BBC Click’s Botnet – The moral dimension

Well since yesterday morning when I first wrote about this story the BBC Botnet has made it into a number of news sources including The Guardian who asked “Did BBC botnet break the law?” and the coverage on Sophos’s website and The Register has been mentioned here yesterday. Slashdot had the story posted in which I posted a couple of comments (The links on these posts have driven more traffic to this site than any other source).

Whether the BBC’s action was legal has been the focus of a lot of discussion so far, but in this post I want to discuss whether it was moral. A lot of people are taking the position that the BBC should be thanked for this piece of journalism, as it will raise awareness of the issue and they also destroyed the Botnet. However my own opinion is that what the BBC did completely unacceptable for a number of reasons:

Did they fund crime?

The BBC acquired a Botnet, and although they haven’t entirely explained how it is implied that they bought it. If this is the case then the BBC has knowingly paid a criminal for access to his services. This more than negates any good they can claim by having then disposed of the Botnet.

When the BBC bought that Botnet they helped ensure creating Botnets was profitable which encourages criminals to create more. That is the exact same reason why having the police buy Heroin and Guns from dealers isn’t the solution to gun and drug crime.

Where were the computers?

The BBC Botnet had 22,000 computers in it. The BBC hasn’t said anything about where these computers were, or if it even knew. As Botnets aren’t designed to stay within one geographical region it is unlikely that these 22,000 machines were all within the United Kingdom. It is in fact likely that it will contain 1000s of foriegn PCs, and perfectly possible that it will include machines on military networks either inside or outside of the United Kingdom.

Maybe it’s just me but if I found out that China State Central television (Chinese State broadcaster) had bought access to a Botnet that my PC had been compromised by and used my PC without authorisation, changed my background and then ‘deleted’ the exploit I wouldn’t be overly impressed.

And then there is the question of legal jurisdictions. As Gary McKinnon is finding out at the moment, being in the UK when you access resources in another Country doesn’t protect you from the laws of that Country. If the BBC Botnet included an American PC are they sure their action wasn’t illegal under US or State Law?

Do we want vigilantism?

The debate over whether it is acceptable to produce programs that work like Malware etc but for the purpose of good has been going on for years. Should it be acceptable to write a program that searches for PCs with a security flaw and install an application on them that removes all viruses, checks and reports the user for any illegal pornography, checks and reports the user for any pirated content and then fixes the security flaw? I would hope most people would say no to this extreme example, but what needs to be considered is that it can be justified on the same grounds as the BBC’s action.

This entry was posted on Friday, March 13th, 2009 at 10:05 and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

5 Responses to “BBC Click’s Botnet – The moral dimension”

  1. Tomaz Says:
    March 16th, 2009 at 16:32

    Most people who are against what the BBC did usually know all about botnets and computer security. What the BBC was attempting to do is bring that knowledge to the wider, ignorant group of casual users.

    Did they fund crime?

    If it means that users improve their security then botnet sizes will shrink and their value will drop too – so if what the BBC did works then their one-off payment will cause a longer term reduction in money going to criminals.

    Where were the computers?

    “Maybe it’s just me but if I found out that China State Central television (Chinese State broadcaster) had bought access to a Botnet that my PC had been compromised by and used my PC without authorisation, changed my background and then ‘deleted’ the exploit I wouldn’t be overly impressed.” Nor me – which is why I do my best to protect my PC – but you and I are not the problem are we! Its people who dont give this sort of thing a second thought that are the problem!

    Do we want vigilantism?

    They did nothing but inform users that they needed to check out their PCs – hardly vigilantes. Its like having a visit from a fire safety officer who tells you that you need smoke alarms.

  2. John Says:
    March 16th, 2009 at 18:40

    so if what the BBC did works then their one-off payment will cause a longer term reduction in money going to criminals.

    Who gave the BBC the authority to make decisions about what laws it can ignore on the grounds of possible future benefit? Is it only the BBC who should have this autonomy and what other laws should become optional for journalists?

    Its like having a visit from a fire safety officer who tells you that you need smoke alarms.

    I dislike analogising especially when comparing computer and real events, but to roll with this one, it would only be like that if you came home to find a note on your kitchen table written by a foreign fire safety officer saying that they had paid a burglar who had broken into your house to let them in, checked around and found you needed a smoke alarm.

  3. Alex Gordon Says:
    April 8th, 2010 at 15:50

    ???? ??? ????????? ???????????…

    ???????? Slashdot had the story posted in which […….

  4. Kylie BattName Says:
    April 12th, 2010 at 14:09

    ?? ?? ?????. ? ??????. ???? ??? ????????. ?????? ??? ? PM, ???????….

    ?????????-????????? Slashdot had the story posted in which […….

  5. Kylie Batt Says:
    April 21st, 2010 at 23:11

    ????????????? ?????…

    ???????? ?? ????????? Slashdot had the story posted in which […….

Leave a Reply