|
|
|
The British Botnet Corporation
By: Larry Seltzer
2009-03-14
Article Rating:  / 15
There are 12 user comments on this Network Security & Hardware story.
There are some things you just don't do in security research or you become part of the problem. Controlling and modifying other people's machines, even if they are "bots" in a botnet, is one of them. This is what the BBC did.Not many in the security community are impressed with the
BBC's cheap trick of buying a botnet and using it to demonstrate what botnets
can do. I'm as disappointed with Prevx, the security vendor who cooperated
with the stunt.
Despite the BBC's assertion that no laws were broken, I'm more impressed
with those who cite the
Computer Misuse Act to claim the contrary. To do what the BBC claims to
have done they must have violated this act. One can argue the merits of various
parts of the act, but as a general matter it's not good for vigilantes to go
about violating people's computers to make a self-serving point. The act is
clear that unauthorized actions on a computer (like sending e-mail from it or
changing the wallpaper) are violations, and of course they should be. They also
may have exposed themselves to civil liability by involving ISPs in their fake,
demonstrative DDOS.
What they did was wrong on a number of levels, not least of which is that it
seems they paid for the privilege of using a real botnet. Who did they pay? Is
it right to reward the herders of a botnet by giving them business? What will
those herders do with the money paid by the BBC?
How do responsible security researchers work? It's not exactly the same
field as botnet research, but I think you can get a good sense of good
principles from the
Fundamental Principles of Testing for the AMTSO (Anti-Malware Testing Standards
Organization): Never create new malware and protect the public networks
from the research at all times.
Alex Eckelberry, CEO of Sunbelt Software,
commenting on this in a post to
the funsec mailing list, says it well:
... malware researchers routinely deal with
botnets for analysis purposes. It would be considered a high crime
indeed to allow a spambot to actually send spam to the outside world,
even for "testing" purposes. And, shutting down a botnet yourself, even
with the best intentions, is simply not a good idea. You don't know
what accidental harm you may cause. You also don't really know what's
on the user's system that will simply restart the whole process.
In the end the BBC states that they notified the owners of the
systems involved that they were infected. They didn't provide details
on how they did this (I wonder why, he said sarcastically), but our reporting indicates
that they did this by modifying the user's wallpaper to include a note
about it. Well-intentioned as it may have been, this alone is a
violation of the Computer Misuse Act. It's also a common technique of
rogue anti-malware products; they use any avenue they can get to try to
get the user to "fix" their problem by buying the premium program.
This last analogy may seem cheap and unfair, but I think it
illustrates how close you tread to the dark side when you go down this
path. You end up using the tools that the bad guys use because they're
what's available. And like Eckelberry says, you never know what will
happen as a result, and it will be your fault. I hope the BBC stops
defending its actions and apologize as it should. This sets a terrible
example.
Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.
For insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's blog Cheap Hack
| | Reader Comments: The British Botnet Corporation | | >>> Post your comment now!
| | My two pence-worthAs a UK resident who has to pay the exorbitant (140) BBC annual license fee, I'm really, really annoyed that they used my money to pay cyber... Posted At: 03-17-09
By: Anonymous | | | | | | read the site1.) I did'nt say I would
2.) I said its a topic for research
3.) I said its possible to do so without harm (laying out the possibilities... Posted At: 03-17-09
By: dio | | | | | | but where?You have no business doing those things on other people's computers without their permission Posted At: 03-17-09
By: Larry Seltzer | | | | | | The great debateLarry,
I have written extensively about this subject. The premise that researchers and vendors cannot safely come up with a way to neuter malware... Posted At: 03-17-09
By: dio | | | | | | Old TimesTheir (BBC's) justification reminds me of the logic used by the original group of hackers who were showing corporations the vulnerability of their... Posted At: 03-17-09
By: John | | | | | | Just to prove a point?The media has become the worlds great untouchables.
How many of those who side with the BBC for violating laws and peoples computers to 'prove a... Posted At: 03-17-09
By: Earl | | | | | | BBC Should be prosecutedYou are absolutely correct in saying the BBC should face charges for their inept way of proving a point. Any legitimate researcher will do their... Posted At: 03-17-09
By: J Miller | | | | | | >>> Post your comment now! | | | | | |
|
 |
|
|
�������x}kSȲ&bCg� '���|�0�pȒlk%�I�sO�'7nfU凰so`#2+3++*
?
