RSS Alerts

Related Stories

  • Zero Day of the Dead
    The data load that has accompanied the globalization of trade would make even Atlas stagger. And that’s without the added burden of counter-terrorisAs you read this, zombie programs are flitting across the internet like a pestilence to infect and drain the life from innocent computer systems. Yet, for all the aggravation and grief they cause, you may never know you are part of a global invasion of the system snatchers, says William Knight. Unless…
  • Search for security
    With more than 30 000 web pages being infected every day, search engine results could increasingly lead to malware infection. Kari Larsen asks what the search engines are doing to mitigate security threats, and how users can protect themselves.
  • License to hack? - Ethical hacking
    Ethical hacking seems to be a contradiction in terms, but what better way of making enterprises pay attention to their security flaws, than by acting like criminals? William Knight investigates
  • What’s in store for 2010?
    The Noughties are behind us now, but memories of a decade of data breaches will continue to haunt the infosec professional. If only there was a way of knowing what the threat landscape would look like in the months to come. Well you’re in luck as Davey Winder has dusted off the crystal ball and spoken to a broad church of infosec professionals to get some informed predictions for 2010
  • An Olympic effort to secure the Games
    Managing the security of the 2010 Olympic Games in Vancouver is no mean feat. Danny Bradbury went behind the scenes at the Olympic site to talk to the people who are tasked with ensuring the event goes smoothly

News

BBC creates a botnet of 22 000 PCs in investigation

12 March 2009

The BBC has drawn criticism for an investigation that involved its researchers creating a botnet swarm of around 22 000 infected PCs.

The BBC has drawn criticism for an investigation that involved its researchers creating a botnet swarm of around 22 000 infected PCs.

As part of a demonstration of how easy it is to create a botnet swarm, the BBC's Click technology programme researchers hijacked around 22 000 PCs on the internet and have flown in a storm of controversy as a result.

The BBC claims it has acted legally and has advised the owners of the PCs it infected as to how to cleanse their machines of the malware.

According to the BBC, it acquired the botnet program whilst interfacing with hackers on various internet chatrooms.

The broadcaster has admitted that, if it had undertaken the exercise with criminal intent it would have broken the law.

But, it claims, since the intention was to show how easy it was to create a swarm, its actions were on the right side of the legal fence.

Despite this claim, the BBC may have unwittingly broken the Computer Misuse Act, since its appears to have infected users computers - albeit with the best of intentions - and technically qualified for a two year prison sentence for the researchers involved.

Sources suggest, however, that a prosecution is unlikely in this case.

Interestingly, Click's research team says it worked with IT security vendor Prevx, allowing the bot swarm to launch a distributed denial of service attack on the vendor's backup web site.

According to Prevx, it took just 60 PCs pinging the backup site to effectively bring it to a standstill.

Ollie-Pekka Niemi on the BBC wearing a White Hat
interview by Rob Stringer

Ollie-Pekka Niemi is team leader of network security solution provider Stonesoft's virus research team, and used to belong to the global ‘Licence to Hack’ group, hired by organisations to search for vulnerabilities. Although he praises the value of ‘White Hat’ hacking, he believes that the BBC “broke the law”.

Niemi says it is not explicit if the BBC paid money for the botnet they received through underground chatrooms, but “I don’t think the criminals would give a botnet away for free”.

Also, although the BBC had permission to launch a DdoS attack on Prevx, “what they didn’t have was permission from the 22 000 computer users”.

Niemi points out that it is not clear which countries the hijacked computers were in and states that if the BBC haven’t broken the UK law, they may have broken the law in another country.

“In Finland, the unauthorised use of a computer is a crime,” he notes. “I wouldn’t be surprised if [the BBC] face prosecution.”

 

This article is featured in:
Compliance and Policy Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water