BBC are cybercriminals?

[nihil]

The British Broadcasting Corporation are now cybercriminals it would seem.

http://www.zend2.com/browse.php?u=Oi...D&b=13&f=frame

[t34b4g5]

Nihil the link you posted is giving up an error message

Hotlinking directly to proxified pages is not permitted. <a href="index.php">Return to index</a>.

[nihil]

Sorry about that, try this link:

http://www.itproportal.com/security/...00-pcs-botnet/

I forgot I was using a proxy. I am afraid that some of the security news sites I visit won't let me in these days because my IP range is a source of too much spam, malware and skiddie activity.

Not bad for British Telecom, our largest ISP

The basic story is that the BBC (on an IT programme) hired a botnet and demonstrated the threats they could pose. This raises the issue:

whether the BBC has not fallen foul to the Computer Misuse Act by interfering with the victim's computer background as well as paying criminals for the botnet.

[gothic_type]

I remember reading this story (in the Metro?) and thinking exactly that. I'm no lawyer, but I thought that the Computer Misuse act covered even unauthorised access. I would have thought that technically speaking, even having the botnet in the first place would count as unauthorised access. I didn't think that intent mattered when it came to the act.

ac

[nihil]

I would have thought that technically speaking, even having the botnet in the first place would count as unauthorised access. I didn't think that intent mattered when it came to the act.

Yes, I would say so. To acquire a "bot" by definition requires you to have obtained illegal access. Otherwise it is just an authorised remotely controlled machine; and the fact that this botnet was hired from criminals compounds the issue I guess.

Given that, having control of a botnet gained in that manner would at least make you an accessory.

[phishphreek]

I'm not so sure. Think about things such as Dateline NBC's hit To Catch a Predator. News organizations have been doing things like this for a long time. This also borders security researchers ability to post proof of concept information (PoC).

[nihil]

This also borders security researchers ability to post proof of concept information (PoC).

I would not have thought so, given that is only "information" rather than an active chunk of code?

News organizations have been doing things like this for a long time.

So they are above the law?

[gothic_type]

There's an interesting article on the register about it http://www.theregister.co.uk/2009/03/18/bbc_botnet/. I personally think it's pretty dodgy what they've done, and I suspect that if "average Joe" was to do the same a lot of people would take a different stance on the matter.

I mean, if I'm not allowed to break into other people's computers to illustrate threats or investigate their security, why is the BBC allowed to do it?

ac

[cranoo]

Who cares about the law, since when did we ever care?

manipulate code not people!

[phishphreek]

There's an interesting article on the register about it http://www.theregister.co.uk/2009/03/18/bbc_botnet/. I personally think it's pretty dodgy what they've done, and I suspect that if "average Joe" was to do the same a lot of people would take a different stance on the matter.

I mean, if I'm not allowed to break into other people's computers to illustrate threats or investigate their security, why is the BBC allowed to do it?

ac

They didn't break into any computer. They computers were already compromised. They hired the botnet services and launched attacks against dummy targets which they had control of. It's like them hiring a hitman to take out a crash test dummy. (less the murder of course) In both cases, the computers were already owned and the hitman's ethics gone by the wayside.

Maybe they could be charged with receiving of stolen property/goods? In these cases, they property would be the computers and the goods would be the electricity and internet connection used to keep the owned PCs online? Who knows, I'm not a lawyer of any sort and I know little about the law. However, just seems to me that they didn't do *that* much wrong. They are investigative journalists. That is what they do.