BBC Click using a BotNet
Yesterday I was enjoying BBC Click as per-usual on a Sunday but was somewhat surprised by the Contents of the show which has compelled me to write a little about it.
Spencer Kelly used underground forums to purchase a BotNet containing 22,000 PC’s for $2500 (from memory).
Once logged into the admin interface for the BotNet he goes through all the options showing how easy it is to control. Walking the audience through how to spam a Mailing List and execute a DDOS attack on a website (which they did). Effectively broadcasting a tutorial on how to a denial of service attack or spam, it certainly opened my eyes. Madness! Perhaps next week they’ll visit a Arms Dealer and teach everyone how to make a bomb.
It was a really interesting show however I tend to look at things from a different angle, sure a few PC’s might now be more secure. But how many people are sat thinking about how much money they could make spamming? Or whether they could take a competitors site out for a week, getting it knocked out of Google. It could have done more harm than good.
Not to mention – Is it even Legal for them to be using a BotNet? Regardless of whether there was malicious intent. They still accessed 22,000 computers without the permission of the owners.
Watch the show here: http://news.bbc.co.uk/1/hi/programmes/click_online/7932816.stm
Oscar 1061 days ago
No, it’s not legal. Here in Spain they’ll be probably in jail right after the show.
What surprises me is that happens in the UK, where there’s more panic than here regarding computer hacking and is those kind of threats are taken more seriously.
anthony 1061 days ago
It seems to have pretty much gone under the radar here. I wouldn’t want to see anyone thrown in jail, but I don’t think that show was a good idea.
James 1061 days ago
http://www.dolphinpromotions.co.ukWhat interested me the most was the price you could buy the bots for. It was about £300 per 1000. They managed to take down a site using just 60 bots.
Obviously I would never condone it but It would be interesting to see how effective they would be at wiping out competitors in Google.
anthony 1061 days ago
@james LOL I’ll be sure never to upset you
Brad McAllister 1061 days ago
http://www.bradmcallister.com/I was very impressed by it, watched it twice!
Paul 1060 days ago
http://www.northsouthmedia.co.uk/blog/According to the Computer Misuse Act they could potentialy be looking at 2 year maximum jail sentence, however, as they were sending the emails to their own servers and “told” the users their machines had security issues it probably wont happen.
It’s that old argument, just because you can, doesn’t mean you should, but I’ll bet a few eyebrows were raised after the show and a few more BotNets purchased.
Mike McCullough 1055 days ago
http://bilismedia.comI watched the show as well, and was completely blown away…I think this sort of awareness isn’t going to help things. Although, maybe a few more people purchased spyware software now.
Jacob 1048 days ago
http://rigid-chips.comI saw the show and was absolutely disgusted by it. Not only is it illegal under the Computer Misuse Act, It’s immoral. And who’s to say they didn’t have a poke around through some of the PCs?
There are better ways of highlighting a problem, this would be like them Breaking into a car, and putting a message on the dash to highlight how easy it is.
Oh, and the Computer Misuse Act:
“Unauthorised access to computer material”
“(1)A person is guilty of an offence if—
(a)he causes a computer to perform any function with intent to secure access to any program or data held in any computer;
(b)the access he intends to secure is unauthorised; and
(c)he knows at the time when he causes the computer to perform the function that that is the case.
A person guilty of an offence under this section shall be liable on summary conviction to imprisonment for a term not exceeding six months or to a fine not exceeding level 5 on the standard scale or to both.”
I really do think that the people who came up with the idea, executed the idea, and anyone who knew it was going on should be arrested, and tried in a court.