Security experts at Sophos have accused the BBC of breaking the law after they publicly admitted to having setup a botnet of 22000 hijacked computers without user consent (yesterdays news). The plan was to raise awareness about security, yet criminal intent is not necessarily required for it to be in breach of the Computer Misuse Act, claims Sophos.

Sophos notes that the legislation has been used on a number of occasions to bring British hackers and virus writers to book, as obviously anyone breaking into a computer or installing malware is in breach of the act. BBC Click was investigating cybercrime and how gangs use networks of compromised computers (known as botnets or zombies) to send spam (junk email):



The BBC clearly had credible reasons for creating the program, although it could have easily arranged to target systems where the computer owners had already given their permission for such action to take place. This may have made the sample less effective but would have been legal.

Anyway, we're off to import some slaves from a third world country, but don't worry it's only to raise awareness.. we promise to send them right back afterwards. What the BBC did appears to have been illegal, but on the plus side this level of publicity should make people think about security.