Stay networked. Get informed. Broadcast your projects.
How do you explain to lawyers the meaning of botnet? In short, botnets are the internet-connected programs designed to perform certain tasks, for instance monitoring and sending out data to multiple users.
When discussing botnets we often think about viruses and malicious software.
The most common use of botnets is mentioned in the context of DDoS attacks. Computers infected with botnets generate the attack and as a result we have disrupted websites and spamming avalanches.
They may be used for legal means, for example for online and e-mail marketing.
Botnets may also be used as art! Recently the Registrar published an article about the latest achievement in the IPv4 – Internet mapping. The project Internet Census 2012 scanned over 420 000 open – ended devices in the Internet and thus presented how the IPv4 is used throughout world:
“So, how big is the Internet?
That depends on how you count. 420 Million pingable IPs + 36 Million more that had one or more ports open, making 450 Million that were definitely in use and reachable from the rest of the Internet. 141 Million IPs were firewalled, so they could count as "in use". Together this would be 591 Million used IPs. 729 Million more IPs just had reverse DNS records. If you added those, it would make for a total of 1.3 Billion used IP addresses. The other 2.3 Billion addresses showed no sign of usage."
While everybody’s discussing a technical part of the project, agreeing that it was probably one of the best examples of the lawful use of botnets, I would like to focus on the reasons why it is better (or not) for the author to remain unknown.
"While the Internet Census 2012 provides interesting data, the way it was collated is highly illegal in most countries." – states Mark Schloesser, security researcher at Rapid7. Although admits “The actual research itself is noteworthy in that it is the most comprehensive Internet-wide scan.”
Internationally such actions may fall under Articles 2 and 5 of the Cybercrime Convention. Pursuant to its provisions, both illegal access and computer system interference will be considered as criminal offences in national legal system of the states. We don’t know where the author operated from so cannot determine the jurisdiction. Although it would be interesting to learn the relevant laws of the country where the Internet Census was launched. Realizing the illegality of his actions, the author however had an intention different from committing a crime. Instead, he (or she) used all means to soften the illegal side of the project.
It is followed from the description that there was no intent to cause any harmful effect to targeted devices. The author makes a disclaimer:
“We had no interest to interfere with default device operation... “
As we know in order to become a crime there must be a combination of certain elements. Basically, we must have an unlawful act that was performed with the intention to cause harm and knowledge of the consequences. In case of Internet Census we have an unlawful act in the form of deployment of a scanner on users’ computer devices without their consent. Thus the element ‘’consent” is missing.
“We did this in the least invasive way possible and with the maximum respect to the privacy of the regular device users.”
Then, can we actually qualify the actions as an offence? If yes, then who was the target? Was it an offence against a person? Definitely not. Against public security? In his report the author stated “All data gathered during our research is released into the public domain for further study.” The data collected from the project wasn't used for personal gain. It is open for everyone and aimed to educate. Against property? Well, if we consider computer devices as targets, then yes. However there was no reference to any particular person. The actions were more likely crowd-oriented rather than aimed to target a particular group of people.
What about consequences? There were no claims from users regarding data loss or any other harmful consequences. Moreover, the outcome of the project is incontrovertible and couldn’t be achieved through lawful means.
In my opinion the Internet Census case merits the scientific importance justification, supported with acknowledgement of inevitable scientific value. More and more specialists realize that the report was a great contribution to the current state of the Internet. Technically it is a push to IPv6, the latest version of Internet protocol, which was introduced back in 1996 but for some reason hasn’t deployed. Legally, it adds [even] more controversies to the legal component of the digital domain.