The BBC Breaks CyberCrime Laws

The BBC News program “Click” purchased a botnet of 22,000 hosts from Russian spammers and cybercrime syndicates in order to spam two email accounts and launch a DDoS against a website. Hello Scotland Yard?

From the Register here:

BBC Click has admitted paying cybercrooks thousands of dollars to buy access to a botnet as part of a controversial cybercrime investigation, broadcast over the weekend.

In a website story accompanying the heavily-promoted report, BBC Click reporter Spencer Kelly explains how licence fee payers’ money was used to buy access to virus-infected machines under the control of hackers in Russia and the Ukraine.

BBC Click used the botnet of 22,000 machine to send spam to webmail addresses it established and launch a denial of service attack against a test website by security firm PrevX which advised on the investigation. It then changed the wallpaper on compromised machines with a message of its own, advising affected users to clean up.

The BBC’s actions were likely to have breached the unlawful access provision of the Computer Misuse Act, the UK’s anti-hacking law. He added that there was no public interest defense against CMA offences.

Many security have described the exercise as misguided, unnecessary and unethical. Kaspersky, AVG, McAfee, FaceTime, Sophos and F-Secure all agreed that the BBC had behaved badly.

Tax Dollars at work.