Dutch police use unusual tactics in botnet battle Published duration 27 October 2010

image caption The message was sent to around 100,000 computer users

Dutch police have taken the unusual step of tapping into hijacked computers to tell users that their machines had been taken over.

It is the culmination of an operation to close 143 servers commanding an army of 30 million hijacked computers around the globe.

The infected machines formed a huge botnet, giving criminals access to sensitive information.

Experts have questioned whether it puts the Dutch police in breach of the law.

It is believed to be the first time a police force has used such an approach.

"Technically, what the Dutch police did could be considered to breaking the law in some countries, by making unauthorised changes to another user's computer," said Graham Cluley, a senior consultant at security firm Sophos.

"I think it's unlikely that anyone would believe legal action against the police would be appropriate in this circumstance. They're trying to make the best of a bad situation," he added.

But it may not have convinced everyone.

"Some users may not believe the warning and may think it's one of the commonly seen fake security warnings that tries to trick users into taking a dangerous action," he said.

The botnet closed down by Dutch police was created using the so-called Bredolab trojan, malicious code which allowed criminals to capture bank details and other sensitive information from infected machines.

In a statement the Dutch hi-tech crime squad said that Armenian police had arrested "the probable mastermind" behind the Bredolab botnet at Yerevan airport in Armenia.

It said that it had decided to let users know their machines were part of the botnet.

"More than 100,000 computer users have been warned that their computers are part of the botnet," the statement read.

It said had received 55 responses from users whose computers were compromised.

Although the decision to use a botnet for innocent purposes might be a first in the police force, it is not the only time a botnet has been taken over.