Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

BBC Hijacks 22,000 PCs In Botnet Demonstration

CmdrTaco posted more than 5 years ago | from the yeah-demo-that-please-sure dept.

Security 457

An anonymous reader writes "'[The BBC] managed to acquire its own low-value botnet — the name given to a network of hijacked computers — after visiting chatrooms on the internet. The programme did not access any personal information on the infected PCs. If this exercise had been done with criminal intent it would be breaking the law. But our purpose was to demonstrate botnets' collective power when in the hands of criminals.' The BBC performed a controlled DDoS attack, 'then ordered its slave PCs to bombard its target site with requests for access to make it inaccessible.'"

cancel ×

457 comments

Sorry! There are no comments related to the filter you selected.

why use botnet (5, Funny)

fredan (54788) | more than 5 years ago | (#27166533)

when you can use slashdot!

Re:why use botnet (5, Funny)

Spazztastic (814296) | more than 5 years ago | (#27166843)

when you can use slashdot!

Well, a botnet is probably faster. By the time your article gets through the submission queue the target would probably have gone offline along with the sun burning out.

Re:why use botnet (5, Funny)

Opportunist (166417) | more than 5 years ago | (#27167011)

The botnet is not stronger. But it is quicker. Easier. More seductive.

Re:why use botnet (1)

geordie_loz (624942) | more than 5 years ago | (#27167399)

But At least your article is likeley to be duped within a week or two.

Re:why use botnet (5, Interesting)

N1AK (864906) | more than 5 years ago | (#27167229)

I wrote about this story on my site [john-graham.me.uk] and submitted it to The Reg at 10:20 this morning when I read the story on their website. Now its been aired on TV it seems to be getting a lot of coverage. I added an update a few minutes ago covering the two areas of the Computer Misuse Act that are likely to be quoted quite a bit in the debate about the legality.

I find it amazing that something this dubious was allowed to get all the way to airing without someone at the BBC having a hissy fit. Perhaps they have received legal advice that said it was legit?

As an aside, if I had wanted to submit my page to Slashdot is there a way I could of done it that (assuming it got published) wouldn't result in my host wishing a painful death upon me? I didn't change it partly because it's a short write up and partly for that reason.

Now this... (4, Informative)

kcbanner (929309) | more than 5 years ago | (#27166537)

...is good journalism. Good job BBC, the masses need to know about NOT USING IE6 TO SURF THE WEB.

Re:Now this... (5, Informative)

sopssa (1498795) | more than 5 years ago | (#27166867)

Accessing and modifying data on other peoples computers is illegal. Better article written by a known security researcher Dancho Danchev [zdnet.com] , who also thinks it was controversial and illegal act.

Even if your intentions are good, I DO NOT WANT you using my computer or making changes to it without my permissions.

Re:Now this... (5, Insightful)

sakdoctor (1087155) | more than 5 years ago | (#27166983)

Then get some security.

No unlocked car or house door analogy is even slightly useful in this case.

Computer security by law is worse than security by obscurity, or security by Symantec product.

Re:Now this... (0)

Anonymous Coward | more than 5 years ago | (#27167467)

a friend of mine was trusting Windows Defender (EEK!) as their primary firewall. I promptly got Avast! and put it on their system. After running a thorough scan, I found at least 90 trojans, worms, and other malware.
i personally recommend Kaspersky or Avast! and if you want your little kid to not be able to download these, consider DansGuardian [http://dansguardian.org/] as a pretty good filter.

Re:Now this... (4, Interesting)

N1AK (864906) | more than 5 years ago | (#27167345)

Accessing and modifying data on other peoples computers is illegal.

It's not that simple, accessing someones computer itself is a crime under the Computer Misuse Act. Modifying data is another crime but I think the BBC can safely argue that they didn't have 'requisite intent':

For the purposes of subsection (1)(b) above the requisite intent is an intent to cause a modification of the contents of any computer and by so doing--
(a) to impair the operation of any computer;
(b) to prevent or hinder access to any program or data held in any computer; or
(c) to impair the operation of any such program or the reliability of any such data.

I have written a longer analysis of the Computer Misuse Act and how it relates to the BBC Click Botnet [john-graham.me.uk] if you are interested. Please note IANAL and I don't mean in the kinkeh sex sense either.

Re:Now this... (0)

Anonymous Coward | more than 5 years ago | (#27167413)

It is highly unlikely that any journalist doing such a thing publicly has anything to fear from the law. This was clearly done in the public interest, which is such a strong defence it's even codifies into certain laws which would otherwise makes things such as publishing "sensitive" details illegal, for example.

