BBC Illegally accesses 22,000 computers, claims "wasn't illegal".

[pete]

To demonstrate how botnets work, the bbc used 22,000 compromised computers in their own botnet for their "Click" program. They claim they didn't break the law because they didn't do anything naughty with the botnet.

BBC Site: BBC NEWS | Programmes | Click | BBC team exposes cyber crime risk
Graham "CakeMonster" Cluely comments: Did BBC break the law by using a botnet to send spam? | Graham Cluley's blog
Securiteam blog that brough it to my attention: SecuriTeam Blogs » It’s fun being other people

[kmount]

Short sighted of them to say they didn't do anything wrong because they didn't do anything naughty but tbh, I think it's a powerful idea that they've brought to the surface.

My concern is how they were able to then contact individual people to advise them of the infection; did the ISPs cough up personal details because it was the BBC, or have the BBC merely advised ISPs through their abuse@ chains?

[localzuk]

This was blatantly illegal. There is no arguing about intent, as they are using the wrong idea of intent. The knowledge that gaining access to other computers is illegal was there, therefore they have mens rea.

Just because the outcome wasn't one with damages being seen by the victims doesn't mean it is not illegal.

Look at it this way, they utilised power, processing time, and bandwidth that is the sole possession of the victims. That victim paid for the power to run the computer, paid for the broadband, and may have a cap, so some of their bandwidth will now have been used up, and the processing time will have added wear to their equipment.

If I went into a store and stole a chocolate bar, ate it and then went back in and said 'see, this is where your security is lacking, it would make it no less of a crime!

[AngryTechnician]

Computer Misuse Act 1990

1 Unauthorised access to computer material

(1) A person is guilty of an offence if—

1. he causes a computer to perform any function with intent to secure access to any program or data held in any computer;
   
2. the access he intends to secure is unauthorised; and
   
3. he knows at the time when he causes the computer to perform the function that that is the case.

Seems pretty clear to me. Doesn't matter what you do with it, the fact it was unauthorised makes them guilty of an offence. If they had done something naughty with their access, that would in fact be a more serious offence under the part of the law immediately following the part quoted above ("unauthorised access with intent to commit or facilitate commission of further offences").

Where there would be wiggle room would be whether it is in the public interest to pursue a conviction, but I don't think there is any doubt over whether a offence was committed.

[tech_guy]

Yeah I read this yesterday and was gobsmacked to say the least.

The BBC did something very naughty and it will be interesting to see if any criminal proceedings are brought.

[RabbieBurns]

BBC programme broke law with botnets, says lawyer | OUT-LAW.COM

[tech_guy]

Good. Let's hope they now get a good kicking.

[zag]

Great to see the BBC investigating issues like this, really brings it to the wider audience.

[pete]

I personally hope they throw the book at the whole production team and anyone involved.

There's no compelling reason why the bbc couldn't set up 50 vms, desktops or whatever to demonstrate this using their own legally-owned hardware. Instead they tried to be cute and should be jailed.

Bunch of idiots.

[chrbb]

Was Jonathon Ross involved? If he was it'll be Ok

[maniac]

My concern is how they were able to then contact individual people to advise them of the infection; did the ISPs cough up personal details because it was the BBC, or have the BBC merely advised ISPs through their abuse@ chains?

From the sophos site . .

Furthermore, at the end of this next excerpt you'll see that the BBC "warned" the users that their computers were part of a botnet. They did this by changing the desktop wallpaper of affected computers owned by innocent third parties to display a message from BBC Click.

That's how. Worrying yes, surprising no and I'm not really worried myself, as I take all precautions against this sort of thing. It doesn't really change anything except make people more aware of the issue, which is being done even more effectively now because of these news articles. Looks like mission accomplished to me, even if they may have broken the law to do it.

Mike.

[jamesb]

Short sighted of them to say they didn't do anything wrong because they didn't do anything naughty but tbh, I think it's a powerful idea that they've brought to the surface.

My concern is how they were able to then contact individual people to advise them of the infection; did the ISPs cough up personal details because it was the BBC, or have the BBC merely advised ISPs through their abuse@ chains?

I believe they changed the desktop backgrounds on the computers. Illegal in its own right.

[cjohnsonuk]

If the tech team at the BBC are naive enough to believe that gaining unauthorised access to a computer is legal then both they, the legal team that should have advised them and the management that should have ensured that the legal team advised them should be hung out to dry. What message does this send out? Can you imagine: "BBC reporters steal cars from public car parks and car showrooms to highlight poor security in todays car design" , "But its OK to do that as it was all in the name of public interest and the cars were returned to the public car parks a month later." or worse "The cars were returned to the owners who were identified when a government department gave out the contact details of the registered drivers to a BBC researcher"

Not that I ever did respect their technical know how but really puts a nail in the coffin.

<Rant=on>
I don't know whether I'm just getting old and grumpy but I'm finding more and more BBC (and other news) reports are often going for a story rather than news and are presenting the facts in a biassed or inaccurate way that influences society.

E.g. There was a report on yesterday about someone who had committed a crime. "the man, who has recently suffered from XYZ disease, did crime ABC" Where's the relevance in stating his recent ailment? Is that an excuse? Should we feel sympathy that he had a runny nose?

Take another example : the recent snow. "It was chaos". No it wasn't, it was a minor inconvenience. People incapable of driving in snow went out ill prepared. Snow chains cost £50. I got places where 4x4s couldn't go in a lowly 2WD hatchback. If you can't afford them stay at home. Or stick to gritted roads. Or get a lift from someone who can drive in snow. There really was no excuse for 90% of the driver who got stuck.

And the weather...
Rain is always described as "miserable". The weather has no emotion. They are brainwashing us to associate anything that isn't sunny with unhappiness. If it rains put a coat on not a sad face!
No wonder there is so much depressiosn in the country!
<Rant=off>
Pheww.
That feels a lot better.
ChrisJ

[kmount]

I believe they changed the desktop backgrounds on the computers. Illegal in its own right.

LMFAO.

So.. "Hai, we're from the BBC, you're infected, nip to PC World and get your PC sorted out"..

Seriously, that's just ridiculous.

[ZeroHour]

Was Jonathon Ross involved? If he was it'll be Ok

Imagine the background they would have set it he was