Re: So, did the BBC cross the line?

["David Harley" <david.a.harley () gmail com>]

I agree completely, and have blogged to much the same effect on securiteam,
(ISC)2 and ESET's site, and added comments to other blogs. It's not often
I'm passionate enough to write that much on a single issue.

--
David Harley BA CISSP FBCS CITP
Small Blue-Green World

 

> -----Original Message-----
> From: Alex Eckelberry [mailto:AlexE () sunbelt-software com] 
> Sent: 14 March 2009 17:02
> To: david.a.harley () gmail com; Florian Weimer; funsec
> Subject: RE: [funsec] So, did the BBC cross the line?
>
> I personally felt somewhat ill when watching the program.  So, why? 
>
> For me, the legal issue is only one part of this.  While I do 
> agree with the legal analysis, there is a deeper moral and 
> ethical issue here.  The BBC will get out of any legal 
> trouble with an argument for the "greater good", and that "no 
> harm was done".  And they'll win on that argument.
> End of story. 
>
> But malware researchers routinely deal with botnets for 
> analysis purposes.  It would be considered a high crime 
> indeed to allow a spambot to actually send spam to the 
> outside world, even for "testing" purposes.
> And, shutting down a botnet yourself, even with the best 
> intentions, is simply not a good idea.  You don't know what 
> accidental harm you may cause.  You also don't really know 
> what's on the user's system that will simpy restart the whole 
> process.  
>
> I've personally come across dozens of these things, as many 
> of you have.
> I know my personal feeling is always to get the hell out of 
> there.  We need to know what we need to know in terms of 
> mitigation, etc. but you just don't mess with these things. 
> You don't get involved, because it's not only wrong, there 
> are too many unintended consequences that can occurr.  You're 
> playing with fire.  Report it to the ISP, report it to the 
> relevant authorities, but don't play with live ammo like this.
>
> It's highly disturbing that the BBC has, in effect, set a precedent
> here:  If it's all for the good, then no worries, go ahead, 
> blunder around and disable botnets, change user's desktop 
> settings, show off how they send spam -- it's all ok, because 
> the means justifies the end. 
>
> Doesn't work for me.  At all. 
>
> Alex
>
>
>
>
> -----Original Message-----
> From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org]
> On Behalf Of David Harley
> Sent: Saturday, March 14, 2009 8:57 AM
> To: 'Florian Weimer'; 'funsec'
> Subject: Re: [funsec] So, did the BBC cross the line?
>
> > Come to think of it, isn't a botnet a computer system?  
> > Wouldn't that make it illegal to dismantle it, or hamper 
> its operation
>
> > in any way?
>
> Maybe. It can certainly be argued that modifying data (the 
> wallpaper) and the bot  on individual zombie machines is in 
> breach of section 3.
>
> 3     Unauthorised modification of computer material 
>
> (1) A person is guilty of an offence if-
> (a) he does any act which causes an unauthorised modification 
> of the contents of any computer; and
> (b) at the time when he does the act he has the requisite 
> intent and the requisite knowledge. 
>
> (2) For the purposes of subsection (1)(b) above the requisite 
> intent is an intent to cause a modification of the contents 
> of any computer and by so
> doing-
> (a) to impair the operation of any computer;
> (b) to prevent or hinder access to any program or data held 
> in any computer; or
> (c) to impair the operation of any such program or the 
> reliability of any such data. 
>
> (3) The intent need not be directed at-
> (a) any particular computer;
> (b) any particular program or data or a program or data of 
> any particular kind; or
> (c) any particular modification or a modification of any 
> particular kind. 
>
> (4) For the purposes of subsection (1)(b) above the requisite 
> knowledge is knowledge that any modification he intends to 
> cause is unauthorised. 
>
> (5) It is immaterial for the purposes of this section whether 
> an unauthorised modification or any intended effect of it of 
> a kind mentioned in subsection (2) above is, or is intended 
> to be, permanent or merely temporary. 
>
> http://www.opsi.gov.uk/acts/acts1990/ukpga_19900018_en_1
>
> --
> David Harley BA CISSP FBCS CITP
> Small Blue-Green World
>
>  
>
>
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.