Re:Now this... (4, Informative)

Eternauta3k (680157) | more than 5 years ago | (#27167431)

This reminds me of a certain video by The Onion [youtube.com]

Re:Now this... (0)

Anonymous Coward | more than 5 years ago | (#27167001)

...is good journalism. Good job BBC, the masses need to know about NOT USING IE6 TO SURF THE WEB.

Unfortunately, they do not mention anything about IE6 (or Windows, for that matter).

Breaking the law (5, Interesting)

qoncept (599709) | more than 5 years ago | (#27166553)

If this exercise had been done with criminal intent it would be breaking the law.

Ok, so, I don't know much about the laws, but it is illegal, isn't it?

Re:Breaking the law (5, Funny)

jeffmeden (135043) | more than 5 years ago | (#27166577)

Don't worry, it was a "low value" botnet... That makes it OK.

Re:Breaking the law (2, Funny)

snowraver1 (1052510) | more than 5 years ago | (#27166765)

What's a botnet?

Re:Breaking the law (5, Funny)

Dr Caleb (121505) | more than 5 years ago | (#27166847)

It's an electrically charged net that we use to catch runaway robots. Like the Ethernet we use to catch the EtherBunny.

Re:Breaking the law (5, Funny)

Gryften (994000) | more than 5 years ago | (#27167247)

The EtherBunny is the one that runs around anaesthetizing kids to commemorate the ressurection of Jesus, right?

Re:Breaking the law (4, Informative)

Spazztastic (814296) | more than 5 years ago | (#27166641)

If this exercise had been done with criminal intent it would be breaking the law.

Ok, so, I don't know much about the laws, but it is illegal, isn't it?

Regardless of intent it is illegal. They are gaining unauthorized access to someones PC and using it for their own personal gain. If I were to demonstrate how to crack someones WEP key in 5 minutes without the victim's explicit written permission it would be illegal, even if done just for "educational purposes." Sure, it's edgy reporting, but it is still highly illegal.

I doubt anything will come of it though.

Re:Breaking the law (4, Insightful)

unlametheweak (1102159) | more than 5 years ago | (#27166835)

Regardless of intent it is illegal.

Isn't the BBC "owned" by the government of Britain ("a quasi-autonomous statutory corporation as a public service broadcaster and is run by the BBC Trust; it is, per its charter, supposed to "be free from both political and commercial influence and answer only to its viewers and listeners", Ref: http://en.wikipedia.org/wiki/Bbc [wikipedia.org] )? If so it would appear that they are immune from the law because, as contemporary history demonstrates, "intent", when the government is involved is never criminal in nature, but rather for the good of mankind.

Re:Breaking the law (1)

Tukz (664339) | more than 5 years ago | (#27167031)

By that logic, the BBC would be entitled to demonstrate how easy it is to break into people houses, or how easy it is to acquire a gun and kill someone. For educational purposes!

Re:Breaking the law (0)

Anonymous Coward | more than 5 years ago | (#27166863)

There needs to be an exception for WEP and other deprecated algorithms.
These are of historical and educational interest only.

Re:Breaking the law (1)

Spazztastic (814296) | more than 5 years ago | (#27166925)

These are of historical and educational interest only.

WEP is far from deprecated in the smaller community unfortunately. Old wireless cards don't support WPA/WPA2 and not everybody can afford to buy a new one (even for $30). Most WEP setups are put in by someone one time and never touched because the user doesn't know any better. I suppose it's better than having just an open network...

Re:Breaking the law (1)

Cimexus (1355033) | more than 5 years ago | (#27167147)

Hell, the Nintendo DS, which is a relatively new piece of hardware (released way after WPA was common) supports only WEP. So if you have a DS in the house and you actually want to use the online features ... you have to use WEP. Argh!

Re:Breaking the law (0)

Anonymous Coward | more than 5 years ago | (#27167213)

I followed you until the WEP comparison. Isn't "cracking WEP" a self-contained math problem? Why would solving a math problem in your basement be considered illegal? Of course gaining unauthorized access to someone PC (using the cracked WEP key) would be illegal, but you already established that.

Re:Breaking the law (1)

marcello_dl (667940) | more than 5 years ago | (#27166645)

Yep, this seems more of a demonstration of people not caring if somebody gets into YOUR pc.