�pTݴgASG�� 4wvy�C~0`ɒ��:nx#aYj�)�~W-sl7ra�k�7�5wG'r�w�A:|@vx��ꒉa'ACi5c{Z#/Sul"
csoR�f��E։3&�}9B�'�~{�sh8(CJ��}օq�O$�}$cz-c���9v g�� p~l_\�[�r ��� VT7Rߙ+0Q\�&*˕JX&ȇ �6j�W`%rM5JQ߹�ᖃAQR]ju--bv=7a`%(0fe�>ꟈ/U}s}I}|~ti"|g% W�PAfPJe+���==}\to{{CN�;�'g�c:4t��Wh: N*[_��lo!qj{A�1la0M�j !3x=nI�?�]tIN�(Oȯ��`HSmDmZؾʑ\R����aX�D͂�94��o��ߖN@·[�놝#a7VtB>88`mӖ&�#D��F�.�1p3Z&`�9T"�3Q=�M���61t9m�;�3.R\ʼpWJ^RU.�2�(AI/�
�5|,II({� �\D4?CzC�����8U%Ky}7�pW-,jY]6'tauIUis[��ӒKsqiuO^uֆ)��E���څkYj7-v��QIusQV�b1xd2,%(�R 3�&:-D�-PâKnԙ��T}|7�����hN�ԭcٴ1Tm;�>:D"ɠ�*ڴb��h4@&&�h`C:}ҍ:LZ�a;ABh��HY
sh�B7|H�̩ọr�&zTD۠h&r<�ImLJ.??6� {�9<8�L&&�z�rWt�
C�ˋ�F0���P����B^~�u�¢�Psh7 �>ȁ{4`sD{մԡiGx>�b<
(~��-WR��;C/0 ��yAs�� 4.cP)AH �=k���� ���99�r�łI~ޑv\.%r��P.o=Ցpጝ\.?Kh3aGE,n^
$�d:g2IMi'MV-&x6r"e�.G �@wKᅖ&ZlY*IuE9SHz�ڣ#��hfZ:i��&N@NT0)iH\U�}Ę�s��{�熳��K@zuo9:�\�f3,�3-5g{01`�bDz@���s2Qu�ݜ6,�'6!��&B~�M`Z&FH�io<`sYu-�L\%MC��f�aM�v"�Wv�6P�0*SMrJ9)wdm˴H�\fЛv39n(!)h�Wi� ��2cOeUy�rt+[Y2nR>�}EJ=LE�j~�#J4��~ox��L�3R�tZ�C?1^i.;[@Lg˺r+fYWI^�ӛA-
B[+�>� M��2L%
�㵇Zg:K�_ji��hHC�um��sqŰ,B�/0�pdZ`/�oZu?Twҵr�)݃I�,璾R�~$�[�b"9uD\6@��k��9��B"L`�f0!�@W�Y)Y��R�x�s2LzO)"���ڟ3kh豸6]�@ٍ`DM HTkж�
Y�Ԋ2~m:'
V�,C��QD����54��j;�O��w�Tj/6�h)�לѦC.76U{z@n�)Z'/vhT�r_D[>67/=Ǐd[�9y�n2$8z.0JL;/%95$_ۂ�3JnչuBItL���@<�sYQ ?/X`:e1�sC|��\{Y�R�glg^c+o�2RMw/žvPFG p��a��pgHfx *�[7�%Tݢ5�t�s��k�g4scC�6�VNMO�rp�Tm"z'[""�ə^ x�̼sa{?I�A9p)J�g
H*@*ebฦSwm�7ՙ/Y�ƃ"wTP)3jMDVжU�7�(H�z.qLspIe!��RIb*"Edb
8NZ�H�XTJ_���kT+u-��0,�CQ�>cO
�zQrZ#7:�j}�}�X�U]zT'-JbZe)~�Q�!WݓBp�imh�e~�:Kfb;�?�?kpoF��=
�yK�3[}R/CSf<^x�!%�K��o�߰2jx
MS]:%Q讻h]!�c̚Òf$K,*.IG*��-e�fGJ*U�;QVj��sR�b(ȵ�щ�'cg?'
t�G�tRTR==G4}3݀�~XwY*a3�>�Ó)
sgCRR�hw�ĶZVr�vĿ�c"�!`0�T=}y�="Y�b�r(Z"U�U+|J2(�Rl !C.c'D>3<ēmr=$UW�ן:
��~w?l)ɡ$� |q��`bb�\�i/.;����>�ٿ:NP0ysvޏ��ﵲR�^ii�й:izHu�g7�W'Bufw�a\[TD����1�^Q��?JfWKILau(aE�࠴A$an߽p.[7g+%E]ūU[H:^[�j D�!
