back to article BBC botnet 'public interest' defence rubbished by top IT lawyer

The BBC's argument that "public interest" justified its purchase and use of a botnet in a controversial experiment is little better than vigilantism, according to a top IT lawyer. BBC Click bought a botnet of 22,000 compromised machines in order to send spam to webmail addresses it set up, and to launch a denial of service …

COMMENTS

This topic is closed for new posts.
  1. Tim Spence
    Thumb Down

    Daily BBC Botnet Update

    Do we really need a daily BBC botnet update, with another top law expert or further quotes from different security firms pouring scorn on the Beeb?

    Okay, we get it - the consensus is they done wrong. However, do we - the public - really give a fuck anymore?

  2. Anonymous Coward
    Anonymous Coward

    In other words....

    ... the vendors that didn't get the free publicity of being on the program disagree with the methods used so they can get free publicity disagreeing with it.

  3. Anonymous Coward
    Flame

    Can of worms

    I think the whole thing was badly done, publicizing that it was easy to obtain, the cost of obtaining bots and the ease of use.. they may have just been a marketing company for these guys.

    I also dislike the usage of "Russian" hackers, come on seriously I've seen teenagers amass 50K+ botnets with access to botnets that ran in the 100K+ back in 2003. The only difference was that they were not organized crime and they certainly were not russian. These teenagers being from the USA and the UK not russia.

    The other issue was posting up a background from the BBC on the peoples computers. Now that's just going to give scammers ideas on how to exploit that by including links to free anti-virus and anti-malware programs that are actually malware programs in sheeps clothes.

    As I said Can of Worms.

  4. Anonymous Coward
    Thumb Up

    Gapping hole in the law.

    If you can target computers in foreign countries where the users are unlikely to complain to the correct authorities.

    But then we knew about that already, and in some countries hacking foreign computer systems is almost encouraged.

    Good on the BEEB for educating the unwashed masses, again.

  5. Anonymous Coward
    Anonymous Coward

    Shock horror!

    Lawyer claims damages might have been done; may require court case.

    Jesus, why don't these parasites just piss off and leave us all alone?

  6. Martijn Bakker
    Paris Hilton

    Victim complaint

    Victims making a complaint..

    Because their desktop wallpapers were changed, when they could have had their banking details and on-line identities stolen.

    I have no doubt it will be a busy day at the computer crimes unit tomorrow.

    .. Paris, because her tears are sincere.

  7. Anonymous Coward
    Paris Hilton

    TV Licence

    I feel quite angry that some of my TV Licence money has been given to Russian hackers for this stupid stunt.

  8. MnM
    Thumb Down

    No interest

    BBC Click used to be, iirc, leveraged by the crack DSGi staff training department and inflicted upon budding sell-bots to re-program them into repeating 'would you like a memory card with that?' at regular intervals.

    The only other use this program has is to fill time between rolling news. Even then, it's somehow less informative than a repeat of news viewed only half an hour earlier.

    It's the IT equivalent of Delia demonstrating how to boil an egg.

    Lock 'em up.

  9. Sajjad Syed
    Go

    I am totally fine with what the BBC did.

    Without such a demonstration I doubt a lot of its viewers are even aware of what their computer can unwittingly be a part of. Legality be damned.

  10. Robert Moore
    Gates Horns

    Well done.

    I saw this report. I felt it showed the dangers on these botnets far more effectively than any lab demonstration could have. They also provided a service to the people who's computers were compromised by letting them know about what had been done to them in a way that is very hard to ignore.

    I say again, Well done.

    If you disagree with me then you are obviously insane.

  11. Henry Wertz Gold badge

    I'm with the 1/3rd...

    From the article, "A third said that although the exercise might be legally questionable it 'helps raise awareness'"

    I agree with that.

    These people running unpatched Windows systems are already pwned anyway if there cycles and bandwidth are for sale. Might as well do something useful for the BBC rather than send v!4gr4 spam or DDOS some guy.. and it definitely should raise awareness, for those who are somehow unaware that an unpatched Windows box can get pwned almost immediately. But, that said, there's no question it was illegal. Should they get prosecuted? No, that's why there are judges instead of some kind of automated crime computers*.

    *If there WERE automated crime computers, they'd be pwned anyway, so the BBC could of course just pay a few more quid and have the botmasters let them off the hook.