It's like a guy entering your house through an open windows, and standing there without stealing or ruining anything. Is it ok or it is more ok to tell him "Get The F*k Out"? You decide, sheep ;D

Re:Breaking the law (1)

ShieldW0lf (601553) | more than 5 years ago | (#27166817)

It's like a guy entering your house through an open windows, and standing there without stealing or ruining anything. Is it ok or it is more ok to tell him "Get The F*k Out"? You decide, sheep ;D

I'd say it's more like you leaving your hunting rifles lying around on the front lawn and someone took them and used them for a drive-by.

Securing your machine is your responsibility. Failing to do so is negligence.

Re:Breaking the law (1)

gandhi_2 (1108023) | more than 5 years ago | (#27167279)

Almost all hunting rifles are bolt-action. That would make a pretty ineffective drive-by. Especially if you are the one doing the driving and shooting.

Re:Breaking the law (4, Insightful)

PhilHibbs (4537) | more than 5 years ago | (#27166819)

No, it's more like if your door is already busted wide open and burglars are coming in and out, and a reporter wanders in.

Re:Breaking the law (4, Insightful)

Opportunist (166417) | more than 5 years ago | (#27167275)

...and you complaining about the reporter who told you that burglars are coming and going, because he made you look stupid. Instead of thanking him and asking him how to get rid of the burglars. Or at least cursing him and asking him how to get rid of them.

Re:Breaking the law (5, Insightful)

Opportunist (166417) | more than 5 years ago | (#27167231)

It's ok to tell him to get the f.. out. But most people, to return the analogy to the PC, don't even care that someone is standing there, in the middle of their living room, making unsolicited phone calls from your landline, telling everyone about your tv watching habits or even stuffing your jacket pockets with leaflets. As long as they don't trash the place, most people don't care that someone is standing there, coming and going as they please, leaving the window open for any burglar that wants to come in.

Re:Breaking the law (1)

Dishevel (1105119) | more than 5 years ago | (#27167463)

I so wish I had Mod points right now. That is the most accurate depiction of what is actually going on that I have seen.

Re:Breaking the law (1)

bentcd (690786) | more than 5 years ago | (#27166721)

Ok, so, I don't know much about the laws, but it is illegal, isn't it?

Presumably. The press tends to be given a fair amount of leeway in cases such as this though.

Re:Breaking the law (1)

rhsanborn (773855) | more than 5 years ago | (#27166773)

I wonder if I can take the car of every BBC staffer and use it to demonstrate how a small army of cars can do something illegal if I so chose to do so. But I'm not using them to do anything illegal, so it's ok that I took them.

Re:Breaking the law (1)

sopssa (1498795) | more than 5 years ago | (#27167281)

This applies here really good actually. Botnets per se arent illegal; users can install on their machine whatever apps they want. its illegal what you do with them. Even more than botnets it worries me if random people get the authority to access your pc and change data on it without you knowing. BBC broke law here and I hope they get some conscidences, because otherwise we see lots of people with apparently 'good intentions' accessing other peoples pc's.

Re:Breaking the law (1)

bickerdyke (670000) | more than 5 years ago | (#27167065)

First of all.... what do you know about BRITISH law?

Re:Breaking the law (2, Funny)

Ontheotherhand (796949) | more than 5 years ago | (#27167271)

Well. it is more draconian than american law, not underpinned by a constitution as such, but usually interpreted by a non political group of Judges so that in general it works. recent right wing hastily passed laws on anti terrorism and new fangled computer thingies not withstanding.

Re:Breaking the law (1)

ianare (1132971) | more than 5 years ago | (#27167103)

I thought journalists had greater freedom in certain situations. For example interviewing a wanted felon and not reporting his/her location to police would normally be illegal (obstruction of justice, aiding a felon), but journalists do that all the time.

Re:Breaking the law (1)

Ghostworks (991012) | more than 5 years ago | (#27167409)

That's not "normally" illegal. That's "always" illegal. Luckily for many reporters, the authorities are often spread to thin to track down real criminals, so the chance of them wasting resources on a reporter are slim unless it would actually help to catch the fugitive in a particularly high-profile case. Reporters still go to jail every once in a while for refusing to name a source, or doing something stupid.

Re:Breaking the law (4, Funny)

yo_tuco (795102) | more than 5 years ago | (#27167265)

"I don't know much about the laws, but it is illegal, isn't it?"

It is legal if you wear a suit-n-tie and work in a corporate office. But if you wear a tee-shirt working from your basement, you're under arrest for unauthorized access.

