BBC-controlled botnet - legal or not?

This is as controversial as it gets. As part of a news media show called "Click", the British Broadcasting Corporation (BBC), ran a story about cyber security in which it controlled a botnet of at least 22,000 computers. It used the botnet to send spam (to their own account) and to perform a Distributed Denial of Service attack (DDoS) with permission of the site owner. Once done with their experiment, the BBC "warned users that their PCs are infected, and advised them on how to make their systems more secure" by modifying their desktop background.

There are several actions for which the BBC could find themselves in hot water:
  1. They may have violated the UK Computer Misuse Act by sending spam.
  2. They may have violated laws by conducting a DDoS attack.
  3. They may have violated laws by changing content on compromised machines (i.e. zombie machines part of the botnet), in this case modifying the desktop background image.
Src: BBC team exposes cyber crime risk
Src: Did BBC break the law by using a botnet to send spam? | Graham Cluley's blog

No comments: