All the latest UK technology news, reviews and analysis
|
|
|
17 Mar 2009
Security firms around the world have criticised the BBC over its conduct in a recent episode of the programme Click.
The episode involved BBC reporters enlisting the help of third-party security experts to conduct an investigative report on building a botnet. The team was able to purchase a network of 22,000 controlled systems which were used to send emails and perform a denial-of-service attack on a test web site.
The BBC later dismantled the botnet and informed the owners of the compromised systems, but the story drew criticism from security experts. Sophos senior security consultant Graham Cluley condemned the attacks as a breach of the Computer Misuse Act.
In the days following the report, it has become apparent that Cluley is far from alone in his condemnation.
"The BBC simply didn't need to go as far as it did to demonstrate the cyber criminal possibilities of a botnet," argued Paul Ducklin, head of technology for Sophos' Asia-Pacific branch, in a blog post.
"The demonstration it filmed could easily, more scientifically, probably more effectively, and definitely more quickly, easily and safely, have been done in a research laboratory."
A Sophos web site poll found that 56 per cent of visitors felt that the action was wrong on either legal or ethical grounds, while only 33 per cent felt that the awareness raised by the report justified the BBC's actions.
Researchers and executives from other security firms, such as McAfee, F- Secure and Sunbelt Software, are throwing their support behind Sophos.
"You just don’t get involved, because it's wrong and there are too many unintended consequences that can occur," wrote Sunbelt chief executive Alex Eckelberry in a blog post.
"To have a TV show use a botnet to 'prove a point' is beyond the pale, particularly since the point could have easily been proven in other ways."
Latest stories from Security
Related articles
Related jobs
Poll
Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?
V3 examines the key strengths and weaknesses of Samsung's latest iPhone killer
Connect with V3.co.uk
Social networking is almost ubiquitous. This white paper examines the benefits and risks and it looks at the different ways companies can reconcile them
The importance of understanding your infrastructure
Lead PHP Developer - Technical Architect - Ecommerce...
C# Software Engineers required to join rapidly expanding...
Java / J2EE Software Engineers required to join rapidly...
Developer (MIS / Business Systems - SQL / T-SQL, HTML...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
The BBC was wrong to do this
The PCs which had the bots on were probably PCs with no up-to-date virus protection, so Sophos etc would (on the face of it) have been glad to tell the victims that their computers were compromised. However, the fact is that the BBC used those peoples' computers without permission, and, as such were breaking the law. If the BBC had done something wrong damaging files on the victims' PCs, or causing them to be have their ISP accounts blocked etc, then things would have been far different. As it was, the BBC were just very lucky. The type of people who watch 'Click' probably know all about virus protection anyway, so would not be the people who should be being told about it, so I don't think the exposure was worth it.
Posted by: Paul 20 Mar 2009
Well done Click
Well done the BBC for exposing just how damaging bot-nets could be in the wrong hands. While I accept that no anti-virus/spyware solution can ever be perfect it's about time some of these so-called security firms were called to account over their softwares shortcomings.
Posted by: David 20 Mar 2009
Proof is in the pudding
Well done to the BBC If you are going to show these sham A/V companies up -do it for real once. it never needs to be repeated and a real live test brings it home to the punters. At least 22,000 fools have been alerted to their own inadequate security.
Posted by: archiebald 19 Mar 2009
Well Done BBC!!!
As it was these very same 'Security Firms' software that permitted the attacks you'd have thought they would be keeping a low profile - or at least a naking joint announcement saying "Sorry we should really be doing better" The only thing that was harmed was the Security firms pride
Posted by: Alan Jacobson 19 Mar 2009
Lies, damn lies and ...
Interesting that Sophos found only 33% thought it was justified, whilst a straw poll here shows 100% in favour of the BBC's actions. Seems to me that Sophos and co should be encouraging anything that highlights home security issues and should have got themselves some free positive advertising instead of the negative publicity they are generating at present. Generally I am impressed by Graham's public views, but this time I think he's taken the wrong tack.
Posted by: John Brookes 19 Mar 2009
Ineffectual Security Companies
Pesonnelly I was very impressed with the news story on click, and although I was already aware of botnets this filled in the spaces and I know alot of other people who watched it found it equally enlightening. Sophos probably got its knickers in a twist because some of its machines were probably bots and the BBC informed their customers before they did. This was deffinately one of clicks beter stories.
Posted by: Chris MacInnes 18 Mar 2009
There is that but..
Well, there is that, but i think by doing this test in a lab would not have had the same effect on the people watching the program. It easy to say "that's terrible, but it won't happen to me". By showing that it is happening with real people, and how easy it is to do it made me personally careful about how I secure my computer.
Posted by: James 18 Mar 2009
In the search of the truth
I for one commend the guys at BBC Click for their work. Since the dawn of the trade journalists have had to do these sorts of things in order to uncover the full extent of the issue. For example, had this been an undercover video of a journalist bribing a government official for a fake passport no-one would have batted an eyelid about the moral and legal implications - I fail to see how this is at all different. Keep up the good work guys.
Posted by: Ian Williams 18 Mar 2009
I Wonder..
...how many of the botnet folks had software written by these companies? Obviously they failed to detect and defend against the bots. Good work by the BBC IMHO, people need to wake up to the dangers that await them online and understand how to avoid them. Making it personal means people will listen and start to take steps. Same principal as putting graphic pictures on cigarette packets!
Posted by: Khushil Dep 18 Mar 2009