Re:Breaking the law (1)

Jurily (900488) | more than 5 years ago | (#27167337)

Ok, so, I don't know much about the laws, but it is illegal, isn't it?

Did they do it with the permission and supervision of the police?

Re:Breaking the law (1)

Leafheart (1120885) | more than 5 years ago | (#27167375)

If this exercise had been done with criminal intent it would be breaking the law.

Ok, so, I don't know much about the laws, but it is illegal, isn't it?

It is not illegal if you are a journalist. It would be illegal if it were you or I though. If you are a blogger it is not clear yet.

They paid hackers (2, Interesting)

Anonymous Coward | more than 5 years ago | (#27166567)

It seems a bit stupid to pay the hackers, as now they will have more money to set up botnets with. I suppose if they didn't a spammer would have done anyway, at least they have a chance of shutting them down now I guess.

Just wait until a botnet DDOS's Click's website.

It gets better (5, Insightful)

blowdart (31458) | more than 5 years ago | (#27166573)

Controlling machines without permission? Against the computer misuse act.

They used the botnet to spam two email accounts, one at gmail and one at hotmail. That's against the computer misuse act.

And they changed the wallpaper on the machines on the botnet. Against the computer misuse act.

Their "justification" doesn't fly; not having criminal intent is not a defence against the law.

Re:It gets better (1)

lee1026 (876806) | more than 5 years ago | (#27166631)

Actually, intent is often considered in the law. IANAL, but I am assuming their legal department signed off on this.

Agreed. Mod parent up. (5, Insightful)

mmell (832646) | more than 5 years ago | (#27166659)

I've been on the bad side of this one - a lack of criminal intent does not mitigate or extenuate criminal action. Their guilt is quite plain (having been admitted, even published by the BBC itself). Now, their lack of criminal intent does have a bearing on sentencing. Inasmuch as the BBC did not wilfully cause damage or fiscal loss to anybody (except, potentially, themselves?), the sentence should be something on the light side, perhaps even suspended; but the matter of their guilt is simple black-letter law.

Re:Agreed. Mod parent up. (0)

Anonymous Coward | more than 5 years ago | (#27167363)

But, my armchair lawyer friend (and the five million others who will pipe up), the CPS must decide that it is in the "public interest" to prosecute.

This little get-out clause is both used for good - not trying to punish someone who has assisted their terminally ill partner with suicide when they had made a living will years before and were still mentally competent, say - and for bad - such as not pursuing corrupt police officers.

Re:It gets better (1)

Spazztastic (814296) | more than 5 years ago | (#27166683)

Their "justification" doesn't fly; not having criminal intent is not a defence against the law.

I'm sorry officer! My intent wasn't criminal when I broke into my neighbors house to see their renovation of their living room and watch a few episodes of Desperate Housewives on their HDTV! I was just curious, you see...

Re:It gets better (3, Funny)

Clipless (1432977) | more than 5 years ago | (#27166729)

But it is all OK because they didn't have any "criminal intent."

I wish I had known that was a valid argument during my little DUI incident.
Live and Learn I guess.

Re:It gets better (0)

Anonymous Coward | more than 5 years ago | (#27167165)

"Little DUI" HA! Screw that! Drunk drivers should be publicly castrated. And disemboweled if they hurt anybody else. Goddamn people!

Re:It gets better (1)

geekboy642 (799087) | more than 5 years ago | (#27167477)

Don't mind the inevitable AC trashing you'll get for that remark. MADD has pretty well succeeded in brainwashing the common sense out of an entire generation.

Re:It gets better (4, Insightful)

PhilHibbs (4537) | more than 5 years ago | (#27166875)

Controlling machines without permission? Against the computer misuse act.

Correct.

They used the botnet to spam two email accounts, one at gmail and one at hotmail. That's against the computer misuse act.

Not if it's their own hotmail and gmail accounts or if they have permission, I can spam myself if I want to, and you could spam me as well if I gave you permission.

Their "justification" doesn't fly; not having criminal intent is not a defence against the law.

Journalists have a high degree of freedom in this respect, there are plenty of cases of journalists smuggling guns past airport or other border security as a demonstration.

Re:It gets better (1)

Zerth (26112) | more than 5 years ago | (#27166919)

And theft of services. If any of those were on metered connections, they could have cost the owner a fair bit of money.

Re:It gets better (4, Insightful)

Spatial (1235392) | more than 5 years ago | (#27166973)

I'd be more interested in hearing about whether you think it was the right thing to do or not, instead of shouting "You broke the rules!" like a child in a schoolyard. If they didn't do any harm it isn't very important that they broke the law. Follow the spirit, not the letter.