rBV�W!y/ڭF�L�oR�)�3`X#�k#Cg/�!B2.ݛ
c�<8pvB�ZKU���fע:]?vVT�џz�֭�Bf-,��|B!Aj͘a�
A��@�Sk�[#N:֧JvZg0<�
w�X�>tD�e�}E/R)Q\(뉞�MY<}ܽi1;�l�}EF_(oۗo)MJ!}K_cO/Ͳi<"��m{pУ3�I'{OH�'E�
?]�/g�:IBV��k�?%(E�馺�7dbaG�Yk�N)"�O�?m[Ħ{v�^�#y8�{�v@Ju8{7!mOڢ-J]zl]S-��SS_)N yuX0Ƞg#uBUY��ޮ3}C]�`lա_��}QFJ>.�J
($�_ߦ<-\cU"ĵ"�v�ًs*q·8(qV�) {�"F%y#GB�"jFc�8ev]SQ�~�a
'L�N�x49u�Bf#�U��9j7Gs$�;gr��@�*y�h�\�]w71%pRx156�y�(1h4R
o7�l�h��r�"
a
FZC,g�OpIFܱ�So-*ߞ�1;j�T��̈́3S7��pM�n
oL_m�XS|
� +7�?Ѵ=.c�aȽ�z".m�,0eHWNk`�'g\/_|i�hq.M�B�?5�1*�s�n�cZxB��W�9r�ۀ5_�@w|sӒ_�rpTgF��7?$g�^O��`Yzqq
TR9_utM<=C�Am�7gUC;Yj&$A)���cf7֪�POy:�N�A���r�s<[.�}˱#�xl Y��!;��nc�a�s�<�pN?}#$fF�=1~�u/n!˳(&3�ABAr�j*q�cm��Vq|٫GZ���!k"q8+uHB(#EBNFRʳHJPJ ��-|6G#�sǗn)RT���JQ_T-��&0qqTbye0L"ZWʉUJ�|A }4kA7�v"�]Ѱ(1iL� ��D�6�70�`9(&�7]N=�e6CEE�RP%�r^A35Q�x5ѱ��< Q�3�FUܑ\�5`��*2>LT^�[~�XRbHbu
�e_�ȯ:o�RQ{ɛi�̠:3/id�$=�!�y+-(� c֬g ��Px_`�"m1Ħ�n_2[2,�LQ|-4)
+bT/CUp>33�P�
sZQ9(�A�Uhp@�&Hoh2`ʦlRzuћOalh��B�7�@�i
=ΰ��RY)g�6�,�� �� 0֮mWOd8=�۞
��4�/�/�q�$XsNn�m;
ops[qP� Iٔ*As$/S�p� ¹;&q�P H�%� �� �mq6؇ols
ϵM|Ӟyε")P9 ~Y 8P2x�������B ��/ns��luH67,��wzYx��8;�b�;(h3Ěct%gH1kKwhymaE)<:S�Gbx,N$~Va�}l(_gj}E�%L4]uCR0gu0"(=�*��_�=gsRT�_^yل���͍n �ÿ�s�PyE,�e�FA�1аO.�[?��w�A�iNp|^2|[ɳ.w_)_�ȼYx噵}r�\ҟ) |^��˕�$�kd�a=�
�O"��`1oDdKx@U
k|R4�Ni��:6Fdħ?CGe!���=��ݐ�ķ3;?��3fH7)!+������7C=дŷZ+;�<5F
X%7#�a�ڬu7I�;{{{{{�r^p6B3�g��5��K.�|9U�GMfL7dy�ߤ�}mGRv-KWSG7qf.�=t;�0�.2xna{�0,4,ahe�V�#2{�+g8��W:�R*D��&�)>%��z�Vpa�
|cCU�U!yUz^�~3�
q'k>Y{o`T$2$\933�THT��G�ȭŨ.˻41m� �at��OU�n��d/\�(AZע^1^/�gb�"U3+/sZW=^:|��ӿ�j4
