Home » ISPreview UK News Archives »
Sophos Accuses BBC Botnet of Breaking the Law
By: MarkJ - 13 March, 2009 (9:01 AM)

Security experts at Sophos have accused the BBC of breaking the law after they publicly admitted to having setup a botnet of 22000 hijacked computers without user consent (yesterdays news). The plan was to raise awareness about security, yet criminal intent is not necessarily required for it to be in breach of the Computer Misuse Act, claims Sophos.

Sophos notes that the legislation has been used on a number of occasions to bring British hackers and virus writers to book, as obviously anyone breaking into a computer or installing malware is in breach of the act. BBC Click was investigating cybercrime and how gangs use networks of compromised computers (known as botnets or zombies) to send spam (junk email):

Sophos said: "Sophos has been asked many times by the media to take part in TV programmes like this, and has always made clear that we believe their legality to be questionable. Moreover, to our mind, the dubious ethics of such experiments are without question.

The law says you can't mess around with other people's computers without authorisation. The BBC and PrevX did not have the permission of the computer users to send those spam mesages. Sending spam from someone else's computer obviously gobbles up bandwidth and will use up system resources. Even if the BBC felt the impact would be minimal - it doesn't make it right.

Furthermore [THE BBC] "warned" the users that their computers were part of a botnet. They did this by changing the desktop wallpaper of affected computers owned by innocent third parties to display a message from BBC Click.

The BBC clearly had credible reasons for creating the program, although it could have easily arranged to target systems where the computer owners had already given their permission for such action to take place. This may have made the sample less effective but would have been legal.

Anyway, we're off to import some slaves from a third world country, but don't worry it's only to raise awareness.. we promise to send them right back afterwards. What the BBC did appears to have been illegal, but on the plus side this level of publicity should make people think about security.

History - [News Archives]


Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved (Terms, Privacy Policy, Links (.), Website Rules).