BBC botnet ‘reckless’, may inspire copycats

Sophos says BBC TV segment highlighting the power of botnets went too far.

Sophos CTO Paul Ducklin

Sophos CTO Paul Ducklin

Security company Sophos has lashed out at the BBC for commandeering some 22,000 computers earlier this month, claiming the move was a reckless breach of privacy that could inspire a wave of vigilante copycats.

The computers were assembled into a botnet by the BBC following advice from hackers in online chatrooms, and were then use to spam dummy Hotmail and Gmail accounts to demonstrate the machinations of spam in its Click TV segment.

Thousands of spam e-mails, each with unique subject lines generated by Google keyword searches, bypassed the Hotmail and Gmail spam filters and hit the inboxes within about two hours.

Kill commands issued to liberate infected computers can be rewired to wipe hard drives

Sophos

Sophos chief technology officer Paul Ducklin said the demonstration, which also changed the desktop backgrounds on hijacked computers, was reckless because altering system data could have had unintended and dire effects.

“The BBC issued remote commands for its [Click] television program, using a criminal piece of software, from the author they've never met and which quality they've got to presume is dodgy,” Ducklin said.

“The commands to change the wallpaper could have hanged the computers. What if those [affected] were uploading a tax return, or a prescription for diabetes medication?

“It's not for the BBC to make that decision. I'm sure their motives were good, but they have set a dangerous precedent because the last thing we want is gangs of wannabe anti-virus vigilantes roaming the Internet and issuing commands to botnets,” he said.

Ducklin said the typical kill commands issued to liberate infected computers from botnet control, and presumably used by the BBC test, can be rewired by hackers to wipe hard drives and critical system data.

“The only good reason to [issue a kill command] is if the botnet was going to be used to do something terrible... not just to stop spam,” he said.

The BBC test also directed the infected computers to perform a denial-of-service attack on a test web site.

A quarter of all computers are part of a botnet, according to statistics from security research organisation TRACE. Despite this, most malware used to infect machines can be removed by basic anti-virus programs.

Ducklin said businesses should bolster internal security such as Network Access Controls to thwart rising attempts by botnet masters to dodge hardened external security and inject malware directly into corporate networks using infected portable devices.

He said the bot controllers, which are often Linux servers, are virtually impossible to locate.

University of New South Wales senior network administrator for the school of computer science and engineering Peter Linich previously told Computerworld Linux servers are extremely valuable for botnets because they are typically online more than 10 months of the year.

“We can't make sure users who need to administer their own computers use good passwords; a bad password choice is a damn good way to risk getting their machine compromised no matter how attentive they are to keeping their machines patched,” Linich said.

The BBC has defended media allegations that the demonstration was illegal, and said it did not pay hackers for access to the infected machines.

A list of 20 million legitimate e-mail address can cost up to $1000, according to the BBC botnet report.

Botnet masters — the masterminds behind the zombie computer networks — have received prison sentences of up to four years in recent history for using the machines to issue spam and denial of service attacks.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags botnets

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Darren Pauli

Computerworld
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?