The BBC is under fire today for a stunt that it pulled a few days ago, in which it rented a Russian botnet (also sometimes called a spambot), and then sent millions of pieces of spam, and DOSed a corporate server.
For a piece for the BBC program “Click”, the BBC went to Russia to determine, they said, “just how sophisticated cybercrime has become.” For the sum of a few thousand dollars, they rented a botnet that was made up of 21,696 compromised PCs the world over.
According to the BBC, it was so easy to operate the botnet, that “anyone could do it.”
Controlling the botnet, the BBC then proceeded to send out a large run of spam – to themselves. That is, to email addresses that they had registered, at both Gmail and MSN/Hotmail.
Of course, they don’t own the servers that host those email addresses, so in the doing, they also spammed Google and Microsoft.
They then turned the botnet to another task: that of DOSing a server belonging to security firm Prevx. This was by agreement with Prevx, although most likely, again, not with the agreement of Prevx’ host and upstream providers (although of course we don’t know for sure).
The BBC’s rationale for this was that, again, they wanted to see just how sophisticated cybercrime had become, and to educate their readers (and persumably users) about the dangers of botnets.
In fact, after they were done, they left a message on each of the 21,696 compromised PCs, telling the PC owners that their machine had been part of the botnet, and then they dismantled the botnet (at least, that is what they claim – how they would have done that has not been revealed, and if they did do that, it seems that there would be several Russian criminals looking to kneecap them right now, at least).
|Get notified of new Internet Patrol articles for free!
|Or Read Internet Patrol Articles Right in Your Inbox!
as Soon as They are Published! Only $1 a Month!
Imagine being able to read full articles right in your email, or on your phone, without ever having to click through to the website unless you want to! Just $1 a month and you can cancel at any time!
The big issue that everyone has with this – about which all the news outlets are taking – is this: did the BBC break the law in doing this? Was what they did legal – or illegal.
|We know you're sick of ads on websites. But we still need to pay to keep the lights on for you. So instead of huge ads and video ads, we use smaller, plainer ads. Still, if you'd like to support the Internet Patrol but not the ads, please consider supporting us here:|
The answer to these questions is complicated, not the least of which by the fact that the BBC is a British entity, and so subject to British computer security laws such as the Computer Misuse Act (CMA), but they also intentionally commited acts in the U.S. (where Google and MSN’s servers are), and have a pronounced U.S. presence. So even if their legal advisors told them that what they were going to do was legal in Britain (as the BBC claims they were told), that would not shield them from legal issues in the U.S. – or, indeed, anywhere that their actions seriously and negatively impacted computer or other resources.
When I was interviewed about this by the Tech Herald, I explained that “First, it is of course illegal to use a botnet. This is because by its very definition, a botnet consists nearly entirely of private computers which have been illegally trespassed upon.” We discussed several other legal issues that arose from what the BBC had done, at the end of which I concluded that “the other side of that is that U.S. law also gives great protection to the press, which I’m sure the BBC would attempt to invoke if there were any legal action here. All that said – do I think that any legal action will result from this? Probably not. And, if it does, it’s anybody’s bet as to which way it would be resolved.”
So, what do you think about these issues? Brave journalism? Dunderheaded illegal stunt? Or a bit of both?
No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free? Thank you!
|Get notified of new Internet Patrol articles!