BBC breaks botnet Act, accusers accuse

In Friday's IT Blogwatch, Richi Jennings watches Aunty Beeb be accused of illegal hacking. Not to mention another Photoshop disaster...

Siobhan Chapman reports:

The BBC has been criticised by security experts after it hacked into 22,000 PCs in a special investigation into the damage that can be done with a network of compromised computers ... BBC Click obtained a botnet compromised of 22,000 hijacked PCs from an underground forum.
...
Struan Robertson, a technology lawyer with Pinsent Masons and editor of OUT-LAW.COM, said the BBC "appears" to have broken the Computer Misuse Act.

Dancho Danchev called it, "awkward and unnecessary":

There’s a slight chance that you may have unknowingly participated in a recent experiment conducted by the BBC ... The BBC’s technology program Click ... self-spammed themselves on a Gmail account, and later on DDoS-ed a a backup site owned by security company Prevx (with prior agreement).
...
It appears that they modified the desktop wallpapers of all the infected hosts to include a link notifying them that they’ve been part of the experiment. Thanks, but no thanks.

Howard Price takes a break from raving about Gary Numan:

Security is done in that grey area between right and wrong ... the BBC decided to step out of that grey area and jump headlong into the darkness ... They engaged in exactly the same behavior as the villains they were trying to warn their viewers about. Now their defense is that they did it with the best of intensions, which I’m sure is true.
...
Was the car door open? Were the keys in the ignition? Probably. Doesn’t change the fact that the BBC got in and drove away.

And Graham "rent-a-quote" Cluley flaps his tanknibbles:

The Computer Misuse Act makes it an offence in the United Kingdom to access another person's computer, or alter data on their computer, without the owner's permission. The legislation has been used on a number of occasions to bring British hackers and virus writers to book, as obviously anyone breaking into a computer or installing malware is in breach of the act.
...
The law says you can't mess around with other people's computers without authorisation ... It is, therefore, somewhat surprising to find that the BBC appears to be have breached the law.

But Aunty tweets its "defence":

We would not put out a show like this one without having taken legal advice.
...
Six months in the making ... Spencer Kelly finds out how hackers use hijacked home PCs ... International broadcast times on BBC World News channel are at www.bbcworldnews.com/click
...
We're v happy with it and reckon it's a good watch.

John Graham sees the point:

Initially thought the BBCs actions would of clearly crossed the line, I am beginning to think that they can claim their actions were within the law.
...
When the BBC installed a new wallpaper on the people’s computers informing them that they had been compromised it clearly performed “the unauthorised modification of the contents of any computer”. However it is the requirement ... [to have] “the requisite intent” that the BBC can claim means they did not commit a crime.

tygerstripes reminds us whom we're dealing with:

[The BBC] is funded by the public and given a mandate of political neutrality and autonomy by that charter. That charter was issued by the government many years ago and has been essentially sacrosanct since then. The BBC is "owned" by the people, more so than the government is.

Contemporary History, with regards to the BBC, demonstrates that they have managed to maintain that detachment and impartiality - even to the detriment of the ruling government - on many occasions ... For god's sake, give them credit where it's due.

Your Humble Blogwatcher tweets:

True public service: @BBCClick ignites debate on desirability to notify bot victims and remote disinfection. [The Department of Public Prosecutions] would be mad to prosecute.

Casey Banner sums it up:

Now this is good journalism. Good job BBC, the masses need to know about not using IE6 to surf the Web.

And finally...

• lastminute.com: Three Thumbs Up

Previously in IT Blogwatch:

• Google Voice speaks with one...
• Email loses its cool?
• Apple netbook... or notbook?
• ...more

Buffer overflow:

• 4sysops: Why I am a fat PC
• Om Malik: Amazon EC2 Inches Closer To Corporate Customers
• Bobbie Johnson: Getting girls into computing with MIT's high-low tech
• Collaborative Thinking: Circling Around To Enterprise 2.0 Again
• James Gaskin: Symantec Speaks About Spam
• Paul Boutin: Obama's CIO faces uphill battle
• Information aesthetics: Wearing a "Sixth Sense": Interactive Visualization You Can Wear
• The Old New Thing : Engineering is about tradeoffs: How hard will you work to save 68KB of disk space?

Other Computerworld bloggers:

• SJVN: PC Vendors: Put up or shut up on the Linux desktop
• Eric Lundquist: Is free virtualization software like free puppies?
• Seth Weintraub: iPhone OS 3.0, SDK introduced to the world on March 17th
• Mark Everett Hall: Old office of Obama's CIO pick gets raided by FBI
• Robert L. Mitchell: The Quicken monopoly
• Preston Gralla: Google Voice: Press "1" to invade your privacy
• Shark Tank: Straight to the point
• Shark Bait: Memory stick, or Memory Stick?
• ...more

Like this stuff? Subscribe to the RSS feed.

Richi Jennings is an independent analyst/adviser/consultant, specializing in blogging, email, and spam. A 23 year, cross-functional IT veteran, he is also an analyst at Ferris Research. You can follow him on Twitter, pretend to be Richi's friend on Facebook, or just use boring old email: blogwatch@richi.co.uk.