Reading the article tells me: They disabled the botnet and told the computer owners afterward, and they advised them on how to secure their gear in future. They performed a DDoS on a site, but with prior agreement from the owner.

That's thousands of people who probably learned a valuable lesson. Better to learn that way than to have their credit card details stolen, or their bandwidth used in a malicious DDoS. Given the incredible amount of PCs that are compromised in general, this would seem inevitable without some education to prevent it.

Of course you can make a good argument that it was unethical to invade their PCs, but don't just dismiss the benefits of this out of hand. It's boring, and not really insightful at all.

May I know your address? (1)

mmell (832646) | more than 5 years ago | (#27167167)

I'd like to drop by your home and have a look at your taste in furniture, preferrably when you aren't around (after all, you could interfere with my ability to form an accurate impression and we wouldn't want that now, would we?).

What? That jewelery in my pocket? Oh, my - I was looking at it and forgot to put it back. No intent to steal, no harm no foul.

There's a reason they call them laws. Otherwise, we'd call them "suggestions".

Re:It gets better (0, Redundant)

N1AK (864906) | more than 5 years ago | (#27167441)

They disabled the botnet and told the computer owners afterward

They also bought the botnet (or so it seems). I would like to keep Heroin off the streets, it doesn't mean I want the BBC to start buying it off dealers and throwing it away.

My view and some analysis of the Computer Misuse Act [john-graham.me.uk]

Re:It gets better (0)

Anonymous Coward | more than 5 years ago | (#27167211)

So you'd rather people remained blindly unaware of security issues on their machines? I hardly expect that a typical Slashdot user would be able to break down the advice they've given as plainly and simply without resorting to a healthy degree of smugness and zealotry. If the BBC managed to obtain crack cocaine/firearms from a public figure, would you be as quick to denounce their actions?

Posted AC for blatantly obvious reasons.

Re:It gets better (1)

ais523 (1172701) | more than 5 years ago | (#27167261)

Given that the BBC has a program which, amongst other things, steals things from people then gives them back again (and then gets permission to show the resulting film on TV), I suspect if they were going to get in trouble for this sort of thing they would have done long ago.

Other benefits (1)

JaimeZX (780523) | more than 5 years ago | (#27166619)

I heard the BBC virus also installed a photo of David Attenborough in a bikini as the user's wallpaper and also informed the British government if it found any pictures of knives, guns, or pointed sticks.

Re:Other benefits (1)

Canazza (1428553) | more than 5 years ago | (#27167331)

Am I the only one who heard 'pointed sticks' being read out as if it were that Monty Python Banana self-defence sketch?

Not against the law??? (5, Insightful)

RingDev (879105) | more than 5 years ago | (#27166639)

If this exercise had been done with criminal intent it would be breaking the law.

So if I install software on your machine that you paid for, consume the bandwidth that you are paying for, burn extra electricity that is paid for by you, all with out ever even letting you know about it, so long as I'm doing it for finding a cure for cancer, it's perfectly legal?

What if I use that bot net to distribute the load of rendering animated gaping anal gay midget porn movies? It's not a crime to render animated gaping anal gay midget porn movies, so I have no criminal intent, so it must be legal, right?

-Rick

Re:Not against the law??? (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#27166993)

Never heard of UK's "extreme porn law"? I'm pretty sure that it would be illegal if they were VIOLENT gaping anal gay midget porn movies!

Re:Not against the law??? (0, Funny)

Anonymous Coward | more than 5 years ago | (#27167207)

Extreme porn law? They have laws against looking at porn while bungee jumping? That's madness!

Re:Not against the law??? (1)

Spatial (1235392) | more than 5 years ago | (#27167129)

It probably is illegal, this is the UK we're talking about. [google.com] Midgets could be construed as children!

Re:Not against the law??? (0)

Anonymous Coward | more than 5 years ago | (#27167191)

What if I use that bot net to distribute the load of rendering animated gaping anal gay midget porn movies? It's not a crime to render animated gaping anal gay midget porn movies, so I have no criminal intent, so it must be legal, right?

-Rick

Hmmmm. Is there a copy of that available or is it still rendering?

Re:Not against the law??? (1)

bickerdyke (670000) | more than 5 years ago | (#27167371)

So.. if I smash a window to pull your unconscious body out of your burning house, that should be illegal just cause I should have ASKED you first?