�J !ĺB!�Ӭ�)MK~ygO2�n1��`r�`U+VV�n��zkqjZ o㇗*nU�`;?qeVɵusy]�z13�2>D#Y��� �l8�W2^m:~:.(䭖oKf�⪌}{_Zǃ04uGF)(�3shM��y ɍBLEs{Aٴ۫c+@M���U6,-P�VGCaYQTF\S]���QVk#f�Ϙ:R\\�$P2+L�n^?1}:o�zl^�Jf4�CXvbM$T86�+┊fne��93=U��H4T�M[#��v��ȏu@�;�TT�C��mPHƵ�0? q���{O$@=-i ��?2F_�)�lB�?-�*�vך��t�/hTh��Ƌ",d~E/p OR(+X5X�n3����)ȁ.bC7+1 ʱ,x�?BYD�h:g[�JK33#+A#�=�)h��)? ,r/$Ds�(gB�҇#yT[QRY,/���T-<��[Ԓ#r�d!,�Ӆ3�H�*]�`|wl?��^�X
o�rp�/J/-Iy�oZK6�qNGeѴ�hB.]�3I
�TҁZr^�:XuZ.x��&f`˥5fL|2P;qQ:'0��*BM�^�*Z!Ѥ�F�1'ZJA�;x9vEMQ3Ɇh5�0~�,f�DZ'ۡ^�}v̈́�|�W@O[jJwghDP�ȉRU[#'70 ;(w�'찔s?1�;o$�Q��Э%��Mͱ-r5!F,]���F-4�sVmS�� �I�\C3UzG*%F¯R�߯F�0�Ę7Zó-|Tbt颣
fZ&F&#ZMikxw48�1U)T(ڏJD �e
�p3�S cl�JYVmIr�.�kh�>y*]�
)V�߫'r &ᛞ�*�Cgl%v¥jZ4>e��=։(��cor�_0t��0SxWC�7��Ju_V{$��GgO�|�T�S/b#Q4FbS�П~os#bRz��{Ȟ�c)׀��g@Oױ_�'B=X-�'*>Io�R[�WY"uFf."��(
�`v=CsAڷv߾顇� C�y|P_���^u���49�]��9 C�)vQY�s�+�FO,��K9.�Ochۀ%!�&uuccP��r9Gs;Ѿ}sՓ�"�cDRw2؏04��p�~Q&IBy�X0! ��YC)C~�9�Ċ�p��%gxX ֬���Ӗ$z�[_|g?:O>v;TQ\j��*�!bSw3B@k�0/�$�NT�/@�S
,P�F:�
��)C��*@Ĕ�v7U�I8�F�Lͬ�0S#8`����o�:;\E�8ԭ� 690�0�Y
kػy-�UIYlobz>Ļh|\b�@s!Z;�Q�B<䱤�Pl<^x7xP\{?y_3=m~X�SE)��2�@Kn1c�~ţRMJ0%4k��"3IDz\N\6v7TYݬe/c�L[iB�R(/
�/ x���;�*uo��_�7r:X)`��\GK3�%��4EOW\34YD}^u�x�g�e@�pj+#�|�I;#��}N3s�?�>kwwNrIF>?t2{� ���fe\��_�,@�^�}.3s _f y�2zG��d_BeF>U^\e�UuwAt3O�K7C\�\g5ԿΨ�s?=�e�g_Wu}����?f�~�3�A[ȿ�[h6[�Ku1�A~+CZpzy;�9/G�RȪ_�yʇ%iF�g賊���+f7_+Πsk3�
Я!�ߧoEfldֹ>$�+��]Q%"=UMk�[M�2nKȣ�_��^敽Iţ<$x�Erz.�
Sl?V\[/Oн�ۺ{�ϊRݓ3+z`~L\^M�b}+r>VD=^bM�dY8i{Uͱ��%�M�}�_mSUޜl6��|e8�Ntg817 }^f6��0 V��t{r��MtI�n
��Yɷr%>�|�b#r+}=MKj�.nmG;}hNf0"\�;Yo�[췡^2,. 'gf�W<�+6�:�5.@Q3[�� �~��@o>dZ·^V+q3N��tc}k�?k�Ҿj]�[gmhϦ"d!ӏiͩ8�(᰾$x
FZ���9GK�
;wcX{:>hj:}
�=�s�ag8c�U}Y&� i;�
*+r# aش`�ߛ��Ȋ(KT#�}ˡ`tP.U�&�)�K��h�[�ٞaR�oR`��Y�a8�a�n%[��!i(� |L@�^7xv�+c�AZ5��/�4PD<�cu~�o2P
e >�&�7=�:sp�I�=u�<�z=�Ҝ<83`�
