03.14.09
Verdict: The BBC Broke the Law with Microsoft Windows Botnets, Which Conficker Continues Building (Updated)
Summary: Experts slam the BBC for building a zombie PC army; Conficker is far from gone, being the Windows nightmare which it is
A couple of days ago we asked whether or not the BBC was breaking the law by harvesting people’s Windows PCs without their permission. The answer seemed obvious, but now we hear it from the experts too. The Register writes:
A controversial BBC Click documentary which involved researchers obtaining access to a botnet and sending spam is due to screen this weekend despite a growing storm of criticism.
Security experts – including McAfee, a firm whose representatives appear in the programme – have described the exercise as misguided and unnecessary. Legal experts contacted by El Reg reckon the show potentially breaches the unauthorised modifications provisions of the Computer Misuse Act, the UK’s computer hacking law.
From Out-Law.com
BBC programme broke law with botnets, says lawyer
A BBC programme has broken the Computer Misuse Act by acquiring and using software to control 22,000 computers, creating a botnet capable of bringing down websites. A technology law specialist has said that the activity is illegal.
The funny thing is that public money was in fact funding this crime and the BBC is likely to get away with it.
Another criticism came from Glyn Moody, who echoed the concern raised by Mike Brown the othe day. Moody was not particularly surprised to see that the BBC reinforces the notion that only Microsoft Windows exists in this world.
I don’t want to address that here, but a different point: that nowhere in the article does the word “Windows” occur. And yet, I’d be willing to bet that none of those 22,000 machines ran GNU/Linux or Mac OS. Because the fact is, that the vast majority of machines on botnets are running Windows, and that this is yet another problem caused by the Microsoft monoculture.
But nothing of this is mentioned in the BBC piece. Instead, it is presented as if botnets were some inevitable part of computing life – something you might get, just as you might catch a cold, because, hey, these things happen.
How so muchly expected from a close partner of Microsoft, which is literally occupied by Microsoft employees.
In other news, let’s forget about Windows botnets ending any time soon. According to ITWire, Conficker is alive and it gets more sophisticated.
A new version of the Conficker (aka Downadup) worm is working around attempts to stifle its activity by dramatically increasing the number of domain names used to call home for fresh instructions.
For readers’ convenience we include previous coverage below. This is a Windows-only issue; for PC users there is the option to migrate to GNU/Linux at any time and resolve this problem permanently. █
More on Conficker:
- Microsoft’s Blame-Shifting Strategy Precedes More Trouble
- Leave Microsoft Alone
- Never Blame Microsoft, Blame Users and Exploits
- Botnets and Bounties Versus Real Security
- Is Windows to Blame for Cracking of Federal Aviation Administration (FAA)?
- Windows Problems Take Down Airplanes, JFK Airport, Houston Municipal Courts
- Turkey, France, United Stated Under Attack by Microsoft Windows Insecurities
- Microsoft Adopts Malware Techniques to Advance .NET
- Windows Botnets Go Out of Control, Obama Web Site Delivers Windows Malware
- One Windows Worm, One Week, and Possibly 250,000,000+ New Windows Zombies
- Death by Microsoft Windows
- UNIX/Linux Offer More Security Than Windows: Evidence
- US Army Becomes Zombies Army; London Hospitals Still Ill (Windows Viruses)
- Eye on Microsoft: Another Messy Week for Security
- Why Conficker is a Blessing to GNU/Linux
- New Casualties of Microsoft Windows?
Update: More from Sam Varghese:
But rather than being educational, the 23-minute episode of its technology programme Click, (report here) which often bordered on the sensational, left one major question unanswered: what kind of computers were these – Windows, Mac, Linux, BSD?
If the programme aimed to be educational, and not sensational, then one needed to know this fact above all. It is well-known that a vast majority of the PCs which are commandeered by cyber criminals – people known as crackers, not hackers – run some variant of Windows, with XP being number one.
The programme began this way: “20,000 computers. All hijacked and waiting for instructions. And all under our control.” And all spoken by a presenter with a wide-eyed look of impending doom in his eyes.
Nick Reynolds (editor, BBC Internet Blog) said,
March 14, 2009 at 2:45 pm
If you want to read the BBC’s side of the story it is here:
http://www.bbc.co.uk/blogs/theeditors/2009/03/click_botnet_experiment.html
Mike Brown said,
March 14, 2009 at 6:03 pm
@Nick,
I read the “BBC’s side of the story” to which you linked. They managed not to mention Windows there too.
They do, at least, link off to a “PC Protection” page, which says:
“Windows is the most popular OS and it is the most vulnerable to these kinds of attacks. ”
At last, some admission that Windows might just be part of the problem. But it’s written so as to imply that its Windows’ popularity that makes it vulnerable – although without actually *saying* that – rather than it just being a badly written operating system. (No way all those MS refugees that washed up at the Beeb are going to allow anything like *that* to be said!)
We’re also told:
“Windows XP, Vista and Mac OS-X all have built-in firewalls”
Quite so, but so do nearly all Linux distributions. That’s not worth a mention though. In fact, Linux itself isn’t worth a mention either.
Roy Schestowitz said,
March 14, 2009 at 6:25 pm
“Popular” is the wrong word.
A lot of people I know hate Windows but carry on using it because they are given no choice.
“Ubiquitous” would be a better word to use.
As for the argument about security, Microsoft itself has already admitted that Windows is insecure by design and there is plenty of compelling evidence (including court exhibits) I can put forth to support this, not just extensive studies.
“Our products just aren’t engineered for security.”
–Brian Valentine, Microsoft executive
It is disappointing to see the BBC reinforcing incorrect consensus which was marketed vigorously by Microsoft. I used to believe the BBC had guts to offer proper reporting, not just recite spin and PR.