And so your example _might_ even be legal, if you can give a *really* good reason for not asking first. And it should be one why you couldn't have asked, and not why you didnt want to.

I CHALLENGE THE BBC TO DO THIS TO U.S. COMPUTERS. (1, Informative)

Anonymous Coward | more than 5 years ago | (#27166681)

Wow. I can't believe this. In the U.S. what the BBC did is a criminal act. Even if they did not have criminal intent.

Under U.S. law what the BBC did would be as if a criminal entered or broke into a house but did not steal or destroy anything.

I challenge the BBC to do the same thing to computers on U.S. soil. The BBC perpetrators would be extradited so fast they would not know what hit them.

I'm sure some were in the US (2, Interesting)

JeanBaptiste (537955) | more than 5 years ago | (#27166783)

if you go randomly grab 22,000 computers for your botnet, it's far more likely than not that some would be in the US. Even if they only targeted BBC registered users or something (didn't read TFA), there'd still be overseas users and such, some in the US. Not that I'm an expert, but I don't think they could reliably get computers from only inside GB.

Re:I'm sure some were in the US (1)

Timothy Brownawell (627747) | more than 5 years ago | (#27166907)

I don't think they could reliably get computers from only inside GB.

Should be fairly simple with a decent GeoIP [geoip.co.uk] database.

Re:I'm sure some were in the US (2, Interesting)

mjjw (560868) | more than 5 years ago | (#27167097)

The BBC has a GeoIP database which they use to determine whether or not you are eligible to use services such as iPlayer. Whether or not they checked if the computers were in the UK I do not know, but they certainly could have done.

Re:I CHALLENGE THE BBC TO DO THIS TO U.S. COMPUTER (1)

mjjw (560868) | more than 5 years ago | (#27167119)

The BBC perpetrators would be extradited so fast they would not know what hit them.

Sadly true as we have a very one-sided treaty regarding extradition.

Re:I CHALLENGE THE BBC TO DO THIS TO U.S. COMPUTER (1)

bickerdyke (670000) | more than 5 years ago | (#27167429)

Oh stop that egocentric rant!

Different countries have different laws. Cope with that!

Illegal and unethical to boot! (4, Insightful)

unsupported (230678) | more than 5 years ago | (#27166691)

This is both highly illegal and unethical. Illegal in that they accessed the PCs without the owners permission, they sent spam, and changed the settings on the computer.

Unethical even if their motive was not to do criminal intent.

It is like creating a "white worm" to patch servers from an unpatched vulnerability.

Re:Illegal and unethical to boot! (0)

Anonymous Coward | more than 5 years ago | (#27166963)

They didn't send spam, they sent email to their own email addresses. How can that possibly be spam?

Re:Illegal and unethical to boot! (1, Insightful)

PhilHibbs (4537) | more than 5 years ago | (#27166975)

Journalists have a much higher degree of discretion when following legitimate investigations.

Re:Illegal and unethical to boot! (1, Interesting)

je ne sais quoi (987177) | more than 5 years ago | (#27167033)

Meh. I'm not too concerned: the BBC creating a botnet is like the BBC going out and speeding or driving aggressively during rush hour. Sure, it's illegal and unsafe, but when everybody is doing so why single out the BBC for their activity? In fact, maybe if the BBC can demonstrate just how trivially easy it is to create and use a botnet, people will wake up and start taking security more seriously because them doing it calls attention to the problem. Actually if everyone did this and started creating their own botnets, sure it might bring down the internet for awhile, at least those machines that are pwned, but you can bet that software and router companies would start patching their software more quickly and more efficiently. In any case, how do you know that the BBC didn't infect their own computers?

But never mind me...all you people on the righteous indignation bandwagon just mod me troll already and be done with it. Grab your pitchforks! Burn down the BBC! They're breaking the law!

Re:Illegal and unethical to boot! (0)

Anonymous Coward | more than 5 years ago | (#27167277)

why dont i just saw your arms off...
so you cant write stupid shit like this and people notice that stupid shit is something they should try to avoid!
But never mind me...all you people on the righteous indignation bandwagon just mod me troll already and be done with it.

armchair lawyers (2, Insightful)

Anonymous Coward | more than 5 years ago | (#27166713)

Ah, time to bring out the armchair lawyers. Nevermind that the BBC has its own legal team that reviewed this activity before it happened. I'm sure all of you know better. Especially all you Americans who are well-versed in British law.

