03.14.09

Verdict: The BBC Broke the Law with Microsoft Windows Botnets, Which Conficker Continues Building (Updated)

Posted in Microsoft, Security, Windows at 7:03 am by Dr. Roy Schestowitz

BBC teletext

Summary: Experts slam the BBC for building a zombie PC army; Conficker is far from gone, being the Windows nightmare which it is

A couple of days ago we asked whether or not the BBC was breaking the law by harvesting people’s Windows PCs without their permission. The answer seemed obvious, but now we hear it from the experts too. The Register writes:

A controversial BBC Click documentary which involved researchers obtaining access to a botnet and sending spam is due to screen this weekend despite a growing storm of criticism.

Security experts – including McAfee, a firm whose representatives appear in the programme – have described the exercise as misguided and unnecessary. Legal experts contacted by El Reg reckon the show potentially breaches the unauthorised modifications provisions of the Computer Misuse Act, the UK’s computer hacking law.

From Out-Law.com

BBC programme broke law with botnets, says lawyer

A BBC programme has broken the Computer Misuse Act by acquiring and using software to control 22,000 computers, creating a botnet capable of bringing down websites. A technology law specialist has said that the activity is illegal.

The funny thing is that public money was in fact funding this crime and the BBC is likely to get away with it.

Another criticism came from Glyn Moody, who echoed the concern raised by Mike Brown the othe day. Moody was not particularly surprised to see that the BBC reinforces the notion that only Microsoft Windows exists in this world.

I don’t want to address that here, but a different point: that nowhere in the article does the word “Windows” occur. And yet, I’d be willing to bet that none of those 22,000 machines ran GNU/Linux or Mac OS. Because the fact is, that the vast majority of machines on botnets are running Windows, and that this is yet another problem caused by the Microsoft monoculture.

But nothing of this is mentioned in the BBC piece. Instead, it is presented as if botnets were some inevitable part of computing life – something you might get, just as you might catch a cold, because, hey, these things happen.

How so muchly expected from a close partner of Microsoft, which is literally occupied by Microsoft employees.

In other news, let’s forget about Windows botnets ending any time soon. According to ITWire, Conficker is alive and it gets more sophisticated.

A new version of the Conficker (aka Downadup) worm is working around attempts to stifle its activity by dramatically increasing the number of domain names used to call home for fresh instructions.

For readers’ convenience we include previous coverage below. This is a Windows-only issue; for PC users there is the option to migrate to GNU/Linux at any time and resolve this problem permanently.

More on Conficker:

Update: More from Sam Varghese:

But rather than being educational, the 23-minute episode of its technology programme Click, (report here) which often bordered on the sensational, left one major question unanswered: what kind of computers were these – Windows, Mac, Linux, BSD?

If the programme aimed to be educational, and not sensational, then one needed to know this fact above all. It is well-known that a vast majority of the PCs which are commandeered by cyber criminals – people known as crackers, not hackers – run some variant of Windows, with XP being number one.

The programme began this way: “20,000 computers. All hijacked and waiting for instructions. And all under our control.” And all spoken by a presenter with a wide-eyed look of impending doom in his eyes.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

3 Comments

  1. Nick Reynolds (editor, BBC Internet Blog) said,

    March 14, 2009 at 2:45 pm

    Gravatar

    If you want to read the BBC’s side of the story it is here:

    http://www.bbc.co.uk/blogs/theeditors/2009/03/click_botnet_experiment.html

  2. Mike Brown said,

    March 14, 2009 at 6:03 pm

    Gravatar

    @Nick,

    I read the “BBC’s side of the story” to which you linked. They managed not to mention Windows there too.

    They do, at least, link off to a “PC Protection” page, which says:

    “Windows is the most popular OS and it is the most vulnerable to these kinds of attacks. ”

    At last, some admission that Windows might just be part of the problem. But it’s written so as to imply that its Windows’ popularity that makes it vulnerable – although without actually *saying* that – rather than it just being a badly written operating system. (No way all those MS refugees that washed up at the Beeb are going to allow anything like *that* to be said!)

    We’re also told:

    “Windows XP, Vista and Mac OS-X all have built-in firewalls”

    Quite so, but so do nearly all Linux distributions. That’s not worth a mention though. In fact, Linux itself isn’t worth a mention either.

  3. Roy Schestowitz said,

    March 14, 2009 at 6:25 pm

    Gravatar

    “Popular” is the wrong word.

    A lot of people I know hate Windows but carry on using it because they are given no choice.

    “Ubiquitous” would be a better word to use.

    As for the argument about security, Microsoft itself has already admitted that Windows is insecure by design and there is plenty of compelling evidence (including court exhibits) I can put forth to support this, not just extensive studies.

    “Our products just aren’t engineered for security.”

    Brian Valentine, Microsoft executive

    It is disappointing to see the BBC reinforcing incorrect consensus which was marketed vigorously by Microsoft. I used to believe the BBC had guts to offer proper reporting, not just recite spin and PR.

