BBC, Botnet, Ethical, Legal?

New story seems to be everywhere at the moment. It appears that the BBC has ‘investigated’ the impact of botnets by hiring a 22,000 strong herd and ‘testing’ on there systems, but still utilising 22,000 compromised, private machines. Original BBC article is here.

There have been many sites (The Register and The Guardian) have asked the question as to whether this is legal. The BBC article claims that:
‘If this exercise had been done with criminal intent it would be breaking the law.’

Although several places have pointed out that criminal intent is not required for a criminal act (IANAL so please don’t quote me on that).

The ‘ethical’ botnet/virus/trojan/etc. has been debated for many years (discussed in Aggressive Network Self-Defense and debated by the Tipping Point team during their analysis of Kraken). Personally I think it speaks volumes that the technical experts stop short the actions taken by the BBC, but the journalists blow through without compunction.

Will be interesting to see how this plays out.
Andrew Waite

Join the conversation

1 Comment

  1. Research from "Ryan Naraine, Dancho Danchev & Adam O'Donnell" details the actual vendors and malware hired by the BBC during this incident (http://blogs.zdnet.com/security/?p=3045)

    Co-incidently if anyone saw Click's 'response' to the negative coverage it received of this I'm sure you enjoyed yourself, if nothing else at least it was funny (unfortunately….)

Leave a comment

Your email address will not be published. Required fields are marked *