The BBC Botnet
I'm not going to write too much on this topic, as other blogs and news sites already extensively reported on it. However I just wanted to remark that most infosec-people out there raise the question whether or not what the BBC did (i.e. buying a botnet, and using it to send spam and execute a DDoS) is a breach of the computer misuse act. On their own website, BBC reports that "if this exercise had been done with criminal intent it would be breaking the law." But even though the attacks were performed under advance agreement, I doubt they asked the actual owners of the zombie-PCs if they wanted to participate in the exercise. Furthermore, if the zombies are on the network of an ISP that follows a strict abuse-policy, those PC owners might get their subsciptions suspended for something they are not even aware of happened.
Labels: cybercrime
Post a Comment