Was the BBC botnet test illegal? Does it matter?

Share

A BBC Click TV programme that showed how easy it is to operate a network of compromised PCs continues to stir up the ire of security professionals.

In the experiment, aired on Saturday 14 March, BBC Click demonstrated how easy it is to set up a spamming botnet. BBC purchased a zombie network of 22,000 compromised PCs through an internet chat room, which they then used to sent a spam attack to two virgin email accounts, set up for the programme.

After the test, they dismantled the botnet, but not before leaving altered desktops on the infected systems, alerting the users to the problem.

But the fall-out from the story has had lawyers and security experts falling over themselves to debate whether it was a step too far, or just a storm in a teacup. The story stirs up all sorts of ethical questions, and underlying them all is the accusation that the BBC broke the law.

Internet security vendor Comodo has stepped forward to applaud BBC, becoming one of the few security vendors to support the programme.

In a video message, Melih Abdulhayoglu, Comodo CEO said it was tax dollars well spent.

"Well done, BBC! I'm grateful to BBC for giving botnets the attention they deserve, for trying to educating the masses about what these things and what they are capable of."

Web and email security provider Marshal8e6 also supported the BBC experiment. Nick Hawkins, VP of sales EMEA, Marshal8e6 said BBC should be applauded "for its interesting and informative piece which hopefully will assist in raising the public's awareness" to ensure that their web and email filtering technology is up to date.

Next page: Lawyers weigh in on debate