What Else is New


  1. Nine Documents About the Financial Siege Against EPO Staff (Past, Present, and Future)

    Today we release dozens of pages of letters and documents (internal to Europe's second-largest institution); they all focus on the betrayal and skulduggery, crushing staff in spite of what was originally promised (and what workers actually signed up for)



  2. EPO Senior Management (Cabal) “Essentially Deaf to the Proposals From Staff Representatives.”

    Representatives of EPO staff feel like the management of the EPO is "deaf" and uncaring; there's hardly any meaningful progress (or none whatsoever) when it comes to truly honest dialogue with real participation



  3. EPO Management, Led by António Campinos, Attempted to Stifle or Prevent Staff From Being Surveyed

    Battistelli's cabal, which covers up a lot of fraud and corruption, is attempting to prevent the staff from expressing an opinion (for insiders and perhaps outsiders to assess) because things are really bad and autocratic measures are seen as necessary to keep the lid on issues/abuses



  4. The European Patent Office's Central Staff Committee: Office Cannot Recruit Fit-for-Purpose Patent Examiners Anymore

    One third of EPO recruits are 'locals' (Germans), 0.2% are Swiss, 1% Scandinavian; the EPO as an employer became unattractive and it's unable to attract the staff it needs (as was projected and planned when the EPC was agreed upon)



  5. IRC Proceedings: Friday, November 27, 2020

    IRC logs for Friday, November 27, 2020



  6. Links 27/11/2020: Jolla is 7, Diffoscope 162, MNT Reform Production

    Links for the day



  7. The Time Coronavirus Helped EPO Management Prevent Staff From Protesting and Going on Strike (March 26th)

    "In view of the spreading of the New Corona Virus, the planned General Assemblies have to be cancelled," the Staff Union of the European Patent Office (SUEPO) wrote in the wake of the crisis across Europe back in March (weeks ahead of a planned strike)



  8. Guarding Your Privacy With E2EE: Primer

    "As with all security, there is assumed risk no matter how careful you are. There are no security guarantees but that doesn't mean you shouldn't try."



  9. Links 27/11/2020: Systemd 247 and Cockpit 233

    Links for the day



  10. A Free Speech Deficit Harms Software Freedom

    Free software and Software Freedom cannot possibly succeed if we keep accepting or even just tolerating systematic censorship of opinionated people in our community; failing to speak out on this matter (for fear of supposedly offending someone, risking expulsion) is part of the problem — complicity by passivity



  11. Perception of Difficulty

    New poem by figosdev



  12. IRC Proceedings: Thursday, November 26, 2020

    IRC logs for Thursday, November 26, 2020



  13. Cartoon: After Gambling With Workers' Savings the EPO Can Do Real Estate

    New EPO cartoon from EPO insiders (the one on the right certainly looks a lot like António Campinos and the one on the left can be his EUIPO ‘import’ or Benoît Battistelli‘s INPI ‘import’)



  14. Free as in Freedom Should Not be Associated With Cost

    It's important to remind people that so-called 'free' services (Clown Computing, centralised spaces that 'farm' their so-called 'users') aren't really free; we need to advocate freedom or free-as-in-freedom alternatives



  15. [Meme] UPC's Pyrrhic Victory

    Contrary to what Team UPC says, what happened earlier today is hardly a breakthrough



  16. Many Thanks to Free Software, the Demise of Software Patents (in Europe and the US), and So Much More

    On a positive note we're heading into the end of November, one month before Boxing Day; we take stock of patent affairs that impact software developers



  17. Links 26/11/2020: PHP 8.0, Proxmox VE 6.3, UNIGINE 2.13

    Links for the day



  18. 29,000 Blog Posts and Recent Site Improvements

    Over 29,000 blog posts have been posted here, but more importantly we've made the site a lot more robust and resilient, accessible in more formats and protocols (while improving transparency, too)



  19. [Meme] Trump is Out. Now It's Time to Pressure the Biden Administration/Transition Team on Software Freedom Issues.

    The Biden transition is in motion and tentative appointments are underway, based on news reports (see our Daily Links); now is the time to put pressure, e.g. in the form of public backlash, to ensure it's not just another corporate presidency



  20. Boycott ZDNet Unless You Fancy Being Lied to

    ZDNet's Catalin Cimpanu continues to lead the way with misinformation and lies, basically doing whatever he was doing to land that job at ZDNet (after he had done the same elsewhere)



  21. The UPC and Unitary Patent Song

    On goes the UPC symphony, as the Unified Patent Court (UPC) is almost here, always coming "real soon!"



  22. Open Letter to the German Greens on UPC and Software Patents: Don’t Betray Your Voters and Your Promises, or You Will Regret it

    Dear Members of the German Greens in the Bundestag. By Benjamin HENRION.



  23. [Meme] One Step Away From Replacing Patent Examiners With 'Hey Hi' (AI)

    If it's not legal for 'Hey Hi' (AI) to get a patent, why should it be legal for patents to be granted by those who are invisible (and sometimes in de facto house arrest)?



  24. European Patent Office (EPO) Reduced to 'Justice Over the Telephone' and Decree by E-mail

    The EPO is trashing the EPC and everything that the Office was supposed to stand for, as it wrongly assumes demand for monopolies (typically from foreign corporations) comes before the rule of law and Europe's public interest



  25. Making Free Software Work for Users

    The latest reply to a non-developer concerned about software freedom; guest post by figosdev



  26. IRC Proceedings: Wednesday, November 25, 2020

    IRC logs for Wednesday, November 25, 2020



  27. Links 26/11/2020: AV Linux 2020.11.23 and Blender 2.91 Release

    Links for the day



  28. Links 25/11/2020: GamerOS and Biden Transition in Motion

    Links for the day



  29. An Orwellian December

    With December around the corner and states tightening the screws on the population (or employers on employees) at least we can look forward to spring



  30. The Non-Technical (or Lesser Technical) Software User That Wants Software Freedom

    Assuming that Free software should care about what users — not only developers — really want (and need) it’s important to understand how they view the current situation (with growing waves of corporate takeover and compromises, even expulsions)


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts