Did the BBC break t...
 
Notifications
Clear all

Did the BBC break the law?

34 Posts
9 Users
0 Likes
2,620 Views
(@dficsi)
Posts: 283
Reputable Member
Topic starter
 

I have just watched the latest episode of the BBC's show 'Click'. In this episode the host, and his guest, pay for and take control of 20,000 'bots' and then use them to send spam to thousands of recipients.
Question Did the BBC break the law?
My gut feeling is that, according to the 1990 Computer Misuse Act, they have broken the law. I don't know is a succeeding law has brought changes to this but I'm interested in reading other people's ideas and opinions.

 
Posted : 16/03/2009 1:14 am
(@pbeardmore)
Posts: 289
Reputable Member
 

This crossed my mind also.

As far as I know, the Police will only investigate if someone makes an official complaint so, based on the fact that the BBCs HQ is in London, if someone wants to give the Met a ring, I would be very interested.

"If this exercise had been done with criminal intent it would be breaking the law." states their web site. Funny kind of defence?

http//news.bbc.co.uk/1/hi/programmes/click_online/7932816.stm

 
Posted : 16/03/2009 12:45 pm
Jamie
(@jamie)
Posts: 1288
Moderator
 

Yes, this struck me as very odd (to say the least) when I first read about it.

Some further info and commentary at The Register.

Jamie

 
Posted : 16/03/2009 12:46 pm
(@darksyn)
Posts: 50
Trusted Member
 

Hmmm… Having read through what has been posted (the story + the The Register story), I can't say I agree with you on this exercise being deemed illegal…

About the only thing I can see as being "illegal" is the use of the zombies but it is still a gray area. But, again, they did not "hack" the zombie computers used in the attack, AND they left a message with instructions on how to clean the computers!

And from what I can read its done as a legitimate piece of research (despite the fact that it was done for a TV show), with a "get out of jail" card provided by the security company AND extra legal advice.

Should be really cool to watch, and I'll ask all my students to watch the program too, as it is very good "discuss the importance of the findings of" material.

Oh, and there is ample scientific evidence (eg. V. Paxon (I think) on the failure of the Poisson model in Internet Traffic classification) to show that internet traffic (and thus any realistic DDoS attack) cannot really and effectively be simulated via eg. ns-2 or virtualisation. You NEED that many computers (which is why netsec researchers/scientists tend to scream about needing properly anonymised and good quality datasets) or datasets from a REAL DDoS attack traffic capture (eg. gathered through a honeynet/pot).

Kindly, people, do not rush to label everything "illegal".

Cheers
DarkSYN

 
Posted : 16/03/2009 2:30 pm
Jamie
(@jamie)
Posts: 1288
Moderator
 

About the only thing I can see as being "illegal" is the use of the zombies but it is still a gray area. But, again, they did not "hack" the zombie computers used in the attack, AND they left a message with instructions on how to clean the computers!

Surely there are legitimate questions about "securing access to data", "unauthorized modification", "impairing operation" etc. etc?

Oh, and there is ample scientific evidence (eg. V. Paxon (I think) on the failure of the Poisson model in Internet Traffic classification) to show that internet traffic (and thus any realistic DDoS attack) cannot really and effectively be simulated via eg. ns-2 or virtualisation. You NEED that many computers (which is why netsec researchers/scientists tend to scream about needing properly anonymised and good quality datasets) or datasets from a REAL DDoS attack traffic capture (eg. gathered through a honeynet/pot).

Not sure I grasp the relevance?

Kindly, people, do not rush to label everything "illegal".

I honestly don't think anyone (here) has but it has to be an issue worth debating, no?

Jamie

 
Posted : 16/03/2009 3:18 pm
(@dficsi)
Posts: 283
Reputable Member
Topic starter
 

Kindly, people, do not rush to label everything "illegal".

Excuse me? CMA90 says that gaining unauthorised access to a computer, regardless of intent, is a crime. This is not a grey area and I did not 'rush to label' it illegal. If you have indeed read the Register article you will have seen that McAfee have distanced themselves from this. Also others have suggested the same thing and even had a letter back from the Beeb stating that they it was not their intention to break the law. Reference here.
Based on the facts that we have we can say the following
The BBC bought a botnet from an unidentified source.
The BBC gained unauthorised access to almost 22,000 computers (illegal in this country).
Dependant on the location of these 'zombies' the BBC may have broken foreign and international laws. The UK legal system may turn a blind eye but what about these other countries? Does the name Gary McKinnon mean anything to you?

Kindly, sir, do not rush to label us and suggest that we are guilty of sensationalising.

 
Posted : 16/03/2009 3:27 pm
(@dficsi)
Posts: 283
Reputable Member
Topic starter
 

I honestly don't think anyone (here) but it has to be an issue worth debating, no?

Jamie, I will stand up right now and say it IS illegal. Pinsent Masons (one of the largest solicitors in the UK) have written an article saying as much.

 
Posted : 16/03/2009 3:30 pm
(@pbeardmore)
Posts: 289
Reputable Member
 

Lets not get distracted by DarkSYNs comments.

Following on from a pretty dreadful year as far as the BBC and PR is concerned, I think this could be a slow burner and really bite them in the backside. On the face of it, it does seem to be unauthorised access, pure and simple. It would be interesting to hear the views of any of those who own the PCs to which the BBC gained access. I assume, on the law of averages, that many are licence payers. Now thats irony

 
Posted : 16/03/2009 3:34 pm
(@dficsi)
Posts: 283
Reputable Member
Topic starter
 

Lets not get distracted by DarkSYNs comments.

Who me? 😉

I'm just worried that he might be passing this on to his students as acceptable behaviour.

 
Posted : 16/03/2009 3:36 pm
(@dngroen)
Posts: 55
Trusted Member
 

Lets not get distracted by DarkSYNs comments.

Following on from a pretty dreadful year as far as the BBC and PR is concerned, I think this could be a slow burner and really bite them in the backside. On the face of it, it does seem to be unauthorised access, pure and simple. It would be interesting to hear the views of any of those who own the PCs to which the BBC gained access. I assume, on the law of averages, that many are licence payers. Now thats irony

This occured to me too, I wonder how many of those people will seek compensation from the BBC.

 
Posted : 16/03/2009 4:43 pm
Page 1 / 4
Share: