The Beeb, Botnets, and Breaking the law.
On Friday, the World Wide Web was offically 20 years old.
The BBC celebrated its birthday by explaining the inner working of a ‘botnet’. A botnet is a robotic network. A series of private computers that have been linked together by being infected with code, usually introduced in the form of trojans and other viruses, which allow the originators of the code to take control of that computer whenever the owner is on-line.
Computers that have been caught up in a botnet have been effectively taken over, and are usually controlled by criminals and spammers whose motives include selling viagra, operating financial scams and crippling websites through coordinated attacks. These gangs rent out use of ‘their’ bot for many thousands of pounds.
Perhaps not the sort of company you would expect a publicly funded oganisation to keep, so it will come as some surprise that the BBC ‘Click’ programme not only explained how to organise a ‘bot’ – it obtained access to a botnet of 22,000 compromised Windows PCs from an underground forum. It used these machines to send junk mail to two accounts it had established with Gmail and Hotmail. The programme also used these compromised PCs to show how they might be used in a denial of service attack (DDoS) which bombard a website with traffic until it becomes blocked. Some threaten website operators with DDoS attacks in bids to extract pay offs.
In fairness, the researchers did warn the owners of the malware-infected PCs forcing their PC to display a message from BBC Click explaining how to clean up their machines.
The Computer Misuse Act 1990 makes it an offence in the United Kingdom to access another person’s computer, or alter data on their computer, without the owner’s permission.
The legislation has been used on a number of occasions to bring British hackers and virus writers to book, as obviously anyone breaking into a computer or installing malware is in breach of the act.
It is, therefore, somewhat surprising to find that the BBC appears to be have breached the law when making a program about computer crime.
Blogger John Graham was quick off the mark and e-mailed the BBC. He received this rather surprising reply:
It was not our intention to break the law. At no stage was any other data other than the IP address used. There is a powerful public interest in demonstrating the ease with which such malware can be obtained and used; how it can be deployed on thousands of PCs without the owners even knowing it is there; and its power to send spam e mail or attack other websites undetected . This will help computer users realise the importance and value of using basic security techniques to defend their PCs from such attacks. The BBC has strict editorial guidelines for this type of investigation which were followed to the letter.
Struan Robertson, a technology lawyer says:
“The BBC appears to have broken the Computer Misuse Act by causing 22,000 computers to send spam. It does not matter that the emails were sent to the BBC’s own accounts and criminal intent is not necessary to establish an offence of unauthorised access to a computer,” he said.
“The Act requires that a computer has been made to perform a function with intent to secure access to any program or data on the computer. Using the botnet to send an email is likely to satisfy that requirement. It also requires that the access is unauthorised – which the BBC appears to acknowledge. It does not matter that the BBC’s intent was not criminal or that someone else created the botnet in the first place.”
The Register has enquired of the BBC whether they paid cyber criminals for access to this bot, using public funds; they have yet to receive response.
The BBC appear to be pleading a ‘public interest’ defence to their law breaking – if the BBC did indeed pay for this access, is the public interest sufficient to warrant payment to cyber criminals?
-
1
March 15, 2009 at 12:54 -
TheBBC is the backbone of the United Kingdom. It is staunchly resilient to any attack on the United Kingdom and its Government. The BBC has never and will never act in any way that will compromise this position. The BBC is a publically funded body and as such only ever acts in the public interest. That is why, for instance, that despite not having a television the BBC will pursue any criminal who doesn’t pay for a licence. Equally, it is the founding reason for supporting the troops, across the world, when they are involved in imperialistic struggles with other lesser nations.The BBC is proud of its role, assumed, of defender of the realm. The BBC will make any pronouncements necessary to maintain diplomatic propriatory and the safety of the nation. It will provide a fair and balanced opinion of world affairs on the basis that the United Kingdom is foremost of the global nations. The BBC continually recognises and acts upon its global position. The BBC as leading commentator of world cricket provides a means by which and for which the nations of the world can come together in a global peace of global proportions. The BBC will enable the 2012 Olympic Games to become the most memorable of all Olympiads by offering a serious and creative dialogue of the festival. It will not run away from meeting the demands of enforcement necessary and will thereby encourage the ‘viewer and listener’ to enjoy the spectacle by herding on an inwards trajectory a most unecessary number of journalists and commentors to assist the process. This is all in respect of the BBCs much vaunted position as spokesman for the nation. A nation truly deserving of such a icon.
Now, what was the question again?
-
2
March 15, 2009 at 12:59
-
-
3
March 15, 2009 at 13:32 -
heard on the street, live, from a local resident…
“the Olympics have cost me that gold medal, they have”
-
4
March 15, 2009 at 13:52 -
The smug and ease with which the Click team did this was a direct invitation for people with just enough knowledge to pursue a lucrative career without even having to get out of bed. Very encouraging indeed.
-
5
March 15, 2009 at 13:59 -
If they had to do this programme ………….. they should have done it as investigative piece with the usual rogues faces off camera …………. and made it look like the dirty business it truly is.
What a good way to make everybody ensure they update their ‘free’ software …………… But even better …………… It would make many more others pay for superior protection. So a good advert all round ………… and more scare tactics and paranoia-inducing chat from the BBC yet again!
-
6
March 15, 2009 at 15:22 -
Makes you wonder if the BBC want to control the internet users like they try to control all the rest of the news output in the UK! One big family of people unable to access anything that may go against the current Government’s ideas on Thought Control.
I noticed that Sky’s Martin Brunt was brought to heel rather quickly when he had a story and that bwas when I really began to watch how quickly the BBC jumped on their staff.
I bet more people spend more of the TV licence money on editing and checking and re-editing than they do on their period dramas these days!
-
7
March 15, 2009 at 15:31 -
I wonder if Mike Ellam would like to pop in for a chat and show us the way forward?
The time is surely upon us for all good men to come to the aid of the Party!
And this Party needs aid. Lots of it. Their obvious manipulation of the Press is no use whilst we can sit here undermining their policies.
How soon will it be before they have to switch off the internet?
-
8
March 15, 2009 at 15:39 -
It just goes to show you can’t be too careful.
-
9
March 15, 2009 at 15:53 -
Doesn’t it Gloria! Doesn’t it just! We must be much more careful than ever before.
Of course the BBC is right behind all the reasons to be able to use the civil contingency plans as well …………….. I mean ……………. Good Heavens look at all these terrorists everywhere!
Northern Ireland is alight if you watch the BBC! It is positively brimming with terrorists petrol-bombing everywhere …………… in every street and town! And as for the Islamic terrorists ………… Good grief! It is a wonder we can even get out to the super-markets!
I think we have to admit that we all need to be put on a DNA database and just use the internet to contact the friends we used to go the pbs with ……………. Before they closed them down.
At least we know where we stand now. We cannot be too careful! Don’t buy your groceries online. The BBC have proved that people could be snatching our card details and using them for all kinds of skullduggery.
Which means that it may not be a good idea to pay the licence fee online. They can come and collect mine from the house. Cash only. Just in case there has been a retaliation attack on their web-site.
-
10
March 16, 2009 at 16:28 -
For year’s journalists around the world have been doing that are illegal as part of undercover exposé’s – be it paying off someone a government official to get some sort of document they weren’t entitled to, or going to a club to buy drugs or down to the local market to buy illegally imported cigarettes / DVD’s / you name it.
In the pursuit of exposing the truth, sometimes we have to delve into this world to fully understand its depths. Why is this perfectly accepted in the real world, but suddenly frowned upon in cyberspace?
-
11
March 16, 2009 at 17:33 -
Exactly Ian Williams! One of the reasons may just be that the moles are harder to track down and squash.
Due to the rapidity of the dissemination of information throughout the net …………. I think that all the people who were heretofore protected by the Establishment ………… are rather errrrrr …………. vulnerable!
And certain figures in society don’t like this. They don’t like it one bit! Take Mozzer and Geddo at the recent Select Committee meeting as glaring examples. Geddo and Clearance are particularly annoyed at what goes to print – or more especially appears on the internet.
Having read what they are up in arms about …………… I can see why!
Comments on this entry are closed.
{ 11 comments }