BBC and PrevX spam investigation, takes control over 22,000 computers

Discussion in 'privacy general' started by Tony, Mar 12, 2009.

Thread Status:
Not open for further replies.
  1. Tony

    Tony Registered Member

    Joined:
    Feb 9, 2003
    Posts:
    721
    Location:
    Cumbria, England
  2. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    If I would've hacked into someone's computer using an existing vulnerability just to warn him that he has problems, I would probably be accused of breaking the law. Speaking of double standards...:thumbd:
     
  3. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    The legality might be questionable, but it was a very graphic demonstration that opened a few eyes. To many users, trojans, spyware, etc are abstract ideas that exist in the movies or only happen to those browsing porn or downloading pirated material. Sometimes it takes a good smack upside the head to really get their attention, to show them that the threats are real.

    Since there was no criminal intent, actual damage or data theft, there should be no criminal charges. IMO, if more users had been exposed to this kind of "wake up call" starting several years ago, malware might not be as widespread as it is.
     
  4. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,508
    Location:
    Slovakia
    They did not hack anyone, they used already hacked user's PC to let them know, that they are hacked, which is better that what was done with known McColo botnet, which is responsible for significant part of world spam, but they did not let users know, that they are infected, because it would be ilegal, so the botnet has been reactivated again, but users rights did not get violeted. By the way, blocking "bad content" against users wish like porno or p2p is legal of course. o_O
     
  5. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    Ok, maybe you should try to control some computer from a botnet then go public and say you just did that, then see what happens. On a different note, are you familiar with the term "unauthorized computer access"? Because it is exactly what happened in this case, and as far as I know (if I am wrong, please correct me) this is against the law in many countries.
     
  6. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,508
    Location:
    Slovakia
    Well, here is the catch, it is about todays sociate and about sheep and insane laws, which protects crimminals instead of people. So in this context "unauthorized computer access" sounds like an irony. What do we have here is a problem (botnet), someone who pointed at it (BBC) and what is the solution, well there will be none, because noone is interested in solving problem, that would cause companies to loose money, so instead lets talk about BBC, who is the villain here, right? Lets just pretend, that we are working on a solution, creating laws to stop it, which are obviously useless, just let the people live in their dreamworld, where hacking a PC with all anti-xxx aplications will protect them from evil hackers, who are too stupid to bypass them and we will live happily ever after. :rolleyes:

    By the way, 60 PCs with a broadband connetion to take down a medium size webpage, ainot that amazing, when there are botnets with millions PCs?
     
  7. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    I agree with you here. What I am trying to say is that BBC acted in this matter similar to what is called Grey Hat. I belive that this kind of actions shouldn't be illegal, but unfortunately they are in this twisted world we are living in. BBC made a mistake doing it and showing it to the public because that could encourage other people act as "grey hats" (after all, they saw that on BBC, that couldn't be illegal, right?) and they might find themselves in legal trouble after that.
     
  8. Baz_kasp

    Baz_kasp Registered Member

    Joined:
    May 1, 2008
    Posts:
    593
    Location:
    London
    Unfortunately the BBC made a mistake that day IMO...and so did prevx in helping them to do so.

    The BBC should be no different from any other UK company or individual in that it is governed by the Computer Misuse Act (1990)

    By accessing those computers they have committed the following offence under UK law:


    In other words it does not matter what they were doing or what their intentions were, as far as the law is concerned if you do not have authorisation to access those computers you should not be doing it.

    Some people have also said that by modifying the dekstop/screensaver that was also in violation of the "Unauthorised modification of computer material." clause but it seems to qualify they would have had to have done any of the following:


    Nevertheless, it was uncalled for and as such I made an official complaint to the BBC asking them to explain their actions. If I did the same thing and got caught I would be taken to court. They have done it on national television and nothing has happened so far. Whoever their tech advisors are must not have a clue about UK computer law.

    Edit:

    Looks like the prevx ceo is a bit grumpy to say teh least...well at least he is following the company PR policy there (we catch what you miss!):
    http://www.escapistmagazine.com/forums/read/7.96800#1504549

    :D
     
    Last edited: Mar 15, 2009
  9. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    i saw this the other day, you can watch the program on iplayer if you're in the uk, or probably on the 'bbc click home page' it's the latest episode they mention it at the start. they say they don't do any harm! aprt from using other people's bandwidth and cpu cycles lol.

    http://news.bbc.co.uk/1/hi/programmes/click_online/default.stm
    http://www.bbc.co.uk/iplayer/episode/b00jctj1/Click_14_03_2009/

    edit the links above, i think, are the whole programme with a lot more about the attack. the link in the first link is an editted version.
     
    Last edited: Mar 16, 2009
  10. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Actually, BBC had no right on doing such.

    I really haven't digged that much, as I'm not concerned with BBC at all, but, where did they get the botnet, in the first place?
    I don't think they made their own, did they? If they haven't, then they've paid to whomever did it. In what will this money be spent on?

    Also, it's sad to see a security vendor participate in this.

    It doesn't matter if there was no bad intentions here, as I believe there weren't, but, they paid for a botnet to someone, who, perhaps, does that for a living.
    Instead of being part of the solution, they're helping the bad guys out, and being part of the problem. I don't get it.

    Unless I'm seeing the wrong picture here.

    And, accessing any system without authorization, is a violation of law, unless, in certain situations, law allows it so. (Not my wish to debate whether or not that is correct.) So, in my most honest opinion, both BBC and Prevx did the wrong thing here.

    I would clap my hands if this situation was to trap bad guys into believing someone wanted to pay for a botnet, and on the act, they would get nailed, or whatever.

    Now, getting into the system of people totally unaware of such, isn't just right.

    Otherwise, one of these days, hackers will have the path free to do whatever they want, as all they ever wished and wish, is to show that systems aren't safe. No crime committed, as they were, in fact, just helping out.


    Regards
     
  11. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    in the click episode they said they brought a botnet the way criminals would. aka using instant messenging softeare using fake names and then using a company as a middle man to exchange the money so neither side knew who was who.
    so in other words the bbc is giving money to criminals?
     
  12. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    Last edited: Mar 17, 2009
  13. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    BBC in hot water for hiring botnet
    http://www.networkworld.com/news/2009/031609-bbc-in-hot-water-for.html

    http://news.cnet.com/8301-1009_3-10195550-83.html
    i don't like the bbc so i'm gald they're stupid enough to give public money to criminals!

    edit.
    http://www.computerweekly.com/blogs/editors-blog/2009/03/15-questions-that-the-bbc-shou.html
    http://www.sophos.com/blogs/gc/g/2009/03/12/bbc-break-law-botnet-send-spam/
    http://www.pcadvisor.co.uk/news/index.cfm?newsid=112795
     
  14. Baz_kasp

    Baz_kasp Registered Member

    Joined:
    May 1, 2008
    Posts:
    593
    Location:
    London
    Absolutely ridiculous. The BBC are using OUR license payer money and giving it to criminalso_O?

    I am seriously fuming and cannot believe they would actually PAY a criminal...completely absurd!

    Please people, get writing complaints and make them realise that someone's head has to roll after soemthing like this. This is a farce.
     
  15. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,633
    Location:
    UK
    It's unlikely a prosecution will be brought in this case.

    Whilst this has generated interest amongst news sources and security blogs, I just wonder how much of the general public who use computers actually saw the programme. It was broadcast on the BBC News Channel at various times and a shortned version shown on BBC Breakfast early morning so if they were intending to reach a wide audience to alert them to the botnet problem, they won't have achieved a great deal. I agree more people are aware of it now than before, but in reality not nearly as many people as they'd like to have reached.
     
  16. TKHgva

    TKHgva Registered Member

    Joined:
    Feb 19, 2009
    Posts:
    77
    Location:
    Confoederatio Helvetica
    Thanks for posting the articles and other comments. All I can say is that from the perspective of a novice with computer and internet security, the initial post, and therefore I imagine the stunt itself, helped open my eyes on the issues of viruses, spyware, ID theft etc and how such attacks are actually operated, in relation to what was said in post #3:
    and post #15

    Although there are discussions here (that I cannot contribute to >not skilled enough) as to the legal implications to this action.
     
Loading...
Thread Status:
Not open for further replies.