There are several actions for which the BBC could find themselves in hot water:
- They may have violated the UK Computer Misuse Act by sending spam.
- They may have violated laws by conducting a DDoS attack.
- They may have violated laws by changing content on compromised machines (i.e. zombie machines part of the botnet), in this case modifying the desktop background image.
Src: Did BBC break the law by using a botnet to send spam? | Graham Cluley's blog