Customer Success Testimonial: Recovery is Everything
Struan Robertson, editor of out-law.com and legal director at solicitors Pinsent Masons, reckons the "powerful public interest" argument is irrelevant in considering whether the BBC acted in violation of UK computer misuse law. He told El Reg that BBC Click would do better to apologise than hide behind such shaky defences.
The public interest argument is no defence to the Computer Misuse Act. It could influence a decision by the police and the Crown on whether to take any action over the BBC's behaviour; but it could also backfire. An apology is more likely to make the problem go away, in my view, than an argument that breaking the law was the right thing to do.Breaking the law in the public interest is an argument that vigilantes will use. It rarely wins support from law enforcement.
Some Reg readers have reported their concerns about the programme to the Met's Computer Crime Unit, which has said it's not prepared to do anything until a victim makes a complaint. Given that BBC Click carefully chose machines outside the UK and US, this is unlikely to happen.
In any case, it's not hard to argue that scant cybercrime resources are far better served in investigating profit-hungry cybercrims than BBC hacks. However, contrary to BBC Click claims, we don't think the BBC carried out a storming piece of investigative journalism. Tampering with people's PCs to illustrate the botnet risk is unethical in much the same way that breaking into homes to dramatise the risks of burglary is also a non-starter.
That's by no means a universal view. A poll by security firm Sophos, which has been among BBC Click's more outspoken critics, found that a majority (56 per cent) of the 854 respondents reckoned what BBC Click did was either against the law or "set a dangerous precedent". A third said that although the exercise might be legally questionable it "helps raise awareness", while 11 per cent dismissed the whole business as a storm in a teacup. ®
COMMENTS
Thanks
BBC "carefully chose computers outside the US and UK". Like my country? Thanks, BBC. Many thanks. I think you SHOULD be prosecuted.
Criminal offence
"A criminal offence has taken place - they should investigate it. Pure and simple."
I've had several cases where criminal damage has been done to my property. Just sitting on my arse isn't going to get it investigated. If someone asks if they are going to do anything about it they would definitely say no, unless someone files a formal report.
If you want them to investigate it however, you are entitled to report it to the police to see if they'll investigate. Armchair moaning isn't going to get them to do it ;)
Please consider carefully though as you and I as the taxpayer will be paying for this investigation and the result of any trial, no matter what the outcome ! Do you *really* want that just for a petty point? Wouldn't it be better them chasing after the real criminals?
What if this was done by a regular security researcher?
What if this was done by a regular security researcher? Maybe, Adrian Lamo. What about someone with less skills, like the Palin hacker? Joe Blow who whants to do a presentation at Defcon?
BBC's logic has given every wanna be hacker license to do anything possible to try to "enlighten" potential victims. Including crash their boxes.... just make sure it's overseas. Why cross international lines if it's legal for them to do this? (Did they at least put the text of the background in multiple languages?) There is not much difference between being part of a bot net and running Windows. Is it ok for the next guy with a 0day worm to take it upon themselves to change every users desktop background to let them know he found out their PC could be used for EVIL?
I think they should have had law enforcement with them when they did this. The banks could have revoked the payment. Russian law enforcement could have been on the phone, ready to move. ISP's could have been notified, so they can properly notify their users, instead of possibly changing some backgrounds. (Which does nothing if the background is changed for the wrong user account etc. Did they actually show this working on the show? Or did they possibly send the wrong commands and instead just caused a few thousand hospital computers in Spain to crash?)
I guess my biggest issue is who decides who can legally be a vigilante?
IT infrastructure monitoring strategies
What you need to know about cloud backup
Agentless Backup is Not a Myth
Top 10 SIEM implementer’s checklist
Customer Success Testimonial: Recovery is Everything