IX�&�.eа!Ah�Klɜ]k'--�1N>@O�3,�>8Mqkq%B{Po&{:jSU�ݣQ�g61B�v�R��XS7r�\θ[4���CKX֭2i $0b/@�j*՞/kfjw:Kƈ��DEKIf��ɑY,1<(�;$8�P,皩#Z|!xax0:p��&t�}1q����iƋ8��p�M�Q�!mtB�y -LÓ�/�vҸS�#ѸW�a״^=W0m&�D�`Տ#bƠ}^A
I0�[,H,'c@J`hkƀnk{n8O23{~r{^k�AKj6,
'(䳘ۀJq�s!n��Ajl8ӕc�Xqg.?Z
p�Hv2, r]+a�Jkxƚ
9}IK4Tz_t* �$´
�<ɟML*�ul70H-��t{`/L{H� @�{23פ7Lx �oƗ ?G�>
WJtBBc
M�l��)9���zǞ#0��%�Af�*2�Ş�[ =5Ro.T˹LH�A�9}6�hp�aFtN[a��&��\S�N��-N�k}`ϔߚ0D0Pc�i��vl+�o��3Q�K41�BQ9*�mm!�poȲ3L��OH\lz^Dl�pt��Άb7ĸ7,Ř�z J
@|
C%ru�m
J%1&��/Ă_|
P
�Ge�CӠc�*=5<*P�=gZP;]a�v"4%Yz+Io=Guc_Vt� CBرB4#e�I;.~;I��T>��U���Xw|76�ߋB���0wg��
4��C�m��N�>7T����9f�Y�EPީiơ/[vԧR*�FS��xcE�z�?X \����u|��n=]w�
�`7@f#H?Ƌ�rLe{KotU3$+U`7g+�~"��V���ś4!L�p8C3`�ܐ~�ohI-�CO
�r:��Dak��@��~��
0FĦ2�S1u¤"UX8%&(Xp\gAΙv&w6G-0�gG�x
ky�f�70xe�+A�=^��nalhd%kGH§%�!gXh[�bʥ.S�̟=Bǽ�a��҃覇HEO�J,^��zX�ջ&sp4JѪ
v�7"`a|�A@JY��3�N5'
<�{*v��S[7l��Fek�xmEtAS�sϏp�`2�ug^='�8K)IJ�� e�pC�ikRK�c4r��zlyE�JJ�lH�s���k�`0bOP���1,s�Qfo7�;L |g[и�<6v,S31+�T{<�]|}��E�Q`p8w+}zi�Gycn
>B�IՏ�W�L�-p˘կ,&p��3_�_h9�HưY� +z�S�A�(//9���QZCUg�H�u#C~l�S�A۩Z7J&hX�)=/_�r4�R�0(0�z�1�fŒfC-(ru_�O#u�&k�^'=V��i}Ck�zQ;e#��`٩ڬ���3ˢDJW3�3S}4J5c J9A1:�4vB�9�)�M[�0$�>_AXgX5�J]m�JQ*�EG�]
K�KJ`
jv7JF�#^ډ߉�^ߡq�wXCxV=�E(gܡ,Ir}G:����^*;BML��!�DY��5�0|ǥ�/Sf4
��Qr-L%�*{%�>�M�$R1diA%V�@ob��Q�dI{&�8'0~�UJ[tWFRO �MueǓܠ�D2�5� 뛝'���̳PA~�PDti�̪ἤ)h6e�<,�>5uS�|5�F�Q]@3�@`�
b]X�S�p$L�db(Btm�(-2H9&|'&�ՂuD��sKu�a;G�BUoޞM'�!xB$�T�BӄIĊ=�U3Y[`PX??*ǻ&_в�ز@,�X7�nҗ%7:�:`Z�1.Q�}azx��Wg8��Qdf�@:��s��nP�W�yqyn�y_�c̻�WjX#z+-hܘL�˦6
`Ȥ_/Ǟ��:CڧMؼۤANدxk)�q*!fE.˼JV8�6]�ޟo��R0腫a6|TIX�P-i �z,^~b+:$7=n�//$S0���>ê4N���ǝ7>�+7=f�wٲ� ϲJ�Aj�|=�ɱ�U+y_�HGQIθ)ȅ#x4e!h��@/�>bS&c�"hC��M?'/J+ɻ
kx+|v7ؘ��`HU �it�9N=zvѿ!�8\֧�Z9,�%p#xIM�0�#"�Q)�+u8PjŪR9n�C%��
QxҀ9.SY"��N�rZ}�] -�
|
Network Security & Hardware 
