funsec mailing list archives
Re: So, did the BBC cross the line?
From: "David Harley" <david.a.harley () gmail com>
Date: Sat, 14 Mar 2009 17:13:13 -0000
I agree completely, and have blogged to much the same effect on securiteam, (ISC)2 and ESET's site, and added comments to other blogs. It's not often I'm passionate enough to write that much on a single issue. -- David Harley BA CISSP FBCS CITP Small Blue-Green World
-----Original Message----- From: Alex Eckelberry [mailto:AlexE () sunbelt-software com] Sent: 14 March 2009 17:02 To: david.a.harley () gmail com; Florian Weimer; funsec Subject: RE: [funsec] So, did the BBC cross the line? I personally felt somewhat ill when watching the program. So, why? For me, the legal issue is only one part of this. While I do agree with the legal analysis, there is a deeper moral and ethical issue here. The BBC will get out of any legal trouble with an argument for the "greater good", and that "no harm was done". And they'll win on that argument. End of story. But malware researchers routinely deal with botnets for analysis purposes. It would be considered a high crime indeed to allow a spambot to actually send spam to the outside world, even for "testing" purposes. And, shutting down a botnet yourself, even with the best intentions, is simply not a good idea. You don't know what accidental harm you may cause. You also don't really know what's on the user's system that will simpy restart the whole process. I've personally come across dozens of these things, as many of you have. I know my personal feeling is always to get the hell out of there. We need to know what we need to know in terms of mitigation, etc. but you just don't mess with these things. You don't get involved, because it's not only wrong, there are too many unintended consequences that can occurr. You're playing with fire. Report it to the ISP, report it to the relevant authorities, but don't play with live ammo like this. It's highly disturbing that the BBC has, in effect, set a precedent here: If it's all for the good, then no worries, go ahead, blunder around and disable botnets, change user's desktop settings, show off how they send spam -- it's all ok, because the means justifies the end. Doesn't work for me. At all. Alex -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of David Harley Sent: Saturday, March 14, 2009 8:57 AM To: 'Florian Weimer'; 'funsec' Subject: Re: [funsec] So, did the BBC cross the line?Come to think of it, isn't a botnet a computer system? Wouldn't that make it illegal to dismantle it, or hamperits operationin any way?Maybe. It can certainly be argued that modifying data (the wallpaper) and the bot on individual zombie machines is in breach of section 3. 3 Unauthorised modification of computer material (1) A person is guilty of an offence if- (a) he does any act which causes an unauthorised modification of the contents of any computer; and (b) at the time when he does the act he has the requisite intent and the requisite knowledge. (2) For the purposes of subsection (1)(b) above the requisite intent is an intent to cause a modification of the contents of any computer and by so doing- (a) to impair the operation of any computer; (b) to prevent or hinder access to any program or data held in any computer; or (c) to impair the operation of any such program or the reliability of any such data. (3) The intent need not be directed at- (a) any particular computer; (b) any particular program or data or a program or data of any particular kind; or (c) any particular modification or a modification of any particular kind. (4) For the purposes of subsection (1)(b) above the requisite knowledge is knowledge that any modification he intends to cause is unauthorised. (5) It is immaterial for the purposes of this section whether an unauthorised modification or any intended effect of it of a kind mentioned in subsection (2) above is, or is intended to be, permanent or merely temporary. http://www.opsi.gov.uk/acts/acts1990/ukpga_19900018_en_1 -- David Harley BA CISSP FBCS CITP Small Blue-Green World _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: So, did the BBC cross the line?, (continued)
- Re: So, did the BBC cross the line? freed0 (Mar 13)
- Re: So, did the BBC cross the line? David Lodge (Mar 13)
- Re: So, did the BBC cross the line? Paul Ferguson (Mar 13)
- Re: So, did the BBC cross the line? David Harley (Mar 14)
- Re: So, did the BBC cross the line? David Harley (Mar 14)
- Re: So, did the BBC cross the line? Gadi Evron (Mar 14)
- Re: So, did the BBC cross the line? David Lodge (Mar 14)
- Re: So, did the BBC cross the line? Paul Ferguson (Mar 13)
- Re: So, did the BBC cross the line? Florian Weimer (Mar 14)
- Re: So, did the BBC cross the line? David Harley (Mar 14)
- Re: So, did the BBC cross the line? Alex Eckelberry (Mar 14)
- Re: So, did the BBC cross the line? David Harley (Mar 14)
- Re: So, did the BBC cross the line? nick hatch (Mar 14)
- Re: So, did the BBC cross the line? nick hatch (Mar 14)
- Re: So, did the BBC cross the line? Gadi Evron (Mar 14)
- Re: So, did the BBC cross the line? nick hatch (Mar 14)
- Re: So, did the BBC cross the line? Alex Eckelberry (Mar 14)
- Re: So, did the BBC cross the line? Florian Weimer (Mar 14)
- Re: So, did the BBC cross the line? Alex Eckelberry (Mar 14)
- Re: So, did the BBC cross the line? Gadi Evron (Mar 14)
- Re: So, did the BBC cross the line? Paul Ferguson (Mar 14)
- Re: So, did the BBC cross the line? Rob, grandpa of Ryan, Trevor, Devon & Hannah (Mar 15)