  12. JW Otherworld
    Thumb Up

    Well done BBC!

    Quote from article:

    Tampering with people's PCs to illustrate the botnet risk is unethical in much the same way that breaking into homes to dramatise the risks of burglary is also a non-starter.

    end quote

    Not the same thing, your analogy is flawed. It's like saying "Jump off the cliff, the wind rushing past feels so good", obviously also a flawed thought. You need to be carefull what you say when manipulating the masses. The PCs were already broken into, the BBC was simply showing those affected that they needed to "clean up" their systems. I say Hurrah to their actions, it's about time someone did something practical like this

  13. Pete Randall
    Coat

    "powerful public interest"

    Guy Fawkes used similar arguments, didn't he? Maybe now there's scope for some "change" in parliament....

    Mines the one with suspicious wires dangling from pockets

  14. Paul
    Unhappy

    oh auntie

    Let me get this straight - auntie beeb gives licence-fee payers' cash to dodgy E European crooks, and we're supposed to be grateful? Never mind the IT angle, aren't we always being told by the government that patronising criminals - DVDs, drugs - goes to fund their other nefarious activities? Why is this any different? Never mind Ross/Brand, when it comes to grown-up scandals like the Gaza appeal and this, I wonder who the heck the beeb think they are.

  15. Anonymous Coward
    Pirate

    BBC Funding

    So, the BBC think it is ok to fund organised crime with our licence fees?

    Nobody goes around murdering people to demonstrate how easy or how big a problem murder is, nobody deliberately gets drunk then drives a Chelsea Tractor at 50mph past a school at home time, nobody physically assaults a teenage girl to demonstrate rape!

    And how can the BBC justify handing over hard cash, money we have paid to Auntie in good faith, to known criminals in the name of journalism?

    Maybe the Beeb are looking to start some form of new reality TV series called 'Big Crime'!

    I've been a fan of 'Click' for some time now, but this has changed my views on Click and the BBC.

    Where are their Ethics and Morals?

    I guess they will want to increase the licence fee now to pay for their drug and alcohol habits!

  16. Pierre

    Pah. More FUD

    "the same issues could have been illustrated in the lab, without interfering with the PCs of innocent victims or sending spam."

    Yeah, they "interfered" with innocent victims by telling them they were pwnd and advising them to clean their PC. And they spammed their own e-mail addresses. Clearly, these dangerous criminals need to be punished.

    "The public interest argument is no defence to the Computer Misuse Act."

    Oh, that's most white hats behind the bars then I believe?

    The BBC stuff is probably a bit of sensationalist crap, but doesn't the CPS have more serious matters to examine? Like, illegal wiretaping by BT and Phorm? Or ruining the life of anyone foolish enough to draw a pic of a pic of a pic of a kid witnessing a sexual act, for that matter?

  17. Bod

    according to a top IT lawyer

    Yeah, and I can see many top IT lawyers are lining up to take on any potential case against the BBC, and I doubt they're doing it out of any sense of moral justice ;)

    Whilst yeah it's technically a bit naughty, really it's a fuss about nothing that helps the media and lawyers make money from the story.

    Who loses from any potential case? The taxpayer. Whether they win or lose, as it will be Police/State vs the BBC. Both tax payer funded.

    Just drop it and move on. The best thing about this is hopefully the more clueless PC owners in the UK (the majority) will have seen this and realised just what is possible. Hopefully taking action to make their PCs more secure and maybe will understand a bit more about where spam comes from and learn to ignore it.

  18. james hedley
    Thumb Down

    Stupid analogy (similie?)

    "Tampering with people's PCs to illustrate the botnet risk is unethical in much the same way that breaking into homes to dramatise the risks of burglary is also a non-starter."

    No it isn't!!! Lazy false analogies like this drive me up the flipping wall!

    Clearly, everyone already knows that it's possible that a person could break into your house and steal your TV.

    Not everyone is aware that someone can hijack your computer and use it in a money-making racket.

    There. Think about it next, ok? Thanks!

  19. Anonymous Coward
    Thumb Down

    Victim Complaint

    Paying criminals to commit crime encourages criminals to commit crime.

    We are all, therefore, victims of the BBC's criminal action.

    How about I wipe my arse with the TV licence reminder form and post iton YouTube

    and claim that's in the public interest?

