For a short time in February, I had complete control over 21,696 personal computers around the world. These were machines whose owners had not taken the basic security precautions necessary to stay safe online.
While their owners were busy checking their e-mails, or playing Solitaire, or doing their accounts, I could have made their computers do anything I wanted without anyone knowing.
I could have ordered the machines to log keystrokes as they were typed, and then send me anything that looked like a banking user name and password.
I could have redirected the users to fake shopping websites - identical to the originals, apart from the fact that come point of sale, the credit card and security numbers would have been delivered to me.
Or I could have used them to spread spam and phishing e-mails to thousands of other computers.
I did not, of course. That would have been illegal.
A network of remote-controlled "bots" like the one Click acquired is called a botnet.
There are many available to buy or rent from cyber criminals hiding behind fake usernames and the non-cooperation of authorities across international borders.
The power of thousands or even hundreds of thousands of bots, all working in unison, is immense. It provides modern organised gangs with the firepower to make and launder vast amounts of money.
After months of investigation and a few thousand dollars, we had managed to buy a botnet from hackers in Russia and the Ukraine.
The process began in chatrooms where hackers advertise their services. You have to earn their confidence, then negotiations take place in instant messaging applications.
Once a service and a price have been agreed, payment is made using a money transfer to keep both sides anonymous.
The software controlling the botnet had an incredibly sophisticated user interface - it looks good, speaks 13 languages, and performing malicious tasks is as easy as clicking a couple of icons.
It behave just like legitimate software developed by experienced programmers.
In fact, Mark Sunner from security firm MessageLabs said the "level of sophistication" found in new botnets are "the technical equivalent of their opposite numbers in the security industry".
But we were not planning to make a quick buck and go loco in Acapulco.
Instead, we were planning to demonstrate the botnet's abilities in a controlled environment.
The spam attack
You know all that junk email that clogs up your inbox? Most of that comes from botnets.
After all, the criminals behind the spam, "phishing" emails and adverts for fraudulent goods do not want their messages traced back to them.
Instead, they use armies of bots - other people's computers - to send it out for them.
It is estimated that 80% of e-mails on the net is spam - and with millions of bots pumping it out round the clock, it is easy to see why.
We set up a spam test - a low-power demo to show what is possible.
Even with our botnet set to "slow", we managed to send out over 10,000 e-mails in a few hours.
For hardly any more money, a determined spammer could easily add two zeroes to those figures.
The biggest botnet around at the moment, the "Mega-D", sends out an unbelievable 28 million spam messages every minute.
The web attack
Now, imagine holding a big gambling website to ransom.
If they do not pay you lots of money, you will take it offline which will make it unavailable to ordinary users for hours or days on end.
This is a Distributed Denial of Service (DDoS) attack, and it is well within the capabilities of a botnet.
Sometimes the danger of such an attack and the ensuing loss of business is enough to drive large websites to pay hackers that issue such a threat.
If they do not pay up, their site goes down.
Our second demonstration was to aim our botnet at a willing volunteer site, to see just how large an army you need to take the site down.
The answer was just 60 machines. Performing the DDoS attack three times, with our bots constantly trying to access the site, was enough to take it down.
We decided to call off the attack before the rest got stuck in, just in case we did some real damage.
It may seem like science-fiction, but armies of remote-controlled bots are a reality. It is estimated that tens of millions are infected each year.
There are three main things you need to do to protect your system and stop your computer from becoming part of a botnet.
Take a look at our step by step guide: