BBC Click paid cybercrooks to buy botnet

Your licence fees at work


BBC Click has admitted paying cybercrooks thousands of dollars to buy access to a botnet as part of a controversial cybercrime investigation, broadcast over the weekend.

In a website story accompanying the heavily-promoted report, BBC Click reporter Spencer Kelly explains how licence fee payers' money was used to buy access to virus-infected machines under the control of hackers in Russia and the Ukraine.

After months of investigation and a few thousand dollars, we had managed to buy a botnet from hackers in Russia and the Ukraine.

The process began in chatrooms where hackers advertise their services. You have to earn their confidence, then negotiations take place in instant messaging applications.

Once a service and a price have been agreed, payment is made using a money transfer to keep both sides anonymous.

BBC Click used the botnet of 22,000 machine to send spam to webmail addresses it established and launch a denial of service attack against a test website by security firm PrevX which advised on the investigation. It then changed the wallpaper on compromised machines with a message of its own, advising affected users to clean up.

The BBC reckons its actions were legal, but specialist technology lawyers contacted by El Reg disagreed. Struan Robertson, editor of out-law.com and legal director at solicitors Pinsent Masons, said that the BBC's actions were likely to have breached the unlawful access provision of the Computer Misuse Act, the UK's anti-hacking law. He added that there was no public interest defense against CMA offences.

All parties agree that there's unlikely to be a prosecution, even if the BBC inadvertently interfered with Pentagon computers. Infected computers on US military systems are hardly unknown, and BBC Click failed to make any checks on whose computers it was hacking into - so it could well be that some of the zombie machines used during the exercise were on US military networks.

Aside from the legality of the scheme, the exercise raises troubling ethical questions. Security firms are almost unanimous in saying the behaviour of infected machines could have been illustrated without hacking into the machines of innocent victims.

Much of what BBC Click found was already common knowledge in security circles, if not to the wider public. The idea that botnets are used to send spam or run DDoS, that access to them is sold through underground forums and that control tools are growing in sophistication, have been the staples of information security stories in the technology press and reports from vendors for months.

BBC Click said the programme was six months in the making.

Many security have described the exercise as misguided, unnecessary and unethical. Kaspersky, AVG, McAfee, FaceTime, Sophos and F-Secure all agreed that the BBC had behaved badly. Over the weekend Sunbelt Software joined the attack, which Sophos has spearheaded, against the programme's tactics.

Some security firms disagree with this consensus view, most notably PrevX, which participated in the programme. CEO Mel Morris, chief exec at PrevX, suggested that security researchers and the police routinely break the law to investigate botnets in a statement (below):

Prevx's input to the BBC Click Botnet experiment saw us providing our test site as a target for their DDoS attack and giving some comment and advice on the technical implications of what they were doing. In terms of what the BBC learnt the experiment highlighted some interesting facts - not least that their Botnet reached 9,000 computers over several days before it was detected by any of the major anti-virus or Internet security products.

Because of the nature of the market we operate in, and the ever growing risks of cyber-crime, every internet security company has to understand the ways in which the enemy operates. What the BBC did with this experiment is just taking that lesson to the broader public. Every day, most security companies, and law enforcement agencies investigating botnets and information stealers break the law to investigate and uncover stolen information and techniques - It goes with the turf!

Other supporters include security firm Marshal8e6 which issued a statement to "applaud the BBC Click programme for its interesting and informative piece which hopefully will assist in raising the public’s awareness of these issues".

The BBC Click programme was broadcast on BBC 1 on Saturday morning and the BBC News Channel on both Saturday or Sunday at 11:30. Those in the UK can catch up with the show through iPlayer, via the BBC Click site here. ®


Other stories you might like

  • Lonestar plans to put datacenters in the Moon's lava tubes
    How? Founder tells The Register 'Robots… lots of robots'

    Imagine a future where racks of computer servers hum quietly in darkness below the surface of the Moon.

    Here is where some of the most important data is stored, to be left untouched for as long as can be. The idea sounds like something from science-fiction, but one startup that recently emerged from stealth is trying to turn it into a reality. Lonestar Data Holdings has a unique mission unlike any other cloud provider: to build datacenters on the Moon backing up the world's data.