    I at least could argue that I was trying to keep money *out* of

    the hands of criminals.

    Come to think of it, pass that tax return too..

  20. Steve Kay

    Waste of time

    Beyond there being evidence (which in this case, there is), the DPP requires a prosecution to be "in the public interest". Prosecuting the BBC will not be in the public interest. What will it achieve? It'll be a waste of tax-payers' money. I'd resent the CPS taking this one on. The BBC aren't perfect, by any means, but this one would be silly.

  21. Anonymous Coward
    Thumb Up

    Good on the Beeb

    I agree they broke the law.

    I do think the "public interest" defence is strong enough.

    I do think the "to prevent a greater crime" defence is more than enough.

    MS should hang their head in shame for making a shoddy OS that is so easy to subvert and hack into.

    ISPs should have their heads in shame for not identifying and kicking these zombies off their networks.

    The end-users caught up in this should get a clue and either learn a few security basics or install Linux (although they'll still need some security basics there too).

  22. Anonymous Coward
    Coat

    Well done BBC

    You've taken a chunk of my license-fee, and given it to criminal gangsters in Russia/Ukraine, in an attemp to be 'sensational'. Sure, people need educating about security issues, but a lab demonstration would have done the job.

    Like AC-'Can of worms' says, this was probably the best marketing the hackers could hope for. I knew the idea behind it before, but now i know just how easy it is to aquire and run a botnet, and have a rough idea of how much it should cost. Cheers for the advice.

    A good idea, very badly implemented.

    The one with the botmaster's number in the pocket.

  23. Anonymous Coward
    Paris Hilton

    Well done BBC

    About time this happened and I hope they show a documentary and how easy it is to do this. The AV vendors are talking bollocks. Its well known this can be done in a lab, but then what? Post the results on their own websites?

    I think most Mr&Mrs public dont visit AV site nor visit the reg, but they do use the internet and I am sure this is going to pop up on most isp home pages.

    The public need to be better informed and it is a part of the BBC's job to provide educational content. In this day and age there needs to be a lot more on TV about computer security. How about bringing the issue up in the countless soaps?

    I have no idea why peggy in eastenders has not had her bank details stolen yet!

    Paris because even she knows how to private content... oh wait...

  24. Conrad Longmore
    Flame

    Crisis? What crisis?

    What is amusing is that the BBC had barely acknowledged the criticism levelled against it. Usually they're quite happy to talk about people having a go at the BBC.. as long as the people making the complaints are the usual gobshite nutjobs. As soon as valid, well-reasoned criticism raises its head, the BBC just ignore it.

    You know, thinking about how you could do this differently and legally, it would be trivially easy to get your OWN machines infected and attached to a botnet, and then break in to them. I get dozens of spams every day that will do just that.

  25. Anonymous Coward
    Pirate

    Are they seriously....

    ...trying to excuse breaking the Law with a defence based on "we defined it as being in the public interest".

    Ok, who sets the definition of "public interest"? Oh, wait, that's usually the Meedja init?

    So basically, if I read their defence correctly, it's "we did it because we felt like it". Is it me or does anyone else think they've been taking lessons from BT and Phorm?

    Either we have Laws and we're all held accountable, or we collectively say "bollocks to it" and go off and do our own thing "becasue it's in the public interest". I'm sure there's a lot of people out there who feel that offing the entire contents of the Parliament would be deeply in the public interest. It's still bloody well called terrorism, it's still bloody well illegal and anyone trying it would rightly still be strung up by their left testicle.

    If the Law is mutable on grounds of "public interest" then what the hell use is it?

    Pirates... for obvious reasons.

  26. the spectacularly refined chap Silver badge

    Didn't buy premium machines

    The programme itself made clear that they did not pay a premium for machines not in the UK. Quite the opposite in fact: they bought machines at a _discount_ because they were all based in developing countries and as such less likely to have access to valuable financial details. I admit I was uneasy watching this programme: buying a botnet in this manner simply provides further financial incentive to create more botnets. However, buying cheap machines in this manner at least mitigates that effect.

  27. tom

    i think what the BBC did was good

    that the BBC did was make aware to all the program viewer what can be done very easily. furthermore they also mad this fact aware to a another load of people. don't forget if the BBC had not bought it someone else would have, and there motives would not have been educational!!!!!!!!!!!!!!!!!!

