[update] Commentary by Larry Seltzer for eWeek: http://www.eweek.com/c/a/Security/The-British-Botnet-Corporation-324874/
I don't promise that this is my last word on the subject, but, having now seen the full Click programme and the BBC's response to some of the criticism they've received, I found I had a few more things to say on the topic.
If you aren't thoroughly fed up with the whole issue, you can read it on the (ISC)2 blog page.
I also thought it might be useful to recap on some of the other posts and resources relevant to this incident:
- Computer Misuse Act: http://www.opsi.gov.uk/acts/acts1990/ukpga_19900018_en_1
- Click's recommendations on self-protection: http://news.bbc.co.uk/1/hi/programmes/click_online/7940100.stm
- BBC Editorial blog defending Click's actions (Comment 14 is mine): http://news.bbc.co.uk/1/hi/programmes/click_online/7940100.stm
- Expansion of some interviews conducted for and featured in the Click program: http://www.bbcworldnews.com/Pages/ProgrammeFeature.aspx?id=18&FeatureID=999
- The article and video clip that started this off for me: http://news.bbc.co.uk/1/hi/programmes/click_online/7932816.stm
- Graham Cluley's blog on the topic: http://www.sophos.com/blogs/gc/g/2009/03/12/bbc-break-law-botnet-send-spam/
- Legal commentary from Pinsent Mason: http://www.out-law.com/page-9863
- My comment on the legal commentary: http://www.eset.com/threat-center/blog/?p=713
- John Leyden's article for The Register: http://www.theregister.co.uk/2009/03/12/bbc_botnet_probe/
- Dan Raywood for SC Magazine: http://www.scmagazineuk.com/BBC-Click-botnet-attack-criticised-by-industry-experts/article/128686; http://www.scmagazineuk.com/BBC-may-face-legal-challenges-over-Click-programmes-hacking-feature/article/128741/
- My blog at Securiteam: http://blogs.securiteam.com/index.php/archives/1261
- My first blog at ESET on the topic: http://www.eset.com/threat-center/blog/?p=710
David Harley
Director of Malware Intelligence
