Did The BBC Break The Law By Exposing Botnets?

from the but-we-didn't-mean-any-harm dept

A TV show on the BBC is highlighting the ongoing problem of botnets — by acquiring one of its own and using other people’s computers in it to mount a DDOS attack on a security company’s web site. The BBC says it had the security company’s approval to do so, and that it didn’t have any criminal intent, making its action legal. But some people aren’t so sure, and say that intent doesn’t offer a way out under British computer law. A tech lawyer says it’s unlikely the broadcaster will face prosecution because there wasn’t any real harm done, but those whose computers were used in the attack might disagree and view the methods used to make a point about computer security as a bit extreme.

Filed Under:
Companies: bbc

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Did The BBC Break The Law By Exposing Botnets?”

Subscribe: RSS Leave a comment
R says:

Re: Re:

That’s like saying that if you really cared about keeping your home secure, you should have a complete security system with armed guards, dogs, etc.
What the BBC failed to realise is that they not only acted against the security company, they committed the digital equivalent of breaking and entering against a large no of people from various countries. If anyone actually succeeds in proving that they’re computer was part of the botnet, they will be charged under the British equivalent of the Computer Fraud and Abuse Act.

Headbhang says:

Re: Re: Re:2 Re:

No, it just means you are ignorant and reckless moron.
Just like if you don’t look around while crossing a busy road or watch your step while hiking in the mountains. You are obviously not opting in to be run over by a car or tripping over and breaking your nose. You just happen to be an idiot unfit to do those things.

Anonymous Coward says:

Re: Re: Re:2 Re:

I agree that the user has not opted in but using the same house analogy let’s say that while you are vacationing, a criminal breaks into your house. This is most definitely illegal. However the criminal then throws a party at your house and charges entry at the door. Are guests at the party criminally liable for breaking and entering?

Andy (profile) says:

Stop shooting the messenger!

Oh for heaven’s sake. What’s the point of bleating about what the BBC did wrong, when it specifically set out to demonstrate the existence and extent of the problem? This is the same as firing whistle blowers who point out failings in the company they work for. Why the obsession with shooting the messenger? The people whose computers were used for this should just be glad that they were not being used for genuinely nefarious purposes. In fact, perhaps they already are!

If the BBC are charged it will be another case of law enforcement targeting the “low-hanging fruit” because they are not competent enough to catch real criminals and that is something of which they should be deeply ashamed. A case against the BBC would only highlight the failure to catch the real criminals and they would be well-advised not to go down that road!

Dan says:

And I am sure the BBC will take the next DDOS attack on their servers as educational and shrug it off. After all the attackers didn’t really intend to trash those data bases, it was just meant to demonstrate the security hole. No criminal intent in that. WTF were those arrogant bastards thinking, they can’t even run a broadcasting network right, now they are computer security experts/white hat hackers. I think the proper nomenclature is criminal.

Paul G (profile) says:

@ PaulT

Unfortunately the reason that the BBC could compromise the users PC is because the dumb idiots ignore/don’t understand the ‘Education’.

I support friends, family and the local community. 99% of them wouldn’t have a clue about the threat. Even if they did, they wouldn’t know what to do or where to start apart from pester me.

Lastly, of all the people targeted by the BBC there is bound to be one idiot who totally misses the point and starts legal action due to being violated in some way. I do hope the BBC managed to avoid infecting any machines in the USA as that bunch would sue their Mother if they saw a $1 oportunity.

PhilSB says:

BBC BotNet

Certainly good investigative journalism. To many people have their computer and or wireless networks wide open to attack.

What many UK PC users do not understand properly, is the level of risk they have exposed themselves to. When you get caught up in one of these botnet’s they don’t just take remote control of the computer, they quite often also have additional payloads, install keyloggers, and so much more. It would be easy to fit up a person for any number of criminal acts, without them even knowing, how they downloaded pornography, terrorist info, Infiltrate their bank account and or Identity theft, Scary really.

Patching any OS, installing AV, and enabling Firewalls needs to be a mantra known to all. Anti-trust concerns are now causing more concerns than they are fixing. In particular, they bash Microsoft for putting the tools on the OS, users blame them for producing an OS, that does not protect adequately.

When a large web site I was managing, came under attack it was a worldwide selection of IP’s, it was definitely deliberate, and targetted. Any company running a large web site will have scaled, and taken countermeasures. Always have a good relationship with your ISP.

No I don’t work for Microsoft!

Anonymous Coward says:

Should be thankful the BBC was in control

What about the flip side here. Your computer is infected by a botnet and will be used for malicious activity, pick one of the following:

A) Your PC under the control of a criminal gang without your knowledge

B) Your PC under the control of a BBC journalist using their own addresses for spam and a server that has approval to reveal the issue, then tell you about it so you can fix your PC and stop the problem before another gang is in control?

I think I know which one I would pick.

rwahrens (profile) says:

bad analogy

Whether you “allow” that access or not, if you leave the fsking door open, someone will get in!

Malware is chock full of not only botnet control software, but potentially, keyloggers and other bad stuff designed to steal your stuff.

So if we use your house analogy, its like going to bed at night, leaving the front porch light on, door open, and someone comes in to use your phone for illegal activity, stage attacks on your neighbor’s property, and steal all your wife’s jewelry as well as all your electronics, before they leave.

So yes, it IS your fault, even if you didn’t give specific permission for the break-in, and the cops’ll tell you you’re an idiot after they take your report. The least you can do is turn the light off and close the door. Most people put locks on their doors and use those to deny easy access.

Same with your computer. Buy a security app and USE it. Update your operating system, so it’ll pull the patches to stay safe as the vulnerabilities are discovered. If you don’t take these elementary steps, it IS your fault if you get compromised.

PhilSB says:

The BBC would quite likely be guilty of compromising some laws if not in the UK (Target Audience), then certainly elsewhere in the world. By participating in a BotNet style Activity, by using somebody else’s bandwidth, or computing time. When I saw this item, early Saturday, the computers participating as Bots were worldwide not just UK.

The secondary issue, is malicious intent, or use. In this instance there was none. They were merely demonstrating, to increase awareness, Opting in or Out is not the issue.

To respond to some other comments, Should governments, force everyone to have a certificate of computer competance, or computer driving licence, before they are allowed use the Internet? Nanny state, Aunty BEEB, Hacker who wants to take advantage, take your pick.

Anonymous Coward says:

The house analogy doesn’t work, because there are many automated programs infecting machines out there that will scan for any opening and exploit it… without manned operation.

Not securing with a firewall and some sort of malware/virus scanner (both are available for free) is like blaming the person who taught you about rain, after you let your outdoor sugar pile melt away into slowly escaping, sweet, sweet syrup.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...