BBC buys botnet to highlight cybercrime

A BBC News technology programme has acquired a botnet from an online chatroom and used it to hijack almost 22,000 computers.

The BBC website said: “If this exercise had been done with criminal intent it would be breaking the law. But our purpose was to demonstrate botnet's collective power when in the hands of criminals.”

Click, the BBC’s technology show, ordered its PCs to send out spam to two specific test e-mail addresses set up by the programme, filling inboxes with thousands of junk messages within hours.

It then launched a Distributed Denial of Service (DDoS) attack on a backup site owned by security company Prevx - who had agreed for it to go ahead. Click ordered its slave PCs to bombard its target site with requests for access and it only took 60 machines to overload the site's bandwidth.

Jacques Erasmus from Prevx told the BBC: "Cyber criminals are getting into contact with websites and threatening them with DDoS attacks. The loss of trade is very substantial so a lot of these websites just pay-up to avoid it.”

The botnet has now been destroyed and the users of the unprotected PCs users have been given security advice on how to make their machines less vulnerable.

Greg Day from McAfee told IT PRO: “These botnets are a double edged sword. Not only do they steal from our computers, important information like credit and debit card numbers but, just as insidious, use our PCs to attack others. From a business point of view this can be very damaging."

“The best protection against this is simply up-to-date anti-virus software and network intrusion prevention.”

Click will be broadcast on Saturday 14 March on the BBC News Channel.

Email to a friend

Print this page