British computers only? (3, Insightful)

dazedNconfuzed (154242) | more than 5 years ago | (#27166913)

You SURE only British law applies? As noted in another post, when you start hijacking 22,000 computers on the Internet, most likely SOME of those will be in the USA (or other countries where such activity IS illegal). You sure those BBC lawyers know enough about technology to be sure that the activity was limited to British computers, and this did not actually risk becoming an international incident?

Re:British computers only? (1)

Phyvo (876321) | more than 5 years ago | (#27167143)

The article mentions that US/UK computers are more expensive and that they used a "low value" botnet. So it's possible that they simply used computers from elsewhere in the world, where they don't have that type of law that could be applied internationally.

Re:armchair lawyers (4, Informative)

xorsyst (1279232) | more than 5 years ago | (#27167083)

Feel free to read the law [opsi.gov.uk] first. It's actually quite readable, even to non-lawyers. It looks like they might have some wiggle room with clause (3)(2) to me.

In Other news... (0)

Anonymous Coward | more than 5 years ago | (#27166831)

In other news, A DDOS Brought CNN down for two hours today, BBC was found responding "I wonder who had the opportunity for that" CNN was only to respond "Those limey brits"

In other news... (4, Funny)

Dishwasha (125561) | more than 5 years ago | (#27166859)

the notorious underground computer hacking group self-labeled /. [slashdot.org] deploys over 30,000 Anonymous Cowards to take down the BBC news website by maliciously posting a link to this news article.

Was linux involved? (1)

yossarianuk (1402187) | more than 5 years ago | (#27166883)

How many of the botnet'd machines were running linux ?

Re:Was linux involved? (1)

stonedcat (80201) | more than 5 years ago | (#27166989)

I'd be willing to bet the number you seek is zero.

Don't focus on the legality (5, Insightful)

Reality Master 201 (578873) | more than 5 years ago | (#27166903)

Everyone's going on about how it's actually illegal and the intent doesn't matter (I don't know either way - it is Britain and maybe things work differently there).

What about the fact that some guys from the BBC were able to gain control of 20k infected machines on the web just for the purposes of doing a story? To me, the implications of that are far worse than any possible criminality.

Skewed views of the law (5, Interesting)

grayn0de (1301165) | more than 5 years ago | (#27166905)

Way to go, BBC. You have moved past bringing the populace breaking news stories to creating them! I am looking forward to the next headline, regarding this. I think we all agree that gaining unauthorized access to another computer is, not only unethical, but illegal. I am surprised, being that this article is on slashdot, now, that the BBC is not already feeling the ramifications of its actions. I highly doubt they asked everyone in those chat rooms: "Hi, we are from the BBC, we would like to pwn your computer in the name of exposing cyber security risks. Is this okay, with you? Great, Thanks!"

Good to know! (2, Informative)

Exitar (809068) | more than 5 years ago | (#27166909)

"If this exercise had been done with criminal intent it would be breaking the law."

So, if I run over a pedestrian with my car while absentminded I obviously have no criminal intent so I'm not breaking the law?

Re:Good to know! (1)

Zerth (26112) | more than 5 years ago | (#27167003)

No, that would be reckless endangerment.

You have to do it deliberately for a news piece on elderly drivers and why they can't miss a farmers market.

Re:Good to know! (1)

Hatta (162192) | more than 5 years ago | (#27167115)

So, if I run over a pedestrian with my car while absentminded I obviously have no criminal intent so I'm not breaking the law?

Only if you do so for "educational purposes".

Re:Good to know! (0)

Anonymous Coward | more than 5 years ago | (#27167393)

Slow down, are you saying that someone who accidentally hits a pedestrian should get the same punishment as someone who intentionally hits them? I'm glad you don't write the laws.

Some information missing from the summary (4, Informative)

ais523 (1172701) | more than 5 years ago | (#27167021)

Once the BBC had finished with their botnet, they changed the desktop background of all the infected computers to tell people what had happened and link them to this webpage [bbc.co.uk] , which contains some information on how to secure Windows. Then, they uninstalled the botnet software.

When will people learn. (0)

Anonymous Coward | more than 5 years ago | (#27167099)

In other news, 22,000 PC users are stupid Windows users.

I am not a lawyer, but how is this not illegal? (-1, Redundant)

Anonymous Coward | more than 5 years ago | (#27167149)

"If this exercise had been done with criminal intent it would be breaking the law."

More correctly phrased, "The BBC broke the law for the sake of a newsworthy experiment."