    "It's inconceivable to me that we are keeping our most precious assets, our knowledge and our data, on Earth, where we're setting off bombs and burning things," Christopher Stott, founder and CEO of Lonestar, told The Register. "We need to put our assets in place off our planet, where we can keep it safe."

    Continue reading
  • Conti: Russian-backed rulers of Costa Rican hacktocracy?
    Also, Chinese IT admin jailed for deleting database, and the NSA promises no more backdoors

    In brief The notorious Russian-aligned Conti ransomware gang has upped the ante in its attack against Costa Rica, threatening to overthrow the government if it doesn't pay a $20 million ransom. 

    Costa Rican president Rodrigo Chaves said that the country is effectively at war with the gang, who in April infiltrated the government's computer systems, gaining a foothold in 27 agencies at various government levels. The US State Department has offered a $15 million reward leading to the capture of Conti's leaders, who it said have made more than $150 million from 1,000+ victims.

    Conti claimed this week that it has insiders in the Costa Rican government, the AP reported, warning that "We are determined to overthrow the government by means of a cyber attack, we have already shown you all the strength and power, you have introduced an emergency." 

    Continue reading
  • China-linked Twisted Panda caught spying on Russian defense R&D
    Because Beijing isn't above covert ops to accomplish its five-year goals

    Chinese cyberspies targeted two Russian defense institutes and possibly another research facility in Belarus, according to Check Point Research.

    The new campaign, dubbed Twisted Panda, is part of a larger, state-sponsored espionage operation that has been ongoing for several months, if not nearly a year, according to the security shop.

    In a technical analysis, the researchers detail the various malicious stages and payloads of the campaign that used sanctions-related phishing emails to attack Russian entities, which are part of the state-owned defense conglomerate Rostec Corporation.

    Continue reading
  • FTC signals crackdown on ed-tech harvesting kid's data
    Trade watchdog, and President, reminds that COPPA can ban ya

    The US Federal Trade Commission on Thursday said it intends to take action against educational technology companies that unlawfully collect data from children using online educational services.

    In a policy statement, the agency said, "Children should not have to needlessly hand over their data and forfeit their privacy in order to do their schoolwork or participate in remote learning, especially given the wide and increasing adoption of ed tech tools."

    The agency says it will scrutinize educational service providers to ensure that they are meeting their legal obligations under COPPA, the Children's Online Privacy Protection Act.

    Continue reading
  • Mysterious firm seeks to buy majority stake in Arm China
    Chinese joint venture's ousted CEO tries to hang on - who will get control?

    The saga surrounding Arm's joint venture in China just took another intriguing turn: a mysterious firm named Lotcap Group claims it has signed a letter of intent to buy a 51 percent stake in Arm China from existing investors in the country.

    In a Chinese-language press release posted Wednesday, Lotcap said it has formed a subsidiary, Lotcap Fund, to buy a majority stake in the joint venture. However, reporting by one newspaper suggested that the investment firm still needs the approval of one significant investor to gain 51 percent control of Arm China.

    The development comes a couple of weeks after Arm China said that its former CEO, Allen Wu, was refusing once again to step down from his position, despite the company's board voting in late April to replace Wu with two co-chief executives. SoftBank Group, which owns 49 percent of the Chinese venture, has been trying to unentangle Arm China from Wu as the Japanese tech investment giant plans for an initial public offering of the British parent company.

    Continue reading
  • SmartNICs power the cloud, are enterprise datacenters next?
    High pricing, lack of software make smartNICs a tough sell, despite offload potential

    SmartNICs have the potential to accelerate enterprise workloads, but don't expect to see them bring hyperscale-class efficiency to most datacenters anytime soon, ZK Research's Zeus Kerravala told The Register.

    SmartNICs are widely deployed in cloud and hyperscale datacenters as a means to offload input/output (I/O) intensive network, security, and storage operations from the CPU, freeing it up to run revenue generating tenant workloads. Some more advanced chips even offload the hypervisor to further separate the infrastructure management layer from the rest of the server.

    Despite relative success in the cloud and a flurry of innovation from the still-limited vendor SmartNIC ecosystem, including Mellanox (Nvidia), Intel, Marvell, and Xilinx (AMD), Kerravala argues that the use cases for enterprise datacenters are unlikely to resemble those of the major hyperscalers, at least in the near term.

    Continue reading

Biting the hand that feeds IT © 1998–2022