  28. Justin Case
    Flame

    Woot?

    Met refuse to act unless someone affected complains?

    A criminal offence has taken place - they should investigate it. Pure and simple.

    And then have the BBC shut down forthwith. Castration for male staff, nail pulling for the females, burning at stake for the rest. lefty pinko commy bastards...

  29. Mark Hamilton

    BBC Click breaching CMA? I don't think so.

    I have to disagree with the lawyers that the program makers could be prosecuted under the Computer Misuse Act 1990. That Act was introduced as a Private Member's Bill as a direct result of the Dr Popp "AIDS Disk Trojan" incident in late 1989 (I am, in fact, the journalist who broke that story in the final edition of PC Business World of that year). Had the Act contained the provisions that were in the draft Bill I saw early in the New Year of 1990 but which was omitted in order to get non-controversial legislation passed, then the lawyers might have a point.

    The computers in the botnet used by the BBC were already compromised and were being controlled by their eastern European masters and none of them were in the UK (or the US). BBC Click instructed the botnet to send spam email and then mount a Denial of Service attack that had been pre-arranged and agreed in advance with a security company. Finally the botnet was instructed to replace the Windows Wallpaper with instructions to the machine's owner/user on how to avoid being infected and the trojan programs ordered to self-destruct. Sending spam is not (yet) a criminal offence and mounting the DOS attack was authorised by the site affected. It is only the final two parts of the demonstration that are arguably illegal - changing the wallpaper and getting the trojan to delete itself being an unauthorised modifications. However the BBC can argue that those two acts were a force for good and they acted in the best interest of the user.

  30. Justin Case

    ...forgot...

    Gary McKinnon anyone?

  31. Buzzby
    Alert

    Some one had to do it

    The legality is debateable but some one had to do it!

    I hope this will be broadcasted on the beeb so it will be brought to the attention of a wider swathe of people other than those who peruse el reg and other online news forums.

  32. Alastair

    Idiots

    "Tampering with people's PCs to illustrate the botnet risk is unethical in much the same way that breaking into homes to dramatise the risks of burglary is also a non-starter."

    No, it's like going to someone's house that's already broken into and putting a massive sign in the middle of the living room that says "YOUR KITCHEN WINDOW DOESN'T LOCK PROPERLY. YOU SHOULD FIX IT". There's a quite substantial difference.

  33. Anonymous Coward
    Anonymous Coward

    title

    stop saying well done bbc. please.

    they are a bunch of rich bastard fucktards who do / show what they please and (now) fund criminals.

    they are funded by our tv licence money. how does that make you feel?

    /me cancels tv licence.......

  34. Apocalypse Later

    Public interest defence

    Try that as a cop out for not paying your TV licence fee. "I withheld it from the Beeb because they are linked to Russian computer crime nets."

    In recent times, often (with some variation over time) the most common reason for women to be in prison is for not paying for the TV licence (or rather, not paying the 1000 pound fine levied for not having a TV licence). It is usually the women as the men are not at home when the enforcers come. But when the BBC breaks the law themselves, the cops can't be arsed to do anything.

  35. Anonymous Coward
    Go

    Go BBC

    I'm glad the BBC exposed the ease with which botnet's can be used for illegal purposes. The "top" IT lawyer seems more interested in earning a fee than actually contributing to protect the public interest. I think it's important we don't shoot the messenger or others will be less likely to come forward in the future.

  36. Jason Bloomberg Silver badge
    Flame

    FFS

    "The public interest argument is no defence to the Computer Misuse Act"

    That would of course have to be tested in court.

    "Breaking the law in the public interest is an argument that vigilantes will use"

    An interesting turn of emotive phrase there. Totally irrelevant if it is in the public interest and somewhat suggesting vigilantism is always bad.

    "Some Reg readers have reported their concerns about the programme to the Met's Computer Crime Unit"

    Did they also report their concerns about all those bloody botnets ? Or were they more interested in bashing the BBC ?

    Do they also report themselves to the police when they break the speed limit or when a little more lax than they should be in claiming expenses and filing tax returns ?

  37. James Pickett

    Advice

    "it had cleared the exercise with its lawyers"

    Just like Phorm did, not to mention Tony Blair before the Iraq War, all of which doubtless involved a bit of arm-twisting of the lawyers concerned.

    In any case, why was it necessary to duplicate a set of circumstances that is everywhere already? I thought the Beeb was supposed to be hard up!

  38. Efros

    Bad idea, badly executed

    Mind you in Russia a bad idea could get you badly executed!

    Efros

  39. Cameron Colley

    I've probably missed the boat but I have a more fitting analogy.

    This is nothing like breaking into homes, this is more like the beeb payed to sleep with some "trafficed sex workers" then let them go. The beeb did no harm and they raised awareness.

    That said, it was still illegal and people have lost their livelyhood for less.

  40. raving angry loony

    job's a good 'un

    BBC is there to educate and raise awareness of issues affecting people in the UK, under the guise of "news" and "educational programming".

    Botnets affect people in the UK.

    BBC has raised awareness of botnets.

    Job done.

    As for the whingers and whiners, if they got their thumbs out of their arse and actually DID something positive rather than whinging and whining I'd be a bit more impressed. Instead they sit around flinging shit at each other and at anyone who dares interfere with their bandaid solutions to serious problems.

    Now if only they'd put the blame where it really lies, which is Microsoft and their shills, and their shit-for-brains designers who made an operating system that has, effectively, zero security.

  41. Nat

    The Real Hustle

    "Tampering with people's PCs to illustrate the botnet risk is unethical in much the same way that breaking into homes to dramatise the risks of burglary is also a non-starter."

    As I recall, the BBC Three programme 'The Real Hustle' had their tame grifters hook people's house keys through their letterbox, use these to unlock the front door then put them back with a note warning the homeowner of what they'd done. Assuming this wasn't faked, it would seem the has a habit of committing crimes in the public interest...

  42. Anonymous Coward
    Anonymous Coward

    @TV Licence

    I feel annoyed that the BBC pay license money to provide Dross, fail to provide decent investigative programs,have a brain dead news service (new game, how many ER's can we get per minute?), provide cheapo stupid programs, filmed with COD's (Cameraman on Drugs, where the camera work is appalling, move around like some demented prat on crack, and makes me feel sick)

    So its no surprise they did the bot test, good, maybe the GBP will realise what a crock their software is.

    Now let me guess, how many infected computes were not CRAPOS?

    Anyone got the figures?

  43. L1feless
    Paris Hilton

    22,000 PC's in a Lab Environment...Please!

    A few points here to think on:

    - They didn't break into these systems themselves

    - They notified the owners of the vulnerability

    - They also proved that a remote attack with no knowledge from the end user is possible

    The lab test which many posts above me have toted really wont drive the point home. People view lab tests as over the top 'Worst case scenarios'. This approach, all be it a little extreme, really drives the point home that this could be you.

    I've been trying to come up with an analogy for this and so far this is the best I have. This is the equivalent to the BBC going into a pawn shop and knowingly buying stolen jewelry. Then after buying the jewelry returning it to the rightful owner stating that they wore it first.

    I would love to hear several of the Bot's oblivious owners and how they personally felt.

    Paris because even she can understand the report the BBC did.

  44. Anonymous Coward
    Gates Horns

    why other peoples boxes?

    why cant they just build their own botnet. in a lab using their own bandwith and own computers.

    but no!

    lets go round with infected home users.

  45. Anonymous Coward
    Anonymous Coward

    Oh well...

    ...just goes to show what useless twonks the BBC really are. Publicising the DEC gaza appeal to help countless innocent people falls outside their charter, but it would appear handing over cash (OUR cash) to some cybercrooks to get access to the comprised computers of others (probably a good proportion of which were license payers) falls within it.

    Perhaps it's just a big ruse - their real aim is to find those using iplayer without a license fee!!

  46. John Smith Gold badge
    Boffin

    A small technical question

    "An apology is more likely to make the problem go away"

    Who exactly should the BBC apologise to?

  47. Anonymous Coward
    Anonymous Coward

    Used my licence fee to fund criminals… blah blah blah

    Oh come on, botnets are a huge problem for the internet. And, if the beeb had not purchased those bots, then some more unscrupulous sod would have. Not purchasing them would not have prevented the criminals from selling them.

    I’m fine with people who want to complain that their licence fee is being misused, in fact I agree. But I think that the whole Click thing is small potatoes when compared giving Jonathon Ross £6,000,000 a year, or Chris Moyals £650,000. I don’t think that the level of their “talent” warrants such sums. Nor do I think that the faceless BBC execs need to be paid so much. They said that is was something like £450 per 1000 compromised PC’s in the UK/USA. So what if they spend a grand or two getting the bots? That sum would only keep an exec in cocaine for a couple of days anyway.

    If the program made 1% of viewers sit up and realise that they should change their surfing habits, then that was money well spent.

    You may as well press charges against investigation journalists who illustrate that they can buy a gun or purchase crack.

  48. Rolf Howarth

    Give it a rest

    Come on, how many times have you run this same story now?

    First, it seems pretty clear that there is a VERY strong public interest in this story, irrespective of whether or not there's an explicit public interest immunity clause in the law. It's blatantly obvious no prosecution would or could ever be brought. First, the Director of Public Prosecutions can decide to block ANY case if he decides it's not in the public interest to proceed. And secondly, no jury in the land would convict the BBC for this.

    Complaining about the BBC giving money to the Russian Mafia, all of the $800 or whatever it was? How is that different from undercover reporters exposing credit card or identity card scams by paying fraudsters for false documents, from exposing corrupt officials in the police or tax office who will take money to look up someone's details, from paying someone to smuggle their reporter in so they can report from Zimbabwe or Sudan, or any one of countless other examples where they might be giving money to criminals but you probably appreciate the results. Come to that, how is it different from the police paying an informant to prevent a bigger crime?

    I'm sure the journalists at the BBC (and elsewhere) have very strong guidelines on not doing anything to encourage people to break the law who wouldn't otherwise have done so, but clearly there are plenty of situations where paying a small amount to a petty criminal to expose a much bigger issue may be justified.

  49. Simon Williams
    Thumb Down

    @James Hedley

    No it's not a lazy analogy -- you're again confusing reason and method. The fact that 'everyone knows' your home could be broken into is completely irrelevant. Like so many other comments, bringing botnets to the attention of the public is the *reason* for the Click project. It's the method that's being criticised.

    Once again, there are plenty of ways to highlight the problem which don't involve paying money to Russian cybercrooks or making use of victim's PCs without their permission. The analogy of coming into your home -- even if it isn't secure -- and say, watching a couple of DVDs on your home cinema, before leaving you a note suggesting you fit better locks, is a very good one. It's still tresspass at the very least. In Click's case its most likely infringing the CMA.

  50. Anonymous Coward
    Thumb Up

    Most polls show BBC did a good thing!

    Interesting that only polls run by security experts who are concerned the BBC did their job better then they themselves are doing are finding the majority of people against this.

    Informal polls I've done among college graduated IT tech people say the majority of people think what the BBC did was good and right and even if illegal only shows that the laws are poorly written.

  51. brainwrong

    They broke into people's homes already

    "Tampering with people's PCs to illustrate the botnet risk is unethical in much the same way that breaking into homes to dramatise the risks of burglary is also a non-starter."

    They done that already, admittedly with the owners permission.

    "To catch a thief", 2 reformed crims demonstrated on someone's house which was rigged with camera's. Owner was watching from TV van and could call a stop at any time.

    http://www.liontv.co.uk/_london/productions/factual/to_catch.html

    http://www.guardian.co.uk/media/2002/aug/20/broadcasting.bbc2

  52. Anonymous Coward
    Black Helicopters

    What surprises me

    is that the police will not investigate a report of the commission of a criminal offence by a British-registered company because no victim has come forward. It's not a civil matter, it is not a minor issue. The BBC have been alledged to have committed hundreds if not thousands of individual criminal offences and all plod can say is "no victims", and it appears the perpetrators happily admit they committed the offences.

    The Chairman of the BBC and the Chief Constable must have been at Eton together...

  53. James

    Paying for crimes to be committed

    Hey, how about a sequel where they put out a hit on somebody, to show how easy that is? After all, if botnets are big enough news to merit "public interest" of this sort, surely murder is big enough too?

    As with McKinnon, I'd like to see the BBC perpetrators extradited to the countries whose computers were broken into to face trial. Of course, it could turn out one of the PCs was a Russian government one, and the BBC canteen tea urn will suddenly gain a pellet or two of polonium...

  54. Alan Barnard
    Coat

    Has anyone considered...

    ...that the BBC may have produced this programme without breaking any laws at all. The BBC paid money to criminals (all of which goes to fund terrorism, people trafficking, and dvd piracy) then proceeds to access other peoples' computers (in other countries like that arch criminal Gary McKinnon) for its own use (even if they did not inhale) - right? Perhaps wrong! Why would the BBC put itself in danger of criminal prosecution, extradition even, when all it needed to do was lie. Perhaps the whole programme was faked.

  55. Dale Morgan

    What about Gary?

    He's commited exactly the same crime as the BBC, if he found evidence of UFO's the information would of been in the publics interest so when is the government going to give him some support?

  56. Anonymous Coward
    Anonymous Coward

    At the very least I'd sack the lot of 'em!

    I may be wrong but it doesn't seem likely to me that the types who need a wake up call about computer crime will be the ones who watch 'Click'.

    And as for the police not taking action until a victim reports it, perhaps a license fee payer would care to? Giving it to criminals is aiding and abetting.

  57. MYOFB

    Addendum!!

    Go back and watch the Click Prog again between . . . 00:58 & 01:04 and count how many UK / US computers!!

    And when you've done that, go to 06:35 and watch carefully!!

    If you're still fucked off then . . . go ahead and withold your share of : "The license fee that you paid and they spent"

    22000 bots times £30 (per 1000) divided by 24,000,000 equals £0.000275 which you can put towards your next bill for your subscription to Sky TV!!

    Oops . . . Too presumptious I guess!

  58. Anonymous Coward
    Anonymous Coward

    No complaint from victim? No prosecution?

    Every so often an unidentifiable corpse turns up. Dead men don't talk. but the Police still investgate a crime.

    Maybe the BBC shouldn't be prosecuted, but I'd rather see that decision based on a statement taken under caution than based on claims made in a TV show. Let's have the Police looking as if they're awake.

  59. Anonymous Coward
    Happy

    Lawyer - schmoy-yer?

    The legal begal is probably getting paid by the Ruskies anyway yes?

    It is for crown court judges (not lawyers) to decide whether the spirit of a law has been allegedly breached or not.

    But it does raise an important question:

    If an organisation asks you if you are willing to make a purchase where there exists a good chance that the (say downloaded software) products were obtained and made available illegally (some doubt exists that the purchase and only the purchase can prove one way or other) is it breaking the law when knowledge or doubt exists?

    Or does ignorance not count as an excuse?

    Investigative journalism?

    Bad law?

    Bad phrasing in a law with utmost good intent that compromises the spirit of the law?

    Eager lawyer out to make quite a bit of additional dosh always assuming that the Ruskies have not got there first?

    I think the law lords can rule too (additional heavy income for the lords and legal 'experts' in these *anking sector credit folly induced times)?

    Maybe the briefs pal will make a formal complaint thus ensuring several million of tax payers spondooliz end up in the -ahem- legal sector?

    Should the Beeb end up in the dock maybe el reg could give helpful instructions for people wishing to take the matter to parliament?

    No answers?

  60. Anonymous Coward
    Anonymous Coward

    Presuming 'logic'?

    So you're one of these ones who watch Click but had no idea about the ease and the scale of it? Well, that's one twat clued in then! That makes giving criminals thousands of dollars ethical!

  61. Anonymous Coward
    Thumb Up

    FOR the BBC

    AGAINST bleedin' heart lawyer scum

  62. Anonymous Coward
    Anonymous Coward

    So who benefits from this?

    "Given that BBC Click carefully chose machines outside the UK"

    Dear Daily Mailorgraph,

    It appears those foreign-loving subversives at the BBC are up to it again, using British licence payer's money to warn Johnny Foreigner that his machine has been attacked whilst leaving the PEOPLE WHO PAY THEIR WAGES UNWARNED!

    THIS IS TYPICAL OF THE BEHAVIOU... WHAT? Yes, sorry nurse, I'll come for my treatment now...

  63. Anonymous Coward
    Anonymous Coward

    Can we all get over ourselves please

    Dear Security Colleagues, can we please just get over ourselves. Aunty Beeb did us all a favour in loads of different ways by highlighting to Joe Public the risks of bot nets. Millions of the people they educated didn't even know what they were until they saw the show. This had several effects:

    1. It has shown many the size of the risk

    2. It has educated some on how to avoid it

    3. It has ensured that we all have jobs for a little longer because we are the frontline fighting this evil menace.

    So pipe down and applaud Aunty Beeb for her sterling work in keeping us all in business during a difficult year. The only people who should be whining are the bot herders.

