Highlights
– British television program buys access to a botnet of 22,000 compromised computer systems to demonstrate the risks of cyber-crime online
– Program uses botnet to send large quantities of spam to test e-mail accounts and perform an attack on a fake website
– Program highlights the need for increased online safety awareness
The British Broadcast Corporation (BBC) television program Click, a weekly program covering news and recent developments in the world of consumer technology, recently bought access to a low-value botnet of 22,000 compromised computer systems. The purchase was arranged in an Internet chatroom. The program segment’s goal was to demonstrate the power of large botnets when controlled by cyber-criminals.
The program’s host used the botnet to send large amounts of unsolicited commercial bulk e-mail (SPAM) to newly created web-based e-mail addresses and then launched a distributed denial of service (DDoS) attack against a test website hosted by the security firm PrevX. Within hours of instructing the botnet to begin sending spam to the web-based Gmail and Hotmail e-mail addresses, the inboxes were filled with thousands of junk messages.
Extortion in Cyberspace
After showing how the botnet could be used to send large amounts of SPAM to make its controller money, the show’s host demonstrated how extortionists have used the threat of a DDoS attack to elicit hefty ransoms from commercial enterprises. The Internet security firm PrevX, which was contracted to offer technical assistance for the piece, agreed to setup a mock website that the botnet would target with a constant barrage of webpage requests. The attack effectively made the site inaccessible for any other Internet users trying to access it. The DDoS attack was able to overload the website’s bandwidth – the measurement of available or consumed data communications of an Internet connection – with less than 60 of the 22,000 machines participating in the attack.
For many websites, the potential loss of sales or the inaccessibility of website services for customers often forces the companies behind the websites to pay the ransom demands of the cyber-criminals to avoid the potential financial and customer relations fallout.
The television program highlighted a growing security problem playing out in cyberspace. Cyber-criminals are releasing increasingly sophisticated viruses onto the Internet to infect computers, which in turn become part of large botnets that are controlled by or “rented” out to other criminals. The Conficker worm, which has been circulating the Internet since November 2008, has turned several hundred thousand machines into participants of a continually growing botnet.
In the near to medium-term, we expect the size and overall number of botnets active on the Internet to increase as more cyber-criminals and organized criminal gangs move their illicit operations into cyberspace.
Security And Legal Experts Say Program Violated Laws
Despite the program’s notable cause of creating an informative piece which they hoped would assist in raising the public’s awareness about security risks posed by cyber-criminals online, many information technology (IT) security and legal experts believe the program’s directors violated British and other international computer access laws. One legal expert who specializes in computer related laws stated he believed the BBC program violated Britain’s Computer Misuse Act when it took control of the 22,000 individual computer systems participating in the botnet. He also believes it might have violated specific statues in the law when the program decided to change each of the computer’s desktop backgrounds to display a message on how the users could clean their infected systems.
The program issued a statement saying it obtained legal advice concerning the piece before it filmed the episode, and believes it did not violate any national or international computer laws. Despite possible legal ramifications of the program’s actions, few legal experts believe the program’s host or director will face any criminal charges.
Program Highlights Need For Increased Online Safety Awareness
The value of compromised systems and the information stored on them underscores the need for computer users to exercise safe Internet habits. While some may argue the legality of the program’s tactics in raising public awareness about the risks of cyber-related crimes, the issue of giving the general public knowledge of common cyber-attacks and schemes employed by cyber-criminals and how to stay safe online is the most important public service offered by such television programs. In the medium to long-term, we believe such television programs will continue to raise awareness about risks posed online as Internet usage continues to expand around the globe in the 21st century.