The BBC Borrows a Botnet
In an effort to make the public aware of the threat of botnets, the BBC comes very close to violating the UK’s Computer Misuse Act. The BCC technology program Click acquired a botnet of about 22,000 computers and used them to send spam to BBC-owned e-mail accounts. They also mounted a DDoS attack on a site owned by security company PrevX (with their permission, of course). Click acquired the botnet after “visiting chatrooms on the internet.” Before giving up control of the zombie machines, Click advised owners of vulnerable machines on how to make their systems more secure.
Click’s ability to acquire the botnet makes clear the increasing ease with which malicious users are able to raise computer armies to do their evil bidding. While the article doesn’t directly say how the botnet was acquired, it asserts that 1,000 computers may be sold for around $400. Their “chatroom visit” likely mirrored a real-world back alley deal.
Although Click’s intentions were pure, their means were questionable and only furthered the problems botnets raise. They encouraged botnet creators to continue their work, proving that there is an expanding market for their product. Even though they only sent spam to their own accounts, they still burdened the servers along the way, wasting bandwidth. Finally, to deliver their warning message to users, they either had to identify the users, comprimising their privacy, or make changes to their machines.
I hope that Click’s use of a malicious service will make people aware of these attacks and inform them how to prevent subversion of their computers. BBC should be reprimanded by the government because their actions come close to breaking the statutes in UK’s Computer Misuse Act.