Must Read: Mint 15: Today's best Linux desktop (Review)

Topic: Malware

BBC: Botnet purchase experiment was in 'public interest'

Summary: The British Broadcasting Corporation (BBC) is defending its decision to purchase and experiment with a powerful botnet as a public service to expose the inner workings of the underground malware economy.The controversial move, which has been widely criticized, included posing as a customer to buy a piece of software that gave the BBC control of thousands of infected computers around the world.

Ryan Naraine

By for Zero Day |

The British Broadcasting Corporation (BBC) is defending its decision to purchase and experiment with a powerful botnet as a public service to expose the inner workings of the underground malware economy.

The controversial move, which has been widely criticized, included posing as a customer to buy a piece of software that gave the BBC control of thousands of infected computers around the world.  The company then commanded those hijacked computers to send spam messages to test addresses, and to launch a denial-of-service attack against a Web site managed by security company Prevx.

[ SEE: BBC botnet buy: What were they thinking? ]

According to Mark Perrow, executive producer of the BBC's Click program that conduct the experiment, the end-result was a "wake-up call" to computer users to "switch on that firewall and improve our security on the internet."

Perrow said the BBC sent alerts to the PCs that they were infected and "destroyed the malware for good."

[ SEE: BBC team buys a botnet, DDoSes security company Prevx ]

Perrow's editor's note explains the rationale:

  • So we felt that there was the strongest public interest in not just describing what malware can do, but actually showing it in action. A real demonstration of the power of today's botnets - to infect, disrupt and damage our digital lives - is the most powerful way to alert our audiences to the dangers that they face. It's a wake-up call to switch on that firewall and improve our security on the internet.
  • We think that what we did was a first for broadcast journalism. We were amazed by the ease of use of the botnet, and the power of its disruptive capacity.
  • No-one watching our programme could learn how to build a botnet or where to go to to buy one. But what is very clear is the level of threat - especially to home users who don't have the benefit of corporate-level security. (Our guide to PC protection is here.) As the hackers continue their silent running, we thought it was our job to expose the mechanics of their hidden economy.

Topics: Malware, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

6 comments
Log in or register to join the discussion

  • These so-called security firms

    ought to be doing the same. To uncover the people behind the sale of botnets, while at the same time removing a few thousand from malicious use.

    I guess they are 'dependents' on this sort of thing. And that's why they don't rock the boat. ;)
    Custard_over_2x_Pie
    Reply Vote

  • RE: BBC: Botnet purchase experiment was in 'public interest'

    They are using "The end justifies the means" argument. I read the previous stories about the show. The reality is that they did skirt the law to show everyone the problems with botnet.

    The positive part is that they were able to demonstrate how a botnet can be used to attack a server. They also used a willing victim for the attack. They also cleaned up the botnet after they finished.

    The negative is that they used computers that were infected by real black hats. The computers were used to attack a server without the permission of the computer owners. The zombie computer owners were unwitting pawns in this show.

    I do think that BBC and Click did a good service, but they still had to buy and use a botnet to show how easy it is and also how vulnerable everything is. It is hard to say thanks for using my computer without my permission to attack a domain I don't know about.
    sboverie
    Reply Vote

    • Great theory

      Your viewpoint sounds perfectly reasonable, but if your computer has a bot already on it, isn't your computer already doing the bidding of someone else? How long are you willing to live in blissful ignorance that your computer is involved in organized crime? Frankly, I'd be curious if passing a new law might help: fine every owner of a "botted" computer $50 or $100 (amount TBD) to give users a financial interest in stopping this crap. Or fine the ISP, since they're arguably in a position to shut off Internet access. Surely we cannot allow people to ignore this indefinitely.
      bmgoodman
      Reply Vote

      • Great Theory

        Actually, not a theory but a viewpoint. The BBC and Click did not create the botnet, they bought one.

        What would help reduce botnets is to help people test their systems specifically for backdoor apps. It would be stupid to bill people for being infected if they don't know they are infected. Why pass a law that harms the victims but does nothing against the perpetrators.
        sboverie
        Reply Vote

  • Does the public interest include lawbreaking?

    Can BBC guarantee that they know everything that the botnet was/is doing?

    Do they know that it is illegal to unlawfully connect and change a person or corporation's computer without approval?

    Are they sure that no other information was not surreptitiously copied to the bot creators or other parties?

    Do they know that they may have aided criminal activity with the funds used to buy the botnet?
    3dguru
    Reply Vote

  • RE: BBC: Botnet purchase experiment was in 'public interest'

    Great!!! thanks for sharing this information to us!
    <a href="http://www.yuregininsesi.com">seslisohbet</a> <a href="http://www.yuregininsesi.com">seslichat</a>
    birumut
    Reply Vote
CNET Join | Log In | Privacy | Cookies Close