Did The BBC Illegally Acquire A Botnet With 22000 PCs?

BBC Click could well be in serious trouble as the popular television tech series rented a botnet and launched a calculated DDoS (Distributed Denial Of Service) against security firm Prevx.

The controversial move is part of an ongoing investigation by Click into the murky world of global cyber crime and aimed at showing how easy personal computers can be infected and controlled.

The presenter, Spencer Kelly, was able to purchase a botnet by knocking at the right virtual doors online and got hold of a 22,000-strong botnet and launched a spam campaign against two dummy email addresses.

The TV programme claims to have controlled the thousands of PCs simply through the use of a piece of software (ed: it showed to many how easy it is to acquire such technology as well).

Click then went on to submerge the website of security firm Prevx in one giant DDoS and brought the site to its knees with only 60 machines. This means that PreVX servers could only serve 60 computers simultaneously, a fraction of the 22,000 PCs.

The BBC has confirmed that almost all the computers that made up BBC's botnet of hijacked computers have been disabled and their users warned about how to make their computers more secure by displaying a BBC message in their background

But whether the BBC can defend its decision to go ahead with what, in any other cases, would have been a criminal act remains to be seen and will be an interesting episode to follow.

Indeed, Sophos' Graham Cluley justly ponders whether the BBC has not fallen foul to the Computer Misuse Act by interfering with the victim's computer background as well as paying criminals for the botnet.

You can follow ITProPortal.com on Twitter @itproportal.

Our Comments

Like in the Brand/Ross scandal that hit the BBC some months ago, someone at the Beeb must have given his or her approval to what the BBC Click did. Bearing in mind that Gary McKinnon is being extradited for very roughly the same actions, will there be a backlash against what the BBC did? More importantly, what will happen if one or more users affected chose to sue the BBC.

Related Links

BBC team exposes cyber crime risk

(BBC)

The BBC acquired a botnet, but was it legal?

(H-Online)

BBC botnet investigation turns hacks into hackers

(The Register)

BBC Click 'did break the law'

(Web user)

BBC team buys a botnet, DDoSes security company Prevx

(ZDNet)

The BBC hacked my computer

(The Inquirer)