Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Tracking & Law Enforcement

US Government Taking Creative Steps to Counter Cyberthreats

An FBI operation that gave law enforcement remote access to hundreds of computers to counter a massive hack of Microsoft Exchange email server software is a tool that is likely to be deployed “judiciously” in the future as the Justice Department, aware of privacy concerns, develops a framework for it

An FBI operation that gave law enforcement remote access to hundreds of computers to counter a massive hack of Microsoft Exchange email server software is a tool that is likely to be deployed “judiciously” in the future as the Justice Department, aware of privacy concerns, develops a framework for its use, a top national security official said Wednesday.

The department this month announced that it had obtained a warrant from a federal judge in Texas to remove web shells, or malicious code that gives hackers a foothold into networks, from hundreds of vulnerable computers affected by a hack that Microsoft has blamed on a group operating from China.

The FBI operation was designed to disrupt the effects of a hack that affected many thousands of servers running the Microsoft Exchange email program. Many victims took steps on their own to safeguard their systems, but for those that who did not, the Justice Department stepped in to do it for them with a judge’s approval.

It was the virtual equivalent of police going around the neighborhood locking doors that criminals had opened remotely.

[ READIndustry Reactions to FBI Cleaning Up Hacked Exchange Servers ]

“We have a decision to make, which is are we going to go ahead and do that action ourselves or are we just going to leave that malware there, sort of unremediated,” said Assistant Attorney General John Demers, speaking at a virtual discussion hosted by the Project for Media & National Security at George Washington University.

He said the operation was one of the very first of its kind and was the subject of extensive discussion by the FBI and the Justice Department. The department is figuring out how it plans to use that capability in the future.

“We don’t yet have sort of worked out what our criteria are going to be going forward,” Demers said. “Now that we’ve had this experience, that’s the kind of discussion we’re having internally now.

“This is not a tool of first resort that we’re going to be using a couple times a week as different intrusions come up,” he added. “This does require working with the private sector on the right solution. It does require testing to be sure that you’re not going to otherwise disrupt someone’s computer system.” Such operations will be done judiciously in the future, he said.

Demers acknowledged concerns from some privacy advocates that the government, without permission of the computer system operators, had gained remote access and removed the web shells. But he pointed out that the department did obtain a judge’s permission and said the government felt compelled to act because, after a period of several weeks, there were still unremediated web shells that continued to serve as access point for “hackers of all stripes.”

“And so the choice that the government had was just continue to leave those open or take the court-authorized action that we did, and ultimately we decided to move ahead,” Demers said. “But to the extent possible before then, we had been notifying every victim that we could identify of the intrusion.”

RelatedCISA Details Malware Found on Hacked Exchange Servers

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Ransomware

US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...

Ransomware

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Cybercrime

The owner of China-based cryptocurrency exchange Bitzlato was arrested in Miami along with five associates in Europe

Cybercrime

Russian Vladislav Klyushin made tens of millions of dollars by hacking into U.S. computer networks to steal insider information.

Cybercrime

A hacker who reportedly posed as the CEO of a financial institution claims to have obtained access to the more than 80,000-member database of...

Application Security

Virtualization technology giant Citrix on Tuesday scrambled out an emergency patch to cover a zero-day flaw in its networking product line and warned that...