BBC buys botnet to highlight cybercrime

A BBC News technology programme has acquired a botnet from an online chatroom and used it to hijack almost 22,000 computers.

The BBC website said: "If this exercise had been done with criminal intent it would be breaking the law. But our purpose was to demonstrate botnet's collective power when in the hands of criminals."

Click, the BBC's technology show, ordered its PCs to send out spam to two specific test e-mail addresses set up by the programme, filling inboxes with thousands of junk messages within hours.

It then launched a Distributed Denial of Service (DDoS) attack on a backup site owned by security company Prevx - who had agreed for it to go ahead. Click ordered its slave PCs to bombard its target site with requests for access and it only took 60 machines to overload the site's bandwidth.

Jacques Erasmus from Prevx told the BBC: "Cyber criminals are getting into contact with websites and threatening them with DDoS attacks. The loss of trade is very substantial so a lot of these websites just pay-up to avoid it."

The botnet has now been destroyed and the users of the unprotected PCs users have been given security advice on how to make their machines less vulnerable.

Greg Day from McAfee told IT PRO: "These botnets are a double edged sword. Not only do they steal from our computers, important information like credit and debit card numbers but, just as insidious, use our PCs to attack others. From a business point of view this can be very damaging."

"The best protection against this is simply up-to-date anti-virus software and network intrusion prevention."

Click will be broadcast on Saturday 14 March on the BBC News Channel.

Jennifer Scott

Jennifer Scott is a former freelance journalist and currently political reporter for Sky News. She has a varied writing history, having started her career at Dennis Publishing, working in various roles across its business technology titles, including ITPro. Jennifer has specialised in a number of areas over the years and has produced a wealth of content for ITPro, focusing largely on data storage, networking, cloud computing, and telecommunications.

Most recently Jennifer has turned her skills to the political sphere and broadcast journalism, where she has worked for the BBC as a political reporter, before moving to Sky News.