC Hijacks 22,000 PCs In Botnet Demonstration

Posted by CmdrTaco on from the yeah-demo-that-please-sure dept.

An anonymous reader writes "'[The BBC] managed to acquire its own low-value botnet — the name given to a network of hijacked computers — after visiting chatrooms on the internet. The programme did not access any personal information on the infected PCs. If this exercise had been done with criminal intent it would be breaking the law. But our purpose was to demonstrate botnets' collective power when in the hands of criminals.' The BBC performed a controlled DDoS attack, 'then ordered its slave PCs to bombard its target site with requests for access to make it inaccessible.'"

7 of 457 comments (clear)

  1. Breaking the law by qoncept · · Score: 5, Interesting

    If this exercise had been done with criminal intent it would be breaking the law.

    Ok, so, I don't know much about the laws, but it is illegal, isn't it?

    --
    Whale
    1. Re:Breaking the law by tygerstripes · · Score: 4, Interesting

      1. Nobody comes to arrest you. Why the hell would the police get involved? You'll get increasingly strongly-worded letters and then, eventually, a court summons.

      2. What if you don't pay your gas/credit-card/porn-subscription bill? Same story. Does that mean NPower/Barclays/shemaleswithdiseasedsheep.com is affiliated with the government?

      3. I said they were autonomous, not completely independent and uninvolved. This means they can follow that charter in whatever way they see fit.

      Know what? I'm tired of discussing this point. The Beeb's history and reputation speaks for itself. If you have a serious point then please make it, and then show me a more effective alternative. Insofar as it's possible, the Beeb is as I've described.

      --
      Meta will eat itself
  2. Skewed views of the law by grayn0de · · Score: 5, Interesting

    Way to go, BBC. You have moved past bringing the populace breaking news stories to creating them! I am looking forward to the next headline, regarding this. I think we all agree that gaining unauthorized access to another computer is, not only unethical, but illegal. I am surprised, being that this article is on slashdot, now, that the BBC is not already feeling the ramifications of its actions. I highly doubt they asked everyone in those chat rooms: "Hi, we are from the BBC, we would like to pwn your computer in the name of exposing cyber security risks. Is this okay, with you? Great, Thanks!"

  3. Re:why use botnet by N1AK · · Score: 5, Interesting

    I wrote about this story on my site and submitted it to The Reg at 10:20 this morning when I read the story on their website. Now its been aired on TV it seems to be getting a lot of coverage. I added an update a few minutes ago covering the two areas of the Computer Misuse Act that are likely to be quoted quite a bit in the debate about the legality.

    I find it amazing that something this dubious was allowed to get all the way to airing without someone at the BBC having a hissy fit. Perhaps they have received legal advice that said it was legit?

    As an aside, if I had wanted to submit my page to Slashdot is there a way I could of done it that (assuming it got published) wouldn't result in my host wishing a painful death upon me? I didn't change it partly because it's a short write up and partly for that reason.

  4. Re:Now this... by N1AK · · Score: 4, Interesting

    Accessing and modifying data on other peoples computers is illegal.

    It's not that simple, accessing someones computer itself is a crime under the Computer Misuse Act. Modifying data is another crime but I think the BBC can safely argue that they didn't have 'requisite intent':

    For the purposes of subsection (1)(b) above the requisite intent is an intent to cause a modification of the contents of any computer and by so doing--
    (a) to impair the operation of any computer;
    (b) to prevent or hinder access to any program or data held in any computer; or
    (c) to impair the operation of any such program or the reliability of any such data.

    I have written a longer analysis of the Computer Misuse Act and how it relates to the BBC Click Botnet if you are interested. Please note IANAL and I don't mean in the kinkeh sex sense either.

  5. Re:Now this... by ciderVisor · · Score: 4, Interesting

    I hope you took time to explain to them that Windows Defender is not a firewall. If you want a firewall then Windows....erm, Firewall might be more appropriate, funnily enough.

    I've been running Windows XP malware-free for over 2 years thanks to Windows Firewall, Windows Defender and LUA accounts. Do your friends a favour and set them up properly. Free them from third-party AV hell.

    --
    Squirrel!
  6. Re:why use botnet by Teancum · · Score: 4, Interesting

    I suppose that the BBC views themselves as a branch of the British government. Yes, I know that it is supposedly an "independent" organization, but it is fully-funded by taxpayers in the UK.

    Then again, would many people consider a similar investigation by the U.S. Department of Defense or Department of Justice to be legit?

    Real monetary damages can be calculated here as well, as depreciation value and CPU time... not to mention access to network resoruces are certainly not "free" for the taking. Furthermore, technician time spent to remove these bot program, scanner software required to find this stuff.... removing this software is likely to be the more expensive part.

    Assuming â100 per computer that was infected (a rather low estimate), that would be around â200,000 that this reporter has potentially set up his company for liability damages.