The BBC, in the name of “public interest”, recently accuired the means to get together a botnet. The Click Online program for the BBC paid “£254 – £290” per 1,000 computers, and secured themselves an army of 21,696 PCs. They then use these PCs to send spam email to two addresses that the BBC team had set up, and even organised a DDoS attack against security firm Prev-X with their permission.
To do their part for the infected computers, and the compromised users, the BBC changed their wallpaper to let the user know that their computer had been infected, and left instructions for securing the PC. This all sounded good in the BBC office I am sure, but the legality of this has come into question.
Indeed, if one cares to have a look at the UK Computer Misuse Act, you could argue that several offences have been committed. Certainly the use of the computers to perform their attacks was unauthorised by the people who owned the computers, Google may not be too happy about the use of their mail servers as a spam trap, and as for buying the botnet in the first place. Well, purchasing illegal goods with licence payers money is not a brilliant idea. We don’t even know who these people are, or what this money has gone to fund.
I’m a little bit peeved about this. I feel that this is not helping the cause of online security, at best it is simply fueling the flames. Any of this they could have done in a lab, there was no need to spend loads of money proving it so. Anyone who has worked in IT for any length of time could tell you that. If it was my computer, I would be pretty annoyed if my licence fee has gone to using my computer to prove that PCs can get viruses.
One thought on “BBCs Botnets.”
Personally I thought this was an excellent edition of the BBC’s click.I also thought they were morally correct to educate thousands of normal people on this subject so they take more care in their own security. From what I have read botnets are becoming a real threat to the well being of the Internet. There are millions more non IT users than there are IT users and it is these people who are having their awareness raised. Let’s face it, if the BBC didn’t buy those ip addresses some other malicious user would have and the concequences could gave been alot worse. The simple fact that botnets are for sale reiterates this point. If google was my company I would happily support this education of since any reduction of spam in the futuret benefits them by increasing the profitability of their business. I also would add that how are normal computer users going to relate to the message as much by completing this in a lab? They’re not and the impact would be significantly lowerr. In summary I thank the BBC and believe they have done a good job i hope they follow it up with more preventitive tips and am happy for my licence fee to contribute to this