    And to those that say you don't commit murder to prove it can be done, that is obviously true, but they do frequently go and score crack to show how easy it is. And loads of you lot are more than happy to break into someone's network to "expose the vulnerabilities" (though I don't agree with that personally).

    You are all just kicking off because you're a bunch of militants and you think you can.

  64. Anonymous Coward
    Anonymous Coward

    @all the people who approve

    Dear Sir/Madam

    I am a representative of the BBC television programme 'Click'. You may have recently seen our investigative piece on the dangers of internet 'botnets'. I am writing to inform you that as part of our investigations we have discovered your PC is infected and is part of an international criminal gangs botnet. We urge you to follow the link below and install our recommended software to clean up your PC and protect you from further infections.

    For further information on the show, and our recent botnet expose please visit http://news.bbc.co.uk/1/hi/programmes/click_online/default.stm

    To clean up your PC now please visit www.dodgysite.com/bbc/viral-payload

    See the problem now you idiots? Instead of making things better they have just opened up a can of worms that in all likelihood will make the problem far worse. Almost all infections require the user to do something, and all those non-savvy people who are infected in the first place are likely to be the kind of people who click on the links they get sent in email, without knowing if it is safe or not.

  65. bob

    its been said before

    "..unethical in much the same way that breaking into homes to dramatise the risks of burglary is also a non-starter"

    No its not. What lazy journalism. (As some have commented above.)

    No one has complained. No harm was done to anyone. All that happened is a few thousand people who thought their computers were secure now realised they weren't. Hopefully most will be doing something about that now.

    And "how dare they spend my license fee on funding russian hackers..." Should the BBC run every decision past every license payer? Its a fact that most people in this country who own a computer are unaware how vulnerable it is. The beeb spent a few thousand pounds opening millions of people's eyes - money well spent.

  66. Frumious Bandersnatch

    false and not-so false analogies

    http://www.theonion.com/content/video/reporters_expose_airport_security

    Granted, it's more like the Beeb bought access codes for the bomb already on board, but otherwise I think the analogy is apt. Bad Auntie!

  67. Anonymous Coward
    Anonymous Coward

    What if this was done by a regular security researcher?

    What if this was done by a regular security researcher? Maybe, Adrian Lamo. What about someone with less skills, like the Palin hacker? Joe Blow who whants to do a presentation at Defcon?

    BBC's logic has given every wanna be hacker license to do anything possible to try to "enlighten" potential victims. Including crash their boxes.... just make sure it's overseas. Why cross international lines if it's legal for them to do this? (Did they at least put the text of the background in multiple languages?) There is not much difference between being part of a bot net and running Windows. Is it ok for the next guy with a 0day worm to take it upon themselves to change every users desktop background to let them know he found out their PC could be used for EVIL?

    I think they should have had law enforcement with them when they did this. The banks could have revoked the payment. Russian law enforcement could have been on the phone, ready to move. ISP's could have been notified, so they can properly notify their users, instead of possibly changing some backgrounds. (Which does nothing if the background is changed for the wrong user account etc. Did they actually show this working on the show? Or did they possibly send the wrong commands and instead just caused a few thousand hospital computers in Spain to crash?)

    I guess my biggest issue is who decides who can legally be a vigilante?

  68. Bod

    Criminal offence

    "A criminal offence has taken place - they should investigate it. Pure and simple."

    I've had several cases where criminal damage has been done to my property. Just sitting on my arse isn't going to get it investigated. If someone asks if they are going to do anything about it they would definitely say no, unless someone files a formal report.

    If you want them to investigate it however, you are entitled to report it to the police to see if they'll investigate. Armchair moaning isn't going to get them to do it ;)

    Please consider carefully though as you and I as the taxpayer will be paying for this investigation and the result of any trial, no matter what the outcome ! Do you *really* want that just for a petty point? Wouldn't it be better them chasing after the real criminals?

  69. Michael Willems

    Thanks

    BBC "carefully chose computers outside the US and UK". Like my country? Thanks, BBC. Many thanks. I think you SHOULD be prosecuted.

This topic is closed for new posts.

Other stories you might like