BBC violated the Computer Misuse Act by using botnet

A number of lawyers and security experts expressed their concerns about the investigation that was conducted by the BBC when the broadcasting company used zombie machines to send spam to two accounts it had established with Gmail and Hotmail and to check how they might be used in a denial of service attack. While BBC assures that it has not criminal intent some observers believe that it could undermine the authority of the UK law.

BBC Click was exploiting a botnet of 22,000 compromised PCs from an underground forum. Having obtained a permission of security firm Prevx BBC Click used the compromised machines to flood a backup site run by the security firm with junk traffic. In the course of this experiment BBC Click found that only 60 compromised machines were needed to render Prevx's site inaccessible. Upon completion of the investigation BBC warned the owners of the breached machines that their PCs were infected and provided guidelines how to clean them by changing the screensaver.

Law and security experts acknowledged that BBC was acting with the best intentions, yet they stressed the inviolability of the state law saying that the broadcaster’s actions are potentially criminal as long as the UK’s Computer Misuse Act does not requires criminal intent to recognize the case as an offence and maximum penalty for this offence is two years' imprisonment. Though BBC will unlikely be prosecuted Graham Cluley, senior technology consultant at security firm Sophos, noted that it was still a "dangerous precedent for others to turn a blind eye to our computer crime legislation".