Click's botnet experiment
There's been quite a bit of discussion in the blogosphere over the past 24 hours about the Click botnet experiment. It was aired in news coverage and detailed on this site yesterday - you can see it here, and you can see the full programme on BBC World News and the BBC News channel over the next few days.
Put simply, we posed as a customer, and bought a piece of software which gave us control of thousands of infected computers around the world.
We commanded them to send spam messages to our test addresses, and to stall a website by repeatedly requesting access. Not a working website, of course - in the real world, this technique is used to extort money from businesses that rely on the web for their very survival.
We alerted the PCs that they were liable to infection, gave them a place to go to for further advice, and destroyed the malware for good. It's all in the programme.
A lot of the debate has been about whether we did the right thing digging into the murky world of hackers and organised cybercrime. In seeking to demonstrate the threat, had we put ourselves in the position of those we wanted to expose?
That's always a good question. After all, we could have simply described what we believe happens and given some warning advice, couldn't we? We've done this in the past. So have many others...
But hacking has gone professional. Today, your PC can be doing bad things to other people without you even knowing. It's a major growth area for organised crime: it's global, and very local to all of us who work, communicate and play on the world wide web.
So we felt that there was the strongest public interest in not just describing what malware can do, but actually showing it in action. A real demonstration of the power of today's botnets - to infect, disrupt and damage our digital lives - is the most powerful way to alert our audiences to the dangers that they face. It's a wake-up call to switch on that firewall and improve our security on the internet.
We think that what we did was a first for broadcast journalism. We were amazed by the ease of use of the botnet, and the power of its disruptive capacity.
No-one watching our programme could learn how to build a botnet or where to go to to buy one. But what is very clear is the level of threat - especially to home users who don't have the benefit of corporate-level security. (Our guide to PC protection is here.) As the hackers continue their silent running, we thought it was our job to expose the mechanics of their hidden economy. Please watch the full show and see what you think.
Mark Perrow is executive producer, Click.