Re: So, did the BBC cross the line?

["Alex Eckelberry" <AlexE () sunbelt-software com>]

I personally felt somewhat ill when watching the program.  So, why? 

For me, the legal issue is only one part of this.  While I do agree with
the legal analysis, there is a deeper moral and ethical issue here.  The
BBC will get out of any legal trouble with an argument for the "greater
good", and that "no harm was done".  And they'll win on that argument.
End of story. 

But malware researchers routinely deal with botnets for analysis
purposes.  It would be considered a high crime indeed to allow a spambot
to actually send spam to the outside world, even for "testing" purposes.
And, shutting down a botnet yourself, even with the best intentions, is
simply not a good idea.  You don't know what accidental harm you may
cause.  You also don't really know what's on the user's system that will
simpy restart the whole process.  

I've personally come across dozens of these things, as many of you have.
I know my personal feeling is always to get the hell out of there.  We
need to know what we need to know in terms of mitigation, etc. but you
just don't mess with these things. You don't get involved, because it's
not only wrong, there are too many unintended consequences that can
occurr.  You're playing with fire.  Report it to the ISP, report it to
the relevant authorities, but don't play with live ammo like this.

It's highly disturbing that the BBC has, in effect, set a precedent
here:  If it's all for the good, then no worries, go ahead, blunder
around and disable botnets, change user's desktop settings, show off how
they send spam -- it's all ok, because the means justifies the end. 

Doesn't work for me.  At all. 

Alex




-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org]
On Behalf Of David Harley
Sent: Saturday, March 14, 2009 8:57 AM
To: 'Florian Weimer'; 'funsec'
Subject: Re: [funsec] So, did the BBC cross the line?

> Come to think of it, isn't a botnet a computer system?  
> Wouldn't that make it illegal to dismantle it, or hamper its operation

> in any way?

Maybe. It can certainly be argued that modifying data (the wallpaper)
and the bot  on individual zombie machines is in breach of section 3.

3       Unauthorised modification of computer material 

(1) A person is guilty of an offence if-
(a) he does any act which causes an unauthorised modification of the
contents of any computer; and
(b) at the time when he does the act he has the requisite intent and the
requisite knowledge. 

(2) For the purposes of subsection (1)(b) above the requisite intent is
an intent to cause a modification of the contents of any computer and by
so
doing-
(a) to impair the operation of any computer;
(b) to prevent or hinder access to any program or data held in any
computer; or
(c) to impair the operation of any such program or the reliability of
any such data. 

(3) The intent need not be directed at-
(a) any particular computer;
(b) any particular program or data or a program or data of any
particular kind; or
(c) any particular modification or a modification of any particular
kind. 

(4) For the purposes of subsection (1)(b) above the requisite knowledge
is knowledge that any modification he intends to cause is unauthorised. 

(5) It is immaterial for the purposes of this section whether an
unauthorised modification or any intended effect of it of a kind
mentioned in subsection (2) above is, or is intended to be, permanent or
merely temporary. 

http://www.opsi.gov.uk/acts/acts1990/ukpga_19900018_en_1

--
David Harley BA CISSP FBCS CITP
Small Blue-Green World

 


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.