StoneBlog.stonesoft.com

Hi all!

As you might have read, BBC Click has done some investigative journalism by “acquiring” (buying?) a botnet consisting some 22 000 computers and used it to create DDoS and email attacks. This was done just for testing how easy it would be….

Surprise surprise, it really is easy. But it certainly is not ethical and it might be illegal even in Britain, as I’ve stated in the followed stories by SC Magazine and infosecurity. I know for sure it’s illegal in Finland, for several reasons. BBC’s story raised awareness towards network security but is strongly overshadowed by the illegal/unethical means in it.

So how could’ve BBC done this ethically and/or lawfully? I can’t find a way:

·         Paying money to criminals for acquiring a botnet for testing is not the way we fight against internet crime. This is just common sense.
·         Asking people to participate to a botnet attack sounds like inciting them to criminality. Not asking but still using their computers is even worse.
·         I wouldn’t conduct this kind of research on open internet. It creates excess traffic, which might be interfering and thus illegal.

I don’t want to attack towards BBC Click too hard, clearly they didn’t know what they were in to. However, I wouldn’t courage other medias to follow either. Laws, regulations and “code of conduct” for information networks is available for all to see. Consult an expert if you don’t know or in case of uncertainty. We’re here.

//Opi

written by Olli-Pekka Niemi - 2,172 views \\ tags: Security