03.14.09

Gemini version available ♊︎

Verdict: The BBC Broke the Law with Microsoft Windows Botnets, Which Conficker Continues Building (Updated)

Posted in Microsoft, Security, Windows at 7:03 am by Dr. Roy Schestowitz

BBC teletext

Summary: Experts slam the BBC for building a zombie PC army; Conficker is far from gone, being the Windows nightmare which it is

A couple of days ago we asked whether or not the BBC was breaking the law by harvesting people’s Windows PCs without their permission. The answer seemed obvious, but now we hear it from the experts too. The Register writes:

A controversial BBC Click documentary which involved researchers obtaining access to a botnet and sending spam is due to screen this weekend despite a growing storm of criticism.

Security experts – including McAfee, a firm whose representatives appear in the programme – have described the exercise as misguided and unnecessary. Legal experts contacted by El Reg reckon the show potentially breaches the unauthorised modifications provisions of the Computer Misuse Act, the UK’s computer hacking law.

From Out-Law.com

BBC programme broke law with botnets, says lawyer

A BBC programme has broken the Computer Misuse Act by acquiring and using software to control 22,000 computers, creating a botnet capable of bringing down websites. A technology law specialist has said that the activity is illegal.

The funny thing is that public money was in fact funding this crime and the BBC is likely to get away with it.

Another criticism came from Glyn Moody, who echoed the concern raised by Mike Brown the othe day. Moody was not particularly surprised to see that the BBC reinforces the notion that only Microsoft Windows exists in this world.

I don’t want to address that here, but a different point: that nowhere in the article does the word “Windows” occur. And yet, I’d be willing to bet that none of those 22,000 machines ran GNU/Linux or Mac OS. Because the fact is, that the vast majority of machines on botnets are running Windows, and that this is yet another problem caused by the Microsoft monoculture.

But nothing of this is mentioned in the BBC piece. Instead, it is presented as if botnets were some inevitable part of computing life – something you might get, just as you might catch a cold, because, hey, these things happen.

How so muchly expected from a close partner of Microsoft, which is literally occupied by Microsoft employees.

In other news, let’s forget about Windows botnets ending any time soon. According to ITWire, Conficker is alive and it gets more sophisticated.

A new version of the Conficker (aka Downadup) worm is working around attempts to stifle its activity by dramatically increasing the number of domain names used to call home for fresh instructions.

For readers’ convenience we include previous coverage below. This is a Windows-only issue; for PC users there is the option to migrate to GNU/Linux at any time and resolve this problem permanently.

More on Conficker:

Update: More from Sam Varghese:

But rather than being educational, the 23-minute episode of its technology programme Click, (report here) which often bordered on the sensational, left one major question unanswered: what kind of computers were these – Windows, Mac, Linux, BSD?

If the programme aimed to be educational, and not sensational, then one needed to know this fact above all. It is well-known that a vast majority of the PCs which are commandeered by cyber criminals – people known as crackers, not hackers – run some variant of Windows, with XP being number one.

The programme began this way: “20,000 computers. All hijacked and waiting for instructions. And all under our control.” And all spoken by a presenter with a wide-eyed look of impending doom in his eyes.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

3 Comments

  1. Nick Reynolds (editor, BBC Internet Blog) said,

    March 14, 2009 at 2:45 pm

    Gravatar

    If you want to read the BBC’s side of the story it is here:

    http://www.bbc.co.uk/blogs/theeditors/2009/03/click_botnet_experiment.html

  2. Mike Brown said,

    March 14, 2009 at 6:03 pm

    Gravatar

    @Nick,

    I read the “BBC’s side of the story” to which you linked. They managed not to mention Windows there too.

    They do, at least, link off to a “PC Protection” page, which says:

    “Windows is the most popular OS and it is the most vulnerable to these kinds of attacks. ”

    At last, some admission that Windows might just be part of the problem. But it’s written so as to imply that its Windows’ popularity that makes it vulnerable – although without actually *saying* that – rather than it just being a badly written operating system. (No way all those MS refugees that washed up at the Beeb are going to allow anything like *that* to be said!)

    We’re also told:

    “Windows XP, Vista and Mac OS-X all have built-in firewalls”

    Quite so, but so do nearly all Linux distributions. That’s not worth a mention though. In fact, Linux itself isn’t worth a mention either.

  3. Roy Schestowitz said,

    March 14, 2009 at 6:25 pm

    Gravatar

    “Popular” is the wrong word.

    A lot of people I know hate Windows but carry on using it because they are given no choice.

    “Ubiquitous” would be a better word to use.

    As for the argument about security, Microsoft itself has already admitted that Windows is insecure by design and there is plenty of compelling evidence (including court exhibits) I can put forth to support this, not just extensive studies.

    “Our products just aren’t engineered for security.”

    Brian Valentine, Microsoft executive

    It is disappointing to see the BBC reinforcing incorrect consensus which was marketed vigorously by Microsoft. I used to believe the BBC had guts to offer proper reporting, not just recite spin and PR.

