BBC Runs Botnet Test Attack, Security Experts Criticize
To demonstrate how botnets pose security threats, BBC (British Broadcasting Corporation) bought and used a network of 22,000 infected computers forming a botnet.
The reports highlight that BBC was able to obtain the botnet via its participation in various Internet chat sessions, and it utilized the network for sending spam mails to a Hotmail and Gmail account it had set up to conduct the spam test. Within hours, e-mail accounts on both the sites got an abundance of junk e-mails.
Besides spamming the e-mail accounts, BBC also used the botnet for a distributed denial-of-service attack against a test website of security firm Prevx. DoS attacks block access to a PC resource for targeted users.
Moreover, reports state that on the completion of the illustrative attack, BBC send alerts on the corrupted PCs telling them about their infection as well as providing information on how to protect their systems. After delivering essential information, it deactivated the botnet.
Meanwhile, the test was shown through a video film together with a BBC article, which said that the test was conducted without any criminal intent for then it would have meant violating the law, as reported by cnet on March 12, 2009.
However, security experts criticized the test by BBC. According to Graham Cluley, Senior Technology Consultant at security company Sophos, the test was clearly an illegal modification of PC data that goes against the Computer Misuse Act, as reported by vnunet on March 12, 2009.
Cluley further said that sending spam from a third party's computer evidently eats on bandwidth and consumes system resources. He added that even if BBC thought that the effect would be least, it was not right in doing the exercise anyway.
Furthermore, Technology Lawyer Struan Robertson with an Asia and UK-based Law Company Pinsent Masons echoed what Cluley said about BBC performing a breach of the Act by obtaining and applying software for controlling the network of bots.
However, BBC defended itself with a statement that they did consult legal advisors otherwise they wouldn't have carried out the demonstration, as reported by SCMAGAZINE on March 12, 2009.
Related article: BBC’s Subscriber Mailing List Hacked By Spammers
» SPAMfighter News - 21-03-2009