The BBC could face legal challenges if any botnet computers used for the Click programme were located in Finland.
Olli-Pekka Niemi, leader of Stonesoft's virus research team claimed that while the BBC purchasing a botnet for around £6,000 from a cybercriminal to send spam is unethical, the problem is that it used the 22,000 computers without permission.
In Finnish law, this is illegal, and Niemi said that there was no way that this could be considered to be ‘white hat hacking' or ethical in anyway. He said: “I don't see anyway to do this in a legal way, if they wanted to warn the users that they are in a botnet they should have contacted the service providers or authorities to let them know that they were going to do it.”
He claimed that there was a success in showing people how a botnet and hacking works, and the BBC did succeed in raising awareness of the situation but did it in a totally unethical way.
Niemi said: “People can now see how easily it is done, the jurisdiction didn't state where the computers were based and I don't know when they approved this. They may have broken laws in many countries, in Finland this would be illegal and I am not an expert on the laws of other countries but this could cause problems.”
David Harley, director of malware intelligence at ESET, claimed that it was ‘well-intended, I'm sure. Sensational(ist), perhaps. Effective in raising public awareness, hopefully. But it sounds to me a lot like conscious exploitation of unauthorised access and unauthorised modification: exactly the issues around which the Computer Misuse Act revolves'.