DecorWhat Else is New


  1. Unmasking AI

    A guest article by Andy Farnell



  2. The ISO Delusion/Sirius Corporation: A 'Tech' Company Run by Non-Technical People

    Sirius ‘Open Source’ was hiring people who brought to the company a culture of redundant tasks and unwanted, even hostile technology; today we continue to tell the story of a company run by the CEO whose friends and acquaintances did severe damage



  3. Links 28/01/2023: Lots of Catching Up (Had Hardware Crash)

    Links for the day



  4. IRC Proceedings: Friday, January 27, 2023

    IRC logs for Friday, January 27, 2023



  5. Microsoft DuckDuckGo Falls to Lowest Share in 2 Years After Being Widely Exposed as Microsoft Proxy, Fake 'Privacy'

    DuckDuckGo, according to this latest data from Statcounter, fell from about 0.71% to just 0.58%; all the gains have been lost amid scandals, such as widespread realisation that DuckDuckGo is a Microsoft informant, curated by Microsoft and hosted by Microsoft (Bing is meanwhile laying off many people, but the media isn’t covering that or barely bothers)



  6. This is What the Microsoft-Sponsored Media Has Been Hyping Up for Weeks (Ahead of Microsoft Layoffs)

    Reprinted with permission from Ryan



  7. [Meme] António Campinos Wants to Be F***ing President Until 2028

    António Campinos insists he will be EPO President for 10 years, i.e. even longer than Benoît Battistelli (despite having appalling approval rates from staff)



  8. European Patent Office Staff Losing Hope

    The EPO’s management with its shallow campaign of obfuscation (pretending to protect children or some other nonsense) is not fooling patent examiners, who have grown tired and whose representatives say “the administration shows no intention of involving the staff representation in the drafting of the consultant’s mandate” (like in Sirius ‘Open Source’ where technical staff is ignored completely for misguided proposals to pass in the dark)



  9. IRC Proceedings: Thursday, January 26, 2023

    IRC logs for Thursday, January 26, 2023



  10. Sirius Relegated/Demoted/Destined Itself to Technical Hell by Refusing to Listen to the Technical Staff (Which Wanted to Stay With Asterisk/Free Software)

    In my final year at Sirius ‘Open Source’ communication systems had already become chaotic; there were too many dysfunctional tools, a lack of instructions, a lack of coordination and the proposed ‘solution’ (this past October) was just more complexity and red tape



  11. Geminispace Approaching Another Growth Milestone (2,300 Active Capsules)

    The expansion of Geminispace is worth noting again because another milestone is approached, flirted with, or will be surpassed this coming weekend



  12. [Meme] Cannot Get a Phone to Work... in 2022

    Sirius ‘Open Source’ wasted hours of workers’ time just testing the phone after it had moved to a defective system of Google (proprietary); instead of a rollback (back to Asterisk) the company doubled down on the faulty system and the phones still didn’t work properly, resulting in missing calls and angst (the company just blamed the workers who all along rejected this new system)



  13. [Meme] Modern Phones

    Sirius ‘Open Source’ is mistaking “modern” for better; insecurity and a lack of tech savvy typically leads to that



  14. The ISO Delusion: Sirius Corporation Demonstrates a Lack of Understanding of Security and Privacy

    Sirius ‘Open Source’, emboldened by ISO ‘paperwork’ (certification), lost sight of what it truly takes to run a business securely, mistaking worthless gadgets for “advancement” while compelling staff to sign a new contract in a hurry (prior contract-signing scandals notwithstanding)



  15. Links 26/01/2023: LibreOffice 7.4.5 and Ubuntu Pro Offers

    Links for the day



  16. Links 26/01/2023: GNU poke 3.0 and PipeWire 0.3.65

    Links for the day



  17. IRC Proceedings: Wednesday, January 25, 2023

    IRC logs for Wednesday, January 25, 2023



  18. Companies Would Collapse Upon Abandoning Their Original Goals (That Attracted All the Productive Staff)

    Staff with technical skills won't stick around in companies that reject technical arguments and moreover move to proprietary software in a company that brands itself "Open Source"



  19. [Meme] Listen to Your Workers, Avert Disaster

    Companies that refuse to take input from staff are doomed to fail



  20. The ISO Delusion: When the Employer Doesn’t Understand the Company's Value Proposition (Building Systems) and Rejects Security

    Sirius ‘Open Source’ has failed to sell what it was actually good at; instead it hired unqualified people and outsourced almost everything



  21. Links 25/01/2023: NuTyX 23.01.1 and GNU Guile 3.0.9 Released

    Links for the day



  22. Links 25/01/2023: Stratis 3.5.0 and Many Political Links

    Links for the day



  23. New Record Low: Only One 'Linux' Article in ZDNet in More Than Two Weeks

    Only a few years ago ZDNet published about 3 “Linux” stories per day (mostly FUD pieces); now it’s a ghost town, painted in ‘alien green’; considering ZDNet’s agenda (and sponsors) maybe it’s better this way



  24. Links 25/01/2023: Pale Moon 32.0 and DXVK 2.1

    Links for the day



  25. IRC Proceedings: Tuesday, January 24, 2023

    IRC logs for Tuesday, January 24, 2023



  26. ISO Certification Hardly Tackles Any of the Real Issues

    The real-world threats faced by private companies or non-profit organisations aren't covered by the ISO certification mill; today we publish the last post on this topic before proceeding to some practical examples



  27. [Meme] Medical Data Sovereignty

    What happens when your medical records/data are accessible to a company based abroad after a mysterious NDA with the Gates Foundation? The International Organization for Standardization (ISO) does not mind.



  28. The ISO Delusion: Sirius Open Wash Ltd. and Medical Data/Projects at Risk/Peril

    Sirius ‘Open Source’ was good at gloating about “ISO” as in ISO certification (see our ISO wiki to understand what ISO truly is; ISO certification needs to be more widely condemned and exposed) while signing all sorts of dodgy deals and lying to clients (some, like the Gates Foundation, were never mentioned because of a mysterious NDA); security and privacy were systematically neglected and some qualified as criminal negligence (with fines/penalties likely an applicable liability if caught/reported)



  29. Links 24/01/2023: Wine 8.0 is Ready, FSF Bolsters Copyleft

    Links for the day



  30. Azure Has Layoffs Again, Microsoft Still Cutting

    Even supposed ‘growth’ areas at Microsoft are being culled (this growth is faked, it is a lie)


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts