12 March 2009

The BBC botnet

A botnet is a group of infected computers, which have all been infected to accept orders from a botnet "herder". The orders might include sending massive amounts of spam, or spewing huge numbers of connection requests at target web sites to effectively knock them off the Internet for the purposes of extortion (a so-called DDoS attack). The biggest botnets are even capable of taking down an entire country's infrastructure.

The BBC, in the guise of its usually very interesting Click programme, has succeeded in renting and using a botnet of 22,000 infected computers in a demonstration of the risks of not protecting yourself adequately online. The show launched a successful DDoS attack against a site that had consented to the test, and sent thousands of spam emails to a test address. At the end of the test, it ordered the botnet to apparently change the infected computers' screensavers explaining everything and suggesting the owners updated their security measures. "If this exercise had been done with criminal intent it would be breaking the law," said the BBC.

However, the BBC has actually broken the law, it seems. The UK's Computer Misuse Act act is very clear. Section I says it's illegal to gain unauthorised access to a computer. The BBC did this to 22,00 of them. Section II makes it illegal to make unauthorised changes to a computer system. Clearly, changing 22,000 screensavers breaks this law. It's arguable whether sending commands ot the botnet is also an offence under Section II.

I await developments with interest...

Stumble Upon Toolbar