03.14.09

Gemini version available ♊︎

Verdict: The BBC Broke the Law with Microsoft Windows Botnets, Which Conficker Continues Building (Updated)

Posted in Microsoft, Security, Windows at 7:03 am by Dr. Roy Schestowitz

BBC teletext

Summary: Experts slam the BBC for building a zombie PC army; Conficker is far from gone, being the Windows nightmare which it is

A couple of days ago we asked whether or not the BBC was breaking the law by harvesting people’s Windows PCs without their permission. The answer seemed obvious, but now we hear it from the experts too. The Register writes:

A controversial BBC Click documentary which involved researchers obtaining access to a botnet and sending spam is due to screen this weekend despite a growing storm of criticism.

Security experts – including McAfee, a firm whose representatives appear in the programme – have described the exercise as misguided and unnecessary. Legal experts contacted by El Reg reckon the show potentially breaches the unauthorised modifications provisions of the Computer Misuse Act, the UK’s computer hacking law.

From Out-Law.com

BBC programme broke law with botnets, says lawyer

A BBC programme has broken the Computer Misuse Act by acquiring and using software to control 22,000 computers, creating a botnet capable of bringing down websites. A technology law specialist has said that the activity is illegal.

The funny thing is that public money was in fact funding this crime and the BBC is likely to get away with it.

Another criticism came from Glyn Moody, who echoed the concern raised by Mike Brown the othe day. Moody was not particularly surprised to see that the BBC reinforces the notion that only Microsoft Windows exists in this world.

I don’t want to address that here, but a different point: that nowhere in the article does the word “Windows” occur. And yet, I’d be willing to bet that none of those 22,000 machines ran GNU/Linux or Mac OS. Because the fact is, that the vast majority of machines on botnets are running Windows, and that this is yet another problem caused by the Microsoft monoculture.

But nothing of this is mentioned in the BBC piece. Instead, it is presented as if botnets were some inevitable part of computing life – something you might get, just as you might catch a cold, because, hey, these things happen.

How so muchly expected from a close partner of Microsoft, which is literally occupied by Microsoft employees.

In other news, let’s forget about Windows botnets ending any time soon. According to ITWire, Conficker is alive and it gets more sophisticated.

A new version of the Conficker (aka Downadup) worm is working around attempts to stifle its activity by dramatically increasing the number of domain names used to call home for fresh instructions.

For readers’ convenience we include previous coverage below. This is a Windows-only issue; for PC users there is the option to migrate to GNU/Linux at any time and resolve this problem permanently.

More on Conficker:

Update: More from Sam Varghese:

But rather than being educational, the 23-minute episode of its technology programme Click, (report here) which often bordered on the sensational, left one major question unanswered: what kind of computers were these – Windows, Mac, Linux, BSD?

If the programme aimed to be educational, and not sensational, then one needed to know this fact above all. It is well-known that a vast majority of the PCs which are commandeered by cyber criminals – people known as crackers, not hackers – run some variant of Windows, with XP being number one.

The programme began this way: “20,000 computers. All hijacked and waiting for instructions. And all under our control.” And all spoken by a presenter with a wide-eyed look of impending doom in his eyes.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

3 Comments

  1. Nick Reynolds (editor, BBC Internet Blog) said,

    March 14, 2009 at 2:45 pm

    Gravatar

    If you want to read the BBC’s side of the story it is here:

    http://www.bbc.co.uk/blogs/theeditors/2009/03/click_botnet_experiment.html

  2. Mike Brown said,

    March 14, 2009 at 6:03 pm

    Gravatar

    @Nick,

    I read the “BBC’s side of the story” to which you linked. They managed not to mention Windows there too.

    They do, at least, link off to a “PC Protection” page, which says:

    “Windows is the most popular OS and it is the most vulnerable to these kinds of attacks. ”

    At last, some admission that Windows might just be part of the problem. But it’s written so as to imply that its Windows’ popularity that makes it vulnerable – although without actually *saying* that – rather than it just being a badly written operating system. (No way all those MS refugees that washed up at the Beeb are going to allow anything like *that* to be said!)

    We’re also told:

    “Windows XP, Vista and Mac OS-X all have built-in firewalls”

    Quite so, but so do nearly all Linux distributions. That’s not worth a mention though. In fact, Linux itself isn’t worth a mention either.

  3. Roy Schestowitz said,

    March 14, 2009 at 6:25 pm

    Gravatar

    “Popular” is the wrong word.

    A lot of people I know hate Windows but carry on using it because they are given no choice.

    “Ubiquitous” would be a better word to use.

    As for the argument about security, Microsoft itself has already admitted that Windows is insecure by design and there is plenty of compelling evidence (including court exhibits) I can put forth to support this, not just extensive studies.

    “Our products just aren’t engineered for security.”

    Brian Valentine, Microsoft executive

    It is disappointing to see the BBC reinforcing incorrect consensus which was marketed vigorously by Microsoft. I used to believe the BBC had guts to offer proper reporting, not just recite spin and PR.

DecorWhat Else is New


  1. Links 03/02/2023: OpenSSH 9.2 and OBS Studio 29.0.1

    Links for the day



  2. Links 03/02/2023: GNU C Library 2.37

    Links for the day



  3. Sirius Finished

    Yesterday I was sent a letter approving my resignation from Sirius ‘Open Source’, two months after I had already announced that I was resigning with immediate effect; they sent an identical letter to my wife (this time, unlike before, they remembered to also change the names!!)



  4. The Collapse of Sirius in a Nutshell: How to Identify the Symptoms and Decide When to Leave

    Sirius is finished, but it's important to share the lessons learned with other people; there might be other "pretenders" out there and they need to be abandoned



  5. Links 03/02/2023: WINE 8.1 and RapidDisk 9.0.0

    Links for the day



  6. Links 02/02/2023: KDE Gear 22.12.2 and LibreOffice 7.5

    Links for the day



  7. Linux News or Marketing Platform?

    Ads everywhere: Phoronix puts them at the top, bottom, navigation bar, left, and right just to read some Microsoft junk (puff pieces about something that nobody other than Microsoft even uses); in addition there are pop-ups asking for consent to send visitors’ data to hundreds of data brokers



  8. Daily Links at Techrights Turn 15, Time to Give Them an Upgrade

    This year we have several 15-year anniversaries; one of them is Daily Links (it turned 15 earlier this week) and we've been working to improve these batches of links, making them a lot more extensive and somewhat better structured/clustered



  9. Back to Focusing on Unified Patent Court (UPC) Crimes and Illegal Patent Agenda, Including the EPO's

    The EPO's (European Patent Office, Europe's second-largest institution) violations of constitutions, laws and so on merit more coverage, seeing that what's left of the "media" not only fails to cover scandalous things but is actively cheering for criminals (in exchange for money)



  10. European Patent Office Staff Votes in Favour of Freedom of Association (97% of Voters in Support)

    The Central Staff Committee (CSC) at the EPO makes a strong case for António Campinos to stop breaking and law and actually start obeying court orders (he’s no better than Benoît Battistelli and he uses worse language already)



  11. Links 02/02/2023: Glibc 2.37 and Go 1.20

    Links for the day



  12. IRC Proceedings: Wednesday, February 01, 2023

    IRC logs for Wednesday, February 01, 2023



  13. Links 01/02/2023: Security Problems, Unrest, and More

    Links for the day



  14. Links 01/02/2023: Stables Kernels and Upcoming COSMIC From System76

    Links for the day



  15. IRC Proceedings: Tuesday, January 31, 2023

    IRC logs for Tuesday, January 31, 2023



  16. Links 31/01/2023: Catchup Again, Wayland in Xfce 4.20

    Links for the day



  17. Links 31/01/2023: elementary OS 7

    Links for the day



  18. Intimidation Against Nitrux Development Team Upsets the Community and Makes the Media Less Trustworthy

    Nitrux is being criticised for being “very unappealing”; but a look behind the scenes reveals an angry reviewer (habitual mouthpiece of the Linux Foundation and Linux foes) trying to intimidate Nitrux developers, who are unpaid volunteers rather than “corporate” developers



  19. Links 31/01/2023: GNOME 44 Wallpapers and Alpha

    Links for the day



  20. Free and Open Source Software Developers' European Meeting (FOSDEM) and KU Leuven Boosting Americans and Cancellers of the Father of Free Software

    The Free Software Foundation (FSF) and its founder, Richard M. Stallman (RMS), along with the SFLC one might add, have been under a siege by the trademark-abusing FSFE and SFC; Belgium helps legitimise the ‘fakes’



  21. Techrights in the Next 5 or 10 Years

    Now that I’m free from the shackles of a company (it deteriorated a lot after grabbing Gates Foundation money under an NDA) the site Techrights can flourish and become more active



  22. 60 Days of Articles About Sirius 'Open Source' and the Long Road Ahead

    The Sirius ‘Open Source’ series ended after 60 days (parts published every day except the day my SSD died completely and very suddenly); the video above explains what’s to come and what lessons can be learned from the 21-year collective experience (my wife and I; work periods combined) in a company that still claims, in vain, to be “Open Source”



  23. IRC Proceedings: Monday, January 30, 2023

    IRC logs for Monday, January 30, 2023



  24. Taking Techrights to the Next Level in 2023

    I've reached a state of "closure" when it comes to my employer (almost 12 years for me, 9+ years for my wife); expect Techrights to become more active than ever before and belatedly publish important articles, based on longstanding investigations that take a lot of effort



  25. The ISO Delusion: When the Employer Doesn’t Realise That Outsourcing Clients' Passwords to LassPass After Security Breaches Is a Terrible Idea

    The mentality or the general mindset at Sirius ‘Open Source’ was not compatible with that of security conscientiousness and it seemed abundantly clear that paper mills (e.g. ISO certification) cannot compensate for that



  26. Links 30/01/2023: Plasma Mobile 23.01 and GNU Taler 0.9.1

    Links for the day



  27. EPO Management Isn't Listening to Staff, It's Just Trying to Divide and Demoralise the Staff Instead

    “On 18 January 2023,” the staff representatives tell European Patent Office (EPO) colleagues, “the staff representation met with the administration in a Working Group on the project “Bringing Teams Together”. It was the first meeting since the departure of PD General Administration and the radical changes made to the project. We voiced the major concerns of staff, the organization chaos and unrest caused by the project among teams and made concrete proposals.”



  28. Links 30/01/2023: Coreboot 4.19 and Budgie 10.7

    Links for the day



  29. IRC Proceedings: Sunday, January 29, 2023

    IRC logs for Sunday, January 29, 2023



  30. [Meme] With Superheroes Like These...

    Ever since the new managers arrived the talent has fled the company that falsely credits itself with "Open Source"


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts