The British Broadcasting Corporation (BBC) is defending its decision to purchase and experiment with a powerful botnet as a public service to expose the inner workings of the underground malware economy.
The controversial move, which has been widely criticized, included posing as a customer to buy a piece of software that gave the BBC control of thousands of infected computers around the world. The company then commanded those hijacked computers to send spam messages to test addresses, and to launch a denial-of-service attack against a Web site managed by security company Prevx.
According to Mark Perrow, executive producer of the BBC's Click program that conduct the experiment, the end-result was a "wake-up call" to computer users to "switch on that firewall and improve our security on the internet."
Perrow said the BBC sent alerts to the PCs that they were infected and "destroyed the malware for good."
Perrow's editor's note explains the rationale:
- So we felt that there was the strongest public interest in not just describing what malware can do, but actually showing it in action. A real demonstration of the power of today's botnets - to infect, disrupt and damage our digital lives - is the most powerful way to alert our audiences to the dangers that they face. It's a wake-up call to switch on that firewall and improve our security on the internet.
- We think that what we did was a first for broadcast journalism. We were amazed by the ease of use of the botnet, and the power of its disruptive capacity.
- No-one watching our programme could learn how to build a botnet or where to go to to buy one. But what is very clear is the level of threat - especially to home users who don't have the benefit of corporate-level security. (Our guide to PC protection is here.) As the hackers continue their silent running, we thought it was our job to expose the mechanics of their hidden economy.