BBC botnet experiment broke law, says lawyer

The BBC may have broken the law by demonstrating how easy it is to buy and use a botnet...

The BBC may have broken the law by demonstrating how easy it is to buy and use a botnet or network of hijacked computers, says a technology lawyer.

The BBC's technology programme, Click, has revealed it was able to buy a botnet of 22,000 hijacked computers online and use it to send spam and crash a website.

Within hours, Click was able to send thousands of spam-like messages to two test e-mailaddresses and down a target website by bombarding it with requests.

The target website was swamped by Click's distributed denial of service (DDOS) attack using only 60 computers in the botnet.

Cybercriminals commonly raise funds by using threats of DDOS attacks to hold websites to ransom.

Click conducted the experiment to test the power of a botnet as a cybercrime tool for a report to be broadcast this weekend.

But the experiment contravenes the Computer Misuse Act , said Struan Robertson , a lawyer at Pinsent Masons and editor of the firm's newsletter.

"Criminal intent is not necessary to establish an offence of unauthorised access to a computer," he said.

The BBC has since destroyed the botnet and notified the 22,000 computer owners that they are vulnerable to attack and given advice on how to secure their machines.

Struan Robertson said it is unlikely the BBC will be prosecuted because its experiment was not reckless and probably caused no harm.

According to a Twitter posting by Click, the BBC programme conducted the experiment in consultation with lawyers, Robertson said.



Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT legislation and regulation

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.