Did The BBC Break The Law By Exposing Botnets?
from the but-we-didn't-mean-any-harm dept
A TV show on the BBC is highlighting the ongoing problem of botnets -- by acquiring one of its own and using other people's computers in it to mount a DDOS attack on a security company's web site. The BBC says it had the security company's approval to do so, and that it didn't have any criminal intent, making its action legal. But some people aren't so sure, and say that intent doesn't offer a way out under British computer law. A tech lawyer says it's unlikely the broadcaster will face prosecution because there wasn't any real harm done, but those whose computers were used in the attack might disagree and view the methods used to make a point about computer security as a bit extreme.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Re:
What the BBC failed to realise is that they not only acted against the security company, they committed the digital equivalent of breaking and entering against a large no of people from various countries. If anyone actually succeeds in proving that they're computer was part of the botnet, they will be charged under the British equivalent of the Computer Fraud and Abuse Act.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
Just like if you don't look around while crossing a busy road or watch your step while hiking in the mountains. You are obviously not opting in to be run over by a car or tripping over and breaking your nose. You just happen to be an idiot unfit to do those things.
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Stop shooting the messenger!
If the BBC are charged it will be another case of law enforcement targeting the "low-hanging fruit" because they are not competent enough to catch real criminals and that is something of which they should be deeply ashamed. A case against the BBC would only highlight the failure to catch the real criminals and they would be well-advised not to go down that road!
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
@ PaulT
I support friends, family and the local community. 99% of them wouldn't have a clue about the threat. Even if they did, they wouldn't know what to do or where to start apart from pester me.
Lastly, of all the people targeted by the BBC there is bound to be one idiot who totally misses the point and starts legal action due to being violated in some way. I do hope the BBC managed to avoid infecting any machines in the USA as that bunch would sue their Mother if they saw a $1 oportunity.
[ link to this | view in chronology ]
Re: @ PaulT
The BBC *didn't* compromise anyone's PC - they bought time on an existing BotNet. The machines had already been compromised by a third party, and would have remained so whether or not the BBC got involved.
[ link to this | view in chronology ]
Re: @ PaulT
Peet McKimmie wrote:
In other words, the BBC bought stolen goods.
[ link to this | view in chronology ]
BBC BotNet
What many UK PC users do not understand properly, is the level of risk they have exposed themselves to. When you get caught up in one of these botnet's they don't just take remote control of the computer, they quite often also have additional payloads, install keyloggers, and so much more. It would be easy to fit up a person for any number of criminal acts, without them even knowing, how they downloaded pornography, terrorist info, Infiltrate their bank account and or Identity theft, Scary really.
Patching any OS, installing AV, and enabling Firewalls needs to be a mantra known to all. Anti-trust concerns are now causing more concerns than they are fixing. In particular, they bash Microsoft for putting the tools on the OS, users blame them for producing an OS, that does not protect adequately.
When a large web site I was managing, came under attack it was a worldwide selection of IP's, it was definitely deliberate, and targetted. Any company running a large web site will have scaled, and taken countermeasures. Always have a good relationship with your ISP.
No I don't work for Microsoft!
[ link to this | view in chronology ]
Should be thankful the BBC was in control
A) Your PC under the control of a criminal gang without your knowledge
B) Your PC under the control of a BBC journalist using their own addresses for spam and a server that has approval to reveal the issue, then tell you about it so you can fix your PC and stop the problem before another gang is in control?
I think I know which one I would pick.
[ link to this | view in chronology ]
Oh Bloody Brilliant
[ link to this | view in chronology ]
bad analogy
Malware is chock full of not only botnet control software, but potentially, keyloggers and other bad stuff designed to steal your stuff.
So if we use your house analogy, its like going to bed at night, leaving the front porch light on, door open, and someone comes in to use your phone for illegal activity, stage attacks on your neighbor's property, and steal all your wife's jewelry as well as all your electronics, before they leave.
So yes, it IS your fault, even if you didn't give specific permission for the break-in, and the cops'll tell you you're an idiot after they take your report. The least you can do is turn the light off and close the door. Most people put locks on their doors and use those to deny easy access.
Same with your computer. Buy a security app and USE it. Update your operating system, so it'll pull the patches to stay safe as the vulnerabilities are discovered. If you don't take these elementary steps, it IS your fault if you get compromised.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
The secondary issue, is malicious intent, or use. In this instance there was none. They were merely demonstrating, to increase awareness, Opting in or Out is not the issue.
To respond to some other comments, Should governments, force everyone to have a certificate of computer competance, or computer driving licence, before they are allowed use the Internet? Nanny state, Aunty BEEB, Hacker who wants to take advantage, take your pick.
[ link to this | view in chronology ]
Not securing with a firewall and some sort of malware/virus scanner (both are available for free) is like blaming the person who taught you about rain, after you let your outdoor sugar pile melt away into slowly escaping, sweet, sweet syrup.
[ link to this | view in chronology ]
Oh - its ok then
However, the individual who informs someone about their bad security shall be prosecuted to the fullest extent of the law.
btw, the site subjected to the attack from the botnet might have been party to the activity but the botnet participants were not.
[ link to this | view in chronology ]
[ link to this | view in chronology ]