How can this not be illegal? This is no different from the BBC stealing the tools from a hardware store in order to break into houses and find out how long it would take for the police to arrive. They'd still be arrested for committing illegal acts. I suppose whether the victim decided to press charges for the break-in would matter (e.g., apparently the DDoS target permitted it), but that doesn't change the illegality of obtaining the tools to do the job: the commandeered bots. Then there is the extreme likelihood that what they were doing was breaking the TOS of their ISP, or somewhere up the line.

criminal intent??? (0)

Anonymous Coward | more than 5 years ago | (#27167193)

If this exercise had been done with criminal intent it would be breaking the law.

lolwut. actually, in the United States, it is totally illegal, both at the federal level (18 USC 1030) and every single state. I'm sure it's just as illegal in England. Sony didn't have criminal intent when it distributed rootkits. I would like to see the BBC sued by 22,000 people.

It is illegal (3, Informative)

furby076 (1461805) | more than 5 years ago | (#27167251)

Actually, hijacking any computer - even if you didn't do anything bad and were trying to demonstrate a security flaw - is illegal. There have been other cases in our past where someone wanted to show the flaws in security...all to end up getting arrested.

Ex Msoft at the top of BBC technology (0, Offtopic)

hughbar (579555) | more than 5 years ago | (#27167283)

This more childish attention seeking from the BBC. They're losing audience share even in my demographic (50ish, middle class) who used to be their cheerleaders. I noticed that the operating system word was not mentioned throughout the whole of this childish and possibly illegal prank. Perhaps that's because Eric Huggers (and lately a lot of his Msoft minions) are now at the top of BBC technology. As for Spencer Kelly of Click (which is a product placement program rather than a serious one) he's admitted publically that he doesn't know much about computers: http://news.bbc.co.uk/1/low/programmes/click_online/meet_the_team/default.stm [bbc.co.uk] It's sad to see a great institution brought so low and we still have to pay for these tossers (to use the technical word).

Deserves punishment (1)

AdmV0rl0n (98366) | more than 5 years ago | (#27167325)

The BBC has done this to highlight an issue.

The problem with this, is everyone who needs to know already know's it's an issue. Those who did not know, will still be none the wiser, and will shruug their shoulders, try to do what the BBC says - 'secure' the computer, and in a few months any instructions laid out will be stale, broken, old, or incomplete.

Lagality
To my mind, its clearly illegal. But being illegal and being punished, are two very distant worlds. For years now, entire governments, corporate entities, criminals, and everyone else has run round committing this 'crime', and it's never been dealt with. The massive waves of Malware and spyware, often being shipped by companies that exist openly are simply a symptom of a system that has failed.

I can probably count on one hand the times that in raw clear daylight, entities are tackled and dealt with criminally in this subject. Wether it be Sony installing a root-kit, or the BBC doing this, it's become an everyday crime. Your computer is not as some claim, akin to a house with no lock, its clearly your land, and stepping on it is 'tresspassing' and doing something you should not be.

Its probably far too late now, the horse has gone, but companies that breach the law to this extent should be prosecuted and made to answer for this.

My problem with the BBC is that by making this nonsense - they have once again, invited kiddies to the underground, and created a level of encouragement. After all, the kids will say, if the BBC can do it and not be criminalised, so can I.

It's really time that companies that are like the BBC, legit, and when they do things like this, that they be prosecuted to the full extent of the law. That applies to Sony and it's root kit and others. We need to get back to the basis in law that someone else's computer is not yours, and if you decide to screw with it, you face criminal charges.

Further, it would be very interesting to see what the BBC IT structure and management make of this, and wether they would be happy were it someone else hacking and using their systems and networks.

What?!? They destroyed it? (3, Insightful)

rnddev (1187731) | more than 5 years ago | (#27167367)

They are apparently oblivious to the fact that DDOSing a site also means saturating the connection of the PCs involved in the attack which could have a critical function within a business. Do they even know the way that the backdoor application works? Is it possible that it is spreading through local shares and otherwise wrecking havoc on some network by propagating through some unpatched exploit?

"Click has now destroyed its botnet, and no longer controls any hijacked machines."
This quote worries me as they don't seem to understand what they're doing. Did they click a button that said "destroy botnet"? By destroy, do they mean wipe out some critical files?

Robbing a bank.. (0)

Anonymous Coward | more than 5 years ago | (#27167423)

I'm gonna rob a bank... but I have no criminal intent. I just want everyone to see how insecure our banks really are. (and get a kick out of it)

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?