The BBC may have broken the law by demonstrating how easy it is to buy and use a botnet or network of hijacked computers, says a technology lawyer.
The BBC's technology programme, Click, has revealed it was able to buy a botnet of 22,000 hijacked computers online and use it to send spam and crash a website.
Within hours, Click was able to send thousands of spam-like messages to two test e-mailaddresses and down a target website by bombarding it with requests.
The target website was swamped by Click's distributed denial of service (DDOS) attack using only 60 computers in the botnet.
Cybercriminals commonly raise funds by using threats of DDOS attacks to hold websites to ransom.
Click conducted the experiment to test the power of a botnet as a cybercrime tool for a report to be broadcast this weekend.
"Criminal intent is not necessary to establish an offence of unauthorised access to a computer," he said.
The BBC has since destroyed the botnet and notified the 22,000 computer owners that they are vulnerable to attack and given advice on how to secure their machines.
Struan Robertson said it is unlikely the BBC will be prosecuted because its experiment was not reckless and probably caused no harm.
According to a Twitter posting by Click, the BBC programme conducted the experiment in consultation with lawyers, Robertson said.