The BBC TV program Click, which showcases new technologies, especially internet related ones, has broadcast an interesting half an hour special today (available for the next 7 days via the online BBC iPlayer).
They investigated the world of Botnets, of thousands of trojan horse malware infected, mostly home PCs running Windows, connected via broadband internet connections, which are used to send most of the world's spam email and also for Distributed Denial of Service attacks.and blackmail against e-commerce websites or online security companies and political opponents etc..
It seems that the BBC Click team managed, after a bit of hanging around certain internet discussion forums, and some (presumably encrypted) instant messenger chat, to purchase or rent a botnet of over 21,000 malware infected computers around the world. This involved transferring a couple of thousand pounds to via a wire transfer in a shop, to an anonymous third party company, probably in somewhere like the former Soviet Union, to the criminal who sold it to them, and who provided a slick, professional, control panel interface. to control the botnet.
The programme proceeded to demonstrate how this could be used to send thousands of spam email messages and to bring a medium sized website (belonging to one of the security company advising the programme) offline through sheer weight of numbers . It seems that this website became unusable after only 60 broadband connections were aimed at it,out of the bitnet of over 21,000 machines.
This botnet was said to be relatively cheap, as it was mostly infecting computers in less developed countries, which have less juicy online financial information on them to be snooped on. However their video clips showing the geographical extent of the botnet did show a few computers in the United Kingdom and in the United States of America.
At the end of their demonstration, the BBC changed the desktop wallpaper on the botnet infected computers to a warning message from the BBC, and instructed the botnet trojan software to delete itself.
All in all an admirable bit of investigative journalism, for which, of course,they have been criticised by some people, claiming that they have broken every single section of the United Kingdom Computer Misuse Act 1990, including the new amendments which came into force in October 2008, which try to cover "dual use" software tools, and denial of service attacks. They could also have broken the computer misuse laws of all of the other countries involved, including the very harsh ones in Thailand.or Pakistan etc.
See The Register: BBC zombie caper slammed by security pros
Presumably the BBC had their lawyers check into this before engaging in this activity, and their defence seems to be that of an obvious lack of criminal intent.
It would be an utter scandal if the British Police were to bother to investigate such alleged breaches of the CMA by the BBC, when they have been such utter failures in protecting us from these sorts of international botnets and the criminals who exploit them.
Any lack of a prosecution here in the UK, would be consistent with the Crown Prosecution Services abrogation of British sovereignty in the case of accused hacker Gary McKinnon, who is facing extradition to the USA, who also allegedly left a couple of notes on a few computer desktops pointing out the useless computer security of the US Military systems he managed to access. However, he certainly did not leave a warning graphic on over 21,000 machines, like the BBC have done.
Neither the old National Hi-Tech Crime Unit, nor the Serious Organised Crime Agency nor the new Police Central e-crime Unit (PCeU) have been any use at all in protecting us from botnets, or in catching and extraditing, prosecuting and punishing the mostly foreign based criminals who create and run run these botnets.
Incredibly, the Keynote Opening Address of next month's annual Infosec Europe IT Security conference and trade show at Earl's Court (26th -30th April 2009), will be given by disgraced former Home Secretary David Blunkett, who will supposedly advising us on such topics - we can hardly wait !